Sujet Précédent Sujet Suivant

Fenêtres intempestives comme boulic

Résolu/Fermé
airwomen60 Messages postés 24 Date d'inscription mercredi 19 janvier 2011 Statut Membre Dernière intervention 23 janvier 2011 - 19 janv. 2011 à 15:16
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 - 23 janv. 2011 à 21:35
Bonjour,
j-ai fais comme verni a expliquer a boulic...
me reste a joindre les 2 tests faits et envoyer a cijoint mais comment l'envoyer au site ici et a verni aussi? merci j'ai hâte de soigner mon ordi!!!! il a le corps pleins de fenêtres pup!!! merci xxx


30 réponses

  • 1
  • 2
Réponse 1 / 30
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 janv. 2011 à 15:17
bonjour, airwomen60

Et le bonjour au canada.
il ne fait pas trop froid actuellement ?

--------------------------------

Tu vas sur le site http://cijoint.fr .

# Clique sur parcourir et navigue pour sélectionner OTL.txt
# plus bas sur la page, clique ensuite sur cliquer ici pour déposer le fichier.

un lien va être crée.
Copie le et indique le moi dans ta prochaine réponse.

En faire de même pour Extra.txt

A+
0
Réponse 2 / 30
airwomen60 Messages postés 24 Date d'inscription mercredi 19 janvier 2011 Statut Membre Dernière intervention 23 janvier 2011
19 janv. 2011 à 17:02
http://www.cijoint.fr/cjlink.php?file=cj201101/cijve4vjfa.txt

http://www.cijoint.fr/cjlink.php?file=cj201101/cij93SZrDG.txt
0
Réponse 3 / 30
airwomen60 Messages postés 24 Date d'inscription mercredi 19 janvier 2011 Statut Membre Dernière intervention 23 janvier 2011
19 janv. 2011 à 17:07
bonjour! merci de m'avoir répondu rapidement!

je vous ais envoyer le tout en espérant que c'est ok!

ici au canada au quebec en abitibi pres de la baie-james ... il fait très froid pour la semaine mais c'est nos premier grand froid!!! de -30 avec facteur vent -35 + -

mais le soleil est au rendez-vous:) bye merci encore xxx guylaine
0
Réponse 4 / 30
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 janv. 2011 à 18:37
Re,

Relance OTL.exe.

* Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant : 

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49414
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - No CLSID value found.
O2 - BHO: (P2P Energy Toolbar) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O2 - BHO: (no name) - {2f5fd739-4c26-49ad-a775-cc3e68ec38d4} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {b2a4c9fb-93c8-48e9-9164-debc18879c1e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (P2P Energy Toolbar) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {2f5fd739-4c26-49ad-a775-cc3e68ec38d4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {b2a4c9fb-93c8-48e9-9164-debc18879c1e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
F3 - HKCU WinNT: Run - (?) -  File not found
[2011-01-17 08:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERT DUHAIME\Application Data\xssend2
[2011-01-17 08:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERT DUHAIME\Application Data\yjwdnayqak1w2fe2wu1kkrrgpqwrujv2
[2011-01-12 13:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERT DUHAIME\Application Data\mbkravcihleqc2weidvqzqqbhmr1fr32
[2011-01-12 12:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERT DUHAIME\Application Data\xssendgtovjf2mggsgkrnxfadlveldkpn33he
[2011-01-12 12:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERT DUHAIME\Application Data\lz3eqqotax22owwbpgpksk2zbiqzwce2
[2011-01-11 21:35:47 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\~OnaujQxqoS
[2011-01-11 21:35:47 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\~OnaujQxqoSr
[2011-01-11 18:04:21 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\OnaujQxqoS
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0A8E2C33

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

:Commands
[EMPTYTEMP]
[EMPTYFLASH]


* Puis clique sur le bouton Correction en haut de la fenêtre.
* Laisse le programme travailler, le PC va redémarrer.

Tu verras un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi).
sauvegarde-le sur ton Bureau et poste-le après redémarrage.

Note : Si tu ne le trouves pas, c'est un fichier log dans C:\_OTL\MovedFiles
Regarde suivant la date : mmjjaaaa_xxxxxxxx.log
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 30
airwomen60 Messages postés 24 Date d'inscription mercredi 19 janvier 2011 Statut Membre Dernière intervention 23 janvier 2011
19 janv. 2011 à 20:48
All processes killed
Error: Unable to interpret <* Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant : > in the current context!
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bae58c2-79f9-45d1-a286-81f911301c3a}\ deleted successfully.
C:\Program Files\P2P_Energy\tbP2P_.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f5fd739-4c26-49ad-a775-cc3e68ec38d4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f5fd739-4c26-49ad-a775-cc3e68ec38d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2a4c9fb-93c8-48e9-9164-debc18879c1e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2a4c9fb-93c8-48e9-9164-debc18879c1e}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2bae58c2-79f9-45d1-a286-81f911301c3a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bae58c2-79f9-45d1-a286-81f911301c3a}\ not found.
File C:\Program Files\P2P_Energy\tbP2P_.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2f5fd739-4c26-49ad-a775-cc3e68ec38d4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f5fd739-4c26-49ad-a775-cc3e68ec38d4}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b2a4c9fb-93c8-48e9-9164-debc18879c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2a4c9fb-93c8-48e9-9164-debc18879c1e}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Run:? deleted successfully.
C:\Documents and Settings\ROBERT DUHAIME\Application Data\xssend2 folder moved successfully.
C:\Documents and Settings\ROBERT DUHAIME\Application Data\yjwdnayqak1w2fe2wu1kkrrgpqwrujv2 folder moved successfully.
C:\Documents and Settings\ROBERT DUHAIME\Application Data\mbkravcihleqc2weidvqzqqbhmr1fr32 folder moved successfully.
C:\Documents and Settings\ROBERT DUHAIME\Application Data\xssendgtovjf2mggsgkrnxfadlveldkpn33he folder moved successfully.
C:\Documents and Settings\ROBERT DUHAIME\Application Data\lz3eqqotax22owwbpgpksk2zbiqzwce2 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\~OnaujQxqoS moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\~OnaujQxqoSr moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\OnaujQxqoS moved successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0A8E2C33 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur

