Il y a actuellement 155 visiteurs
Mercredi 26 Mars 2025
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Créer un compte

[Réglé]win 32 tdss

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

[Réglé]win 32 tdss

Message le 29 Déc 2009 11:50

je viens d infecter mon pc avec un virus qui me propose de s installer ,il bloque toute mes tentative d installation de malware antimalware ,il ma vire avira , je ne peux plus lancer spybot , le seul antivirus qui se lance est asquared free il ma trouve : win 32 tdss !ik et malware defense
je ne sais plus quoi faire merçi de votre aide
Messages: 30
Inscription: 02 Déc 2008 16:19

Re: win 32 tdss

Message le 29 Déc 2009 12:21

hello fait cela stp...

Désactives ton anti-virus avant de faire toutes ces étapes

Télécharges load_tdsskiller ( par loup_blanc ) sur ton bureau.

Fais un double-clic sur l'icône Load_tdsskiller qui se trouve sur ton bureau et patiente le temps du scan.

Si ton parre-feu te signale que le proccessus "Wget.exe" tente d'accéder à internet, accèpte....

Moins d'une minute après dans la fenêtre noire apparait le message " Appuyez sur un touche pour continuer ", fait un clic dans la fenêtre et appuie sur la touche "entrée".

Ensuite un rapport texte va s'ouvrir, postes son contenu dans ta prochaine réponse.

Avatar de l'utilisateur
Messages: 2986
Inscription: 29 Nov 2009 12:05

Re: win 32 tdss

Message le 29 Déc 2009 12:27

bonjour et merci pour votre aide et surtout pôur votre reactivite je poste le rapport

Code: Tout sélectionner
12:24:34:703 1492   TDSSKiller 2.1.1 Dec 20 2009 02:40:02
12:24:34:703 1492   ================================================================================
12:24:34:703 1492   SystemInfo:

