[Réglé]win 32 tdss

kirill · le 29 Déc 2009 11:50

je viens d infecter mon pc avec un virus qui me propose de s installer ,il bloque toute mes tentative d installation de malware antimalware ,il ma vire avira , je ne peux plus lancer spybot , le seul antivirus qui se lance est asquared free il ma trouve : win 32 tdss !ik et malware defense
je ne sais plus quoi faire merçi de votre aide

jeanmimigab · le 29 Déc 2009 12:21

hello fait cela stp...

Désactives ton anti-virus avant de faire toutes ces étapes

Télécharges load_tdsskiller ( par loup_blanc ) sur ton bureau.

Fais un double-clic sur l'icône Load_tdsskiller qui se trouve sur ton bureau et patiente le temps du scan.

Si ton parre-feu te signale que le proccessus "Wget.exe" tente d'accéder à internet, accèpte....

Moins d'une minute après dans la fenêtre noire apparait le message " Appuyez sur un touche pour continuer ", fait un clic dans la fenêtre et appuie sur la touche "entrée".

Ensuite un rapport texte va s'ouvrir, postes son contenu dans ta prochaine réponse.

@++

kirill · le 29 Déc 2009 12:27

bonjour et merci pour votre aide et surtout pôur votre reactivite je poste le rapport