User: All Users

User: All Users.WINDOWS

User: b
->Temp folder emptied: 739901922 bytes
->Temporary Internet Files folder emptied: 8025086 bytes
->Java cache emptied: 25493590 bytes
->FireFox cache emptied: 51381441 bytes
->Flash cache emptied: 2670 bytes

User: Default User
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 82054 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Invité
->Temp folder emptied: 65 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11029734 bytes

User: LocalService.AUTORITE NT
->Temp folder emptied: 115616 bytes
->Temporary Internet Files folder emptied: 5714924 bytes
->Flash cache emptied: 1973 bytes

User: NetworkService
->Temp folder emptied: 609078 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.AUTORITE NT
->Temp folder emptied: 1690134 bytes
->Temporary Internet Files folder emptied: 31099654 bytes
->Java cache emptied: 18744 bytes
->Flash cache emptied: 1706 bytes

User: ROBERT DUHAIME
->Temp folder emptied: 52196435 bytes
->Temporary Internet Files folder emptied: 15567132 bytes
->Java cache emptied: 5300924 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2380 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 14863266 bytes
%systemroot%\System32 .tmp files removed: 3594752 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4306854 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 42601662 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1508565 bytes
RecycleBin emptied: 37510536 bytes

Total Files Cleaned = 1 004,00 mb


[EMPTYFLASH]

User: Administrateur

User: All Users

User: All Users.WINDOWS

User: b
->Flash cache emptied: 0 bytes

User: Default User

User: Default User.WINDOWS

User: Invité

User: LocalService

User: LocalService.AUTORITE NT
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.AUTORITE NT
->Flash cache emptied: 0 bytes

User: ROBERT DUHAIME
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.20.2 log created on 01192011_142943

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFC65A.tmp not found!
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFC669.tmp not found!
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFC8B8.tmp not found!
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFC8C5.tmp not found!
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFCB79.tmp not found!
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFCBA0.tmp not found!
C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temporary Internet Files\Content.IE5\FVBRVZ61\affich-20581180-fenetres-intempestives-comme-boulic[1].htm moved successfully.
C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_65c.dat moved successfully.

Registry entries deleted on Reboot...
0
Réponse 6 / 30
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 janv. 2011 à 20:55
Re,

Des améliorations ?

---------------------------------------

Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( IMPORTANT )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

# Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
# Branche tes différents supports amovibles ( clés USB, disque dur externe ) sans les ouvrir.

# Lance Combofix.exe et suis les invites.
# Il te sera demandé d'installer la console de récupération.
Important. Fais le absolument.

Il est possible que ComBoFix redémarre l'ordinateur pour supprimer certains fichiers.

# Une fois le scan fini, un rapport va apparaitre.

Copie/colle ce rapport dans ta prochaine réponse.

Note : Si tu ne le trouves pas, il est à C:\ComboFix.txt.

A+
0
Réponse 7 / 30
airwomen60 Messages postés 24 Date d'inscription mercredi 19 janvier 2011 Statut Membre Dernière intervention 23 janvier 2011
19 janv. 2011 à 22:06
ComboFix 11-01-18.04 - ROBERT DUHAIME 2011-01-19 15:44:10.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.187 [GMT -5:00]
Lancé depuis: c:\documents and settings\ROBERT DUHAIME\Mes documents\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ROBERT DUHAIME\Application Data\desktop.ini
c:\documents and settings\ROBERT DUHAIME\Application Data\facemoods.com
c:\documents and settings\ROBERT DUHAIME\Application Data\facemoods.com\facemoods\Online Games.ico
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\1.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\a.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\b.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\c.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\d.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\e.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\f.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\g.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\h.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\i.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\J.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\k.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\l.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\m.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\n.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\o.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\p.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\q.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\r.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\s.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\t.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\u.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\v.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\w.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\x.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\y.xml
c:\documents and settings\ROBERT DUHAIME\Application Data\PriceGong\Data\z.xml
c:\program files\AutocompletePro
c:\program files\AutocompletePro\ChromeSetSearchInBrowser.exe
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\windows\system32\746231837.dat
c:\windows\system32\LocalService
c:\windows\system32\sqlite3.dll
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-12-19 au 2011-01-19 ))))))))))))))))))))))))))))))))))))
.