12:24:34:703 1492   OS Version: 5.1.2600 ServicePack: 3.0
12:24:34:703 1492   Product type: Workstation
12:24:34:703 1492   ComputerName: MOA-03F9YO4OWGJ
12:24:34:703 1492   UserName:
12:24:34:703 1492   Windows directory: C:\WINDOWS
12:24:34:703 1492   Processor architecture: Intel x86
12:24:34:703 1492   Number of processors: 1
12:24:34:703 1492   Page size: 0x1000
12:24:34:703 1492   Boot type: Normal boot
12:24:34:703 1492   ================================================================================
12:24:34:703 1492   main: Driver KLMD successfully unloaded
12:24:35:203 1492   ForceUnloadDriver: NtUnloadDriver error 2
12:24:35:203 1492   ForceUnloadDriver: NtUnloadDriver error 2
12:24:35:203 1492   MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0
12:24:35:203 1492   main: Driver KLMD successfully dropped
12:24:35:203 1492   main: Driver KLMD successfully loaded
12:24:35:203 1492   
Scanning   Registry ...
12:24:35:203 1492   ScanServices: Searching service UACd.sys
12:24:35:203 1492   ScanServices: Open/Create key error 2
12:24:35:203 1492   ScanServices: Searching service TDSSserv.sys
12:24:35:203 1492   ScanServices: Open/Create key error 2
12:24:35:203 1492   ScanServices: Searching service gaopdxserv.sys
12:24:35:203 1492   ScanServices: Open/Create key error 2
12:24:35:203 1492   ScanServices: Searching service gxvxcserv.sys
12:24:35:203 1492   ScanServices: Open/Create key error 2
12:24:35:203 1492   ScanServices: Searching service MSIVXserv.sys
12:24:35:203 1492   ScanServices: Open/Create key error 2
12:24:35:203 1492   UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
12:24:35:203 1492   UnhookRegistry: Kernel local addr: F00000
12:24:35:203 1492   UnhookRegistry: KeServiceDescriptorTable addr: F7C020
12:24:35:203 1492   UnhookRegistry: KiServiceTable addr: F2AB9C
12:24:35:203 1492   UnhookRegistry: NtEnumerateKey service number (local): 47
12:24:35:203 1492   UnhookRegistry: NtEnumerateKey local addr: 1043B72
12:24:35:203 1492   KLMD_OpenDevice: Trying to open KLMD device
12:24:35:203 1492   KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
12:24:35:203 1492   KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
12:24:35:203 1492   KLMD_ReadMem: Trying to ReadMemory 0x804FE335[0x4]
12:24:35:203 1492   UnhookRegistry: NtEnumerateKey service number (kernel): 47
12:24:35:203 1492   KLMD_ReadMem: Trying to ReadMemory 0x80501CB8[0x4]
12:24:35:203 1492   UnhookRegistry: NtEnumerateKey real addr: 8061AB72
12:24:35:203 1492   UnhookRegistry: NtEnumerateKey calc addr: 8061AB72
12:24:35:203 1492   UnhookRegistry: No SDT hooks found on NtEnumerateKey
12:24:35:203 1492   KLMD_ReadMem: Trying to ReadMemory 0x8061AB72[0xA]
12:24:35:203 1492   UnhookRegistry: No splicing found on NtEnumerateKey
12:24:35:203 1492   
Scanning   Kernel memory ...
12:24:35:203 1492   KLMD_OpenDevice: Trying to open KLMD device
12:24:35:203 1492   KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
12:24:35:218 1492   KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
12:24:35:218 1492   DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 82F25CC8
12:24:35:218 1492   DetectCureTDL3: KLMD_GetDeviceObjectList returned 6 DevObjects
12:24:35:218 1492   DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 82FAB258
12:24:35:218 1492   KLMD_GetLowerDeviceObject: Trying to get lower device object for 82FAB258
12:24:35:218 1492   KLMD_ReadMem: Trying to ReadMemory 0x82FAB258[0x38]
12:24:35:218 1492   DetectCureTDL3: DRIVER_OBJECT addr: 82F25CC8
12:24:35:218 1492   KLMD_ReadMem: Trying to ReadMemory 0x82F25CC8[0xA8]
12:24:35:218 1492   KLMD_ReadMem: Trying to ReadMemory 0xE15E2BF8[0x208]
12:24:35:218 1492   DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
12:24:35:218 1492   DetectCureTDL3: IrpHandler (0) addr: F74EDBB0
12:24:35:218 1492   DetectCureTDL3: IrpHandler (1) addr: 804F355A
12:24:35:218 1492   DetectCureTDL3: IrpHandler (2) addr: F74EDBB0
12:24:35:218 1492   DetectCureTDL3: IrpHandler (3) addr: F74E7D1F
12:24:35:218 1492   DetectCureTDL3: IrpHandler (4) addr: F74E7D1F
12:24:35:218 1492   DetectCureTDL3: IrpHandler (5) addr: 804F355A
12:24:35:218 1492   DetectCureTDL3: IrpHandler (6) addr: 804F355A
12:24:35:218 1492   DetectCureTDL3: IrpHandler (7) addr: 804F355A
12:24:35:218 1492   DetectCureTDL3: IrpHandler (8) addr: 804F355A
12:24:35:218 1492   DetectCureTDL3: IrpHandler (9) addr: F74E82E2
12:24:35:218 1492   DetectCureTDL3: IrpHandler (10) addr: 804F355A
12:24:35:218 1492   DetectCureTDL3: IrpHandler (11) addr: 804F355A
12:24:35:218 1492   DetectCureTDL3: IrpHandler (12) addr: 804F355A
12:24:35:218 1492   DetectCureTDL3: IrpHandler (13) addr: 804F355A
12:24:35:218 1492   DetectCureTDL3: IrpHandler (14) addr: F74E83BB
12:24:35:218 1492   DetectCureTDL3: IrpHandler (15) addr: F74EBF28
12:24:35:218 1492   DetectCureTDL3: IrpHandler (16) addr: F74E82E2
12:24:35:218 1492   DetectCureTDL3: IrpHandler (17) addr: 804F355A
12:24:35:218 1492   DetectCureTDL3: IrpHandler (18) addr: 804F355A
12:24:35:218 1492   DetectCureTDL3: IrpHandler (19) addr: 804F355A
12:24:35:218 1492   DetectCureTDL3: IrpHandler (20) addr: 804F355A
12:24:35:218 1492   DetectCureTDL3: IrpHandler (21) addr: 804F355A
12:24:35:218 1492   DetectCureTDL3: IrpHandler (22) addr: F74E9C82
12:24:35:218 1492   DetectCureTDL3: IrpHandler (23) addr: F74EE99E
12:24:35:218 1492   DetectCureTDL3: IrpHandler (24) addr: 804F355A
12:24:35:218 1492   DetectCureTDL3: IrpHandler (25) addr: 804F355A
12:24:35:218 1492   DetectCureTDL3: IrpHandler (26) addr: 804F355A
12:24:35:218 1492   KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
12:24:35:218 1492   KLMD_ReadMem: DeviceIoControl error 1
12:24:35:218 1492   TDL3_StartIoHookDetect: Unable to get StartIo handler code
12:24:35:218 1492   TDL3_FileDetect: Processing driver: Disk
12:24:35:218 1492   TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
12:24:35:218 1492   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
12:24:35:218 1492   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
12:24:35:312 1492   DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 82FAE9F0
12:24:35:312 1492   KLMD_GetLowerDeviceObject: Trying to get lower device object for 82FAE9F0
12:24:35:312 1492   KLMD_ReadMem: Trying to ReadMemory 0x82FAE9F0[0x38]
12:24:35:312 1492   DetectCureTDL3: DRIVER_OBJECT addr: 82F25CC8
12:24:35:312 1492   KLMD_ReadMem: Trying to ReadMemory 0x82F25CC8[0xA8]
12:24:35:312 1492   KLMD_ReadMem: Trying to ReadMemory 0xE15E2BF8[0x208]
12:24:35:312 1492   DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
12:24:35:312 1492   DetectCureTDL3: IrpHandler (0) addr: F74EDBB0
12:24:35:312 1492   DetectCureTDL3: IrpHandler (1) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (2) addr: F74EDBB0
12:24:35:312 1492   DetectCureTDL3: IrpHandler (3) addr: F74E7D1F
12:24:35:312 1492   DetectCureTDL3: IrpHandler (4) addr: F74E7D1F
12:24:35:312 1492   DetectCureTDL3: IrpHandler (5) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (6) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (7) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (8) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (9) addr: F74E82E2
12:24:35:312 1492   DetectCureTDL3: IrpHandler (10) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (11) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (12) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (13) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (14) addr: F74E83BB
12:24:35:312 1492   DetectCureTDL3: IrpHandler (15) addr: F74EBF28
12:24:35:312 1492   DetectCureTDL3: IrpHandler (16) addr: F74E82E2
12:24:35:312 1492   DetectCureTDL3: IrpHandler (17) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (18) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (19) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (20) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (21) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (22) addr: F74E9C82
12:24:35:312 1492   DetectCureTDL3: IrpHandler (23) addr: F74EE99E
12:24:35:312 1492   DetectCureTDL3: IrpHandler (24) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (25) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (26) addr: 804F355A
12:24:35:312 1492   KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
12:24:35:312 1492   KLMD_ReadMem: DeviceIoControl error 1
12:24:35:312 1492   TDL3_StartIoHookDetect: Unable to get StartIo handler code
12:24:35:312 1492   TDL3_FileDetect: Processing driver: Disk
12:24:35:312 1492   TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
12:24:35:312 1492   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
12:24:35:312 1492   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
12:24:35:312 1492   DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 82FB0C68
12:24:35:312 1492   KLMD_GetLowerDeviceObject: Trying to get lower device object for 82FB0C68
12:24:35:312 1492   KLMD_ReadMem: Trying to ReadMemory 0x82FB0C68[0x38]
12:24:35:312 1492   DetectCureTDL3: DRIVER_OBJECT addr: 82F25CC8
12:24:35:312 1492   KLMD_ReadMem: Trying to ReadMemory 0x82F25CC8[0xA8]
12:24:35:312 1492   KLMD_ReadMem: Trying to ReadMemory 0xE15E2BF8[0x208]
12:24:35:312 1492   DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
12:24:35:312 1492   DetectCureTDL3: IrpHandler (0) addr: F74EDBB0
12:24:35:312 1492   DetectCureTDL3: IrpHandler (1) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (2) addr: F74EDBB0
12:24:35:312 1492   DetectCureTDL3: IrpHandler (3) addr: F74E7D1F
12:24:35:312 1492   DetectCureTDL3: IrpHandler (4) addr: F74E7D1F
12:24:35:312 1492   DetectCureTDL3: IrpHandler (5) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (6) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (7) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (8) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (9) addr: F74E82E2
12:24:35:312 1492   DetectCureTDL3: IrpHandler (10) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (11) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (12) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (13) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (14) addr: F74E83BB
12:24:35:312 1492   DetectCureTDL3: IrpHandler (15) addr: F74EBF28
12:24:35:312 1492   DetectCureTDL3: IrpHandler (16) addr: F74E82E2
12:24:35:312 1492   DetectCureTDL3: IrpHandler (17) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (18) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (19) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (20) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (21) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (22) addr: F74E9C82
12:24:35:312 1492   DetectCureTDL3: IrpHandler (23) addr: F74EE99E
12:24:35:312 1492   DetectCureTDL3: IrpHandler (24) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (25) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (26) addr: 804F355A
12:24:35:312 1492   KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
12:24:35:312 1492   KLMD_ReadMem: DeviceIoControl error 1
12:24:35:312 1492   TDL3_StartIoHookDetect: Unable to get StartIo handler code
12:24:35:312 1492   TDL3_FileDetect: Processing driver: Disk
12:24:35:312 1492   TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
12:24:35:312 1492   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
12:24:35:312 1492   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
12:24:35:312 1492   DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 82F43AB8
12:24:35:312 1492   KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F43AB8
12:24:35:312 1492   DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 82F18920
12:24:35:312 1492   KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F18920
12:24:35:312 1492   DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 82F30030
12:24:35:312 1492   KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F30030
12:24:35:312 1492   KLMD_ReadMem: Trying to ReadMemory 0x82F30030[0x38]
12:24:35:312 1492   DetectCureTDL3: DRIVER_OBJECT addr: 82F4C360
12:24:35:312 1492   KLMD_ReadMem: Trying to ReadMemory 0x82F4C360[0xA8]
12:24:35:312 1492   KLMD_ReadMem: Trying to ReadMemory 0xE100DD10[0x208]
12:24:35:312 1492   DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvgts, Driver Name: nvgts
12:24:35:312 1492   DetectCureTDL3: IrpHandler (0) addr: F72D244C
12:24:35:312 1492   DetectCureTDL3: IrpHandler (1) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (2) addr: F72D244C
12:24:35:312 1492   DetectCureTDL3: IrpHandler (3) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (4) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (5) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (6) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (7) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (8) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (9) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (10) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (11) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (12) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (13) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (14) addr: F72D244C
12:24:35:312 1492   DetectCureTDL3: IrpHandler (15) addr: F72D244C
12:24:35:312 1492   DetectCureTDL3: IrpHandler (16) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (17) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (18) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (19) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (20) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (21) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (22) addr: F72D244C
12:24:35:312 1492   DetectCureTDL3: IrpHandler (23) addr: F72D244C
12:24:35:312 1492   DetectCureTDL3: IrpHandler (24) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (25) addr: 804F355A
12:24:35:312 1492   DetectCureTDL3: IrpHandler (26) addr: 804F355A
12:24:35:312 1492   KLMD_ReadMem: Trying to ReadMemory 0xF72D540E[0x400]
12:24:35:312 1492   TDL3_StartIoHookDetect: CheckParameters: 1, F72D917C, 618, 0
12:24:35:312 1492   TDL3_FileDetect: Processing driver: nvgts
12:24:35:312 1492   TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\nvgts.sys, C:\WINDOWS\system32\Drivers\nvgts.tsk, SYSTEM\CurrentControlSet\Services\nvgts, system32\Drivers\nvgts.tsk
12:24:35:312 1492   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\nvgts.sys
12:24:35:312 1492   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\nvgts.sys
12:24:35:328 1492   DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 82F43030
12:24:35:328 1492   KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F43030
12:24:35:328 1492   DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 82F399E8
12:24:35:328 1492   KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F399E8
12:24:35:328 1492   DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 82F18A38
12:24:35:328 1492   KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F18A38
12:24:35:328 1492   KLMD_ReadMem: Trying to ReadMemory 0x82F18A38[0x38]
12:24:35:328 1492   DetectCureTDL3: DRIVER_OBJECT addr: 82F4C360
12:24:35:328 1492   KLMD_ReadMem: Trying to ReadMemory 0x82F4C360[0xA8]
12:24:35:328 1492   KLMD_ReadMem: Trying to ReadMemory 0xE100DD10[0x208]
12:24:35:328 1492   DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvgts, Driver Name: nvgts
12:24:35:328 1492   DetectCureTDL3: IrpHandler (0) addr: F72D244C
12:24:35:328 1492   DetectCureTDL3: IrpHandler (1) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (2) addr: F72D244C
12:24:35:328 1492   DetectCureTDL3: IrpHandler (3) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (4) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (5) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (6) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (7) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (8) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (9) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (10) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (11) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (12) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (13) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (14) addr: F72D244C
12:24:35:328 1492   DetectCureTDL3: IrpHandler (15) addr: F72D244C
12:24:35:328 1492   DetectCureTDL3: IrpHandler (16) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (17) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (18) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (19) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (20) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (21) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (22) addr: F72D244C
12:24:35:328 1492   DetectCureTDL3: IrpHandler (23) addr: F72D244C
12:24:35:328 1492   DetectCureTDL3: IrpHandler (24) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (25) addr: 804F355A
12:24:35:328 1492   DetectCureTDL3: IrpHandler (26) addr: 804F355A
12:24:35:328 1492   KLMD_ReadMem: Trying to ReadMemory 0xF72D540E[0x400]
12:24:35:328 1492   TDL3_StartIoHookDetect: CheckParameters: 1, F72D917C, 618, 0
12:24:35:328 1492   TDL3_FileDetect: Processing driver: nvgts
12:24:35:328 1492   TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\nvgts.sys, C:\WINDOWS\system32\Drivers\nvgts.tsk, SYSTEM\CurrentControlSet\Services\nvgts, system32\Drivers\nvgts.tsk
12:24:35:328 1492   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\nvgts.sys
12:24:35:328 1492   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\nvgts.sys
12:24:35:343 1492   DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 82F30AB8
12:24:35:343 1492   KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F30AB8
12:24:35:343 1492   DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 82F0B920
12:24:35:343 1492   KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F0B920
12:24:35:343 1492   DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 82FB5A38
12:24:35:343 1492   KLMD_GetLowerDeviceObject: Trying to get lower device object for 82FB5A38
12:24:35:343 1492   KLMD_ReadMem: Trying to ReadMemory 0x82FB5A38[0x38]
12:24:35:343 1492   DetectCureTDL3: DRIVER_OBJECT addr: 82F4C360
12:24:35:343 1492   KLMD_ReadMem: Trying to ReadMemory 0x82F4C360[0xA8]
12:24:35:343 1492   KLMD_ReadMem: Trying to ReadMemory 0xE100DD10[0x208]
12:24:35:343 1492   DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvgts, Driver Name: nvgts
12:24:35:343 1492   DetectCureTDL3: IrpHandler (0) addr: F72D244C
12:24:35:343 1492   DetectCureTDL3: IrpHandler (1) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (2) addr: F72D244C
12:24:35:343 1492   DetectCureTDL3: IrpHandler (3) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (4) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (5) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (6) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (7) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (8) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (9) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (10) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (11) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (12) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (13) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (14) addr: F72D244C
12:24:35:343 1492   DetectCureTDL3: IrpHandler (15) addr: F72D244C
12:24:35:343 1492   DetectCureTDL3: IrpHandler (16) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (17) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (18) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (19) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (20) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (21) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (22) addr: F72D244C
12:24:35:343 1492   DetectCureTDL3: IrpHandler (23) addr: F72D244C
12:24:35:343 1492   DetectCureTDL3: IrpHandler (24) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (25) addr: 804F355A
12:24:35:343 1492   DetectCureTDL3: IrpHandler (26) addr: 804F355A
12:24:35:343 1492   KLMD_ReadMem: Trying to ReadMemory 0xF72D540E[0x400]
12:24:35:343 1492   TDL3_StartIoHookDetect: CheckParameters: 1, F72D917C, 618, 0
12:24:35:343 1492   TDL3_FileDetect: Processing driver: nvgts
12:24:35:343 1492   TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\nvgts.sys, C:\WINDOWS\system32\Drivers\nvgts.tsk, SYSTEM\CurrentControlSet\Services\nvgts, system32\Drivers\nvgts.tsk
12:24:35:343 1492   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\nvgts.sys
12:24:35:343 1492   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\nvgts.sys
12:24:35:359 1492   

