[Résolu] Virus 3625100665.2254105895.exe qui fait redémarrer mon ordi

[Hige]

Bonjour,

 

alors pour ce qui est de Process Explorer,il n'y a que le nom 3625100665.2254105895.exe qu'il m'est impossible de killer.

Je suis alors passer a TDSSKILLER qui m'a trouvé des "suspicious object" dont voici le rapport

 

 

16:01:19.0312 0240 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37

16:01:19.0375 0240 ============================================================

16:01:19.0375 0240 Current date / time: 2011/09/24 16:01:19.0375

16:01:19.0375 0240 SystemInfo:

16:01:19.0375 0240

16:01:19.0375 0240 OS Version: 5.1.2600 ServicePack: 3.0

16:01:19.0375 0240 Product type: Workstation

16:01:19.0375 0240 ComputerName: STARGAZER

16:01:19.0375 0240 UserName: Archangel

16:01:19.0375 0240 Windows directory: C:\WINDOWS

16:01:19.0375 0240 System windows directory: C:\WINDOWS

16:01:19.0375 0240 Processor architecture: Intel x86

16:01:19.0375 0240 Number of processors: 3

16:01:19.0375 0240 Page size: 0x1000

16:01:19.0375 0240 Boot type: Normal boot

16:01:19.0375 0240 ============================================================

16:01:21.0046 0240 Initialize success

16:01:25.0203 2920 ============================================================

16:01:25.0203 2920 Scan started

16:01:25.0203 2920 Mode: Manual;

16:01:25.0203 2920 ============================================================

16:01:26.0125 2920 79a512d8 (8835a649ec584a2f1fcc8fa54471d50d) C:\WINDOWS\3625100665:2254105895.exe

16:01:26.0125 2920 Suspicious file (Hidden): C:\WINDOWS\3625100665:2254105895.exe. md5: 8835a649ec584a2f1fcc8fa54471d50d

16:01:26.0125 2920 79a512d8 ( HiddenFile.Multi.Generic ) - warning

16:01:26.0125 2920 79a512d8 - detected HiddenFile.Multi.Generic (1)

16:01:26.0203 2920 88176713 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\88176713.sys

16:01:26.0203 2920 88176713 - ok

16:01:26.0218 2920 Abiosdsk - ok

16:01:26.0218 2920 abp480n5 - ok

16:01:26.0250 2920 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:01:26.0265 2920 ACPI - ok

16:01:26.0281 2920 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys

16:01:26.0281 2920 ACPIEC - ok

16:01:26.0296 2920 adpu160m - ok

16:01:26.0328 2920 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

16:01:26.0343 2920 aec - ok

16:01:26.0375 2920 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

16:01:26.0375 2920 AFD - ok

16:01:26.0375 2920 Aha154x - ok

16:01:26.0390 2920 aic78u2 - ok

16:01:26.0406 2920 aic78xx - ok

16:01:26.0437 2920 AirDisplay (f7ca3961a0ba4c30996f9e7e86a045bb) C:\WINDOWS\system32\DRIVERS\AVVideoCard.sys

16:01:26.0437 2920 AirDisplay - ok

16:01:26.0437 2920 AirDisplayMirror (a6877694865a09850f5fa9dc3f882479) C:\WINDOWS\system32\DRIVERS\AVVideoCardMirror.sys

16:01:26.0437 2920 AirDisplayMirror - ok

16:01:26.0453 2920 AliIde - ok

16:01:26.0484 2920 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

16:01:26.0484 2920 AmdPPM - ok

16:01:26.0500 2920 amsint - ok

16:01:26.0515 2920 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

16:01:26.0515 2920 Arp1394 - ok

16:01:26.0531 2920 asc - ok

16:01:26.0546 2920 asc3350p - ok

16:01:26.0546 2920 asc3550 - ok

16:01:26.0578 2920 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:01:26.0578 2920 AsyncMac - ok

16:01:26.0593 2920 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

16:01:26.0593 2920 atapi - ok

16:01:26.0593 2920 Atdisk - ok

16:01:26.0781 2920 ati2mtag (c2b6f2161abd498d2b453050ffc81812) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

16:01:26.0859 2920 ati2mtag - ok

16:01:26.0890 2920 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) C:\WINDOWS\system32\drivers\AtiHdmi.sys

16:01:26.0890 2920 AtiHdmiService - ok

16:01:26.0906 2920 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:01:26.0906 2920 Atmarpc - ok

16:01:26.0921 2920 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

16:01:26.0921 2920 audstub - ok

16:01:26.0937 2920 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys

16:01:26.0937 2920 AVG Anti-Rootkit - ok

16:01:26.0953 2920 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys

16:01:26.0953 2920 AvgArCln - ok

16:01:26.0984 2920 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

16:01:27.0031 2920 Beep - ok

16:01:27.0093 2920 catchme - ok

16:01:27.0125 2920 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

16:01:27.0125 2920 cbidf2k - ok

16:01:27.0140 2920 cd20xrnt - ok

16:01:27.0281 2920 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

16:01:27.0281 2920 Cdaudio - ok

16:01:27.0312 2920 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

16:01:27.0312 2920 Cdfs - ok

16:01:27.0328 2920 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:01:27.0328 2920 Cdrom - ok

16:01:27.0328 2920 Changer - ok

16:01:27.0343 2920 CmdIde - ok

16:01:27.0375 2920 Cpqarray - ok

16:01:27.0406 2920 CSCrySec (5cbf20674be8364febb6a13451a42f0a) C:\WINDOWS\system32\DRIVERS\CSCrySec.sys

16:01:27.0406 2920 CSCrySec - ok

16:01:27.0437 2920 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys

16:01:27.0437 2920 CSVirtualDiskDrv - ok

16:01:27.0453 2920 cvspydr2 (c6644d1a70c050fdd7ecbe8c3ac05313) C:\WINDOWS\system32\DRIVERS\cvspydr2.sys

16:01:27.0453 2920 cvspydr2 - ok

16:01:27.0468 2920 dac2w2k - ok

16:01:27.0468 2920 dac960nt - ok

16:01:27.0484 2920 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

16:01:27.0484 2920 Disk - ok

16:01:27.0515 2920 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys

16:01:27.0546 2920 dmboot - ok

16:01:27.0546 2920 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys

16:01:27.0562 2920 dmio - ok

16:01:27.0578 2920 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

16:01:27.0578 2920 dmload - ok

16:01:27.0593 2920 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

16:01:27.0593 2920 DMusic - ok

16:01:27.0609 2920 dpti2o - ok

16:01:27.0656 2920 driverhardwarev2 (0f1189883690949ba7a9f68339587e51) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys

16:01:27.0656 2920 driverhardwarev2 - ok

16:01:27.0671 2920 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

16:01:27.0671 2920 drmkaud - ok

16:01:27.0687 2920 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys

16:01:27.0687 2920 ElbyCDFL - ok

16:01:27.0703 2920 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

16:01:27.0703 2920 ElbyCDIO - ok

16:01:27.0734 2920 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys

16:01:27.0734 2920 ENTECH - ok

16:01:27.0750 2920 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

16:01:27.0750 2920 Fastfat - ok

16:01:27.0765 2920 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

16:01:27.0765 2920 Fdc - ok

16:01:27.0796 2920 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys

16:01:27.0796 2920 Fips - ok

16:01:27.0812 2920 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

16:01:27.0812 2920 Flpydisk - ok

16:01:27.0828 2920 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

16:01:27.0828 2920 FltMgr - ok

16:01:27.0859 2920 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:01:27.0859 2920 Fs_Rec - ok