2011-01-19 18:39 . 2008-04-14 00:33 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-01-19 18:39 . 2008-04-14 00:04 93184 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-01-19 18:37 . 2008-04-14 00:33 81920 ------w- c:\windows\system32\ieencode.dll
2011-01-19 18:33 . 2008-04-14 00:34 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-01-19 13:46 . 2011-01-19 13:46 -------- d-----w- C:\_OTL
2011-01-19 12:44 . 2011-01-19 12:44 -------- d-----w- c:\documents and settings\Invité
2011-01-19 00:10 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 00:10 . 2011-01-19 00:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 00:10 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-18 16:45 . 2001-08-23 22:47 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-01-18 16:44 . 2004-08-05 12:00 15360 -c--a-w- c:\windows\system32\dllcache\flattemp.exe
2011-01-18 16:41 . 2008-04-14 00:33 39936 ----a-w- c:\windows\system32\wbem\snmpthrd.dll
2011-01-18 16:41 . 2008-04-14 00:33 259072 ----a-w- c:\windows\system32\wbem\snmpcl.dll
2011-01-18 16:34 . 2004-08-05 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-01-18 16:34 . 2004-08-05 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-01-18 16:34 . 2004-08-05 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-01-18 16:34 . 2004-08-05 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-01-18 03:42 . 2011-01-18 23:55 -------- dc-h--w- c:\windows\ie8
2011-01-17 22:57 . 2011-01-17 22:57 135680 ----a-w- c:\documents and settings\ROBERT DUHAIME\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2011-01-17 22:13 . 2011-01-17 22:13 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-17 21:13 . 2004-08-05 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-01-17 21:13 . 2004-08-05 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-01-17 17:47 . 2011-01-17 17:47 -------- d-----w- c:\program files\CCleaner
2011-01-15 21:26 . 2011-01-16 23:44 -------- d-----w- c:\documents and settings\Administrateur
2011-01-15 20:10 . 2011-01-15 20:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Wondershare
2011-01-15 20:09 . 2011-01-15 20:09 -------- d-----w- c:\program files\Wondershare
2011-01-15 16:19 . 2011-01-15 23:20 -------- d-----w- c:\documents and settings\ROBERT DUHAIME\Application Data\SoftGrid Client
2011-01-15 15:59 . 2011-01-15 15:59 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-01-15 15:59 . 2011-01-15 15:59 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-01-15 15:59 . 2011-01-15 15:59 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-01-15 15:59 . 2011-01-15 15:59 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-01-15 15:59 . 2011-01-15 15:59 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-01-15 15:59 . 2011-01-15 15:59 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-01-15 15:59 . 2011-01-15 15:59 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-01-15 15:58 . 2011-01-15 15:59 -------- d-----w- c:\program files\QuickTime
2011-01-15 15:41 . 2011-01-15 15:41 -------- d-----w- c:\documents and settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Apple
2011-01-14 01:32 . 2011-01-14 01:32 -------- d-----w- c:\documents and settings\ROBERT DUHAIME\Application Data\AlauxSoft
2011-01-13 18:40 . 2010-04-28 12:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2011-01-13 18:40 . 2011-01-13 18:40 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-01-13 18:39 . 2011-01-13 18:39 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-01-13 18:37 . 2011-01-15 23:32 -------- d-----w- c:\program files\Windows Live
2011-01-12 23:35 . 2011-01-12 23:45 -------- d-----w- c:\documents and settings\ROBERT DUHAIME\Application Data\TP
2011-01-12 17:49 . 2011-01-19 00:01 29996 ---h--w- c:\documents and settings\ROBERT DUHAIME\Application Data\ntuser.dat
2011-01-12 03:16 . 2011-01-12 03:16 -------- d-----w- c:\documents and settings\ROBERT DUHAIME\Application Data\Malwarebytes
2011-01-11 23:28 . 2011-01-11 23:51 -------- d-----w- c:\documents and settings\ROBERT DUHAIME\Local Settings\Application Data\Radio_TV_1.2
2010-12-27 15:44 . 2010-12-27 15:44 -------- d-----w- c:\documents and settings\ROBERT DUHAIME\Application Data\Kodak
2010-12-27 15:16 . 2010-12-27 15:16 -------- d-----w- c:\program files\Fichiers communs\Kodak
2010-12-27 15:16 . 2010-12-27 15:16 -------- d-----w- c:\program files\Kodak
2010-12-27 15:15 . 2010-12-27 15:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{49FC035F-4D1B-4459-B8B7-1EF5D11C6BAC}
2010-12-27 14:49 . 2001-08-23 22:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-27 14:49 . 2008-04-14 02:33 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-25 19:33 . 2011-01-11 23:51 -------- d-----w- c:\documents and settings\ROBERT DUHAIME\Local Settings\Application Data\Elf_1.12
2010-12-21 18:04 . 2010-12-21 18:38 -------- d-----w- c:\documents and settings\ROBERT DUHAIME\Application Data\webex

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-18 03:35 . 2009-11-06 16:48 86576 ----a-w- c:\documents and settings\ROBERT DUHAIME\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2011-01-18 03:35 . 2009-11-06 16:48 132672 ----a-w- c:\documents and settings\ROBERT DUHAIME\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2011-01-18 03:35 . 2009-11-06 16:48 392728 ----a-w- c:\documents and settings\ROBERT DUHAIME\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-18 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2010-10-07 106496]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"CapFax"="c:\program files\Classic PhoneTools\CapFax.EXE" [2001-12-10 20739]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]
"VTTrayp"="VTtrayp.exe" [2005-03-11 147456]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

c:\documents and settings\ROBERT DUHAIME\Menu D'marrer\Programmes\D'marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\ROBERT DUHAIME\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-1-17 135680]

c:\documents and settings\All Users.WINDOWS\Menu D'marrer\Programmes\D'marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders rpasspc.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" delay 20000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DATAMNGR"=c:\progra~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