Code: Tout sélectionner: 12:24:34:703 1492 TDSSKiller 2.1.1 Dec 20 2009 02:40:02 12:24:34:703 1492 ================================================================================ 12:24:34:703 1492 SystemInfo: 12:24:34:703 1492 OS Version: 5.1.2600 ServicePack: 3.0 12:24:34:703 1492 Product type: Workstation 12:24:34:703 1492 ComputerName: MOA-03F9YO4OWGJ 12:24:34:703 1492 UserName: 12:24:34:703 1492 Windows directory: C:\WINDOWS 12:24:34:703 1492 Processor architecture: Intel x86 12:24:34:703 1492 Number of processors: 1 12:24:34:703 1492 Page size: 0x1000 12:24:34:703 1492 Boot type: Normal boot 12:24:34:703 1492 ================================================================================ 12:24:34:703 1492 main: Driver KLMD successfully unloaded 12:24:35:203 1492 ForceUnloadDriver: NtUnloadDriver error 2 12:24:35:203 1492 ForceUnloadDriver: NtUnloadDriver error 2 12:24:35:203 1492 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0 12:24:35:203 1492 main: Driver KLMD successfully dropped 12:24:35:203 1492 main: Driver KLMD successfully loaded 12:24:35:203 1492 Scanning Registry ... 12:24:35:203 1492 ScanServices: Searching service UACd.sys 12:24:35:203 1492 ScanServices: Open/Create key error 2 12:24:35:203 1492 ScanServices: Searching service TDSSserv.sys 12:24:35:203 1492 ScanServices: Open/Create key error 2 12:24:35:203 1492 ScanServices: Searching service gaopdxserv.sys 12:24:35:203 1492 ScanServices: Open/Create key error 2 12:24:35:203 1492 ScanServices: Searching service gxvxcserv.sys 12:24:35:203 1492 ScanServices: Open/Create key error 2 12:24:35:203 1492 ScanServices: Searching service MSIVXserv.sys 12:24:35:203 1492 ScanServices: Open/Create key error 2 12:24:35:203 1492 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000 12:24:35:203 1492 UnhookRegistry: Kernel local addr: F00000 12:24:35:203 1492 UnhookRegistry: KeServiceDescriptorTable addr: F7C020 12:24:35:203 1492 UnhookRegistry: KiServiceTable addr: F2AB9C 12:24:35:203 1492 UnhookRegistry: NtEnumerateKey service number (local): 47 12:24:35:203 1492 UnhookRegistry: NtEnumerateKey local addr: 1043B72 12:24:35:203 1492 KLMD_OpenDevice: Trying to open KLMD device 12:24:35:203 1492 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey 12:24:35:203 1492 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey 12:24:35:203 1492 KLMD_ReadMem: Trying to ReadMemory 0x804FE335[0x4] 12:24:35:203 1492 UnhookRegistry: NtEnumerateKey service number (kernel): 47 12:24:35:203 1492 KLMD_ReadMem: Trying to ReadMemory 0x80501CB8[0x4] 12:24:35:203 1492 UnhookRegistry: NtEnumerateKey real addr: 8061AB72 12:24:35:203 1492 UnhookRegistry: NtEnumerateKey calc addr: 8061AB72 12:24:35:203 1492 UnhookRegistry: No SDT hooks found on NtEnumerateKey 12:24:35:203 1492 KLMD_ReadMem: Trying to ReadMemory 0x8061AB72[0xA] 12:24:35:203 1492 UnhookRegistry: No splicing found on NtEnumerateKey 12:24:35:203 1492 Scanning Kernel memory ... 12:24:35:203 1492 KLMD_OpenDevice: Trying to open KLMD device 12:24:35:203 1492 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk 12:24:35:218 1492 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 12:24:35:218 1492 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 82F25CC8 12:24:35:218 1492 DetectCureTDL3: KLMD_GetDeviceObjectList returned 6 DevObjects 12:24:35:218 1492 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 82FAB258 12:24:35:218 1492 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82FAB258 12:24:35:218 1492 KLMD_ReadMem: Trying to ReadMemory 0x82FAB258[0x38] 12:24:35:218 1492 DetectCureTDL3: DRIVER_OBJECT addr: 82F25CC8 12:24:35:218 1492 KLMD_ReadMem: Trying to ReadMemory 0x82F25CC8[0xA8] 12:24:35:218 1492 KLMD_ReadMem: Trying to ReadMemory 0xE15E2BF8[0x208] 12:24:35:218 1492 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 12:24:35:218 1492 DetectCureTDL3: IrpHandler (0) addr: F74EDBB0 12:24:35:218 1492 DetectCureTDL3: IrpHandler (1) addr: 804F355A 12:24:35:218 1492 DetectCureTDL3: IrpHandler (2) addr: F74EDBB0 12:24:35:218 1492 DetectCureTDL3: IrpHandler (3) addr: F74E7D1F 12:24:35:218 1492 DetectCureTDL3: IrpHandler (4) addr: F74E7D1F 12:24:35:218 1492 DetectCureTDL3: IrpHandler (5) addr: 804F355A 12:24:35:218 1492 DetectCureTDL3: IrpHandler (6) addr: 804F355A 12:24:35:218 1492 DetectCureTDL3: IrpHandler (7) addr: 804F355A 12:24:35:218 1492 DetectCureTDL3: IrpHandler (8) addr: 804F355A 12:24:35:218 1492 DetectCureTDL3: IrpHandler (9) addr: F74E82E2 12:24:35:218 1492 DetectCureTDL3: IrpHandler (10) addr: 804F355A 12:24:35:218 1492 DetectCureTDL3: IrpHandler (11) addr: 804F355A 12:24:35:218 1492 DetectCureTDL3: IrpHandler (12) addr: 804F355A 12:24:35:218 1492 DetectCureTDL3: IrpHandler (13) addr: 804F355A 12:24:35:218 1492 DetectCureTDL3: IrpHandler (14) addr: F74E83BB 12:24:35:218 1492 DetectCureTDL3: IrpHandler (15) addr: F74EBF28 12:24:35:218 1492 DetectCureTDL3: IrpHandler (16) addr: F74E82E2 12:24:35:218 1492 DetectCureTDL3: IrpHandler (17) addr: 804F355A 12:24:35:218 1492 DetectCureTDL3: IrpHandler (18) addr: 804F355A 12:24:35:218 1492 DetectCureTDL3: IrpHandler (19) addr: 804F355A 12:24:35:218 1492 DetectCureTDL3: IrpHandler (20) addr: 804F355A 12:24:35:218 1492 DetectCureTDL3: IrpHandler (21) addr: 804F355A 12:24:35:218 1492 DetectCureTDL3: IrpHandler (22) addr: F74E9C82 12:24:35:218 1492 DetectCureTDL3: IrpHandler (23) addr: F74EE99E 12:24:35:218 1492 DetectCureTDL3: IrpHandler (24) addr: 804F355A 12:24:35:218 1492 DetectCureTDL3: IrpHandler (25) addr: 804F355A 12:24:35:218 1492 DetectCureTDL3: IrpHandler (26) addr: 804F355A 12:24:35:218 1492 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 12:24:35:218 1492 KLMD_ReadMem: DeviceIoControl error 1 12:24:35:218 1492 TDL3_StartIoHookDetect: Unable to get StartIo handler code 12:24:35:218 1492 TDL3_FileDetect: Processing driver: Disk 12:24:35:218 1492 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 12:24:35:218 1492 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 12:24:35:218 1492 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 12:24:35:312 1492 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 82FAE9F0 12:24:35:312 1492 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82FAE9F0 12:24:35:312 1492 KLMD_ReadMem: Trying to ReadMemory 0x82FAE9F0[0x38] 12:24:35:312 1492 DetectCureTDL3: DRIVER_OBJECT addr: 82F25CC8 12:24:35:312 1492 KLMD_ReadMem: Trying to ReadMemory 0x82F25CC8[0xA8] 12:24:35:312 1492 KLMD_ReadMem: Trying to ReadMemory 0xE15E2BF8[0x208] 12:24:35:312 1492 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 12:24:35:312 1492 DetectCureTDL3: IrpHandler (0) addr: F74EDBB0 12:24:35:312 1492 DetectCureTDL3: IrpHandler (1) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (2) addr: F74EDBB0 12:24:35:312 1492 DetectCureTDL3: IrpHandler (3) addr: F74E7D1F 12:24:35:312 1492 DetectCureTDL3: IrpHandler (4) addr: F74E7D1F 12:24:35:312 1492 DetectCureTDL3: IrpHandler (5) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (6) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (7) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (8) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (9) addr: F74E82E2 12:24:35:312 1492 DetectCureTDL3: IrpHandler (10) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (11) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (12) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (13) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (14) addr: F74E83BB 12:24:35:312 1492 DetectCureTDL3: IrpHandler (15) addr: F74EBF28 12:24:35:312 1492 DetectCureTDL3: IrpHandler (16) addr: F74E82E2 12:24:35:312 1492 DetectCureTDL3: IrpHandler (17) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (18) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (19) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (20) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (21) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (22) addr: F74E9C82 12:24:35:312 1492 DetectCureTDL3: IrpHandler (23) addr: F74EE99E 12:24:35:312 1492 DetectCureTDL3: IrpHandler (24) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (25) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (26) addr: 804F355A 12:24:35:312 1492 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 12:24:35:312 1492 KLMD_ReadMem: DeviceIoControl error 1 12:24:35:312 1492 TDL3_StartIoHookDetect: Unable to get StartIo handler code 12:24:35:312 1492 TDL3_FileDetect: Processing driver: Disk 12:24:35:312 1492 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 12:24:35:312 1492 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 12:24:35:312 1492 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 12:24:35:312 1492 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 82FB0C68 12:24:35:312 1492 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82FB0C68 12:24:35:312 1492 KLMD_ReadMem: Trying to ReadMemory 0x82FB0C68[0x38] 12:24:35:312 1492 DetectCureTDL3: DRIVER_OBJECT addr: 82F25CC8 12:24:35:312 1492 KLMD_ReadMem: Trying to ReadMemory 0x82F25CC8[0xA8] 12:24:35:312 1492 KLMD_ReadMem: Trying to ReadMemory 0xE15E2BF8[0x208] 12:24:35:312 1492 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 12:24:35:312 1492 DetectCureTDL3: IrpHandler (0) addr: F74EDBB0 12:24:35:312 1492 DetectCureTDL3: IrpHandler (1) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (2) addr: F74EDBB0 12:24:35:312 1492 DetectCureTDL3: IrpHandler (3) addr: F74E7D1F 12:24:35:312 1492 DetectCureTDL3: IrpHandler (4) addr: F74E7D1F 12:24:35:312 1492 DetectCureTDL3: IrpHandler (5) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (6) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (7) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (8) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (9) addr: F74E82E2 12:24:35:312 1492 DetectCureTDL3: IrpHandler (10) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (11) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (12) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (13) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (14) addr: F74E83BB 12:24:35:312 1492 DetectCureTDL3: IrpHandler (15) addr: F74EBF28 12:24:35:312 1492 DetectCureTDL3: IrpHandler (16) addr: F74E82E2 12:24:35:312 1492 DetectCureTDL3: IrpHandler (17) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (18) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (19) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (20) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (21) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (22) addr: F74E9C82 12:24:35:312 1492 DetectCureTDL3: IrpHandler (23) addr: F74EE99E 12:24:35:312 1492 DetectCureTDL3: IrpHandler (24) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (25) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (26) addr: 804F355A 12:24:35:312 1492 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 12:24:35:312 1492 KLMD_ReadMem: DeviceIoControl error 1 12:24:35:312 1492 TDL3_StartIoHookDetect: Unable to get StartIo handler code 12:24:35:312 1492 TDL3_FileDetect: Processing driver: Disk 12:24:35:312 1492 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 12:24:35:312 1492 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 12:24:35:312 1492 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 12:24:35:312 1492 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 82F43AB8 12:24:35:312 1492 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F43AB8 12:24:35:312 1492 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 82F18920 12:24:35:312 1492 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F18920 12:24:35:312 1492 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 82F30030 12:24:35:312 1492 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F30030 12:24:35:312 1492 KLMD_ReadMem: Trying to ReadMemory 0x82F30030[0x38] 12:24:35:312 1492 DetectCureTDL3: DRIVER_OBJECT addr: 82F4C360 12:24:35:312 1492 KLMD_ReadMem: Trying to ReadMemory 0x82F4C360[0xA8] 12:24:35:312 1492 KLMD_ReadMem: Trying to ReadMemory 0xE100DD10[0x208] 12:24:35:312 1492 DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvgts, Driver Name: nvgts 12:24:35:312 1492 DetectCureTDL3: IrpHandler (0) addr: F72D244C 12:24:35:312 1492 DetectCureTDL3: IrpHandler (1) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (2) addr: F72D244C 12:24:35:312 1492 DetectCureTDL3: IrpHandler (3) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (4) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (5) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (6) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (7) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (8) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (9) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (10) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (11) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (12) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (13) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (14) addr: F72D244C 12:24:35:312 1492 DetectCureTDL3: IrpHandler (15) addr: F72D244C 12:24:35:312 1492 DetectCureTDL3: IrpHandler (16) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (17) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (18) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (19) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (20) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (21) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (22) addr: F72D244C 12:24:35:312 1492 DetectCureTDL3: IrpHandler (23) addr: F72D244C 12:24:35:312 1492 DetectCureTDL3: IrpHandler (24) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (25) addr: 804F355A 12:24:35:312 1492 DetectCureTDL3: IrpHandler (26) addr: 804F355A 12:24:35:312 1492 KLMD_ReadMem: Trying to ReadMemory 0xF72D540E[0x400] 12:24:35:312 1492 TDL3_StartIoHookDetect: CheckParameters: 1, F72D917C, 618, 0 12:24:35:312 1492 TDL3_FileDetect: Processing driver: nvgts 12:24:35:312 1492 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\nvgts.sys, C:\WINDOWS\system32\Drivers\nvgts.tsk, SYSTEM\CurrentControlSet\Services\nvgts, system32\Drivers\nvgts.tsk 12:24:35:312 1492 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\nvgts.sys 12:24:35:312 1492 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\nvgts.sys 12:24:35:328 1492 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 82F43030 12:24:35:328 1492 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F43030 12:24:35:328 1492 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 82F399E8 12:24:35:328 1492 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F399E8 12:24:35:328 1492 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 82F18A38 12:24:35:328 1492 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F18A38 12:24:35:328 1492 KLMD_ReadMem: Trying to ReadMemory 0x82F18A38[0x38] 12:24:35:328 1492 DetectCureTDL3: DRIVER_OBJECT addr: 82F4C360 12:24:35:328 1492 KLMD_ReadMem: Trying to ReadMemory 0x82F4C360[0xA8] 12:24:35:328 1492 KLMD_ReadMem: Trying to ReadMemory 0xE100DD10[0x208] 12:24:35:328 1492 DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvgts, Driver Name: nvgts 12:24:35:328 1492 DetectCureTDL3: IrpHandler (0) addr: F72D244C 12:24:35:328 1492 DetectCureTDL3: IrpHandler (1) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (2) addr: F72D244C 12:24:35:328 1492 DetectCureTDL3: IrpHandler (3) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (4) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (5) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (6) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (7) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (8) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (9) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (10) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (11) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (12) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (13) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (14) addr: F72D244C 12:24:35:328 1492 DetectCureTDL3: IrpHandler (15) addr: F72D244C 12:24:35:328 1492 DetectCureTDL3: IrpHandler (16) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (17) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (18) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (19) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (20) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (21) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (22) addr: F72D244C 12:24:35:328 1492 DetectCureTDL3: IrpHandler (23) addr: F72D244C 12:24:35:328 1492 DetectCureTDL3: IrpHandler (24) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (25) addr: 804F355A 12:24:35:328 1492 DetectCureTDL3: IrpHandler (26) addr: 804F355A 12:24:35:328 1492 KLMD_ReadMem: Trying to ReadMemory 0xF72D540E[0x400] 12:24:35:328 1492 TDL3_StartIoHookDetect: CheckParameters: 1, F72D917C, 618, 0 12:24:35:328 1492 TDL3_FileDetect: Processing driver: nvgts 12:24:35:328 1492 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\nvgts.sys, C:\WINDOWS\system32\Drivers\nvgts.tsk, SYSTEM\CurrentControlSet\Services\nvgts, system32\Drivers\nvgts.tsk 12:24:35:328 1492 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\nvgts.sys 12:24:35:328 1492 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\nvgts.sys 12:24:35:343 1492 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 82F30AB8 12:24:35:343 1492 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F30AB8 12:24:35:343 1492 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 82F0B920 12:24:35:343 1492 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F0B920 12:24:35:343 1492 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 82FB5A38 12:24:35:343 1492 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82FB5A38 12:24:35:343 1492 KLMD_ReadMem: Trying to ReadMemory 0x82FB5A38[0x38] 12:24:35:343 1492 DetectCureTDL3: DRIVER_OBJECT addr: 82F4C360 12:24:35:343 1492 KLMD_ReadMem: Trying to ReadMemory 0x82F4C360[0xA8] 12:24:35:343 1492 KLMD_ReadMem: Trying to ReadMemory 0xE100DD10[0x208] 12:24:35:343 1492 DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvgts, Driver Name: nvgts 12:24:35:343 1492 DetectCureTDL3: IrpHandler (0) addr: F72D244C 12:24:35:343 1492 DetectCureTDL3: IrpHandler (1) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (2) addr: F72D244C 12:24:35:343 1492 DetectCureTDL3: IrpHandler (3) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (4) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (5) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (6) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (7) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (8) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (9) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (10) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (11) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (12) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (13) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (14) addr: F72D244C 12:24:35:343 1492 DetectCureTDL3: IrpHandler (15) addr: F72D244C 12:24:35:343 1492 DetectCureTDL3: IrpHandler (16) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (17) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (18) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (19) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (20) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (21) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (22) addr: F72D244C 12:24:35:343 1492 DetectCureTDL3: IrpHandler (23) addr: F72D244C 12:24:35:343 1492 DetectCureTDL3: IrpHandler (24) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (25) addr: 804F355A 12:24:35:343 1492 DetectCureTDL3: IrpHandler (26) addr: 804F355A 12:24:35:343 1492 KLMD_ReadMem: Trying to ReadMemory 0xF72D540E[0x400] 12:24:35:343 1492 TDL3_StartIoHookDetect: CheckParameters: 1, F72D917C, 618, 0 12:24:35:343 1492 TDL3_FileDetect: Processing driver: nvgts 12:24:35:343 1492 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\nvgts.sys, C:\WINDOWS\system32\Drivers\nvgts.tsk, SYSTEM\CurrentControlSet\Services\nvgts, system32\Drivers\nvgts.tsk 12:24:35:343 1492 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\nvgts.sys 12:24:35:343 1492 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\nvgts.sys 12:24:35:359 1492 Completed Results: 12:24:35:359 1492 Infected objects in memory: 0 12:24:35:375 1492 Cured objects in memory: 0 12:24:35:375 1492 Infected objects on disk: 0 12:24:35:375 1492 Objects on disk cured on reboot: 0 12:24:35:375 1492 Objects on disk deleted on reboot: 0 12:24:35:375 1492 Registry nodes deleted on reboot: 0 12:24:35:375 1492