16:01:27.0859 2920 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:01:27.0875 2920 Ftdisk - ok

16:01:27.0890 2920 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys

16:01:27.0890 2920 GcKernel - ok

16:01:27.0906 2920 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys

16:01:27.0906 2920 gdrv - ok

16:01:27.0921 2920 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

16:01:27.0921 2920 GEARAspiWDM - ok

16:01:27.0937 2920 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:01:27.0953 2920 Gpc - ok

16:01:27.0984 2920 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

16:01:27.0984 2920 HDAudBus - ok

16:01:28.0000 2920 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys

16:01:28.0000 2920 HIDSwvd - ok

16:01:28.0031 2920 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:01:28.0031 2920 hidusb - ok

16:01:28.0046 2920 hotcore3 (98f0353c85d6f493772340ec9220d71b) C:\WINDOWS\system32\drivers\hotcore3.sys

16:01:28.0046 2920 hotcore3 - ok

16:01:28.0062 2920 hpn - ok

16:01:28.0078 2920 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

16:01:28.0093 2920 HTTP - ok

16:01:28.0109 2920 i2omgmt - ok

16:01:28.0109 2920 i2omp - ok

16:01:28.0140 2920 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

16:01:28.0140 2920 Imapi - ok

16:01:28.0140 2920 ini910u - ok

16:01:28.0281 2920 IntcAzAudAddService (662b65eeb8d070bd1162a7b63859afcf) C:\WINDOWS\system32\drivers\RtkHDAud.sys

16:01:28.0343 2920 IntcAzAudAddService - ok

16:01:28.0359 2920 IntelIde - ok

16:01:28.0375 2920 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

16:01:28.0390 2920 Ip6Fw - ok

16:01:28.0390 2920 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:01:28.0390 2920 IpFilterDriver - ok

16:01:28.0406 2920 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:01:28.0406 2920 IpInIp - ok

16:01:28.0421 2920 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:01:28.0437 2920 IpNat - ok

16:01:28.0453 2920 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:01:28.0453 2920 IPSec - ok

16:01:28.0468 2920 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

16:01:28.0468 2920 IRENUM - ok

16:01:28.0484 2920 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:01:28.0484 2920 isapnp - ok

16:01:28.0500 2920 JRAID (a324485106f133e751f4b7f47c4be3ea) C:\WINDOWS\system32\DRIVERS\jraid.sys

16:01:28.0500 2920 JRAID - ok

16:01:28.0515 2920 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:01:28.0515 2920 Kbdclass - ok

16:01:28.0531 2920 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

16:01:28.0531 2920 kbdhid - ok

16:01:28.0562 2920 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys

16:01:28.0562 2920 kl1 - ok

16:01:28.0578 2920 KLBG (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\DRIVERS\klbg.sys

16:01:28.0578 2920 KLBG - ok

16:01:28.0609 2920 KLIF (cf9f89b7b5e08beb60e52dd7ff3a69e5) C:\WINDOWS\system32\DRIVERS\klif.sys

16:01:28.0609 2920 KLIF - ok

16:01:28.0625 2920 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys

16:01:28.0625 2920 klim5 - ok

16:01:28.0656 2920 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys

16:01:28.0656 2920 klmouflt - ok

16:01:28.0671 2920 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

16:01:28.0687 2920 kmixer - ok

16:01:28.0703 2920 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

16:01:28.0718 2920 KSecDD - ok

16:01:28.0750 2920 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys

16:01:28.0750 2920 Lbd - ok

16:01:28.0765 2920 lbrtfdc - ok

16:01:28.0796 2920 LF30FS (10e0d92e5b21c045e0a53befb71dc09d) C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys

16:01:28.0796 2920 LF30FS - ok

16:01:28.0828 2920 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys

16:01:28.0828 2920 mcdbus - ok

16:01:28.0843 2920 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

16:01:28.0859 2920 mnmdd - ok

16:01:28.0890 2920 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys

16:01:28.0890 2920 Modem - ok

16:01:28.0906 2920 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:01:28.0906 2920 Mouclass - ok

16:01:28.0921 2920 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:01:28.0937 2920 mouhid - ok

16:01:28.0937 2920 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

16:01:28.0937 2920 MountMgr - ok

16:01:28.0984 2920 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

16:01:28.0984 2920 MpFilter - ok

16:01:29.0000 2920 MpKsl078d3c29 - ok

16:01:29.0000 2920 MpKsl0e2ee768 - ok

16:01:29.0015 2920 MpKsl0f3bcbf4 - ok

16:01:29.0015 2920 MpKsl2bdc6bbb - ok

16:01:29.0031 2920 MpKsl6223c986 - ok

16:01:29.0031 2920 MpKsl646caed9 - ok

16:01:29.0046 2920 MpKsl68dd0546 - ok

16:01:29.0046 2920 MpKsl6cff4364 - ok

16:01:29.0062 2920 MpKsl76fbd28a - ok

16:01:29.0062 2920 MpKsl801c26e3 - ok

16:01:29.0078 2920 MpKsl89c4bd9c - ok

16:01:29.0093 2920 MpKsl8dc3269d - ok

16:01:29.0093 2920 MpKsl8ebe5b9f - ok

16:01:29.0109 2920 MpKsl966369e8 - ok

16:01:29.0109 2920 MpKsl9c328200 - ok

16:01:29.0125 2920 MpKsla4298a88 - ok

16:01:29.0125 2920 MpKsla6e0e3ed - ok

16:01:29.0140 2920 MpKslb6d0a0e2 - ok

16:01:29.0140 2920 MpKslb8265317 - ok

16:01:29.0156 2920 MpKslbad887e1 - ok

16:01:29.0156 2920 MpKslbd6ee218 - ok

16:01:29.0171 2920 MpKslcf4213ab - ok

16:01:29.0171 2920 MpKslda38a941 - ok

16:01:29.0171 2920 MpKsle1238778 - ok

16:01:29.0187 2920 MpKsle13038d4 - ok

16:01:29.0203 2920 MpKsle385f021 - ok

16:01:29.0203 2920 MpKsleb643d62 - ok

16:01:29.0203 2920 MpKslf0a77645 - ok

16:01:29.0218 2920 MpKslf61756ba - ok

16:01:29.0218 2920 MpKslf6bcf29e - ok

16:01:29.0234 2920 MpKslfa2ef13d - ok

16:01:29.0234 2920 mraid35x - ok

16:01:29.0250 2920 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:01:29.0250 2920 MRxDAV - ok

16:01:29.0281 2920 MRxSmb (d52789bafdeabb6c8cac691c6c3d82b9) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:01:29.0281 2920 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: d52789bafdeabb6c8cac691c6c3d82b9, Fake md5: 0dc719e9b15e902346e87e9dcd5751fa

16:01:29.0281 2920 MRxSmb ( ForgedFile.Multi.Generic ) - warning

16:01:29.0281 2920 MRxSmb - detected ForgedFile.Multi.Generic (1)

16:01:29.0312 2920 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

16:01:29.0312 2920 Msfs - ok

16:01:29.0328 2920 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:01:29.0328 2920 MSKSSRV - ok

16:01:29.0359 2920 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:01:29.0359 2920 MSPCLOCK - ok

16:01:29.0375 2920 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

16:01:29.0375 2920 MSPQM - ok

16:01:29.0390 2920 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:01:29.0390 2920 mssmbios - ok

16:01:29.0406 2920 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

16:01:29.0406 2920 Mup - ok

16:01:29.0421 2920 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

16:01:29.0437 2920 NDIS - ok

16:01:29.0437 2920 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:01:29.0437 2920 NdisTapi - ok