R3 rdsdrv;rdsdrv;c:\windows\system32\drivers\rdsdrv.sys [26/10/2009 12:01 1162]
S1 aankixvy;aankixvy;\??\c:\windows\system32\drivers\aankixvy.sys --> c:\windows\system32\drivers\aankixvy.sys [?]
S1 adiqoyud;adiqoyud;\??\c:\windows\system32\drivers\adiqoyud.sys --> c:\windows\system32\drivers\adiqoyud.sys [?]
S1 ahgpdtjl;ahgpdtjl;\??\c:\windows\system32\drivers\ahgpdtjl.sys --> c:\windows\system32\drivers\ahgpdtjl.sys [?]
S1 akheuhvc;akheuhvc;\??\c:\windows\system32\drivers\akheuhvc.sys --> c:\windows\system32\drivers\akheuhvc.sys [?]
S1 amxvtdru;amxvtdru;\??\c:\windows\system32\drivers\amxvtdru.sys --> c:\windows\system32\drivers\amxvtdru.sys [?]
S1 aroklfpo;aroklfpo;\??\c:\windows\system32\drivers\aroklfpo.sys --> c:\windows\system32\drivers\aroklfpo.sys [?]
S1 athlisoa;athlisoa;\??\c:\windows\system32\drivers\athlisoa.sys --> c:\windows\system32\drivers\athlisoa.sys [?]
S1 awyuzbqg;awyuzbqg;\??\c:\windows\system32\drivers\awyuzbqg.sys --> c:\windows\system32\drivers\awyuzbqg.sys [?]
S1 bcxocgbi;bcxocgbi;\??\c:\windows\system32\drivers\bcxocgbi.sys --> c:\windows\system32\drivers\bcxocgbi.sys [?]
S1 ckorduwt;ckorduwt;\??\c:\windows\system32\drivers\ckorduwt.sys --> c:\windows\system32\drivers\ckorduwt.sys [?]
S1 clgiylqw;clgiylqw;\??\c:\windows\system32\drivers\clgiylqw.sys --> c:\windows\system32\drivers\clgiylqw.sys [?]
S1 cmxltrgv;cmxltrgv;\??\c:\windows\system32\drivers\cmxltrgv.sys --> c:\windows\system32\drivers\cmxltrgv.sys [?]
S1 cvznqtmf;cvznqtmf;\??\c:\windows\system32\drivers\cvznqtmf.sys --> c:\windows\system32\drivers\cvznqtmf.sys [?]
S1 cyshhcjn;cyshhcjn;\??\c:\windows\system32\drivers\cyshhcjn.sys --> c:\windows\system32\drivers\cyshhcjn.sys [?]
S1 duuryvrv;duuryvrv;\??\c:\windows\system32\drivers\duuryvrv.sys --> c:\windows\system32\drivers\duuryvrv.sys [?]
S1 dzcfqnac;dzcfqnac;\??\c:\windows\system32\drivers\dzcfqnac.sys --> c:\windows\system32\drivers\dzcfqnac.sys [?]
S1 ecwvyisl;ecwvyisl;\??\c:\windows\system32\drivers\ecwvyisl.sys --> c:\windows\system32\drivers\ecwvyisl.sys [?]
S1 eenmzazg;eenmzazg;\??\c:\windows\system32\drivers\eenmzazg.sys --> c:\windows\system32\drivers\eenmzazg.sys [?]
S1 eoupkysu;eoupkysu;\??\c:\windows\system32\drivers\eoupkysu.sys --> c:\windows\system32\drivers\eoupkysu.sys [?]
S1 epglillg;epglillg;\??\c:\windows\system32\drivers\epglillg.sys --> c:\windows\system32\drivers\epglillg.sys [?]
S1 eyatuall;eyatuall;\??\c:\windows\system32\drivers\eyatuall.sys --> c:\windows\system32\drivers\eyatuall.sys [?]
S1 fliulhmx;fliulhmx;\??\c:\windows\system32\drivers\fliulhmx.sys --> c:\windows\system32\drivers\fliulhmx.sys [?]
S1 fsobzxtr;fsobzxtr;\??\c:\windows\system32\drivers\fsobzxtr.sys --> c:\windows\system32\drivers\fsobzxtr.sys [?]
S1 gtyqjlfk;gtyqjlfk;\??\c:\windows\system32\drivers\gtyqjlfk.sys --> c:\windows\system32\drivers\gtyqjlfk.sys [?]
S1 hnwypfly;hnwypfly;\??\c:\windows\system32\drivers\hnwypfly.sys --> c:\windows\system32\drivers\hnwypfly.sys [?]
S1 hqlbxqhz;hqlbxqhz;\??\c:\windows\system32\drivers\hqlbxqhz.sys --> c:\windows\system32\drivers\hqlbxqhz.sys [?]
S1 hvtjqvrk;hvtjqvrk;\??\c:\windows\system32\drivers\hvtjqvrk.sys --> c:\windows\system32\drivers\hvtjqvrk.sys [?]
S1 ieikixrx;ieikixrx;\??\c:\windows\system32\drivers\ieikixrx.sys --> c:\windows\system32\drivers\ieikixrx.sys [?]
S1 ifawufcy;ifawufcy;\??\c:\windows\system32\drivers\ifawufcy.sys --> c:\windows\system32\drivers\ifawufcy.sys [?]
S1 ifmzlryv;ifmzlryv;\??\c:\windows\system32\drivers\ifmzlryv.sys --> c:\windows\system32\drivers\ifmzlryv.sys [?]
S1 jxsepicc;jxsepicc;\??\c:\windows\system32\drivers\jxsepicc.sys --> c:\windows\system32\drivers\jxsepicc.sys [?]
S1 jzsetnto;jzsetnto;\??\c:\windows\system32\drivers\jzsetnto.sys --> c:\windows\system32\drivers\jzsetnto.sys [?]
S1 kfnczxlv;kfnczxlv;\??\c:\windows\system32\drivers\kfnczxlv.sys --> c:\windows\system32\drivers\kfnczxlv.sys [?]
S1 knlmagpb;knlmagpb;\??\c:\windows\system32\drivers\knlmagpb.sys --> c:\windows\system32\drivers\knlmagpb.sys [?]
S1 kpleflic;kpleflic;\??\c:\windows\system32\drivers\kpleflic.sys --> c:\windows\system32\drivers\kpleflic.sys [?]
S1 kukaosct;kukaosct;\??\c:\windows\system32\drivers\kukaosct.sys --> c:\windows\system32\drivers\kukaosct.sys [?]
S1 kyiutfxh;kyiutfxh;\??\c:\windows\system32\drivers\kyiutfxh.sys --> c:\windows\system32\drivers\kyiutfxh.sys [?]
S1 libaaqch;libaaqch;\??\c:\windows\system32\drivers\libaaqch.sys --> c:\windows\system32\drivers\libaaqch.sys [?]
S1 llxrmbfv;llxrmbfv;\??\c:\windows\system32\drivers\llxrmbfv.sys --> c:\windows\system32\drivers\llxrmbfv.sys [?]
S1 lrredmxj;lrredmxj;\??\c:\windows\system32\drivers\lrredmxj.sys --> c:\windows\system32\drivers\lrredmxj.sys [?]
S1 mhcbstvh;mhcbstvh;\??\c:\windows\system32\drivers\mhcbstvh.sys --> c:\windows\system32\drivers\mhcbstvh.sys [?]
S1 mpuwcmsd;mpuwcmsd;\??\c:\windows\system32\drivers\mpuwcmsd.sys --> c:\windows\system32\drivers\mpuwcmsd.sys [?]
S1 njcoahsr;njcoahsr;\??\c:\windows\system32\drivers\njcoahsr.sys --> c:\windows\system32\drivers\njcoahsr.sys [?]
S1 nntkredi;nntkredi;\??\c:\windows\system32\drivers\nntkredi.sys --> c:\windows\system32\drivers\nntkredi.sys [?]
S1 nxlfveke;nxlfveke;\??\c:\windows\system32\drivers\nxlfveke.sys --> c:\windows\system32\drivers\nxlfveke.sys [?]
S1 obuurptf;obuurptf;\??\c:\windows\system32\drivers\obuurptf.sys --> c:\windows\system32\drivers\obuurptf.sys [?]