jeanmimigab · le 29 Déc 2009 12:45

re,

Apriori, plus de traces de TDSS, ou bien c'est une nouvelle variante ou bien du bagle c'est glisser là dedans...

fait cela stp...

désactive ton Anti-virus le temps de faire ces manipulations.

>>Télécharge Winsockxpfix sur ton bureau et passe à la suite.

========================================================================================================

ensuite...

Télécharge Combofix sur ton Bureau (et pas ailleurs)en le renommant avant qu'il n'atterrisse sur ton bureau. [/b]
pour cela fais un clic droit sur Combofix.exe ,choisis "enregistrer la cible du lien sous..." et renomme le en Schnoqueur.exe pour l'emplacement choisis ton bureau et cliques sur "enregistrer"

Double clique ComboFix.exe pour démarrer le scan et suis les instructions indiquées par combofix.
Si Combofix te demande te demande l'autorisation de télécharger et installer la console de récupération Windows, acceptes et suis les instructions.
Lorsque le scan sera complet, un rapport apparaîtra, enregistre le sur ton bureau.
Redémarre impérativement ton pc !!
Copie/colle le rapport combofix dans ta prochaine réponse

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Ne pas cliquer dans la fenêtre de Combofix durant l'analyse ; ceci provoquerait le gel du programme.

========================================================================================================

si a tout hasard ta connexion internet n'est plus active après le redémarrage du pc fait cela pour la réparer...

Fait un double clic sur l'icône

de WinsockXPFix.

>>clique sur "Fix" > et si ton pc ne redémarre pas,redémarre le manuellement.

@++

kirill · le 29 Déc 2009 13:35

ok , j ai lance combofix ça s est bien passe seulement des fenetres d avira ce sont ouvertes durant le scan de combofix , j ai mis en quarantaine ????