12:24:35:359 1492   Infected objects in memory:         0
12:24:35:375 1492   Cured objects in memory:         0
12:24:35:375 1492   Infected objects on disk:         0
12:24:35:375 1492   Objects on disk cured on reboot:      0
12:24:35:375 1492   Objects on disk deleted on reboot:      0
12:24:35:375 1492   Registry nodes deleted on reboot:      0
12:24:35:375 1492
Messages: 30
Inscription: 02 Déc 2008 16:19

Re: win 32 tdss

Message le 29 Déc 2009 12:45


Apriori, plus de traces de TDSS, ou bien c'est une nouvelle variante ou bien du bagle c'est glisser là dedans...

fait cela stp...

désactive ton Anti-virus le temps de faire ces manipulations.

>>Télécharge Winsockxpfix sur ton bureau et passe à la suite.



Télécharge Combofix sur ton Bureau (et pas ailleurs)en le renommant avant qu'il n'atterrisse sur ton bureau. [/b]
pour cela fais un clic droit sur Combofix.exe ,choisis "enregistrer la cible du lien sous..." et renomme le en Schnoqueur.exe pour l'emplacement choisis ton bureau et cliques sur "enregistrer"

Double clique ComboFix.exe pour démarrer le scan et suis les instructions indiquées par combofix.
Si Combofix te demande te demande l'autorisation de télécharger et installer la console de récupération Windows, acceptes et suis les instructions.
Lorsque le scan sera complet, un rapport apparaîtra, enregistre le sur ton bureau.
Redémarre impérativement ton pc !!
Copie/colle le rapport combofix dans ta prochaine réponse

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Ne pas cliquer dans la fenêtre de Combofix durant l'analyse ; ceci provoquerait le gel du programme.


si a tout hasard ta connexion internet n'est plus active après le redémarrage du pc fait cela pour la réparer...

Fait un double clic sur l'icône Image de WinsockXPFix.

>>clique sur "Fix" > et si ton pc ne redémarre pas,redémarre le manuellement.