16:01:29.0468 2920 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:01:29.0468 2920 Ndisuio - ok

16:01:29.0484 2920 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:01:29.0484 2920 NdisWan - ok

16:01:29.0500 2920 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

16:01:29.0500 2920 NDProxy - ok

16:01:29.0515 2920 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

16:01:29.0515 2920 NetBIOS - ok

16:01:29.0531 2920 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

16:01:29.0531 2920 NetBT - ok

16:01:29.0562 2920 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

16:01:29.0562 2920 NIC1394 - ok

16:01:29.0578 2920 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

16:01:29.0578 2920 Npfs - ok

16:01:29.0609 2920 NPF_devolo (75ac610a7481cb1f343dc971249bcb19) C:\WINDOWS\system32\drivers\npf_devolo.sys

16:01:29.0609 2920 NPF_devolo - ok

16:01:29.0625 2920 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

16:01:29.0640 2920 Ntfs - ok

16:01:29.0656 2920 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

16:01:29.0671 2920 Null - ok

16:01:29.0687 2920 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:01:29.0687 2920 NwlnkFlt - ok

16:01:29.0703 2920 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:01:29.0703 2920 NwlnkFwd - ok

16:01:29.0718 2920 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

16:01:29.0718 2920 ohci1394 - ok

16:01:29.0734 2920 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys

16:01:29.0734 2920 Parport - ok

16:01:29.0750 2920 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

16:01:29.0750 2920 PartMgr - ok

16:01:29.0765 2920 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys

16:01:29.0765 2920 ParVdm - ok

16:01:29.0781 2920 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys

16:01:29.0781 2920 PCI - ok

16:01:29.0796 2920 PCIDump - ok

16:01:29.0796 2920 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys

16:01:29.0796 2920 PCIIde - ok

16:01:29.0812 2920 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys

16:01:29.0828 2920 Pcmcia - ok

16:01:29.0828 2920 PDCOMP - ok

16:01:29.0843 2920 PDFRAME - ok

16:01:29.0859 2920 PDRELI - ok

16:01:29.0859 2920 PDRFRAME - ok

16:01:29.0875 2920 perc2 - ok

16:01:29.0875 2920 perc2hib - ok

16:01:29.0906 2920 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:01:29.0906 2920 PptpMiniport - ok

16:01:29.0921 2920 PQNTDrv (87d211ba1e9759e26b6296e625a31ce8) C:\WINDOWS\system32\drivers\PQNTDrv.sys

16:01:29.0921 2920 PQNTDrv - ok

16:01:29.0937 2920 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys

16:01:29.0937 2920 Processor - ok

16:01:29.0953 2920 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

16:01:29.0968 2920 PSched - ok

16:01:29.0968 2920 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:01:29.0968 2920 Ptilink - ok

16:01:30.0000 2920 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

16:01:30.0000 2920 PxHelp20 - ok

16:01:30.0015 2920 ql1080 - ok

16:01:30.0015 2920 Ql10wnt - ok

16:01:30.0031 2920 ql12160 - ok

16:01:30.0046 2920 ql1240 - ok

16:01:30.0046 2920 ql1280 - ok

16:01:30.0062 2920 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:01:30.0062 2920 RasAcd - ok

16:01:30.0078 2920 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:01:30.0078 2920 Rasl2tp - ok

16:01:30.0093 2920 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:01:30.0093 2920 RasPppoe - ok

16:01:30.0109 2920 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

16:01:30.0109 2920 Raspti - ok

16:01:30.0125 2920 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:01:30.0125 2920 Rdbss - ok

16:01:30.0140 2920 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:01:30.0140 2920 RDPCDD - ok

16:01:30.0156 2920 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

16:01:30.0156 2920 RDPWD - ok

16:01:30.0187 2920 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys

16:01:30.0187 2920 redbook - ok

16:01:30.0296 2920 RTHDMIAzAudService (a5a9f4b77d7ff2b02633999ff71a7e9b) C:\WINDOWS\system32\drivers\RtKHDMI.sys

16:01:30.0390 2920 RTHDMIAzAudService - ok

16:01:30.0421 2920 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

16:01:30.0421 2920 RTLE8023xp - ok

16:01:30.0453 2920 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:01:30.0453 2920 Secdrv - ok

16:01:30.0468 2920 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

16:01:30.0468 2920 serenum - ok

16:01:30.0484 2920 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys

16:01:30.0500 2920 Serial - ok

16:01:30.0531 2920 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

16:01:30.0531 2920 Sfloppy - ok

16:01:30.0546 2920 Simbad - ok

16:01:30.0562 2920 Sparrow - ok

16:01:30.0593 2920 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

16:01:30.0593 2920 splitter - ok

16:01:30.0640 2920 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

16:01:30.0640 2920 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

16:01:30.0640 2920 sptd ( LockedFile.Multi.Generic ) - warning

16:01:30.0640 2920 sptd - detected LockedFile.Multi.Generic (1)

16:01:30.0656 2920 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys

16:01:30.0656 2920 sr - ok

16:01:30.0687 2920 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

16:01:30.0687 2920 Srv - ok

16:01:30.0703 2920 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys

16:01:30.0703 2920 StarOpen - ok

16:01:30.0734 2920 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

16:01:30.0734 2920 swenum - ok

16:01:30.0750 2920 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

16:01:30.0750 2920 swmidi - ok

16:01:30.0781 2920 SWUSBFLT (5212178c49079e40831d95ec7596fcc7) C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys

16:01:30.0781 2920 SWUSBFLT - ok

16:01:30.0796 2920 symc810 - ok

16:01:30.0812 2920 symc8xx - ok

16:01:30.0812 2920 sym_hi - ok

16:01:30.0828 2920 sym_u3 - ok

16:01:30.0843 2920 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

16:01:30.0843 2920 sysaudio - ok

16:01:30.0890 2920 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:01:30.0890 2920 Tcpip - ok

16:01:30.0906 2920 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

16:01:30.0921 2920 TDPIPE - ok

16:01:30.0937 2920 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

16:01:30.0937 2920 TDTCP - ok

16:01:30.0968 2920 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

16:01:30.0968 2920 TermDD - ok

16:01:30.0984 2920 TosIde - ok

16:01:31.0000 2920 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\WINDOWS\system32\drivers\truecrypt.sys

16:01:31.0015 2920 truecrypt - ok

16:01:31.0062 2920 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) P:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

16:01:31.0062 2920 TuneUpUtilitiesDrv - ok

16:01:31.0093 2920 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

16:01:31.0093 2920 Udfs - ok

16:01:31.0093 2920 ultra - ok

16:01:31.0125 2920 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

16:01:31.0140 2920 Update - ok

16:01:31.0156 2920 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

16:01:31.0156 2920 USBAAPL - ok

16:01:31.0171 2920 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

16:01:31.0187 2920 usbaudio - ok

16:01:31.0187 2920 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:01:31.0187 2920 usbccgp - ok

16:01:31.0218 2920 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:01:31.0218 2920 usbehci - ok

16:01:31.0218 2920 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:01:31.0234 2920 usbhub - ok

16:01:31.0265 2920 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

16:01:31.0265 2920 usbohci - ok

16:01:31.0281 2920 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

16:01:31.0281 2920 usbscan - ok

16:01:31.0312 2920 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:01:31.0312 2920 USBSTOR - ok