Code: Tout sélectionner: ComboFix 09-12-28.05 - 29/12/2009 13:12:34.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1007.707 [GMT 1:00] Lancé depuis: c:\documents and settings\\Bureau\Schnoqueur.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . Les fichiers ci-dessous ont été désactivés pendant l'exécution: c:\program files\SuperCopier2\SC2Hook.dll (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\CHRIST~1\LOCALS~1\Temp\1.wmv c:\docume~1\CHRIST~1\LOCALS~1\Temp\wscsvc32.exe c:\documents and settings\All Users\Bureau\nudetube.com.lnk c:\documents and settings\All Users\Bureau\pornotube.com.lnk c:\documents and settings\All Users\Bureau\youporn.com.lnk c:\documents and settings\\Application Data\Desktopicon c:\documents and settings\\Mes documents\sauvegarde registre.reg c:\program files\Cheat Engine\dbk32.sys c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\windows\system32\Data c:\windows\system32\drivers\H8SRTnksfictrvq.sys c:\windows\system32\H8SRTfgiojmmnek.dll c:\windows\system32\H8SRTooewuoxvjw.dll c:\windows\system32\H8SRTqdeaagkucp.dll c:\windows\system32\H8SRTyotlppeydt.dat c:\windows\system32\krl32mainweq.dll c:\windows\system32\srcr.dat . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_H8SRTd.sys -------\Legacy_H8SRTd.sys ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-28 au 2009-12-29 )))))))))))))))))))))))))))))))))))) . 2009-12-29 11:23 . 2009-12-29 11:24 -------- d-----w- C:\tdsskiller 2009-12-29 11:07 . 2009-12-29 11:09 -------- d-----w- C:\rsit 2009-12-29 11:01 . 2009-12-29 11:01 -------- d-----w- c:\program files\Trend Micro 2009-12-29 10:31 . 2009-12-29 11:25 -------- d-----w- c:\program files\Malware Defense 2009-12-29 10:02 . 2009-12-29 10:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-29 12:25 . 2001-08-28 12:00 532794 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-29 12:25 . 2001-08-28 12:00 94078 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-29 12:18 . 2009-11-13 08:20 -------- d-----w- c:\program files\Cheat Engine 2009-12-29 12:12 . 2008-12-21 19:41 -------- d-----w- c:\program files\Google 2009-12-29 12:10 . 2009-03-01 23:50 -------- d-----w- c:\program files\SuperCopier2 2009-12-29 11:04 . 2009-03-25 15:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-29 11:00 . 2009-11-25 09:10 79488 ----a-w- c:\documents and settings\\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-29 02:07 . 2009-03-11 10:22 -------- d-----w- c:\program files\a-squared Free 2009-12-29 00:34 . 2008-12-23 14:51 1 ----a-w- c:\documents and settings\\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-12-28 21:59 . 2008-12-21 22:56 -------- d-----w- c:\documents and settings\\Application Data\uTorrent 2009-12-28 21:51 . 2009-04-10 17:17 -------- d-----w- c:\documents and settings\\Application Data\foobar2000 2009-12-28 18:48 . 2008-12-23 10:22 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-12-28 17:20 . 2009-02-03 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-12-27 18:38 . 2009-01-20 17:27 -------- d-----w- c:\documents and settings\\Application Data\dvdcss 2009-12-10 22:44 . 2009-06-27 15:00 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-04 12:37 . 2009-02-24 22:30 -------- d-----w- c:\program files\Mp3tag 2009-12-03 15:14 . 2009-03-25 15:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-03 15:13 . 2009-03-25 15:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-12 19:08 . 2009-11-12 17:46 -------- d-----w- c:\documents and settings\\Application Data\MSN6 2009-11-12 17:58 . 2008-12-21 13:48 22536 ----a-w- c:\documents and settings\\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-12 17:54 . 2009-11-12 17:54 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-11-12 17:52 . 2009-11-12 17:52 -------- d-----w- c:\program files\Fichiers communs\Windows Live 2009-11-12 17:46 . 2009-11-12 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6 2009-11-10 01:20 . 2009-09-30 01:44 75680 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-11-08 23:57 . 2009-03-09 07:48 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-11-05 13:35 . 2009-01-06 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-05 08:53 . 2009-11-05 08:53 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-10-29 07:42 . 2001-08-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:39 . 2008-12-21 13:42 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-21 05:39 . 2008-12-21 13:42 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-20 16:20 . 2008-12-21 13:42 265728 ------w- c:\windows\system32\drivers\http.sys 2009-10-13 10:33 . 2001-08-28 12:00 271360 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:39 . 2001-08-28 12:00 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:39 . 2001-08-28 12:00 150528 ----a-w- c:\windows\system32\rastls.dll . ------- Sigcheck ------- [-] 2009-01-10 . A0EE5C06390357FEE7B7949DBCA156D3 . 165376 . . [5.1.2600.1106] . . c:\windows\system32\appmgmts.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "nwiz"="nwiz.exe" [2008-09-17 1657376] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "P17Helper"="P17.dll" [2005-05-03 64512] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "M-Audio Taskbar Icon"="c:\windows\System32\DeltaIITray.exe" [2008-03-03 236040] "DeltaIITaskbarApp"="c:\windows\system32\DeltaIITray.exe" [2008-03-03 236040] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "DT PHL"="c:\program files\Philips Display\SmartControl II\DTHtml.exe" [2007-07-27 292352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [11/03/2009 11:22 1858144] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/06/2009 16:00 108289] R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaII.sys [10/05/2009 00:25 302728] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864] S3 sbext;Sound Blaster Extigy Audio Driver;c:\windows\system32\DRIVERS\sbext.sys --> c:\windows\system32\DRIVERS\sbext.sys [?] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mchInjDrv . ------- Examen supplémentaire ------- . IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 FF - ProfilePath - c:\documents and settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?hl=fr&safe=off&client=firefox-a&rls=org.mozilla:fr:official&hs=ekH&btnG=Rechercher FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\documents and settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe HKCU-Run-Malware Defense - c:\program files\Malware Defense\mdefense.exe AddRemove-Malware Defense - c:\program files\Malware Defense\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-29 13:21 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\docume~1\CHRIST~1\LOCALS~1\Temp\mc24.tmp" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3808) c:\program files\SuperCopier2\SC2Hook.dll c:\program files\RocketDock\RocketDock.dll c:\windows\system32\nview.dll c:\windows\system32\NVWRSFR.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\NVIDIA Corporation\nTune\nTuneService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\rundll32.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\Rundll32.exe c:\program files\Fichiers communs\Portrait Displays\Shared\HookManager.exe . ************************************************************************** . Heure de fin: 2009-12-29 13:28:04 - La machine a redémarré ComboFix-quarantined-files.txt 2009-12-29 12:28 Avant-CF: 11 292 102 656 octets libres Après-CF: 12 829 405 184 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn - - End Of File - - 344BFA4F781B716DDE44FF17C4030E6F

jeanmimigab · le 29 Déc 2009 14:17

hello,

il y a du mieux :wink:

Mais un fichier dll est patché...

supprime manuellement ce dossier en gras c:\program files\Malware Defense
/!\ si la suppression pose problème, surtout dit le moi /!\

Ensuite...