Avatar de l'utilisateur
Messages: 2986
Inscription: 29 Nov 2009 12:05

Re: win 32 tdss

Message le 29 Déc 2009 13:35

ok , j ai lance combofix ça s est bien passe seulement des fenetres d avira ce sont ouvertes durant le scan de combofix , j ai mis en quarantaine ????
Code: Tout sélectionner
ComboFix 09-12-28.05 - 29/12/2009  13:12:34.1.1 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1007.707 [GMT 1:00]
Lancé depuis: c:\documents and settings\\Bureau\Schnoqueur.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\program files\SuperCopier2\SC2Hook.dll

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))

c:\documents and settings\All Users\Bureau\
c:\documents and settings\All Users\Bureau\
c:\documents and settings\All Users\Bureau\
c:\documents and settings\\Application Data\Desktopicon
c:\documents and settings\\Mes documents\sauvegarde registre.reg
c:\program files\Cheat Engine\dbk32.sys
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


(((((((((((((((((((((((((((((   Fichiers créés du 2009-11-28 au 2009-12-29  ))))))))))))))))))))))))))))))))))))

2009-12-29 11:23 . 2009-12-29 11:24   --------   d-----w-   C:\tdsskiller
2009-12-29 11:07 . 2009-12-29 11:09   --------   d-----w-   C:\rsit
2009-12-29 11:01 . 2009-12-29 11:01   --------   d-----w-   c:\program files\Trend Micro
2009-12-29 10:31 . 2009-12-29 11:25   --------   d-----w-   c:\program files\Malware Defense
2009-12-29 10:02 . 2009-12-29 10:02   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache

((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
2009-12-29 12:25 . 2001-08-28 12:00   532794   ----a-w-   c:\windows\system32\perfh00C.dat
2009-12-29 12:25 . 2001-08-28 12:00   94078   ----a-w-   c:\windows\system32\perfc00C.dat
2009-12-29 12:18 . 2009-11-13 08:20   --------   d-----w-   c:\program files\Cheat Engine
2009-12-29 12:12 . 2008-12-21 19:41   --------   d-----w-   c:\program files\Google
2009-12-29 12:10 . 2009-03-01 23:50   --------   d-----w-   c:\program files\SuperCopier2
2009-12-29 11:04 . 2009-03-25 15:33   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-12-29 11:00 . 2009-11-25 09:10   79488   ----a-w-   c:\documents and settings\\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-29 02:07 . 2009-03-11 10:22   --------   d-----w-   c:\program files\a-squared Free
2009-12-29 00:34 . 2008-12-23 14:51   1   ----a-w-   c:\documents and settings\\Application Data\\3\user\uno_packages\cache\stamp.sys
2009-12-28 21:59 . 2008-12-21 22:56   --------   d-----w-   c:\documents and settings\\Application Data\uTorrent
2009-12-28 21:51 . 2009-04-10 17:17   --------   d-----w-   c:\documents and settings\\Application Data\foobar2000
2009-12-28 18:48 . 2008-12-23 10:22   --------   d-----w-   c:\program files\Mozilla Thunderbird
2009-12-28 17:20 . 2009-02-03 15:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2009-12-27 18:38 . 2009-01-20 17:27   --------   d-----w-   c:\documents and settings\\Application Data\dvdcss
2009-12-10 22:44 . 2009-06-27 15:00   56816   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2009-12-04 12:37 . 2009-02-24 22:30   --------   d-----w-   c:\program files\Mp3tag
2009-12-03 15:14 . 2009-03-25 15:33   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-03-25 15:33   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-11-12 19:08 . 2009-11-12 17:46   --------   d-----w-   c:\documents and settings\\Application Data\MSN6
2009-11-12 17:58 . 2008-12-21 13:48   22536   ----a-w-   c:\documents and settings\\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-12 17:54 . 2009-11-12 17:54   --------   d-----w-   c:\program files\Windows Live SkyDrive
2009-11-12 17:52 . 2009-11-12 17:52   --------   d-----w-   c:\program files\Fichiers communs\Windows Live
2009-11-12 17:46 . 2009-11-12 17:46   --------   d-----w-   c:\documents and settings\All Users\Application Data\MSN6
2009-11-10 01:20 . 2009-09-30 01:44   75680   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-08 23:57 . 2009-03-09 07:48   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2009-11-05 13:35 . 2009-01-06 20:41   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-05 08:53 . 2009-11-05 08:53   4045528   ----a-w-   c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-29 07:42 . 2001-08-28 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2008-12-21 13:42   25088   ----a-w-   c:\windows\system32\httpapi.dll
2009-10-21 05:39 . 2008-12-21 13:42   75776   ----a-w-   c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2008-12-21 13:42   265728   ------w-   c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2001-08-28 12:00   271360   ----a-w-   c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2001-08-28 12:00   79872   ----a-w-   c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2001-08-28 12:00   150528   ----a-w-   c:\windows\system32\rastls.dll

------- Sigcheck -------

[-] 2009-01-10 . A0EE5C06390357FEE7B7949DBCA156D3 . 165376 . . [5.1.2600.1106] . . c:\windows\system32\appmgmts.dll
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"P17Helper"="P17.dll" [2005-05-03 64512]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"M-Audio Taskbar Icon"="c:\windows\System32\DeltaIITray.exe" [2008-03-03 236040]
"DeltaIITaskbarApp"="c:\windows\system32\DeltaIITray.exe" [2008-03-03 236040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"DT PHL"="c:\program files\Philips Display\SmartControl II\DTHtml.exe" [2007-07-27 292352]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]


"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [11/03/2009 11:22 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/06/2009 16:00 108289]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaII.sys [10/05/2009 00:25 302728]
S3 maconfservice;Ma-Config Service;c:\program files\\maconfservice.exe [29/05/2009 17:13 234864]
S3 sbext;Sound Blaster Extigy Audio Driver;c:\windows\system32\DRIVERS\sbext.sys --> c:\windows\system32\DRIVERS\sbext.sys [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv
------- Examen supplémentaire -------
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\
FF - prefs.js: - hxxp://
FF - prefs.js: - Google
FF - prefs.js: browser.startup.homepage - hxxp://
FF - prefs.js: keyword.URL - hxxp://
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - user.js: yahoo.homepage.dontask - true.

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-Malware Defense - c:\program files\Malware Defense\mdefense.exe
AddRemove-Malware Defense - c:\program files\Malware Defense\Uninstall.exe


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-12-29 13:21
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0


--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3808)
c:\program files\SuperCopier2\SC2Hook.dll
c:\program files\RocketDock\RocketDock.dll
------------------------ Autres processus actifs ------------------------
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\Fichiers communs\Portrait Displays\Shared\HookManager.exe
Heure de fin: 2009-12-29  13:28:04 - La machine a redémarré
ComboFix-quarantined-files.txt  2009-12-29 12:28

Avant-CF: 11 292 102 656 octets libres
Après-CF: 12 829 405 184 octets libres

[boot loader]
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

- - End Of File - - 344BFA4F781B716DDE44FF17C4030E6F
Messages: 30
Inscription: 02 Déc 2008 16:19

Re: win 32 tdss

Message le 29 Déc 2009 14:17


il y a du mieux :wink:

Mais un fichier dll est patché...

supprime manuellement ce dossier en gras c:\program files\Malware Defense
/!\ si la suppression pose problème, surtout dit le moi /!\


* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "Custom scanx/fixes"

%SYSTEMDRIVE%\appmgmts.dll /s /md5
%SYSTEMDRIVE%\cdrom.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\ACPI.sys /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5

* Cliques sur l'icône "RunScan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Avatar de l'utilisateur
Messages: 2986
Inscription: 29 Nov 2009 12:05

Re: win 32 tdss

Message le 29 Déc 2009 17:12

desole , jai du m' interrompre , je telecharge otl , merçi enormement oui en effet il y a l air d y avoir du mieux
Messages: 30
Inscription: 02 Déc 2008 16:19