16:01:31.0343 2920 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

16:01:31.0343 2920 usb_rndisx - ok

16:01:31.0375 2920 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

16:01:31.0375 2920 VgaSave - ok

16:01:31.0390 2920 ViaIde - ok

16:01:31.0390 2920 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys

16:01:31.0406 2920 VolSnap - ok

16:01:31.0421 2920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:01:31.0421 2920 Wanarp - ok

16:01:31.0437 2920 WDICA - ok

16:01:31.0453 2920 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

16:01:31.0453 2920 wdmaud - ok

16:01:31.0500 2920 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

16:01:31.0500 2920 WmiAcpi - ok

16:01:31.0531 2920 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

16:01:31.0531 2920 WS2IFSL - ok

16:01:31.0578 2920 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) p:\Program Files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl

16:01:31.0578 2920 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok

16:01:31.0609 2920 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4

16:01:31.0921 2920 \Device\Harddisk4\DR4 - ok

16:01:31.0937 2920 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5

16:01:31.0937 2920 \Device\Harddisk5\DR5 - ok

16:01:31.0953 2920 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0

16:01:32.0078 2920 \Device\Harddisk0\DR0 - ok

16:01:32.0125 2920 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

16:01:32.0125 2920 \Device\Harddisk1\DR1 - ok

16:01:32.0156 2920 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2

16:01:32.0156 2920 \Device\Harddisk2\DR2 - ok

16:01:32.0171 2920 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3

16:01:32.0171 2920 \Device\Harddisk3\DR3 - ok

16:01:32.0203 2920 MBR (0x1B8) (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk6\DR14

16:01:32.0203 2920 \Device\Harddisk6\DR14 - ok

16:01:32.0203 2920 Boot (0x1200) (0c92d0a593172fc71bceaa1fd36ade47) \Device\Harddisk4\DR4\Partition0

16:01:32.0203 2920 \Device\Harddisk4\DR4\Partition0 - ok

16:01:32.0218 2920 Boot (0x1200) (5d2bafc42454a6d29805fc13a5269a78) \Device\Harddisk5\DR5\Partition0

16:01:32.0218 2920 \Device\Harddisk5\DR5\Partition0 - ok

16:01:32.0250 2920 Boot (0x1200) (91d8b05664a4e69ea79a8d121dae28d9) \Device\Harddisk0\DR0\Partition0

16:01:32.0312 2920 \Device\Harddisk0\DR0\Partition0 - ok

16:01:32.0312 2920 Boot (0x1200) (38657bb370b8caa7efbe3ea2c1bbc970) \Device\Harddisk0\DR0\Partition1

16:01:32.0312 2920 \Device\Harddisk0\DR0\Partition1 - ok

16:01:32.0328 2920 Boot (0x1200) (fb10097bd8cfe596ad63298e8d896df2) \Device\Harddisk0\DR0\Partition2

16:01:32.0328 2920 \Device\Harddisk0\DR0\Partition2 - ok

16:01:32.0390 2920 Boot (0x1200) (c5141d89c0af2728bebe48570deb0014) \Device\Harddisk1\DR1\Partition0

16:01:32.0406 2920 \Device\Harddisk1\DR1\Partition0 - ok

16:01:32.0406 2920 Boot (0x1200) (d05da05f5abdc0ce0e2d1ddf3e712a09) \Device\Harddisk2\DR2\Partition0

16:01:32.0406 2920 \Device\Harddisk2\DR2\Partition0 - ok

16:01:32.0468 2920 Boot (0x1200) (27fb35d2c3e7ab0fb1d9c78e5a63487a) \Device\Harddisk3\DR3\Partition0

16:01:32.0468 2920 \Device\Harddisk3\DR3\Partition0 - ok

16:01:32.0484 2920 Boot (0x1200) (230bb639bc788bfe8bda7d4ca0ffdcaf) \Device\Harddisk6\DR14\Partition0

16:01:32.0500 2920 \Device\Harddisk6\DR14\Partition0 - ok

16:01:32.0500 2920 ============================================================

16:01:32.0500 2920 Scan finished

16:01:32.0500 2920 ============================================================

16:01:32.0515 3836 Detected object count: 3

16:01:32.0515 3836 Actual detected object count: 3

16:03:03.0828 3836 HKLM\SYSTEM\ControlSet003\services\79a512d8 - will be deleted on reboot

16:03:03.0828 3836 HKLM\SYSTEM\ControlSet004\services\79a512d8 - will be deleted on reboot

16:03:03.0828 3836 HKLM\SYSTEM\ControlSet005\services\79a512d8 - will be deleted on reboot

16:03:03.0828 3836 C:\WINDOWS\3625100665:2254105895.exe - will be deleted on reboot

16:03:03.0828 3836 79a512d8 ( HiddenFile.Multi.Generic ) - User select action: Delete

16:03:03.0828 3836 HKLM\SYSTEM\ControlSet003\services\MRxSmb - will be deleted on reboot

16:03:03.0828 3836 HKLM\SYSTEM\ControlSet004\services\MRxSmb - will be deleted on reboot

16:03:03.0843 3836 HKLM\SYSTEM\ControlSet005\services\MRxSmb - will be deleted on reboot

16:03:03.0843 3836 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be deleted on reboot

16:03:03.0843 3836 MRxSmb ( ForgedFile.Multi.Generic ) - User select action: Delete

16:03:03.0843 3836 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot

16:03:03.0843 3836 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot

16:03:03.0843 3836 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted on reboot

16:03:03.0843 3836 HKLM\SYSTEM\ControlSet004\services\sptd - will be deleted on reboot

16:03:03.0843 3836 HKLM\SYSTEM\ControlSet005\services\sptd - will be deleted on reboot

16:03:03.0843 3836 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted on reboot

16:03:03.0843 3836 sptd ( LockedFile.Multi.Generic ) - User select action: Delete

16:03:08.0453 3388 Deinitialize success

 

On dirait que TDSS a reussi a le deloger.

 

 

Par contre pour combofix,vu qu'il n'arrivait pas a installer la consolde de recuperation(il y avait aussi un message qui disait que ce prog MK..n'est pas un truc valide....,j'ai regarder sur google et l'ai installer via le CD avant de recommencer.

 

Mais là encore il ne depasse pas le stade du message "Tentative de creation d'un point de restauration systeme".

J'ai arreter au bout de 20 min pour passer en sans echec mais idem .

Modifié le 24 septembre 2011 par Hige

[pear]

Par contre pour combofix,vu qu'il n'arrivait pas a installer la consolde de recuperation(il y avait aussi un message qui disait que ce prog MK..n'est pas un truc valide....,j'ai regarder sur google et l'ai installer via le CD avant de recommencer.

 

Mais là encore il ne depasse pas le stade du message "Tentative de creation d'un point de restauration systeme".

J'ai arreter au bout de 20 min pour passer en sans echec mais idem .

 

Pas grave pour la console.

 

Mais je vous rappelle la fin de la procédure:

 

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

 

Le scan pourrait prendre un certain temps, il y a 50 procédures successives:

Patientez au moins 30 minutes pendant l'analyse.

Si le programme gèle (+ de 30 minutes), fermez le en cliquant le "X" au haut à droite de la fenêtre.

A la fin,,un rapport sera généré : postez en le contenu dans un prochain message.

Si le rapport est trop long, postez le en deux fois.

Il se trouve à c:\combofix.txt

 

 

Relancez le et patientez, svp.

[Hige]

Voici le rapport,etrangement cette fois il n'a pas bloqué a la creation du point de restauration.