S1 ocmwxleo;ocmwxleo;\??\c:\windows\system32\drivers\ocmwxleo.sys --> c:\windows\system32\drivers\ocmwxleo.sys [?]
S1 oenqtozd;oenqtozd;\??\c:\windows\system32\drivers\oenqtozd.sys --> c:\windows\system32\drivers\oenqtozd.sys [?]
S1 oerjsvhe;oerjsvhe;\??\c:\windows\system32\drivers\oerjsvhe.sys --> c:\windows\system32\drivers\oerjsvhe.sys [?]
S1 oeswcbly;oeswcbly;\??\c:\windows\system32\drivers\oeswcbly.sys --> c:\windows\system32\drivers\oeswcbly.sys [?]
S1 ojeonzzy;ojeonzzy;\??\c:\windows\system32\drivers\ojeonzzy.sys --> c:\windows\system32\drivers\ojeonzzy.sys [?]
S1 oosrpkre;oosrpkre;\??\c:\windows\system32\drivers\oosrpkre.sys --> c:\windows\system32\drivers\oosrpkre.sys [?]
S1 otkeepll;otkeepll;\??\c:\windows\system32\drivers\otkeepll.sys --> c:\windows\system32\drivers\otkeepll.sys [?]
S1 oxjjmndw;oxjjmndw;\??\c:\windows\system32\drivers\oxjjmndw.sys --> c:\windows\system32\drivers\oxjjmndw.sys [?]
S1 pcgftyxf;pcgftyxf;\??\c:\windows\system32\drivers\pcgftyxf.sys --> c:\windows\system32\drivers\pcgftyxf.sys [?]
S1 pscmpaeo;pscmpaeo;\??\c:\windows\system32\drivers\pscmpaeo.sys --> c:\windows\system32\drivers\pscmpaeo.sys [?]
S1 pvfphffh;pvfphffh;\??\c:\windows\system32\drivers\pvfphffh.sys --> c:\windows\system32\drivers\pvfphffh.sys [?]
S1 pypxgwyk;pypxgwyk;\??\c:\windows\system32\drivers\pypxgwyk.sys --> c:\windows\system32\drivers\pypxgwyk.sys [?]
S1 qbuheakh;qbuheakh;\??\c:\windows\system32\drivers\qbuheakh.sys --> c:\windows\system32\drivers\qbuheakh.sys [?]
S1 qluhgonp;qluhgonp;\??\c:\windows\system32\drivers\qluhgonp.sys --> c:\windows\system32\drivers\qluhgonp.sys [?]
S1 rcykubmr;rcykubmr;\??\c:\windows\system32\drivers\rcykubmr.sys --> c:\windows\system32\drivers\rcykubmr.sys [?]
S1 rdmczmxz;rdmczmxz;\??\c:\windows\system32\drivers\rdmczmxz.sys --> c:\windows\system32\drivers\rdmczmxz.sys [?]
S1 rptlmvlh;rptlmvlh;\??\c:\windows\system32\drivers\rptlmvlh.sys --> c:\windows\system32\drivers\rptlmvlh.sys [?]
S1 sanjlhur;sanjlhur;\??\c:\windows\system32\drivers\sanjlhur.sys --> c:\windows\system32\drivers\sanjlhur.sys [?]
S1 smccyhef;smccyhef;\??\c:\windows\system32\drivers\smccyhef.sys --> c:\windows\system32\drivers\smccyhef.sys [?]
S1 solxdjcj;solxdjcj;\??\c:\windows\system32\drivers\solxdjcj.sys --> c:\windows\system32\drivers\solxdjcj.sys [?]
S1 svfegsjw;svfegsjw;\??\c:\windows\system32\drivers\svfegsjw.sys --> c:\windows\system32\drivers\svfegsjw.sys [?]
S1 syevkifa;syevkifa;\??\c:\windows\system32\drivers\syevkifa.sys --> c:\windows\system32\drivers\syevkifa.sys [?]
S1 tadhxezx;tadhxezx;\??\c:\windows\system32\drivers\tadhxezx.sys --> c:\windows\system32\drivers\tadhxezx.sys [?]
S1 uezyuixf;uezyuixf;\??\c:\windows\system32\drivers\uezyuixf.sys --> c:\windows\system32\drivers\uezyuixf.sys [?]
S1 ufhrbykb;ufhrbykb;\??\c:\windows\system32\drivers\ufhrbykb.sys --> c:\windows\system32\drivers\ufhrbykb.sys [?]
S1 ufisloes;ufisloes;\??\c:\windows\system32\drivers\ufisloes.sys --> c:\windows\system32\drivers\ufisloes.sys [?]
S1 uflggnkg;uflggnkg;\??\c:\windows\system32\drivers\uflggnkg.sys --> c:\windows\system32\drivers\uflggnkg.sys [?]
S1 uncawbyr;uncawbyr;\??\c:\windows\system32\drivers\uncawbyr.sys --> c:\windows\system32\drivers\uncawbyr.sys [?]
S1 uoehezkv;uoehezkv;\??\c:\windows\system32\drivers\uoehezkv.sys --> c:\windows\system32\drivers\uoehezkv.sys [?]
S1 uqelqhvg;uqelqhvg;\??\c:\windows\system32\drivers\uqelqhvg.sys --> c:\windows\system32\drivers\uqelqhvg.sys [?]
S1 uyjafuye;uyjafuye;\??\c:\windows\system32\drivers\uyjafuye.sys --> c:\windows\system32\drivers\uyjafuye.sys [?]
S1 vhzujttv;vhzujttv;\??\c:\windows\system32\drivers\vhzujttv.sys --> c:\windows\system32\drivers\vhzujttv.sys [?]
S1 vvvjqiuk;vvvjqiuk;\??\c:\windows\system32\drivers\vvvjqiuk.sys --> c:\windows\system32\drivers\vvvjqiuk.sys [?]
S1 wetubrnq;wetubrnq;\??\c:\windows\system32\drivers\wetubrnq.sys --> c:\windows\system32\drivers\wetubrnq.sys [?]
S1 xeuzswyd;xeuzswyd;\??\c:\windows\system32\drivers\xeuzswyd.sys --> c:\windows\system32\drivers\xeuzswyd.sys [?]
S1 ybqgquhj;ybqgquhj;\??\c:\windows\system32\drivers\ybqgquhj.sys --> c:\windows\system32\drivers\ybqgquhj.sys [?]
S1 ybxqhfjj;ybxqhfjj;\??\c:\windows\system32\drivers\ybxqhfjj.sys --> c:\windows\system32\drivers\ybxqhfjj.sys [?]
S1 yktmwoon;yktmwoon;\??\c:\windows\system32\drivers\yktmwoon.sys --> c:\windows\system32\drivers\yktmwoon.sys [?]
S1 yljynmqd;yljynmqd;\??\c:\windows\system32\drivers\yljynmqd.sys --> c:\windows\system32\drivers\yljynmqd.sys [?]
S1 yrxmroax;yrxmroax;\??\c:\windows\system32\drivers\yrxmroax.sys --> c:\windows\system32\drivers\yrxmroax.sys [?]
S1 yxeowqen;yxeowqen;\??\c:\windows\system32\drivers\yxeowqen.sys --> c:\windows\system32\drivers\yxeowqen.sys [?]
S1 zmofgddc;zmofgddc;\??\c:\windows\system32\drivers\zmofgddc.sys --> c:\windows\system32\drivers\zmofgddc.sys [?]
S1 znwfychw;znwfychw;\??\c:\windows\system32\drivers\znwfychw.sys --> c:\windows\system32\drivers\znwfychw.sys [?]
S1 zopgctmv;zopgctmv;\??\c:\windows\system32\drivers\zopgctmv.sys --> c:\windows\system32\drivers\zopgctmv.sys [?]
S1 zplnzttj;zplnzttj;\??\c:\windows\system32\drivers\zplnzttj.sys --> c:\windows\system32\drivers\zplnzttj.sys [?]
S1 ztysilmx;ztysilmx;\??\c:\windows\system32\drivers\ztysilmx.sys --> c:\windows\system32\drivers\ztysilmx.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/03/2010 16:48 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'