Re: win 32 tdss

Message le 29 Déc 2009 17:42

Rapports OTL
Code: Tout sélectionner
OTL logfile created on: 29/12/2009 17:21:48 - Run 1
OTL by OldTimer - Version     Folder = C:\Documents and Settings\christophe amouroux\Mes documents\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1 007,00 Mb Total Physical Memory | 603,00 Mb Available Physical Memory | 60,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76,32 Gb Total Space | 12,00 Gb Free Space | 15,72% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 220,40 Gb Free Space | 47,32% Space Free | Partition Type: NTFS
Drive E: | 575,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 465,75 Gb Total Space | 307,53 Gb Free Space | 66,03% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MOA-03F9YO4OWGJ
Current User Name: christophe amouroux
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - C:\Documents and Settings\christophe amouroux\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\DeltaIITray.exe ()
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\Philips Display\SmartControl II\dthtml.exe (Portrait Displays, Inc)
PRC - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe (Portrait Displays Inc.)
PRC - C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
PRC - C:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation)
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - C:\Documents and Settings\christophe amouroux\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwrsfr.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
MOD - C:\Program Files\RocketDock\RocketDock.dll ()
MOD - C:\Program Files\SuperCopier2\SC2Hook.dll (SFX TEAM)
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - (gusvc) --  File not found
SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (maconfservice) -- C:\Program Files\\maconfservice.exe (CybelSoft)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (DTSRVC) -- C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (WMDM PMSP Service) -- C:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (driverhardwarev2) -- C:\Program Files\\Drivers\driverhardwarev2.sys (CybelSoft)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Point32) -- C:\WINDOWS\system32\drivers\point32.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (DELTAII) Service for M-Audio Delta Driver (WDM) -- C:\WINDOWS\system32\drivers\deltaII.sys (Avid Technology, Inc.)
DRV - (TPkd) -- C:\WINDOWS\system32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (pdiddcci) -- C:\WINDOWS\system32\drivers\pdiddcci.sys (Portrait Displays, Inc.)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (AEAudioService) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 31 94 6D 3B 78 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - "Bing"
FF - "Web Search"
FF - ""
FF - "Google"
FF - false
FF - true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:9.8.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {bb628310-0ab7-11db-9cd8-0800200c9a66}:
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.19
FF - prefs.js..keyword.URL: ""
FF - 4
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/28 01:45:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/16 23:03:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/31 17:04:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2008/12/21 15:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Extensions
[2009/12/28 22:15:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions
[2009/10/07 20:59:15 | 00,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/11/18 13:19:53 | 00,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2009/08/09 11:20:37 | 00,000,000 | ---D | M] (PimpZilla) -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
[2009/11/20 08:20:03 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/04/05 22:59:29 | 00,000,000 | ---D | M] (Bookmark Duplicate Detector) -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}
[2009/03/20 21:39:55 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}
[2009/12/18 08:42:41 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/12 21:23:59 | 00,002,171 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Application Data\Mozilla\Firefox\Profiles\avnzrt03.default\searchplugins\bing.xml
[2009/12/28 22:15:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/24 13:31:33 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/06/24 13:31:33 | 00,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/06/24 13:31:33 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/06/24 13:31:33 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/06/24 13:31:33 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts:       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ziepod One-Click Helper) - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\WINDOWS\system32\ZiepodOneClicker.dll (Ziepod)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [DT PHL] C:\Program Files\Philips Display\SmartControl II\DTHtml.exe (Portrait Displays, Inc)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\christophe amouroux\Menu Démarrer\Programmes\Démarrage\adsl TV.LNK = C:\Program Files\adslTV\adsltv.exe File not found
O4 - Startup: C:\Documents and Settings\christophe amouroux\Menu Démarrer\Programmes\Démarrage\HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/21 00:47:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/05/13 22:18:08 | 00,000,052 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{76d98de2-d864-11dd-bb7a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{76d98de2-d864-11dd-bb7a-806d6172696f}\Shell\AutoRun\command - "" = E:\Mobiclic_65.exe -- [2004/06/25 13:37:16 | 03,307,068 | R--- | M] (Macromedia, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2009/12/29 17:16:31 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/29 13:12:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/12/29 13:02:23 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/29 13:01:18 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/29 13:01:18 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/29 13:01:18 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/29 13:01:18 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/29 13:00:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/29 13:00:17 | 00,000,000 | ---D | C] -- C:\Schnoqueur
[2009/12/29 12:59:46 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/29 12:23:37 | 00,000,000 | ---D | C] -- C:\tdsskiller
[2009/12/29 12:07:26 | 00,000,000 | ---D | C] -- C:\rsit
[2009/12/29 12:01:45 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/28 18:11:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\christophe amouroux\Mes documents\ACT088_00
[2009/12/11 19:06:06 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\christophe amouroux\Bureau\[Fichiers originaux]
[2009/08/15 06:16:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/08/15 06:15:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/05/03 20:58:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/03/21 21:24:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis
[2009/02/22 00:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/02/17 16:08:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/02/07 16:28:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/01/16 09:55:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
[2009/01/10 14:59:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/12/21 00:46:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2002/04/11 08:41:06 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2009/12/29 17:19:08 | 00,001,029 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\Raccourci vers OTL.exe.lnk
[2009/12/29 14:40:54 | 01,153,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/29 14:40:54 | 00,532,794 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/12/29 14:40:54 | 00,440,820 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/29 14:40:54 | 00,094,078 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/12/29 14:40:54 | 00,071,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/29 14:37:46 | 00,192,857 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/29 14:36:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/29 14:36:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/29 14:35:12 | 13,107,200 | -H-- | M] () -- C:\Documents and Settings\christophe amouroux\NTUSER.DAT
[2009/12/29 13:22:00 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/29 13:21:25 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/29 13:11:14 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/29 13:02:30 | 00,000,286 | RHS- | M] () -- C:\boot.ini
[2009/12/29 12:55:10 | 03,868,670 | R--- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\Schnoqueur.exe
[2009/12/29 12:54:21 | 00,001,080 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\Raccourci vers WinsockXPFix.exe.lnk
[2009/12/29 12:44:31 | 00,001,024 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\Raccourci vers asdehi.lnk
[2009/12/29 12:01:45 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\HijackThis.lnk
[2009/12/29 11:27:30 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\christophe amouroux\ntuser.ini
[2009/12/29 02:44:58 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/28 22:58:53 | 00,007,680 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/27 17:15:57 | 00,012,640 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/11 19:10:51 | 00,071,218 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\mini BordeauxParis.jpg
[2009/12/11 19:06:06 | 00,003,269 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\minidopage_arthur.jpg
[2009/12/10 23:44:14 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/10 02:20:45 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/09 18:58:46 | 12,051,383 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Mes documents\soleil d encre.pdf
[2009/12/04 13:37:49 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mp3tag.lnk
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/29 20:54:40 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\Le Joueur d'échecs.doc
[2009/11/29 20:54:28 | 00,015,345 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\Le Joueur d'échecs.docm
[2009/11/29 19:43:08 | 00,018,040 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\anne texte corrige.odt
[2009/11/29 19:26:47 | 00,017,108 | ---- | M] () -- C:\Documents and Settings\christophe amouroux\Bureau\anne roman.odt
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2009/12/29 17:19:08 | 00,001,029 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\Raccourci vers OTL.exe.lnk
[2009/12/29 13:02:30 | 00,000,216 | ---- | C] () -- C:\Boot.bak
[2009/12/29 13:02:23 | 00,263,488 | ---- | C] () -- C:\cmldr
[2009/12/29 13:01:18 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/29 13:01:18 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/29 13:01:18 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/29 13:01:18 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/29 13:01:18 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/29 12:55:10 | 03,868,670 | R--- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\Schnoqueur.exe
[2009/12/29 12:54:21 | 00,001,080 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\Raccourci vers WinsockXPFix.exe.lnk
[2009/12/29 12:44:31 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\Raccourci vers asdehi.lnk
[2009/12/29 12:01:45 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\HijackThis.lnk
[2009/12/29 02:44:58 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/11 19:10:51 | 00,071,218 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\mini BordeauxParis.jpg
[2009/12/11 19:04:10 | 00,003,269 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\minidopage_arthur.jpg
[2009/12/09 18:58:27 | 12,051,383 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Mes documents\soleil d encre.pdf
[2009/12/04 13:37:49 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mp3tag.lnk
[2009/11/29 20:54:28 | 00,015,345 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\Le Joueur d'échecs.docm
[2009/11/29 20:54:12 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\Le Joueur d'échecs.doc
[2009/11/29 19:43:08 | 00,018,040 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\anne texte corrige.odt
[2009/11/29 19:26:47 | 00,017,108 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Bureau\anne roman.odt
[2009/11/13 09:20:43 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/09/30 02:44:04 | 00,075,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/31 21:23:30 | 00,000,116 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2009/08/18 12:35:28 | 00,004,458 | ---- | C] () -- C:\WINDOWS\System32\EXTIGY.INI
[2009/05/19 22:02:57 | 00,001,305 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2009/05/09 23:54:02 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/04/08 12:27:28 | 00,000,253 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009/04/08 12:07:31 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.DLL
[2009/03/20 20:06:24 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2009/03/08 15:37:54 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/28 19:50:44 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/28 19:50:44 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/28 19:50:44 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/14 16:02:58 | 00,004,082 | ---- | C] () -- C:\WINDOWS\Q-Dir.ini
[2009/01/11 10:57:09 | 00,000,142 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Local Settings\Application Data\fusioncache.dat
[2008/12/21 22:26:50 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/21 22:26:50 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/21 18:45:54 | 00,020,905 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/12/21 18:45:48 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/12/21 16:25:07 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/12/21 14:48:39 | 00,007,680 | ---- | C] () -- C:\Documents and Settings\christophe amouroux\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/26 22:23:32 | 00,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 22:23:30 | 00,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 22:23:28 | 00,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/03/12 12:01:30 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2005/10/10 14:49:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/10/10 14:49:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/10/10 14:49:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/10/10 14:49:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/10/10 14:49:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/10/10 14:49:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/07/07 10:26:56 | 00,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2005/03/08 07:17:08 | 00,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/10/02 17:48:18 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[1996/04/03 20:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\appmgmts.dll /s /md5 >[/color]
[2009/01/10 16:17:56 | 00,165,376 | ---- | M] (Microsoft Corporation) MD5=A0EE5C06390357FEE7B7949DBCA156D3 -- C:\WINDOWS\system32\appmgmts.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[color=#A23BEC]< %SYSTEMDRIVE%\cdrom.sys /s /md5 >[/color]
[2004/08/03 22:59:54 | 00,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
[2008/04/13 19:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 19:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[color=#A23BEC]< %SYSTEMDRIVE%\atapi.sys /s /md5 >[/color]
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[color=#A23BEC]< %SYSTEMDRIVE%\ACPI.sys /s /md5 >[/color]
[2004/08/19 15:51:56 | 00,188,672 | ---- | M] (Microsoft Corporation) MD5=0BD94FBFC14EA3606CD6CA4C0255BAA3 -- C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
[2008/04/14 02:52:42 | 00,188,672 | ---- | M] (Microsoft Corporation) MD5=E5E6DBFC41EA8AAD005CB9A57A96B43B -- C:\WINDOWS\ServicePackFiles\i386\acpi.sys
[2008/04/14 02:52:42 | 00,188,672 | ---- | M] (Microsoft Corporation) MD5=E5E6DBFC41EA8AAD005CB9A57A96B43B -- C:\WINDOWS\system32\drivers\acpi.sys
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2001/05/24 12:59:30 | 00,162,304 | ---- | M] () -- C:\UNWISE.EXE
[color=#A23BEC]< %SYSTEMDRIVE%\iaStor.sys /s /md5 >[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\nvstor.sys /s /md5 >[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\viasraid.sys /s /md5 >[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\AGP440.sys /s /md5 >[/color]
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[color=#A23BEC]< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 1299 bytes -> C:\Program Files\Fichiers communs\System:dLMGbacCoSiulYGkH01qU4szOwR
@Alternate Data Stream - 1290 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:bdvdWtl2wdWbnCkjiEtQ6N1He7rT
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE9FEFC
@Alternate Data Stream - 1221 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:s7UN5yXG3qU8KyWhMXKpbb
@Alternate Data Stream - 1209 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:kw1cwilbEIgpzpxgz
@Alternate Data Stream - 1175 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:vEtmYU3BfBosr4xdMSjHPLUNLXrioM
@Alternate Data Stream - 1063 bytes -> C:\Program Files\Outlook Express:4nSE9FdvjxnAEp5qZdaxpqm
@Alternate Data Stream - 1001 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:OoHKP7LNRZFlD5Zxt9
< End of report >