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "Custom scanx/fixes"

%SYSTEMDRIVE%\appmgmts.dll /s /md5
%SYSTEMDRIVE%\cdrom.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\ACPI.sys /s /md5
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5

* Cliques sur l'icône "RunScan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

@++

kirill · le 29 Déc 2009 17:12

desole , jai du m' interrompre , je telecharge otl , merçi enormement oui en effet il y a l air d y avoir du mieux

kirill · le 29 Déc 2009 17:42

Rapports OTL

Code: Tout sélectionner: OTL logfile created on: 29/12/2009 17:21:48 - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\christophe amouroux\Mes documents\Téléchargements Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1 007,00 Mb Total Physical Memory | 603,00 Mb Available Physical Memory | 60,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 1512 3024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 76,32 Gb Total Space | 12,00 Gb Free Space | 15,72% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 220,40 Gb Free Space | 47,32% Space Free | Partition Type: NTFS Drive E: | 575,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 465,75 Gb Total Space | 307,53 Gb Free Space | 66,03% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MOA-03F9YO4OWGJ Current User Name: christophe amouroux Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\christophe amouroux\Mes documents\Téléchargements\OTL.exe (OldTimer Tools) PRC - C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\DeltaIITray.exe () PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) PRC - C:\Program Files\RocketDock\RocketDock.exe () PRC - C:\Program Files\Philips Display\SmartControl II\dthtml.exe (Portrait Displays, Inc) PRC - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe () PRC - C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe (Portrait Displays Inc.) PRC - C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM) PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) PRC - C:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Documents and Settings\christophe amouroux\Mes documents\Téléchargements\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvwrsfr.dll (NVIDIA Corporation) MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation) MOD - C:\Program Files\RocketDock\RocketDock.dll () MOD - C:\Program Files\SuperCopier2\SC2Hook.dll (SFX TEAM) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (gusvc) -- File not found SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) SRV - (DTSRVC) -- C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe () SRV - (WMDM PMSP Service) -- C:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (Point32) -- C:\WINDOWS\system32\drivers\point32.sys (Microsoft Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (DELTAII) Service for M-Audio Delta Driver (WDM) -- C:\WINDOWS\system32\drivers\deltaII.sys (Avid Technology, Inc.) DRV - (TPkd) -- C:\WINDOWS\system32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.) DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.) DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (pdiddcci) -- C:\WINDOWS\system32\drivers\pdiddcci.sys (Portrait Displays, Inc.) DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.) DRV - (AEAudioService) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 31 94 6D 3B 78 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaultthis.engineName: "Web Search" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.fr/webhp?hl=fr&safe=off&client=firefox-a&rls=org.mozilla:fr:official&hs=ekH&btnG=Rechercher" FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:9.8.6 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {bb628310-0ab7-11db-9cd8-0800200c9a66}:3.5.0.0 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2 FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.19 FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/28 01:45:45 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/16 23:03:09 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/31 17:04:06 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008/12/21 15:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Extensions [2009/12/28 22:15:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions [2009/10/07 20:59:15 | 00,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2009/11/18 13:19:53 | 00,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca} [2009/08/09 11:20:37 | 00,000,000 | ---D | M] (PimpZilla) -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66} [2009/11/20 08:20:03 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/04/05 22:59:29 | 00,000,000 | ---D | M] (Bookmark Duplicate Detector) -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d} [2009/03/20 21:39:55 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66} [2009/12/18 08:42:41 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009/11/12 21:23:59 | 00,002,171 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\searchplugins\bing.xml [2009/12/28 22:15:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/06/24 13:31:33 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2009/06/24 13:31:33 | 00,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2009/06/24 13:31:33 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2009/06/24 13:31:33 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2009/06/24 13:31:33 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Ziepod One-Click Helper) - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\WINDOWS\system32\ZiepodOneClicker.dll (Ziepod) O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe () O4 - HKLM..\Run: [DT PHL] C:\Program Files\Philips Display\SmartControl II\DTHtml.exe (Portrait Displays, Inc) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\DeltaIITray.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL () O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd) O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\christophe amouroux\Menu Démarrer\Programmes\Démarrage\adsl TV.LNK = C:\Program Files\adslTV\adsltv.exe File not found O4 - Startup: C:\Documents and Settings\christophe amouroux\Menu Démarrer\Programmes\Démarrage\HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1233327597531 (MUCatalogWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/12/21 00:47:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/05/13 22:18:08 | 00,000,052 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{76d98de2-d864-11dd-bb7a-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{76d98de2-d864-11dd-bb7a-806d6172696f}\Shell\AutoRun\command - "" = E:\Mobiclic_65.exe -- [2004/06/25 13:37:16 | 03,307,068 | R--- | M] (Macromedia, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009/12/29 17:16:31 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009/12/29 13:12:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google [2009/12/29 13:02:23 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/12/29 13:01:18 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/12/29 13:01:18 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/12/29 13:01:18 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/12/29 13:01:18 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/12/29 13:00:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/12/29 13:00:17 | 00,000,000 | ---D | C] -- C:\Schnoqueur [2009/12/29 12:59:46 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/12/29 12:23:37 | 00,000,000 | ---D | C] -- C:\tdsskiller [2009/12/29 12:07:26 | 00,000,000 | ---D | C] -- C:\rsit [2009/12/29 12:01:45 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/12/28 18:11:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\christophe amouroux\Mes documents\ACT088_00 [2009/12/11 19:06:06 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\christophe amouroux\Bureau\[Fichiers originaux] [2009/08/15 06:16:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/08/15 06:15:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2009/05/03 20:58:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2009/03/21 21:24:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis [2009/02/22 00:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009/02/17 16:08:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2009/02/07 16:28:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2009/01/16 09:55:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\NVIDIA Corporation [2009/01/10 14:59:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2008/12/21 00:46:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2002/04/11 08:41:06 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009/12/29 17:19:08 | 00,001,029 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\Raccourci vers OTL.exe.lnk [2009/12/29 14:40:54 | 01,153,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/29 14:40:54 | 00,532,794 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2009/12/29 14:40:54 | 00,440,820 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/29 14:40:54 | 00,094,078 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2009/12/29 14:40:54 | 00,071,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/29 14:37:46 | 00,192,857 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/12/29 14:36:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/29 14:36:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/29 14:35:12 | 13,107,200 | -H-- | M] () -- C:\Documents and Settings\christophe amouroux\NTUSER.DAT [2009/12/29 13:22:00 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/12/29 13:21:25 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/12/29 13:11:14 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009/12/29 13:02:30 | 00,000,286 | RHS- | M] () -- C:\boot.ini [2009/12/29 12:55:10 | 03,868,670 | R--- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\Schnoqueur.exe [2009/12/29 12:54:21 | 00,001,080 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\Raccourci vers WinsockXPFix.exe.lnk [2009/12/29 12:44:31 | 00,001,024 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\Raccourci vers asdehi.lnk [2009/12/29 12:01:45 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\HijackThis.lnk [2009/12/29 11:27:30 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\christophe amouroux\ntuser.ini [2009/12/29 02:44:58 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini [2009/12/28 22:58:53 | 00,007,680 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/27 17:15:57 | 00,012,640 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/11 19:10:51 | 00,071,218 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\mini BordeauxParis.jpg [2009/12/11 19:06:06 | 00,003,269 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\minidopage_arthur.jpg [2009/12/10 23:44:14 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009/12/10 02:20:45 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009/12/09 18:58:46 | 12,051,383 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Mes documents\soleil d encre.pdf [2009/12/04 13:37:49 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mp3tag.lnk [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/29 20:54:40 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\Le Joueur d'échecs.doc [2009/11/29 20:54:28 | 00,015,345 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\Le Joueur d'échecs.docm [2009/11/29 19:43:08 | 00,018,040 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\anne texte corrige.odt [2009/11/29 19:26:47 | 00,017,108 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\anne roman.odt [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009/12/29 17:19:08 | 00,001,029 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\Raccourci vers OTL.exe.lnk [2009/12/29 13:02:30 | 00,000,216 | ---- | C] () -- C:\Boot.bak [2009/12/29 13:02:23 | 00,263,488 | ---- | C] () -- C:\cmldr [2009/12/29 13:01:18 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/12/29 13:01:18 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/12/29 13:01:18 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/12/29 13:01:18 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2009/12/29 13:01:18 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/12/29 12:55:10 | 03,868,670 | R--- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\Schnoqueur.exe [2009/12/29 12:54:21 | 00,001,080 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\Raccourci vers WinsockXPFix.exe.lnk [2009/12/29 12:44:31 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\Raccourci vers asdehi.lnk [2009/12/29 12:01:45 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\HijackThis.lnk [2009/12/29 02:44:58 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini [2009/12/11 19:10:51 | 00,071,218 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\mini BordeauxParis.jpg [2009/12/11 19:04:10 | 00,003,269 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\minidopage_arthur.jpg [2009/12/09 18:58:27 | 12,051,383 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Mes documents\soleil d encre.pdf [2009/12/04 13:37:49 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mp3tag.lnk [2009/11/29 20:54:28 | 00,015,345 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\Le Joueur d'échecs.docm [2009/11/29 20:54:12 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\Le Joueur d'échecs.doc [2009/11/29 19:43:08 | 00,018,040 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\anne texte corrige.odt [2009/11/29 