2011-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 21:48]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 21:48]

2011-01-19 c:\windows\Tasks\User_Feed_Synchronization-{B5AFE074-D924-41FA-B836-6C43805BA8B7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: Deployer - hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
BHO-{2f5fd739-4c26-49ad-a775-cc3e68ec38d4} - (no file)
BHO-{b2a4c9fb-93c8-48e9-9164-debc18879c1e} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{2F5FD739-4C26-49AD-A775-CC3E68EC38D4} - (no file)
WebBrowser-{B2A4C9FB-93C8-48E9-9164-DEBC18879C1E} - (no file)
WebBrowser-{2BAE58C2-79F9-45D1-A286-81F911301C3A} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-19 15:57
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JS-00MHB1 rev.10.02E01 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x84D16555]<<
c:\docume~1\ROBERT~1\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x84d1c7b0]; MOV EAX, [0x84d1c82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE120] -> \Device\Harddisk0\DR0[0x84D70958]
3 CLASSPNP[0xF75B6FD7] -> ntkrnlpa!IofCallDriver[0x804EE120] -> \Device\0000006e[0x84D90F18]
5 ACPI[0xF744C620] -> ntkrnlpa!IofCallDriver[0x804EE120] -> \Device\0000006d[0x84D2DF18]
7 ACPI[0xF744C620] -> ntkrnlpa!IofCallDriver[0x804EE120] -> [0x84D95A38]
\Driver\atapi[0x84D7A8F0] -> IRP_MJ_CREATE -> 0x84D16555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD1600JS-00MHB1_____________________10.02E01#5&18101f22&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x84D1639B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1614895754-2052111302-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\sirenacm.dll
.
Heure de fin: 2011-01-19 16:01:43
ComboFix-quarantined-files.txt 2011-01-19 21:01

Avant-CF: 137 184 518 144 octets libres
Après-CF: 137 201 442 816 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /noexecute=optin

- - End Of File - - 4B40774B9A680A1FB182C7138307F724
0
Réponse 8 / 30
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 janv. 2011 à 22:20
Re,

Télécharge TDSSKiller sur ton Bureau.

# Décompresse le (clic droit sur le fichier et extraire) sur le bureau.
# dans le dossier crée, déplacer le fichier TDSSKiller.exe pour le mettre sur le Bureau
# Faire un double clic sur TDSSKiller.exe pour le lancer.
# Cliquer sur Start scan pour lancer l'analyse,

# Lorsque l'outil a terminé son travail d'inspection, si des nuisibles ("Malicious objects") ont été trouvés, vérifier que l'option Cure est sélectionnée,
# Si des objects suspects "Suspicious objects" ont été détectés, sur l'écran de demande de confirmation, modifier l'action à entreprendre et indiquer Quarantine (au lieu de Skip),
# Puis cliquer sur le bouton Continue.
# Attendre l'affichage du fichier rapport.
# Si l'outil a besoin d'un redémarrage pour finaliser le nettoyage, cliquer sur le bouton Reboot computer.