 

ComboFix 11-09-24.04 - Archangel 24/09/2011 23:02:51.2.3 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3325.2810 [GMT 2:00]

Lancé depuis: c:\documents and settings\Archangel\Bureau\ComboFix.exe

AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Archangel\Application Data\FFSJ

c:\documents and settings\Archangel\Application Data\FFSJ\FFSJ.cfg

c:\documents and settings\Archangel\Application Data\OfferBox

c:\documents and settings\Archangel\Application Data\OfferBox\config.dat

c:\documents and settings\Archangel\Application Data\OfferBox\config.xml

c:\documents and settings\Archangel\WINDOWS

c:\program files\OfferBox

c:\windows\3625100665

c:\windows\system32\404Fix.exe

c:\windows\system32\Agent.OMZ.Fix.exe

c:\windows\system32\d3d9caps.dat

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\win.ini

c:\windows\system32\WS2Fix.exe

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-08-24 au 2011-09-24 ))))))))))))))))))))))))))))))))))))

.

.

2011-09-24 17:18 . 2011-09-24 19:23 115369 ----a-w- c:\windows\system32\drivers\klin.dat

2011-09-24 17:18 . 2011-09-24 19:23 97961 ----a-w- c:\windows\system32\drivers\klick.dat

2011-09-24 17:17 . 2011-09-24 17:17 -------- d-----w- c:\program files\Fichiers communs\InfoWatch

2011-09-24 17:17 . 2011-09-24 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2011-09-24 17:17 . 2011-09-24 17:17 -------- d-----w- c:\program files\Kaspersky Lab

2011-09-24 17:15 . 2011-09-24 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2011-09-24 09:01 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys

2011-09-23 20:46 . 2009-12-14 10:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys

2011-09-23 20:46 . 2009-12-14 10:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys

2011-09-23 19:16 . 2011-09-23 20:20 -------- d-----w- c:\program files\ESET

2011-09-23 00:34 . 2011-08-18 13:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-09-22 23:37 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-22 23:16 . 2011-09-20 11:11 133208 ----a-w- c:\windows\system32\drivers\88176713.sys

2011-09-22 23:12 . 2011-09-23 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2011-09-22 11:17 . 2011-09-22 11:16 401408 ----a-w- c:\windows\system32\CF4844.exe

2011-09-22 11:14 . 2011-09-22 11:14 -------- d-----w- c:\program files\trend micro

2011-09-22 07:41 . 2011-09-21 07:13 570368 ----a-w- C:\RogueKiller.exe

2011-09-22 07:41 . 2011-09-21 07:36 9852544 ----a-w- C:\malwarebytes-anti-malware_malwarebytes_anti-malware_1.51.2.1300_francais_215092.exe

2011-09-22 07:41 . 2011-09-21 06:55 10268672 ----a-w- C:\ad-aware_ad-aware_free_9.5_francais_12797.msi

2011-09-22 07:40 . 2011-09-21 06:57 124516544 ----a-w- C:\pure9.1.0.124fr.exe

2011-09-21 07:54 . 2011-09-21 07:51 409449 ----a-w- C:\rstassociations.scr

2011-09-20 22:42 . 2011-09-20 22:42 -------- d-----w- c:\program files\Common Files

2011-09-20 21:54 . 2011-09-23 17:24 -------- d-----w- C:\rsit

2011-09-20 10:34 . 2011-09-20 10:34 -------- d-----w- c:\documents and settings\Archangel\Application Data\Tific

2011-09-20 10:34 . 2011-09-20 10:34 -------- d-----w- c:\documents and settings\Archangel\Local Settings\Application Data\Symantec

2011-09-20 10:20 . 2011-09-20 22:35 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared

2011-09-20 10:19 . 2011-09-20 10:19 -------- d-----w- c:\program files\Windows Sidebar

2011-09-20 10:19 . 2011-09-20 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2011-09-20 10:15 . 2011-09-20 10:15 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2011-09-12 15:10 . 2011-09-12 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon

2011-08-29 22:14 . 2011-08-29 22:14 -------- d-----w- c:\documents and settings\LocalService\Bureau

2011-08-27 14:50 . 2007-06-11 09:20 231936 ----a-w- c:\windows\system32\FusionReg.dll

2011-08-27 14:49 . 2004-04-18 21:39 172032 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll

2011-08-27 14:49 . 2004-04-18 21:39 266240 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll

2011-08-27 14:49 . 2004-04-18 21:42 733184 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll

2011-08-27 14:49 . 2004-04-18 21:40 69715 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll

2011-08-27 14:49 . 2004-04-18 21:39 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe

2011-08-27 14:49 . 2011-08-27 14:49 303236 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll

2011-08-27 14:49 . 2011-08-27 14:49 180356 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-24 20:54 . 2009-05-30 17:51 16608 ----a-w- c:\windows\gdrv.sys

2011-09-10 22:02 . 2010-04-29 19:22 57344 ----a-r- c:\documents and settings\Archangel\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2011-09-01 11:29 . 2010-12-31 21:13 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2011-09-01 11:19 . 2011-08-23 07:58 29504 ----a-w- c:\windows\system32\uxtuneup.dll

2011-08-10 14:52 . 2011-05-31 06:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-17 15:52 . 2011-07-17 16:00 29480 ----a-w- c:\windows\system32\msxml3a.dll

2011-07-17 15:52 . 2006-09-25 15:39 353576 ----a-w- c:\windows\system32\msvcr71.dll

2011-07-17 15:52 . 2009-11-19 23:33 505128 ----a-w- c:\windows\system32\msvcp71.dll

2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Archangel\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Archangel\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Archangel\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Archangel\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2010-10-01 20:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-08-02 399736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 98304]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

.

c:\documents and settings\Archangel\Menu D‚marrer\Programmes\D‚marrage\

Dropbox.lnk - c:\documents and settings\Archangel\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\documents and settings\Archangel\Menu D‚marrer\Programmes\D‚marrage\

Dropbox.lnk - c:\documents and settings\Archangel\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Air Mouse.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Air Mouse.lnk

backup=c:\windows\pss\Air Mouse.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Archangel^Menu Démarrer^Programmes^Démarrage^Dropbox.lnk]

path=c:\documents and settings\Archangel\Menu Démarrer\Programmes\Démarrage\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Archangel^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]

path=c:\documents and settings\Archangel\Menu Démarrer\Programmes\Démarrage\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-08 04:02 37296 ----a-w- p:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirVideoServer]

2010-09-22 01:03 4923784 ----a-w- p:\program files\AirVideoServer\AirVideoServer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]

2010-04-02 07:11 75048 ------w- c:\program files\Cyberlink\Shared files\brs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16 357696 ----a-w- p:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVI]

2007-07-26 13:05 20480 ----a-w- c:\program files\Gigabyte\ET6\ETcall.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBTUpd]

2008-04-03 08:01 297480 ----a-w- c:\program files\Gigabyte\GBTUpd\PreRun.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-08-12 20:52 136176 ----atw- c:\documents and settings\Archangel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-11-13 12:07 1289000 ----a-w- p:\program files\Microsoft ActiveSync\wcescomm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HD Tune]

2008-02-09 13:17 401408 ----a-w- p:\progra~1\HDTUNE~1\HDTune.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-02-17 05:15 221184 ----a-w- c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-02-17 05:15 81920 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-06-07 15:51 421160 ----a-w- p:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]

2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-08-31 15:00 449608 ----a-w- p:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-13 17:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]

2010-05-25 17:16 619008 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]

2010-02-02 22:08 87336 ------w- p:\program files\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Backup]

2008-10-07 03:46 10762240 ----a-r- c:\program files\SmartBackup\SmartBackupSetup.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 14:07 2260480 --sha-r- p:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2011-03-22 18:37 74752 ----a-w- p:\program files\Winamp\winampa.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WiselinkPro"=2 (0x2)