OTL Extras logfile created on: 29/12/2009 17:21:48 - Run 1
OTL by OldTimer - Version     Folder = C:\Documents and Settings\christophe amouroux\Mes documents\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1 007,00 Mb Total Physical Memory | 603,00 Mb Available Physical Memory | 60,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76,32 Gb Total Space | 12,00 Gb Free Space | 15,72% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 220,40 Gb Free Space | 47,32% Space Free | Partition Type: NTFS
Drive E: | 575,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 465,75 Gb Total Space | 307,53 Gb Free Space | 66,03% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MOA-03F9YO4OWGJ
Current User Name: christophe amouroux
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lupas Rename] -- Reg Error: Key error.
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp
[color=#E56717]========== Authorized Applications List ==========[/color]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\\maconfservice.exe" = C:\Program Files\\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = 3.1
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B8-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
"{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}" =
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79C8E125-2115-40EB-B89C-C3DFFFDFCBFE}" = MixMeister
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{863CC205-84C1-4B7D-9033-ECEB0077FFD9}_is1" = AIMP2 MegaPack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DA9D7E6-8F69-4171-9007-81B0A84C83F6}_is1" = CDisplay
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta
"{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.4
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEC8F2E3-AC9A-357C-BFCB-BFAC37C4AC50}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag 1.4
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FDA7A7CB-F1DE-42A9-83A6-27BE6CD6E8F3}" = SmartControl II
"7-Zip" = 7-Zip 4.64
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Album Art Downloader XUI" = Album Art Downloader XUI 0.25
"anooki-v5-0-1" = anooki-v5-0-1 Screen Saver
"Ant Movie Catalog Viewer_is1" = Ant Movie Catalog Viewer 1.6
"Ant Movie Catalog_is1" = Ant Movie Catalog
"a-squared Free_is1" = a-squared Free 4.0
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Avisynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Creative NOMAD II Driver" = Creative NOMAD II Driver
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Device Control" = Device Control
"DupDetector" = Dup Detector
"EAXSet" = Paramètres EAX Creative
"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v5.00
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"FastStone Image Viewer" = FastStone Image Viewer 3.7
"ffdshow_is1" = ffdshow [rev 1703] [2007-12-15]
"foobar2000" = foobar2000 v0.9.5.2
"Foxit Reader" = Foxit Reader
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.6.3
"Google Updater" = Outil de mise à jour Google
"GSpot 2.21 Fr_is1" = GSpot 2.21 Fr
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"hp deskjet 930c series" = hp deskjet 930c series (Supprimer uniquement)
"hp deskjet 930c series_Driver" = hp deskjet 930c series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"Lupas Rename 2000_is1" = Lupas Rename 2000 v5.0 Release
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Mozilla Thunderbird (" = Mozilla Thunderbird (
"Mp3tag" = Mp3tag v2.45a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Q-Dir" = Q-Dir
"RocketDock_is1" = RocketDock 1.3.5
"SPEAKER" = Paramètres de haut-parleur Creative
"SuperCopier2" = SuperCopier2
"VisiPics_is1" = VisiPics V1.30
"VLC media player" = VLC media player 0.9.8a
"VobSub" = VobSub 2.23
"WaveStudio 7" = Creative WaveStudio 7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.1
"Ziepod_is1" = Ziepod 0.99.9
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
"TimeAdjuster" = Time Adjuster STANDARD 3.1
"uTorrent" = µTorrent
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 29/12/2009 08:04:48 | Computer Name = MOA-03F9YO4OWGJ | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
 séquence de la liste racine tierce partie à partir de : <>
 avec l'erreur : A connection with the server could not be established 
Error - 29/12/2009 08:11:36 | Computer Name = MOA-03F9YO4OWGJ | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.
Error - 29/12/2009 08:15:42 | Computer Name = MOA-03F9YO4OWGJ | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
 séquence de la liste racine tierce partie à partir de : <>
 avec l'erreur : A connection with the server could not be established 
Error - 29/12/2009 08:15:42 | Computer Name = MOA-03F9YO4OWGJ | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
 séquence de la liste racine tierce partie à partir de : <>
 avec l'erreur : Cette connexion réseau n'existe pas. 
Error - 29/12/2009 08:21:53 | Computer Name = MOA-03F9YO4OWGJ | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.
Error - 29/12/2009 08:24:41 | Computer Name = MOA-03F9YO4OWGJ | Source = nview_info | ID = 11141121
Description =
Error - 29/12/2009 09:34:15 | Computer Name = MOA-03F9YO4OWGJ | Source = Application Error | ID = 1000
Description = Application défaillante supercopier2.exe, version, module
 défaillant unknown, version, adresse de défaillance 0x10077f70.
Error - 29/12/2009 09:34:17 | Computer Name = MOA-03F9YO4OWGJ | Source = Microsoft IntelliPoint | ID = 1000
Description =
Error - 29/12/2009 09:34:18 | Computer Name = MOA-03F9YO4OWGJ | Source = Microsoft IntelliType Pro | ID = 1000
Description =
Error - 29/12/2009 09:37:05 | Computer Name = MOA-03F9YO4OWGJ | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.
[ System Events ]
Error - 29/12/2009 06:55:13 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
 Avira AntiVir Planificateur.
Error - 29/12/2009 06:55:13 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7000
Description = Le service Avira AntiVir Planificateur n'a pas pu démarrer en raison
 de l'erreur :   %%1053
Error - 29/12/2009 06:55:13 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
 Avira AntiVir Guard.
Error - 29/12/2009 06:55:13 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7000
Description = Le service Avira AntiVir Guard n'a pas pu démarrer en raison de l'erreur :
Error - 29/12/2009 06:55:13 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
 Google Update Service (gupdate1c98615c8a0571a).
Error - 29/12/2009 06:55:13 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7000
Description = Le service Google Update Service (gupdate1c98615c8a0571a) n'a pas
pu démarrer en raison de l'erreur :   %%1053
Error - 29/12/2009 06:55:43 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
 Service COM de gravage de CD IMAPI.
Error - 29/12/2009 06:55:43 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7000
Description = Le service Service COM de gravage de CD IMAPI n'a pas pu démarrer
en raison de l'erreur :   %%1053
Error - 29/12/2009 08:04:49 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7034
Description = Le service Portrait Displays Display Tune Service s'est terminé de
 façon inattendue pour la 1ème fois.
Error - 29/12/2009 08:12:28 | Computer Name = MOA-03F9YO4OWGJ | Source = Service Control Manager | ID = 7034
Description = Le service Portrait Displays Display Tune Service s'est terminé de
 façon inattendue pour la 1ème fois.
< End of report >
Messages: 30
Inscription: 02 Déc 2008 16:19