Envoyer en réponse le rapport de TDSSKiller

Note : Il se trouve aussi en C:\TDSSKiller.Version_Date_Heure_log.txt

A+
0
Réponse 9 / 30
airwomen60 Messages postés 24 Date d'inscription mercredi 19 janvier 2011 Statut Membre Dernière intervention 23 janvier 2011
19 janv. 2011 à 22:30
2011/01/19 16:29:10.0937 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/19 16:29:10.0937 ================================================================================
2011/01/19 16:29:10.0937 SystemInfo:
2011/01/19 16:29:10.0937
2011/01/19 16:29:10.0937 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/19 16:29:10.0937 Product type: Workstation
2011/01/19 16:29:10.0937 ComputerName: BROUSSE-1736C2E
2011/01/19 16:29:10.0937 UserName: ROBERT DUHAIME
2011/01/19 16:29:10.0937 Windows directory: C:\WINDOWS
2011/01/19 16:29:10.0937 System windows directory: C:\WINDOWS
2011/01/19 16:29:10.0937 Processor architecture: Intel x86
2011/01/19 16:29:10.0937 Number of processors: 1
2011/01/19 16:29:10.0937 Page size: 0x1000
2011/01/19 16:29:10.0937 Boot type: Normal boot
2011/01/19 16:29:10.0937 ================================================================================
2011/01/19 16:29:11.0625 Initialize success
2011/01/19 16:29:17.0718 ================================================================================
2011/01/19 16:29:17.0718 Scan started
2011/01/19 16:29:17.0718 Mode: Manual;
2011/01/19 16:29:17.0718 ================================================================================
2011/01/19 16:29:18.0718 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/19 16:29:18.0765 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/19 16:29:18.0875 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/19 16:29:18.0953 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2011/01/19 16:29:19.0031 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/01/19 16:29:19.0437 ALCXWDM (2c6322e8ff56f624033e7642c49044f3) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/01/19 16:29:19.0625 AmdK8 (62271ff14baa810323ac816c5d355ba9) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/01/19 16:29:19.0843 AsIO (c959989e2ce8da9bde8cafddba84badf) C:\WINDOWS\system32\drivers\AsIO.sys
2011/01/19 16:29:19.0921 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/19 16:29:19.0984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/19 16:29:20.0109 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/19 16:29:20.0171 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/19 16:29:20.0359 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/19 16:29:20.0531 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/19 16:29:20.0562 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/19 16:29:20.0656 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/19 16:29:20.0703 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/19 16:29:20.0765 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/19 16:29:21.0265 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/19 16:29:21.0390 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/19 16:29:21.0484 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/19 16:29:21.0531 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/19 16:29:21.0578 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/19 16:29:21.0781 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/19 16:29:22.0046 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/19 16:29:22.0109 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/19 16:29:22.0156 FET5X86V (7d53d569892b46738e87f39c9aa8488a) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/01/19 16:29:22.0171 FETND5BV (7d53d569892b46738e87f39c9aa8488a) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/01/19 16:29:22.0250 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/19 16:29:22.0328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/19 16:29:22.0406 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/19 16:29:22.0656 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/01/19 16:29:22.0718 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/19 16:29:22.0828 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/19 16:29:22.0875 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/01/19 16:29:22.0906 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/19 16:29:22.0984 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/19 16:29:23.0109 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/01/19 16:29:23.0140 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/01/19 16:29:23.0187 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/01/19 16:29:23.0312 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/19 16:29:23.0546 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/19 16:29:23.0703 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/19 16:29:23.0812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/19 16:29:23.0859 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/19 16:29:23.0906 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/19 16:29:23.0968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/19 16:29:24.0046 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/19 16:29:24.0093 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/19 16:29:24.0156 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/19 16:29:24.0250 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/19 16:29:24.0375 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/19 16:29:24.0468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/19 16:29:24.0625 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/19 16:29:24.0890 ltmodem5 (919de7d76d2c0c0139e08b3e7592d62e) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/01/19 16:29:24.0968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/19 16:29:25.0031 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/19 16:29:25.0140 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/01/19 16:29:25.0187 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/19 16:29:25.0312 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/19 16:29:25.0390 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/19 16:29:25.0484 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/01/19 16:29:25.0609 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/19 16:29:25.0703 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/19 16:29:25.0875 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/19 16:29:25.0968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/19 16:29:26.0015 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/19 16:29:26.0078 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/19 16:29:26.0140 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/19 16:29:26.0171 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/19 16:29:26.0218 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/01/19 16:29:26.0296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/19 16:29:26.0359 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/19 16:29:26.0515 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/19 16:29:26.0578 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/19 16:29:26.0656 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/19 16:29:26.0703 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/19 16:29:26.0734 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/19 16:29:26.0765 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/19 16:29:26.0828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/19 16:29:26.0921 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/19 16:29:27.0093 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/01/19 16:29:27.0171 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/19 16:29:27.0250 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/19 16:29:27.0343 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/19 16:29:27.0390 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/19 16:29:27.0437 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/19 16:29:27.0546 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/01/19 16:29:27.0640 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/01/19 16:29:27.0796 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/01/19 16:29:28.0125 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/19 16:29:28.0203 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/19 16:29:28.0265 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/19 16:29:28.0390 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/19 16:29:28.0453 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/19 16:29:28.0515 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/19 16:29:28.0859 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/19 16:29:28.0937 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/19 16:29:29.0000 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/19 16:29:29.0125 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/19 16:29:29.0218 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/19 16:29:29.0468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/19 16:29:29.0515 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/19 16:29:29.0562 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/19 16:29:29.0593 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/19 16:29:29.0718 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/19 16:29:29.0875 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/19 16:29:29.0968 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/19 16:29:30.0046 rdsdrv (8a2aefe7b2678fdcbfc476105d9366e3) C:\WINDOWS\system32\DRIVERS\rdsdrv.sys
2011/01/19 16:29:30.0140 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/19 16:29:30.0187 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/01/19 16:29:30.0328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/19 16:29:30.0375 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/19 16:29:30.0453 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/19 16:29:30.0625 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/19 16:29:30.0750 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/19 16:29:30.0859 snpstd (793c51b4988a3e6f26abaf529b7b7a8c) C:\WINDOWS\system32\DRIVERS\snpstd.sys
2011/01/19 16:29:31.0000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/19 16:29:31.0078 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/19 16:29:31.0171 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/19 16:29:31.0250 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/19 16:29:31.0406 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/19 16:29:31.0484 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/19 16:29:31.0671 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/19 16:29:31.0859 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/19 16:29:31.0906 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/19 16:29:31.0953 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/19 16:29:32.0015 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/19 16:29:32.0218 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/19 16:29:32.0531 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/19 16:29:32.0640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/19 16:29:32.0687 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/19 16:29:32.0750 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/19 16:29:32.0812 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/19 16:29:32.0843 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/19 16:29:32.0968 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/19 16:29:33.0000 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/19 16:29:33.0109 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/19 16:29:33.0203 viagfx (58d3c5bc2cbe43f127d768c020b0b018) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/01/19 16:29:33.0265 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/19 16:29:33.0328 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/19 16:29:33.0421 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/19 16:29:33.0578 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/19 16:29:33.0750 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/19 16:29:33.0843 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/19 16:29:33.0890 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/19 16:29:33.0953 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/19 16:29:34.0328 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/19 16:29:34.0343 ================================================================================
2011/01/19 16:29:34.0343 Scan finished
2011/01/19 16:29:34.0343 ================================================================================
2011/01/19 16:29:34.0359 Detected object count: 1
2011/01/19 16:29:57.0500 \HardDisk0 - copied to quarantine
2011/01/19 16:29:57.0500 \HardDisk0\TDLFS\cfg.ini - copied to quarantine
2011/01/19 16:29:57.0531 \HardDisk0\TDLFS\mbr - copied to quarantine
2011/01/19 16:29:57.0531 \HardDisk0\TDLFS\bckfg.tmp - copied to quarantine
2011/01/19 16:29:57.0546 \HardDisk0\TDLFS\cmd.dll - copied to quarantine
2011/01/19 16:29:57.0546 \HardDisk0\TDLFS\ldr16 - copied to quarantine
2011/01/19 16:29:57.0546 \HardDisk0\TDLFS\ldr32 - copied to quarantine
2011/01/19 16:29:57.0546 \HardDisk0\TDLFS\ldr64 - copied to quarantine
2011/01/19 16:29:57.0546 \HardDisk0\TDLFS\drv64 - copied to quarantine
2011/01/19 16:29:57.0546 \HardDisk0\TDLFS\cmd64.dll - copied to quarantine
2011/01/19 16:29:57.0562 \HardDisk0\TDLFS\drv32 - copied to quarantine
2011/01/19 16:29:57.0562 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Quarantine
0
Réponse 10 / 30
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 janv. 2011 à 22:46
airwomen60,