19:26:47 | 00,017,108 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\anne roman.odt [2009/11/13 09:20:43 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll [2009/09/30 02:44:04 | 00,075,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009/08/31 21:23:30 | 00,000,116 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI [2009/08/18 12:35:28 | 00,004,458 | ---- | C] () -- C:\WINDOWS\System32\EXTIGY.INI [2009/05/19 22:02:57 | 00,001,305 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini [2009/05/09 23:54:02 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll [2009/04/08 12:27:28 | 00,000,253 | ---- | C] () -- C:\WINDOWS\sbwin.ini [2009/04/08 12:07:31 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.DLL [2009/03/20 20:06:24 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2009/03/08 15:37:54 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009/01/28 19:50:44 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/01/28 19:50:44 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/01/28 19:50:44 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/01/14 16:02:58 | 00,004,082 | ---- | C] () -- C:\WINDOWS\Q-Dir.ini [2009/01/11 10:57:09 | 00,000,142 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Local Settings\Application Data\fusioncache.dat [2008/12/21 22:26:50 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/12/21 22:26:50 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008/12/21 18:45:54 | 00,020,905 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2008/12/21 18:45:48 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008/12/21 16:25:07 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2008/12/21 14:48:39 | 00,007,680 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/05/26 22:23:32 | 00,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008/05/26 22:23:30 | 00,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008/05/26 22:23:28 | 00,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/03/12 12:01:30 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2005/10/10 14:49:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2005/10/10 14:49:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2005/10/10 14:49:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2005/10/10 14:49:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2005/10/10 14:49:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2005/10/10 14:49:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005/07/07 10:26:56 | 00,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini [2005/03/08 07:17:08 | 00,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2003/10/02 17:48:18 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll [1996/04/03 20:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\appmgmts.dll /s /md5 >[/color] [2009/01/10 16:17:56 | 00,165,376 | ---- | M] (Microsoft Corporation) MD5=A0EE5C06390357FEE7B7949DBCA156D3 -- C:\WINDOWS\system32\appmgmts.dll [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %SYSTEMDRIVE%\cdrom.sys /s /md5 >[/color] [2004/08/03 22:59:54 | 00,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [2008/04/13 19:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008/04/13 19:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< %SYSTEMDRIVE%\atapi.sys /s /md5 >[/color] [2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys [2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys [color=#A23BEC]< %SYSTEMDRIVE%\ACPI.sys /s /md5 >[/color] [2004/08/19 15:51:56 | 00,188,672 | ---- | M] (Microsoft Corporation) MD5=0BD94FBFC14EA3606CD6CA4C0255BAA3 -- C:\WINDOWS\$NtServicePackUninstall$\acpi.sys [2008/04/14 02:52:42 | 00,188,672 | ---- | M] (Microsoft Corporation) MD5=E5E6DBFC41EA8AAD005CB9A57A96B43B -- C:\WINDOWS\ServicePackFiles\i386\acpi.sys [2008/04/14 02:52:42 | 00,188,672 | ---- | M] (Microsoft Corporation) MD5=E5E6DBFC41EA8AAD005CB9A57A96B43B -- C:\WINDOWS\system32\drivers\acpi.sys [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2001/05/24 12:59:30 | 00,162,304 | ---- | M] () -- C:\UNWISE.EXE [color=#A23BEC]< %SYSTEMDRIVE%\iaStor.sys /s /md5 >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\nvstor.sys /s /md5 >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\viasraid.sys /s /md5 >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\AGP440.sys /s /md5 >[/color] [2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 1299 bytes -> C:\Program Files\Fichiers communs\System:dLMGbacCoSiulYGkH01qU4szOwR @Alternate Data Stream - 1290 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:bdvdWtl2wdWbnCkjiEtQ6N1He7rT @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE9FEFC @Alternate Data Stream - 1221 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:s7UN5yXG3qU8KyWhMXKpbb @Alternate Data Stream - 1209 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:kw1cwilbEIgpzpxgz @Alternate Data Stream - 1175 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:vEtmYU3BfBosr4xdMSjHPLUNLXrioM @Alternate Data Stream - 1063 bytes -> C:\Program Files\Outlook Express:4nSE9FdvjxnAEp5qZdaxpqm @Alternate Data Stream - 1001 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:OoHKP7LNRZFlD5Zxt9 < End of report > _________________________________________________________________________________________________________ OTL Extras logfile created on: 29/12/2009 17:21:48 - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\christophe amouroux\Mes documents\Téléchargements Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1 007,00 Mb Total Physical Memory | 603,00 Mb Available Physical Memory | 60,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 1512 3024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 76,32 Gb Total Space | 12,00 Gb Free Space | 15,72% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 220,40 Gb Free Space | 47,32% Space Free | Partition Type: NTFS Drive E: | 575,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 465,75 Gb Total Space | 307,53 Gb Free Space | 66,03% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MOA-03F9YO4OWGJ Current User Name: christophe amouroux Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1 .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems) Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Lupas Rename] -- Reg Error: Key error. Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp "48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation) "C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK "{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1 "{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13 "{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5 "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B8-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA "{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}" = Ma-Config.com "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79C8E125-2115-40EB-B89C-C3DFFFDFCBFE}" = MixMeister "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{863CC205-84C1-4B7D-9033-ECEB0077FFD9}_is1" = AIMP2 MegaPack "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DA9D7E6-8F69-4171-9007-81B0A84C83F6}_is1" = CDisplay 1.8.5.2 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6 "{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta "{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.4 "{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEC8F2E3-AC9A-357C-BFCB-BFAC37C4AC50}" = Visual C++ 9.0 ATL (x86) WinSXS MSM "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag 1.4 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{FDA7A7CB-F1DE-42A9-83A6-27BE6CD6E8F3}" = SmartControl II "7-Zip" = 7-Zip 4.64 "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Album Art Downloader XUI" = Album Art Downloader XUI 0.25 "anooki-v5-0-1" = anooki-v5-0-1 Screen Saver "Ant Movie Catalog Viewer_is1" = Ant Movie Catalog Viewer 1.6 "Ant Movie Catalog_is1" = Ant Movie Catalog "ASIO4ALL" = ASIO4ALL "a-squared Free_is1" = a-squared Free 4.0 "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Avisynth" = AviSynth 2.5 "CCleaner" = CCleaner (remove only) "Cheat Engine 5.5_is1" = Cheat Engine 5.5 "Creative NOMAD II Driver" = Creative NOMAD II Driver "Creative Software AutoUpdate" = Creative Software AutoUpdate "Device Control" = Device Control "DupDetector" = Dup Detector "EAXSet" = Paramètres EAX Creative "EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v5.00 "Exact Audio Copy" = Exact Audio Copy 0.99pb4 "FastStone Image Viewer" = FastStone Image Viewer 3.7 "ffdshow_is1" = ffdshow [rev 1703] [2007-12-15] "foobar2000" = foobar2000 v0.9.5.2 "Foxit Reader" = Foxit Reader "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.6.3 "Google Updater" = Outil de mise à jour Google "GSpot 2.21 Fr_is1" = GSpot 2.21 Fr "HD Tune_is1" = HD Tune 2.55 "HijackThis" = HijackThis 2.0.2 "hp deskjet 930c series" = hp deskjet 930c series (Supprimer uniquement) "hp deskjet 930c series_Driver" = hp deskjet 930c series "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "Lupas Rename 2000_is1" = Lupas Rename 2000 v5.0 Release "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Monkey's Audio_is1" = Monkey's Audio "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6) "Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23) "Mp3tag" = Mp3tag v2.45a "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "Q-Dir" = Q-Dir "RocketDock_is1" = RocketDock 1.3.5 "SPEAKER" = Paramètres de haut-parleur Creative "SuperCopier2" = SuperCopier2 "VisiPics_is1" = VisiPics V1.30 "VLC media player" = VLC media player 0.9.8a "VobSub" = VobSub 2.23 "WaveStudio 7" = Creative WaveStudio 7 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "Windows XP Service" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XRECODE_is1" = XRECODE "Xvid_is1" = Xvid 1.2.1 "Ziepod_is1" = Ziepod 0.99.9 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TimeAdjuster" = Time Adjuster STANDARD 3.1 "uTorrent" = µTorrent [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 29/12/2009 08:04:48 | Computer Name = MOA-03F9YO4OWGJ | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : A connection with the server could not be established Error - 29/12/2009 08:11:36 | Computer Name = MOA-03F9YO4OWGJ | Source = WmiAdapter | ID = 4099 Description = Échec de l'ouverture de services. Error - 29/12/2009 08:15:42 | Computer Name = MOA-03F9YO4OWGJ | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : A connection with the server could not be established Error - 29/12/2009 08:15:42 | Computer Name = MOA-03F9YO4OWGJ | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 29/12/2009 08:21:53 | Computer Name = MOA-03F9YO4OWGJ | Source = WmiAdapter | ID = 4099 Description = Échec de l'ouverture de services. Error - 29/12/2009 08:24:41 | Computer Name = MOA-03F9YO4OWGJ | Source = nview_info | ID = 11141121 Description = Error - 29/12/2009 09:34:15 | Computer Name = MOA-03F9YO4OWGJ | Source = Application Error | ID = 1000 Description = Application défaillante supercopier2.exe, version 2.0.0.579, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x10077f70. Error - 29/12/2009 09:34:17 | Computer Name = MOA-03F9YO4OWGJ | Source = Microsoft IntelliPoint | ID = 1000 Description = Error - 29/12/2009 09:34:18 | Computer Name = MOA-03F9YO4OWGJ | Source = Microsoft IntelliType Pro | ID = 1000 Description = Error - 29/12/2009 09:37:05 | Computer Name = MOA-03F9YO4OWGJ | Source = WmiAdapter | ID = 4099 Description = Échec de l'ouverture de services. [ System Events ] Error - 29/12/2009 06:55:13 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7009 Description = Délai (30000 millisecondes) d'attente pour une connexion du service Avira AntiVir Planificateur. Error - 29/12/2009 06:55:13 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7000 Description = Le service Avira AntiVir Planificateur n'a pas pu démarrer en raison de l'erreur : %%1053 Error - 29/12/2009 06:55:13 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7009 Description = Délai (30000 millisecondes) d'attente pour une connexion du service Avira AntiVir Guard. Error - 29/12/2009 06:55:13 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7000 Description = Le service Avira AntiVir Guard n'a pas pu démarrer en raison de l'erreur : %%1053 Error - 29/12/2009 06:55:13 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7009 Description = Délai (30000 millisecondes) d'attente pour une connexion du service Google Update Service (gupdate1c98615c8a0571a). Error - 29/12/2009 06:55:13 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7000 Description = Le service Google Update Service (gupdate1c98615c8a0571a) n'a pas pu démarrer en raison de l'erreur : %%1053 Error - 29/12/2009 06:55:43 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7009 Description = Délai (30000 millisecondes) d'attente pour une connexion du service Service COM de gravage de CD IMAPI. Error - 29/12/2009 06:55:43 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7000 Description = Le service Service COM de gravage de CD IMAPI n'a pas pu démarrer en raison de l'erreur : %%1053 Error - 29/12/2009 08:04:49 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7034 Description = Le service Portrait Displays Display Tune Service s'est terminé de façon inattendue pour la 1ème fois. Error - 29/12/2009 08:12:28 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7034 Description = Le service Portrait Displays Display Tune Service s'est terminé de façon inattendue pour la 1ème fois. < End of report >