"helpsvc"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"ekrn"=2 (0x2)

"EhttpSrv"=3 (0x3)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"H/PC Connection Agent"="p:\program files\Microsoft ActiveSync\wcescomm.exe"

"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"tray3"=c:\windows\system32\RecvMessage.exe

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

"iTunesHelper"="p:\program files\iTunes\iTunesHelper.exe"

"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"p:\\Program Files\\uTorrent\\uTorrent.exe"=

"p:\program files\Microsoft ActiveSync\rapimgr.exe"= p:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"p:\program files\Microsoft ActiveSync\wcescomm.exe"= p:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"p:\program files\Microsoft ActiveSync\WCESMgr.exe"= p:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\RecvMessage.exe"=

"c:\\Program Files\\Gigabyte\\GBTUpd\\RunUpd.exe"=

"p:\\sysreset\\mirc.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"p:\\Program Files\\devolo\\informer\\devinf.exe"=

"p:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Documents and Settings\\Archangel\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"p:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 88176713;88176713;c:\windows\system32\drivers\88176713.sys [23/09/2011 01:16 133208]

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [23/09/2011 22:46 88632]

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [05/06/2009 19:06 39472]

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21:18 36880]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/09/2011 02:34 64512]

R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [23/09/2011 22:46 39352]

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/07/17 18:01];p:\program files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl [02/04/2010 09:11 87536]

R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [30/05/2009 20:09 68136]

R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19/11/2004 18:07 101488]

R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [28/11/2008 15:34 35840]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;p:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [01/09/2011 13:24 1526080]

R3 AirDisplay;Air Display Support;c:\windows\system32\drivers\AVVideoCard.sys [14/04/2011 14:26 15984]

R3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\drivers\AVVideoCardMirror.sys [14/04/2011 14:26 15984]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 14:42 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 19:39 19472]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;p:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 13:34 10064]

S1 MpKsl078d3c29;MpKsl078d3c29;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0ADA08DA-09A8-4BAE-9A93-3AE5462EEBEB}\MpKsl078d3c29.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0ADA08DA-09A8-4BAE-9A93-3AE5462EEBEB}\MpKsl078d3c29.sys [?]

S1 MpKsl0e2ee768;MpKsl0e2ee768;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF5D3B24-60E0-4E46-8619-7F71FAD5D5D3}\MpKsl0e2ee768.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF5D3B24-60E0-4E46-8619-7F71FAD5D5D3}\MpKsl0e2ee768.sys [?]

S1 MpKsl0f3bcbf4;MpKsl0f3bcbf4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF5D3B24-60E0-4E46-8619-7F71FAD5D5D3}\MpKsl0f3bcbf4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF5D3B24-60E0-4E46-8619-7F71FAD5D5D3}\MpKsl0f3bcbf4.sys [?]

S1 MpKsl2bdc6bbb;MpKsl2bdc6bbb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{987A4627-EB70-4259-B8A2-D1B74F26049B}\MpKsl2bdc6bbb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{987A4627-EB70-4259-B8A2-D1B74F26049B}\MpKsl2bdc6bbb.sys [?]

S1 MpKsl6223c986;MpKsl6223c986;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CCD8BDF-2448-4677-9681-82F6A88B351A}\MpKsl6223c986.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CCD8BDF-2448-4677-9681-82F6A88B351A}\MpKsl6223c986.sys [?]

S1 MpKsl646caed9;MpKsl646caed9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A53F2EE3-B59B-4949-96E0-33360832AFC4}\MpKsl646caed9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A53F2EE3-B59B-4949-96E0-33360832AFC4}\MpKsl646caed9.sys [?]

S1 MpKsl68dd0546;MpKsl68dd0546;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9899DC13-C826-4F28-B84B-C914FEAB0040}\MpKsl68dd0546.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9899DC13-C826-4F28-B84B-C914FEAB0040}\MpKsl68dd0546.sys [?]

S1 MpKsl6cff4364;MpKsl6cff4364;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DAAAB053-1E5A-4DA3-B775-50D56658BBC2}\MpKsl6cff4364.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DAAAB053-1E5A-4DA3-B775-50D56658BBC2}\MpKsl6cff4364.sys [?]

S1 MpKsl76fbd28a;MpKsl76fbd28a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A7D0B08A-9FEF-4E7C-870F-3A1A0A810C05}\MpKsl76fbd28a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A7D0B08A-9FEF-4E7C-870F-3A1A0A810C05}\MpKsl76fbd28a.sys [?]

S1 MpKsl801c26e3;MpKsl801c26e3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14E043C2-B4CB-4B0D-A0DE-15361F941314}\MpKsl801c26e3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14E043C2-B4CB-4B0D-A0DE-15361F941314}\MpKsl801c26e3.sys [?]

S1 MpKsl89c4bd9c;MpKsl89c4bd9c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC2CA2A7-2444-4216-90D5-74A8167A27B2}\MpKsl89c4bd9c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC2CA2A7-2444-4216-90D5-74A8167A27B2}\MpKsl89c4bd9c.sys [?]

S1 MpKsl8dc3269d;MpKsl8dc3269d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B66735D6-D854-439C-80D1-19BBD1F2F969}\MpKsl8dc3269d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B66735D6-D854-439C-80D1-19BBD1F2F969}\MpKsl8dc3269d.sys [?]

S1 MpKsl8ebe5b9f;MpKsl8ebe5b9f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C63BE20E-62A1-4B0B-BC21-89679A594091}\MpKsl8ebe5b9f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C63BE20E-62A1-4B0B-BC21-89679A594091}\MpKsl8ebe5b9f.sys [?]

S1 MpKsl966369e8;MpKsl966369e8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF5D3B24-60E0-4E46-8619-7F71FAD5D5D3}\MpKsl966369e8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF5D3B24-60E0-4E46-8619-7F71FAD5D5D3}\MpKsl966369e8.sys [?]

S1 MpKsl9c328200;MpKsl9c328200;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69A5D6B3-FA3F-46A6-A26C-DB2E4E82604E}\MpKsl9c328200.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69A5D6B3-FA3F-46A6-A26C-DB2E4E82604E}\MpKsl9c328200.sys [?]

S1 MpKsla4298a88;MpKsla4298a88;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B66735D6-D854-439C-80D1-19BBD1F2F969}\MpKsla4298a88.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B66735D6-D854-439C-80D1-19BBD1F2F969}\MpKsla4298a88.sys [?]

S1 MpKsla6e0e3ed;MpKsla6e0e3ed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF073E63-D76B-4576-B2C5-9A768A139A03}\MpKsla6e0e3ed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF073E63-D76B-4576-B2C5-9A768A139A03}\MpKsla6e0e3ed.sys [?]

S1 MpKslb6d0a0e2;MpKslb6d0a0e2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF5D3B24-60E0-4E46-8619-7F71FAD5D5D3}\MpKslb6d0a0e2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF5D3B24-60E0-4E46-8619-7F71FAD5D5D3}\MpKslb6d0a0e2.sys [?]

S1 MpKslb8265317;MpKslb8265317;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE55AF49-2401-4D00-9E2C-66E8EA654CBC}\MpKslb8265317.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE55AF49-2401-4D00-9E2C-66E8EA654CBC}\MpKslb8265317.sys [?]

S1 MpKslbad887e1;MpKslbad887e1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82F8AD96-0B4E-43F4-A150-CF778C64DF6D}\MpKslbad887e1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82F8AD96-0B4E-43F4-A150-CF778C64DF6D}\MpKslbad887e1.sys [?]