Re: win 32 tdss

Message le 29 Déc 2009 19:31


fait cela stp...

Cliques sur "menu démarrer" > "exécuter" > tapes cmd et valides en cliquant sur "OK"

dans la fenêtre noire qui s'ouvre copie et colles le texte en bleu >> regsvr32 /u appmgmts.dll puis valides par la touche "entrée" et fermes la fenêtre noire

télécharge ce fichier appmgmts.dll et copies le à la racine de ton disque C:\ de manière à ce que son chemin d'accès soit >>"c:\appmgmts.dll"


> crées un nouveau document texte sur ton bureau
> pour cela clic-droit sur le bureau > Nouveau > document texte > copies et colles le contenu de la citation ci-dessous à l'intérieur


c:\appmgmts.dll | c:\windows\system32\appmgmts.dll

C:\Program Files\Fichiers communs\System
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Program Files\Fichiers communs\System
C:\Program Files\Outlook Express
C:\Program Files\Fichiers communs\System:dLMGbacCoSiulYGkH01qU4szOwR
C:\Documents and Settings\All Users\Application Data\Microsoft:bdvdWtl2wdWbnCkjiEtQ6N1He7rT
C:\Documents and Settings\All Users\Application Data\TEMP:2BE9FEFC
C:\Documents and Settings\All Users\Application Data\Microsoft:s7UN5yXG3qU8KyWhMXKpbb
C:\Documents and Settings\All Users\Application Data\Microsoft:kw1cwilbEIgpzpxgz
C:\Documents and Settings\All Users\Application Data\Microsoft:vEtmYU3BfBosr4xdMSjHPLUNLXrioM
C:\Program Files\Outlook Express:4nSE9FdvjxnAEp5qZdaxpqm
C:\Documents and Settings\All Users\Application Data\Microsoft:OoHKP7LNRZFlD5Zxt9

C:\Documents and Settings\christophe amouroux\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Respectes à la lettre la procédure d'enregistrement suivante,c'est très important

> ensuite cliques sur "fichier" > "enregistrer sous..."
> dans la fenêtre d'enregistrement choisis le bureau comme destination > dans type choisis "tous les fichiers" > et dans nom du fichier tape CFScript.txt > ensuite cliques sur enregistrer et fermes le document texte.

> fais un glisser/déposer(clic-gauche enfoncé sur CFScrit.txt et tu fais glisser) de ce fichier CFScript.txt sur le fichier ComboFix.exe(dans ton cas c'est "Schnoqueur.exe") comme sur cette capture.


> une fenêtre bleue va apparaître >>suis les instructions
> patientes le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
> ne touches à rien tant que le scan n'est pas terminé
> une fois le scan achevé, un rapport va s'afficher,postes son contenu dans ta prochaine réponse.
> si le rapport ne s'ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt


fait cela stp...

Cliques sur "menu démarrer" > "exécuter" > tape cmd et valides en cliquant sur "OK"

dans la fenêtre noire qui s'ouvre copie et colles le texte en bleu >> regsvr32 appmgmts.dll puis valides par la touche "entrée" et fermes la fenêtre noire
(attention ce n'est pas le même que la première fois)

Avatar de l'utilisateur
Messages: 2986
Inscription: 29 Nov 2009 12:05

Re: win 32 tdss

Message le 29 Déc 2009 19:58

mais qu est ce que je fais en copiant cette dll ? c est pas que j ai des doutes mais j aime bien suivre (un minimum)
Messages: 30
Inscription: 02 Déc 2008 16:19

Re: win 32 tdss

Message le 29 Déc 2009 21:38


Message spécialement destiné à jeanmimigab

Je viens de modifier l'aspect de tous les (très longs rapports) créés par les différents outils de désinfection,
En les encadrant avec la balise [code] ils deviennent bien moins encombrants.
C'est une sorte de test, & j'aimerai savoir si cela te pose des problèmes pour exploiter ces fameux rapports.

Fais moi signe par MP pour me faire savoir, merci. Et merci à kirill de me laisser envahir son sujet.
Avatar de l'utilisateur
Ask to Old Man
Messages: 19970
Inscription: 14 Mar 2004 10:06
Localisation: Argenteuil,Val d'Oise

Re: win 32 tdss

Message le 29 Déc 2009 22:15

bonsoir , j ai eu un message d erreur disant que le dossier n existait pas mais que le point d entre avait ete cree et pour le rapport j ai trouve celui la