jeanmimigab · le 29 Déc 2009 19:31

hello,

fait cela stp...

Cliques sur "menu démarrer" > "exécuter" > tapes cmd et valides en cliquant sur "OK"

dans la fenêtre noire qui s'ouvre copie et colles le texte en bleu >> regsvr32 /u appmgmts.dll puis valides par la touche "entrée" et fermes la fenêtre noire

télécharge ce fichier appmgmts.dll et copies le à la racine de ton disque C:\ de manière à ce que son chemin d'accès soit >>"c:\appmgmts.dll"

ensuite...

> crées un nouveau document texte sur ton bureau
> pour cela clic-droit sur le bureau > Nouveau > document texte > copies et colles le contenu de la citation ci-dessous à l'intérieur

KillAll::

FCOPY::
c:\appmgmts.dll | c:\windows\system32\appmgmts.dll

ADS::
C:\Program Files\Fichiers communs\System
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Program Files\Fichiers communs\System
C:\Program Files\Outlook Express
C:\Program Files\Fichiers communs\System:dLMGbacCoSiulYGkH01qU4szOwR
C:\Documents and Settings\All Users\Application Data\Microsoft:bdvdWtl2wdWbnCkjiEtQ6N1He7rT
C:\Documents and Settings\All Users\Application Data\TEMP:2BE9FEFC
C:\Documents and Settings\All Users\Application Data\Microsoft:s7UN5yXG3qU8KyWhMXKpbb
C:\Documents and Settings\All Users\Application Data\Microsoft:kw1cwilbEIgpzpxgz
C:\Documents and Settings\All Users\Application Data\Microsoft:vEtmYU3BfBosr4xdMSjHPLUNLXrioM
C:\Program Files\Outlook Express:4nSE9FdvjxnAEp5qZdaxpqm
C:\Documents and Settings\All Users\Application Data\Microsoft:OoHKP7LNRZFlD5Zxt9

FileLook::
C:\Documents and Settings\christophe amouroux\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Respectes à la lettre la procédure d'enregistrement suivante,c'est très important

> ensuite cliques sur "fichier" > "enregistrer sous..."
> dans la fenêtre d'enregistrement choisis le bureau comme destination > dans type choisis "tous les fichiers" > et dans nom du fichier tape CFScript.txt > ensuite cliques sur enregistrer et fermes le document texte.

> fais un glisser/déposer(clic-gauche enfoncé sur CFScrit.txt et tu fais glisser) de ce fichier CFScript.txt sur le fichier ComboFix.exe(dans ton cas c'est "Schnoqueur.exe") comme sur cette capture.

> une fenêtre bleue va apparaître >>suis les instructions
> patientes le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
> ne touches à rien tant que le scan n'est pas terminé
> une fois le scan achevé, un rapport va s'afficher,postes son contenu dans ta prochaine réponse.
> si le rapport ne s'ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt

ensuite...

fait cela stp...