S1 MpKslbd6ee218;MpKslbd6ee218;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA879E70-B13F-4A03-8C9D-680395ABC530}\MpKslbd6ee218.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA879E70-B13F-4A03-8C9D-680395ABC530}\MpKslbd6ee218.sys [?]

S1 MpKslcf4213ab;MpKslcf4213ab;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFAEDC71-996A-4FF2-A7FB-5954E01CB579}\MpKslcf4213ab.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFAEDC71-996A-4FF2-A7FB-5954E01CB579}\MpKslcf4213ab.sys [?]

S1 MpKslda38a941;MpKslda38a941;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{006745CC-0DC7-4359-B0DD-70EC3EB769F6}\MpKslda38a941.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{006745CC-0DC7-4359-B0DD-70EC3EB769F6}\MpKslda38a941.sys [?]

S1 MpKsle1238778;MpKsle1238778;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9899DC13-C826-4F28-B84B-C914FEAB0040}\MpKsle1238778.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9899DC13-C826-4F28-B84B-C914FEAB0040}\MpKsle1238778.sys [?]

S1 MpKsle13038d4;MpKsle13038d4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DC63ACD-C359-46C8-9ED4-7D63B4D63C5F}\MpKsle13038d4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DC63ACD-C359-46C8-9ED4-7D63B4D63C5F}\MpKsle13038d4.sys [?]

S1 MpKsle385f021;MpKsle385f021;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E9403EB-C203-4916-A101-78863BC27786}\MpKsle385f021.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E9403EB-C203-4916-A101-78863BC27786}\MpKsle385f021.sys [?]

S1 MpKsleb643d62;MpKsleb643d62;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9540CAB7-A0C9-4585-9CD2-ABEDEA056F3B}\MpKsleb643d62.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9540CAB7-A0C9-4585-9CD2-ABEDEA056F3B}\MpKsleb643d62.sys [?]

S1 MpKslf0a77645;MpKslf0a77645;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E32804BF-0B9E-441F-8096-D1436C73609D}\MpKslf0a77645.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E32804BF-0B9E-441F-8096-D1436C73609D}\MpKslf0a77645.sys [?]

S1 MpKslf61756ba;MpKslf61756ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E911B0AB-2AC1-41D2-B826-8820AA6CEB45}\MpKslf61756ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E911B0AB-2AC1-41D2-B826-8820AA6CEB45}\MpKslf61756ba.sys [?]

S1 MpKslf6bcf29e;MpKslf6bcf29e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DB6C0DB-94B0-4412-BA8F-C924F7D5878D}\MpKslf6bcf29e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DB6C0DB-94B0-4412-BA8F-C924F7D5878D}\MpKslf6bcf29e.sys [?]

S1 MpKslfa2ef13d;MpKslfa2ef13d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9899DC13-C826-4F28-B84B-C914FEAB0040}\MpKslfa2ef13d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9899DC13-C826-4F28-B84B-C914FEAB0040}\MpKslfa2ef13d.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]

S2 COM Service;COM Service;c:\program files\Gigabyte\G.O.M\GCSVR.exe [30/05/2009 20:41 16384]

S2 CSObjectsSrv;Service de gestion du système CryproStorage;c:\program files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 17:34 743992]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;p:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/08/2011 15:25 2151640]

S3 ADDCUXLP;ADDCUXLP;c:\docume~1\ARCHAN~1\LOCALS~1\Temp\ADDCUXLP.exe --> c:\docume~1\ARCHAN~1\LOCALS~1\Temp\ADDCUXLP.exe [?]

S3 BMGMFHGV;BMGMFHGV;c:\docume~1\ARCHAN~1\LOCALS~1\Temp\BMGMFHGV.exe --> c:\docume~1\ARCHAN~1\LOCALS~1\Temp\BMGMFHGV.exe [?]

S3 SWUSBFLT;Pilote de filtre Microsoft SideWinder VIA;c:\windows\system32\drivers\SWUSBFLT.SYS [10/11/2010 21:45 3968]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]

S4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [08/08/2011 09:48 311928]

S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [22/07/2011 14:26 690472]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contenu du dossier 'Tâches planifiées'

.

2011-09-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- p:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 13:25]

.

2011-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34]

.

2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-562591055-682003330-1004Core.job

- c:\documents and settings\Archangel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 20:52]

.

2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-562591055-682003330-1004UA.job

- c:\documents and settings\Archangel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 20:52]

.

.

------- Examen supplémentaire -------

.

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporter vers Microsoft Excel - p:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Archangel\Application Data\Mozilla\Firefox\Profiles\u6jthp5s.default\

FF - prefs.js: browser.startup.homepage - www.google.fr

FF - user.js: general.useragent.extra.zencast -

FF - user.js: browser.sessionstore.resume_from_crash - false

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

.

------- Associations de fichier -------

.

vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*

.

- - - - ORPHELINS SUPPRIMES - - - -

.

SafeBoot-44347910.sys

MSConfigStartUp-AdVantage - c:\documents and settings\Archangel\Application Data\advantage\AdVantage.exe

MSConfigStartUp-Change Logon Utility - c:\documents and settings\Archangel\Application Data\chglogon.exe

MSConfigStartUp-CloneCDTray - p:\program files\SlySoft\CloneCD\CloneCDTray.exe

MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

MSConfigStartUp-SDFix - c:\sdfix\RunThis.bat

MSConfigStartUp-tplsis70t - c:\documents and settings\Archangel\Application Data\F39A95FC7AD7707F1CDA8CEB0520990F\tplsis70t.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-09-24 23:07

Windows 5.1.2600 Service Pack 3 NTFS

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]

"ImagePath"="\??\p:\program files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OOSAFEERASE03.00.00.01MSWINDOWS"="61A1096B87809E0AA5F4A83E677877A8020425269D89BE1F8949591E8622256C7D4F48BE83AE293C616B675599C426361EC5F6DD9E14F5903D3DEFBBF929A5F9AE0D7C4FF008B7539DCF83D3058A75365844C290E697D24FC5F276D96D275E876B129A602B1847F684C72D5287D1EDB5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407BA7FD869164D6794A6171C11EC38DE3D4CD71AC6BD8FBF260873DBCEB793E39C3AE9E3479EE9D328CCB4181023033C60334640F1957D0B197D48523709460D2A8126CC20FB9407880FE8232918AA6D2B3766B30F84E7A64B24BC56B8BFB1D9E27E9D766690A7D70DE2EB3A3004A3062BE8A8C1567C11675D3D2DEEE24F162A4C42BB3E1B727E4F40C956363EBD09D60C5C71DC16B7F287418CEBC45872E73F3DE15E29567C2D577F4BB31280E02912D1A71B18AF303724BFDABFA7CE255041E4F7595BC3CCF7C07DF184EE354C86D2D2E671AD1828BE3E75F4E1861029AAB7C2A173A22245D73D3E4C3B0F33A2D893BABAB5F859239B3CD02C0179FA8487922C80E76BC40CFA661D6CC1DA60CB0BB487C61EFC8E6895671754BDBA037EABA3C93A65CA920CC2B6486AF35FBA72B87C8C31525D6B85A8EBDE46AF262C25112297788E7687F1C58CBF60204BD106B69170276FE234C805DB935FE0BF11C9622968E9FB4932304CACD9EB0C73C93A8B012E5787F942480DADF57F4D2BE10200355EBE3842377DD3BD4131EF4FDA8471BA13769D3503DA58B8998A6935DEA5802AF3ACC084CCD48D4BF2557579D221569344BAAD48F71D33BC666A1AC96053AA4DF56F0AD63DF2E0C4C1043FB38F0FDC44B6E0228CB5EF9CD8970C3A7BCEEB7B4A83417A24695A657DD16CDFE107925B6836295D7F65F548143DDE967F289324AE1467EC7B44516A2D1D40E00BBFB0DD81E055344045191ED7BAD8712F01B308ECED25B10F5562EEEE73353CDAD8B6A17229AEEE942683B770C8F0020CFDF9BFDA2F440BB6B75B2C43F308632200321984D700CBE56C27E71072A570B359D79834C813306D994E878B17763954FAF6EBE40519FA4193B6AFCA18F6DBEDE1021396FDE3CAD04090A111A4439709219CF222A1CDA156A6AB471C6C6957A47971E284E90B7BA501BE4AFCBAB4C8FDDF7DBDB2EEF559FB48C09AE0798467E417E2F1E4F6E255D0483487E1CA950D10B6398FEC046DAEA82D7749D9185686E1C3D8DB0167C8DD5F949592AF1CB41AC4B9B2DD0F4D9222FA1E14A42CF9EF22719E18F009CF9E917D7AC6D9C0C6E516C41210D2B887492A33F91D376122649D0CDAA8B58D1949DF019FF27F4FB97D1E5AFA3F4E6D467BAEB6B0603CE7E7CDCDD13D586385FEB3A95FC088567AB6D6C077456DE11770"