2009-12-29 19:46:43 . 2009-12-29 19:46:43 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2009-12-29 12:27:38 . 2009-12-29 12:27:38 840 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Malware Defense.reg.dat
2009-12-29 12:27:14 . 2009-12-29 12:27:14 161 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Malware Defense.reg.dat
2009-12-29 12:27:14 . 2009-12-29 12:27:14 164 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-MsnMsgr.reg.dat
2009-12-29 12:17:44 . 2009-12-29 19:50:44 7,379 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-12-29 12:04:55 . 2009-12-29 12:04:55 951 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_H8SRTd.sys.reg.dat
2009-12-29 12:00:19 . 2009-12-29 19:45:40 255 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-12-29 11:24:29 . 2009-12-29 11:24:29 1,597 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Bureau\
2009-12-29 11:24:29 . 2009-12-29 11:24:29 1,593 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Bureau\
2009-12-29 11:24:29 . 2009-12-29 11:24:29 1,601 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Bureau\
2009-12-29 01:46:29 . 2009-12-29 01:46:29 671 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\krl32mainweq.dll.vir
2009-12-29 01:45:28 . 2009-12-29 10:55:47 200 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\srcr.dat.vir
2009-12-29 01:45:27 . 2009-12-29 01:45:27 201 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTyotlppeydt.dat.vir
2009-11-13 08:20:44 . 2009-01-27 17:43:54 36,096 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Cheat Engine\dbk32.sys.vir
2009-01-11 00:37:40 . 2009-01-11 00:37:44 47,348,946 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\christophe amouroux\Mes documents\sauvegarde registre.reg.vir
2009-01-10 15:18:12 . 2009-01-10 15:17:56 165,376 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\appmgmts.dll.vir
2008-12-22 12:00:01 . 2009-03-24 20:17:49 183,280 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe.vir
Messages: 30
Inscription: 02 Déc 2008 16:19

Re: win 32 tdss

Message le 29 Déc 2009 22:55


mais qu est ce que je fais en copiant cette dll ? c est pas que j ai des doutes mais j aime bien suivre (un minimum)

le fichier c:\windows\system32\appmgmts.dll à été modifié par l'infection, cela est visible dans ton rapport combofix.
la manip que je te fait faire consiste à dé-enregistrer le fichier dll en place, ensuite combofix se charge de remplacer le fichier dll en place par celui que tu as téléchargé et placé ici c:\appmgmts.dll"
puis je te fait ré-enregistrer le nouveau fichier dll en place.

le fait que tu n'ai pas eu de rapport vient du fait qu'antivir a sûrement abimer combofix au redémarrage, rappelle toi cela...
Code: Tout sélectionner
ça s est bien passe seulement des fenetres d avira ce sont ouvertes durant le scan de combofix ,

Ont va re-télécharger combofix...

Désactives Antivir le temps de faire la suite...

supprime combofix (Schnoqueur.exe) de ton bureau et re-télécharge le (inutile de le renommer cette fois ci)

ensuite fait le reste de la procédure...

> crées un nouveau document texte sur ton bureau
> pour cela clic-droit sur le bureau > Nouveau > document texte > copies et colles le contenu de la citation ci-dessous à l'intérieur


c:\appmgmts.dll | c:\windows\system32\appmgmts.dll

C:\Program Files\Fichiers communs\System
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Program Files\Fichiers communs\System
C:\Program Files\Outlook Express
C:\Program Files\Fichiers communs\System:dLMGbacCoSiulYGkH01qU4szOwR
C:\Documents and Settings\All Users\Application Data\Microsoft:bdvdWtl2wdWbnCkjiEtQ6N1He7rT
C:\Documents and Settings\All Users\Application Data\TEMP:2BE9FEFC
C:\Documents and Settings\All Users\Application Data\Microsoft:s7UN5yXG3qU8KyWhMXKpbb
C:\Documents and Settings\All Users\Application Data\Microsoft:kw1cwilbEIgpzpxgz
C:\Documents and Settings\All Users\Application Data\Microsoft:vEtmYU3BfBosr4xdMSjHPLUNLXrioM
C:\Program Files\Outlook Express:4nSE9FdvjxnAEp5qZdaxpqm
C:\Documents and Settings\All Users\Application Data\Microsoft:OoHKP7LNRZFlD5Zxt9

C:\Documents and Settings\christophe amouroux\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Respectes à la lettre la procédure d'enregistrement suivante,c'est très important

> ensuite cliques sur "fichier" > "enregistrer sous..."
> dans la fenêtre d'enregistrement choisis le bureau comme destination > dans type choisis "tous les fichiers" > et dans nom du fichier tape CFScript.txt > ensuite cliques sur enregistrer et fermes le document texte.

> fais un glisser/déposer(clic-gauche enfoncé sur CFScrit.txt et tu fais glisser) de ce fichier CFScript.txt sur le fichier ComboFix.execomme sur cette capture.


> une fenêtre bleue va apparaître >>suis les instructions
> patientes le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
> ne touches à rien tant que le scan n'est pas terminé
> une fois le scan achevé, un rapport va s'afficher,postes son contenu dans ta prochaine réponse.
> si le rapport ne s'ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt


fait cela stp...

Cliques sur "menu démarrer" > "exécuter" > tape cmd et valides en cliquant sur "OK"

dans la fenêtre noire qui s'ouvre copie et colles le texte en bleu >> regsvr32 appmgmts.dll puis valides par la touche "entrée" et fermes la fenêtre noire
(attention ce n'est pas le même que la première fois)

Avatar de l'utilisateur
Messages: 2986
Inscription: 29 Nov 2009 12:05

Re: win 32 tdss

Message le 29 Déc 2009 23:05

bonsoir et merçi de tes precisions ,oui antivir s est manifeste lors du scan de combofix pourtant il me semblait bien avoir desactiver avira : guard inactif ,parapluie ferme
Messages: 30
Inscription: 02 Déc 2008 16:19

Re: win 32 tdss

Message le 29 Déc 2009 23:08

re, oui c'est vrais mais au reboot, il se réactive automatiquement...

si il se manifeste à nouveau choisis "ignorer" dans la fenêtre interactive :wink:
Avatar de l'utilisateur
Messages: 2986
Inscription: 29 Nov 2009 12:05


Sujets similaires

Message [Réglé] choisir quels types de comptes sur mon pc
salut tout le monde je suis un peu perdu dans les choix de comptes pour mon pc principal quelle est la meilleure solution svp ?les différences entres un compte local ?standard?. administrateur leurs buts leurs utilités leurs avantages leurs inconvénient etc... puis-je avoir les comptes qui me seron ...
Réponses: 33

Message [réglé] Probleme carte ethernet
Bonjour a tous,Depuis hier je rencontre un problème avec ma carte ethernet. Mon PC m'informe que celui-ci n'est pas connecté a internet (icône de la barre des taches). Par contre j'ai internet par le biais de mon VPN. Avez vous une petite idée ? Par avance merci
Réponses: 35

Message [Réglé] boitier PC
salut les pros j'espére que vous allez tous bien depuis le temps voilà je compte acheter un boitier PC de marque bequiet shadow 800 DX éclairage ARGB 3 ventilos pure wings 140 MM d'aprés vous est ce que sa vaut le coup ? Merci
Réponses: 5

Message [Réglé] Erreur d'écriture pour Hogwarts Legacy :
Bonjour,J'ai un probleme avec le jeu Hogward Legacy : L'héritage de Poudlard que j'ai acheter sur Steam. A l'installation du jeu, il y a un probleme d'écriture qui corrompe un fichier du jeu et l'empeche de s'allumer. J'ai eu ce probleme par le passé qui a fini par se résoudre tout seul. Mais depuis ...
Réponses: 7

Message [Réglé] Soucis, écran noir avec curseur qui bouge
Bonjour à tous ! Hier en éteignant mon pc fixe, au lieu de s'éteindre j'ai eu un écran noir mais j'ai le curseur de la souris qui bouge ( mais c'est un rond bleu ). J'ai beau rallumer l'ordinateur, vérifier mes branchements rien à faire. Je vois juste le logo Windows au démarrage et je peux accéder ...
Réponses: 23

Message [Réglé] pas de tel avec routeur
Bonjour,J'ai un routeur Tenda avec lequel j'ai internet et le téléphone, jusque la tout allais bien sauf que je n'ai plus de tel.J'ai pensé que le tel étais hs, j'en ai mis un autre et pas de tonalité.J'ai mis la carte sim dans mon tel portable et celui-ci fonctionne.J'ai remis la carte sim dans le ...
Réponses: 9

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 10 invités

.: Nous contacter :: Flux RSS :: Données personnelles :.