Cliques sur "menu démarrer" > "exécuter" > tape cmd et valides en cliquant sur "OK"

dans la fenêtre noire qui s'ouvre copie et colles le texte en bleu >> regsvr32 appmgmts.dll puis valides par la touche "entrée" et fermes la fenêtre noire
(attention ce n'est pas le même que la première fois)

@++

kirill · le 29 Déc 2009 19:58

bonsoir
mais qu est ce que je fais en copiant cette dll ? c est pas que j ai des doutes mais j aime bien suivre (un minimum)

Ask to Old Man · le 29 Déc 2009 21:38

Bonsoir,

Message spécialement destiné à jeanmimigab

Je viens de modifier l'aspect de tous les (très longs rapports) créés par les différents outils de désinfection,
En les encadrant avec la balise [code] ils deviennent bien moins encombrants.
C'est une sorte de test, & j'aimerai savoir si cela te pose des problèmes pour exploiter ces fameux rapports.

Fais moi signe par MP pour me faire savoir, merci. Et merci à kirill de me laisser envahir son sujet.

kirill · le 29 Déc 2009 22:15

bonsoir , j ai eu un message d erreur disant que le dossier n existait pas mais que le point d entre avait ete cree et pour le rapport j ai trouve celui la

2009-12-29 19:46:43 . 2009-12-29 19:46:43 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2009-12-29 12:27:38 . 2009-12-29 12:27:38 840 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Malware Defense.reg.dat
2009-12-29 12:27:14 . 2009-12-29 12:27:14 161 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Malware Defense.reg.dat
2009-12-29 12:27:14 . 2009-12-29 12:27:14 164 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-MsnMsgr.reg.dat
2009-12-29 12:17:44 . 2009-12-29 19:50:44 7,379 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-12-29 12:04:55 . 2009-12-29 12:04:55 951 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_H8SRTd.sys.reg.dat
2009-12-29 12:00:19 . 2009-12-29 19:45:40 255 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-12-29 11:24:29 . 2009-12-29 11:24:29 1,597 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Bureau\nudetube.com.lnk.vir
2009-12-29 11:24:29 . 2009-12-29 11:24:29 1,593 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Bureau\youporn.com.lnk.vir
2009-12-29 11:24:29 . 2009-12-29 11:24:29 1,601 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Bureau\pornotube.com.lnk.vir
2009-12-29 01:46:29 . 2009-12-29 01:46:29 671 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\krl32mainweq.dll.vir
2009-12-29 01:45:28 . 2009-12-29 10:55:47 200 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\srcr.dat.vir
2009-12-29 01:45:27 . 2009-12-29 01:45:27 201 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTyotlppeydt.dat.vir
2009-11-13 08:20:44 . 2009-01-27 17:43:54 36,096 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Cheat Engine\dbk32.sys.vir
2009-01-11 00:37:40 . 2009-01-11 00:37:44 47,348,946 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\christophe amouroux\Mes documents\sauvegarde registre.reg.vir
2009-01-10 15:18:12 . 2009-01-10 15:17:56 165,376 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\appmgmts.dll.vir
2008-12-22 12:00:01 . 2009-03-24 20:17:49 183,280 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe.vir

jeanmimigab · le 29 Déc 2009 22:55

re,

mais qu est ce que je fais en copiant cette dll ? c est pas que j ai des doutes mais j aime bien suivre (un minimum)

le fichier c:\windows\system32\appmgmts.dll à été modifié par l'infection, cela est visible dans ton rapport combofix.
la manip que je te fait faire consiste à dé-enregistrer le fichier dll en place, ensuite combofix se charge de remplacer le fichier dll en place par celui que tu as téléchargé et placé ici c:\appmgmts.dll"
puis je te fait ré-enregistrer le nouveau fichier dll en place.

le fait que tu n'ai pas eu de rapport vient du fait qu'antivir a sûrement abimer combofix au redémarrage, rappelle toi cela...

Code: Tout sélectionner: ça s est bien passe seulement des fenetres d avira ce sont ouvertes durant le scan de combofix ,

Ont va re-télécharger combofix...

Désactives Antivir le temps de faire la suite...

supprime combofix (Schnoqueur.exe) de ton bureau et re-télécharge le (inutile de le renommer cette fois ci)

ensuite fait le reste de la procédure...

> crées un nouveau document texte sur ton bureau
> pour cela clic-droit sur le bureau > Nouveau > document texte > copies et colles le contenu de la citation ci-dessous à l'intérieur

KillAll::

FCOPY::
c:\appmgmts.dll | c:\windows\system32\appmgmts.dll

ADS::
C:\Program Files\Fichiers communs\System
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Program Files\Fichiers communs\System
C:\Program Files\Outlook Express
C:\Program Files\Fichiers communs\System:dLMGbacCoSiulYGkH01qU4szOwR
C:\Documents and Settings\All Users\Application Data\Microsoft:bdvdWtl2wdWbnCkjiEtQ6N1He7rT
C:\Documents and Settings\All Users\Application Data\TEMP:2BE9FEFC
C:\Documents and Settings\All Users\Application Data\Microsoft:s7UN5yXG3qU8KyWhMXKpbb
C:\Documents and Settings\All Users\Application Data\Microsoft:kw1cwilbEIgpzpxgz
C:\Documents and Settings\All Users\Application Data\Microsoft:vEtmYU3BfBosr4xdMSjHPLUNLXrioM
C:\Program Files\Outlook Express:4nSE9FdvjxnAEp5qZdaxpqm
C:\Documents and Settings\All Users\Application Data\Microsoft:OoHKP7LNRZFlD5Zxt9

FileLook::
C:\Documents and Settings\christophe amouroux\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Respectes à la lettre la procédure d'enregistrement suivante,c'est très important

> ensuite cliques sur "fichier" > "enregistrer sous..."
> dans la fenêtre d'enregistrement choisis le bureau comme destination > dans type choisis "tous les fichiers" > et dans nom du fichier tape CFScript.txt > ensuite cliques sur enregistrer et fermes le document texte.

> fais un glisser/déposer(clic-gauche enfoncé sur CFScrit.txt et tu fais glisser) de ce fichier CFScript.txt sur le fichier ComboFix.execomme sur cette capture.

> une fenêtre bleue va apparaître >>suis les instructions
> patientes le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
> ne touches à rien tant que le scan n'est pas terminé
> une fois le scan achevé, un rapport va s'afficher,postes son contenu dans ta prochaine réponse.
> si le rapport ne s'ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt

ensuite...

fait cela stp...

Cliques sur "menu démarrer" > "exécuter" > tape cmd et valides en cliquant sur "OK"

dans la fenêtre noire qui s'ouvre copie et colles le texte en bleu >> regsvr32 appmgmts.dll puis valides par la touche "entrée" et fermes la fenêtre noire
(attention ce n'est pas le même que la première fois)

@++

kirill · le 29 Déc 2009 23:05

bonsoir et merçi de tes precisions ,oui antivir s est manifeste lors du scan de combofix pourtant il me semblait bien avoir desactiver avira : guard inactif ,parapluie ferme

jeanmimigab · le 29 Déc 2009 23:08

re, oui c'est vrais mais au reboot, il se réactive automatiquement...

si il se manifeste à nouveau choisis "ignorer" dans la fenêtre interactive :wink:

[Réglé]win 32 tdss

[Réglé]win 32 tdss

Re: win 32 tdss

Re: win 32 tdss

Re: win 32 tdss

Re: win 32 tdss

Re: win 32 tdss

Re: win 32 tdss

Re: win 32 tdss

Re: win 32 tdss

Re: win 32 tdss

Re: win 32 tdss

Re: win 32 tdss

Re: win 32 tdss

Re: win 32 tdss

Re: win 32 tdss

Sujets similaires

Qui est en ligne