.

[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]

@DACL=(02 0000)

@SACL=

"WinSock_Registry_Version"="2.0"

"Current_NameSpace_Catalog"="NameSpace_Catalog5"

"Current_Protocol_Catalog"="Protocol_Catalog9"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

.

- - - - - - - > 'winlogon.exe'(1636)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

Heure de fin: 2011-09-24 23:08:49

ComboFix-quarantined-files.txt 2011-09-24 21:08

.

Avant-CF: 21 130 522 624 octets libres

Après-CF: 21 364 408 320 octets libres

.

- - End Of File - - 569BD67148E70E9142205C227371DE22

[pear]

Bonjour,

 

Spybot et Ad_Aware sont obsolètes, à désintaller.

Ceci aussi:

Contenu du dossier 'Tâches planifiées'

.

2011-09-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- p:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 13:25]

.

2011-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34]

.

2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-562591055-682003330-1004Core.job

- c:\documents and settings\Archangel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 20:52]

.

2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-562591055-682003330-1004UA.job

- c:\documents and settings\Archangel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 20:52]

 

Comment va la machine ?

.

Modifié le 25 septembre 2011 par pear

[Hige]

Ca a l'air d'aller si ce n'est un tres fort ralentissement de FIrefox qui n'existait pas avant et les fichiers GMER que je n'arrive pas a supprimer du bureau(ceux que le virus avaient bloqués)

[pear]

ralentissement de FIrefox qui n'existait pas avant

Il arrive que certains fichiers d'un profil soient endommagés, provoquant ainsi des plantages de Firefox, la disparition des marque-pages, des comportement étranges...

Ces corruptions de profils peuvent être dues à des causes diverses (plantage de la machine pendant une opération d'écriture, installation d'une extension qui casse Firefox, mise à jour de firefox ou d'une extension interrompue par une coupure du réseau...).

 

 

Pour créer un nouveau profil Firefox:

Fermer toutes les fenêtres de Firefox.

Démarrer->Exécuter copiez-collez

Firefox -p

validez

Dans la fenêtre qui s'ouvre ,cliquerr sur Créer un profil

Dans la fenêtre suivante clique sur Suivant

et dans la fenêtre suivante rentrer un nom pour le nouveau profil puis cliquer sur Terminer.

retour dans la fenêtre initiale,

cliquer sur Démarrer Firefox.

Firefox va démarrer sur le nouveau profil

Donc plus accès aux favoris ni aux extensions.

 

Redémarrez sur l'ancien profil,

Relancez la commande Firefox -p,

Sélectionnez l'ancien profil"Default"

Cliquez sur Démarrer Firefox.

Récupèrer les données à partir de l'ancien profil:marque-pages(Bookmark.html)

Dans lenouveau profil, ouvrez le menu marque-pages puis Organiser les marque-pages.

Dans la nouvelle fenêtre, cliquez sur Importation et sauvegarde/Restaurer/Choisir un fichier

Sous Xp,Parcourez C:\Documents and Settings\Votre nom utilisateur\Application Data\Mozilla\Firefox\Profiles\Default\BookmarksBackups

Sous Vista et Seven,Documents and Settings n'existant pas, auparavant faites ceci:

Démarrer->Panneau de configuration-> Options des dossiers-> Affichage-> Fichiers et dossiers cachés,

sous Vista, cochez la case Afficher les fichiers et dossiers cachés.

sous Seven, cochez la case Afficher les fichiers, dossiers et lecteurs cachés :

 

Sélectionnez la dernière sauvegarde puis cliquez sur Ouvrir.

Les marque-pages devraient apparaitre dans le nouveau profil.

Pour les mots de passe, copiez/collez les fichiers suivants de l'ancien profil vers le nouveau:

Key3.db

signons3.txt

Pour les certificats:

cert8.db

Réinstallez les extensions sur le site Mozilla

 

 

fichiers GMER que je n'arrive pas a supprimer

 

Même en mode sans échec ?

 

Clic droit sur le fichier->Propriétés->Sécurité->Votre nom utilisateur->Autoriser->control total

[Hige]

Merci pour l'astuce sur Mozilla,mais est ce que je risque de perdre tout mes favoris ??Les extensions je sais que je peux les retelechargé mais j'aimerai ne rien perdre de mes liens.

 

En ce qui concerne les fichiers,oui meme en sans echec je ne peux les supprimer;

j'ai toujours ce message " Impossible de supprimer xxxxx:acces refuse.

Verifier que le disque n'est pas plein ou protege en ecriture et que le fichier n'est pas utilisé actuellement."

 

Et en clique droit je n'ai pas d'onglet securité mais seulement:General,Programme,Police,Memoire,ecran,Divers,Compatibilité. (et ce dans ma session ou sans echec )

 

Edit:apres creation du nouveau profil,la situation est la même.

Modifié le 28 septembre 2011 par Hige

[pear]

est ce que je risque de perdre tout mes favoris

Sélectionnez la dernière sauvegarde puis cliquez sur Ouvrir.

Les marque-pages devraient apparaitre dans le nouveau profil.

 

je n'ai pas d'onglet securité

 

Sous Xp home

Par défaut, Windows XP Home édition ne gère pas la sécurité des répertoires et des fichiers comme le font NT4, 2000 et XP Pro.

Pour ajouter cette fonction précieuse dès lors que l'ordinateur est en réseau et que l'on veut gérer des droits sur certains dossiers.

Téléchargement Security Configuration Manager

Clic droit sur le bureau->Nouveau dossier

Glissez y scesp4i.exe

et lancez le

sélectionnez SETUP.INF,clic droit->Installer

-A la demande "Souhaitez remplacer le fichier ESENT.DLL", refusez en cliquant sur NON POUR TOUS

-Redémarrer votre poste de travail.

-L'onglet Sécurité est installé.

[/color]

[Hige]

Bonjour

 

 

j'ai reglé le probleme de ralentissement en installant FF7 qui vient de sortir et tout a l'air de bien fonctionner.

Egalement ,j'ai pu supprimer les fichiers recalcitrant avec Security Configuration Manager .

 

Pour conclure,je ne peux rien dire de plus qu'un tres grand merci pour l'aide apporté.

 

Merci beaucoup.