1/ Télécharge gmer sur ton bureau ( IMPORTANT )
http://www.gmer.net/#files

Précautions d'usage :
- Durant l'utilisation du logiciel, désactive tes protections actives ( antivirus, parefeu ). IMPORTANT.
- Ferme également toutes les applications actives dont ton navigateur.

# Double-clique sur l'exécutable téléchargé .
Si sous Vista , click droit sur l'exécutable et choisir exécuter en tant qu'administrateur.
# Le scan va se lancer de lui-même.

Si tu reçois un message t'indiquant la présence de rootkits, choisis oui pour effectuer une analyse complète du PC mais ne supprime rien.

# A la fin de l'analyse, clique sur save pour enregistrer le rapport
# Enregistre-le sur le bureau ( fichier .log )

Édite ce rapport dans ta prochaine réponse

2/ Je remarque que tu as téléchargé et installé malwarebytes dernièrement.

# mets le à jour si ce n'est fait ( onglet mise à jour ).

# Dans l'onglet Recherche, sélectionne Exécuter un examen complet.
# Clique sur recherche. Tu ne sélectionnes que les disques durs de l'ordinateur.
# Clique sur lancer l'examen.

# A la fin de la recherche, comme il est demandé, clique sur afficher les résultats.
# Si des infections sont trouvées, clique sur Supprimer la sélection.
Tu postes le rapport dans ton prochain message.

Si tu ne retrouves pas le rapport, ouvre MalwareBytes et regarde dans l'onglet Rapport/logs. Il y est. Clique dessus et choisir ouvrir.

A+

( a demain. il se fait tard en france ).
0
Réponse 11 / 30
airwomen60
20 janv. 2011 à 23:43
bonsoir verni29!

pour G mer ça fait le 5 eime essaie et cela gèle tout l-ordi??
mais la premiere fois que je l-ai fait gmer a fonctionner mais je trouve pas le fichier nullepart? que j-ai copié?

et mon malware a dectecter rien d'infecté!!! super merci beaucoup beaucoup!xxx

mais ma clé usb n-est plus reconnu et le périphérique E est plus la non plus?

et quand mon ordi ouvre cela dit cliquer sur f1 atapi problème de coonfiguration je pense ? et j-ai jouer dans mes bios au debut a cause de mes virus je n-avais plus de clavier et ensuite le usb clé le son mais la tout est ok
sauf la clé usb et conflit avec atapi???? il faudrait que je m'aventure dans les bios !@#$@#%#$?% mais est-ce que je refais un gmer? merci ici c-est le froid extreme jusqu'a lundi !!!!mais le soleil est au rendez-vous :) bye xxx
0
Réponse 12 / 30
airwomen60
21 janv. 2011 à 00:24
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5562

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2011-01-20 18:17:48
mbam-log-2011-01-20 (18-17-48).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 206610
Temps écoulé: 13 minute(s), 4 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 13 / 30
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
21 janv. 2011 à 06:34
Re,

Pour gmer, il est demandé simplement de faire une analyse rapide.
Je pense que tu essaies ensuite de le relancer.

Mais bon, si il plante, laisse tomber .
va utiliser un autre outil.

Et avant d'aller dans le bios ou autre chose, on va poursuivre le nettoyage.

---------------------------


· Télécharge RootRepeal à partir d'un des liens suivants et enregistre-le sur ton bureau.
o http://ad13.geekstogo.com/RootRepeal.exe
o https://download.bleepingcomputer.com/rootrepeal/RootRepeal.exe

· Double clique sur RootRepeal.exe
( Si sous vista --> Click droit et choisir exécuter en tant qu'administrateur )
· Clique sur l'onglet Report puis sur le bouton Scan.
· Sélectionne ensuite chacune des cases ( Drivers, Files, processes, ... )
· Valide en cliquant sur Ok
· Une fenêtre va s'ouvrir. Sélectionne ton disque dur ( genéralement C: ), et valide.
· RootRepeal va maintenant scanner ton PC. .
· Une fois les analyses terminées, clique sur le bouton Save Report
. Sauvegarde le rapport sur ton bureau
· Poste-le .

A+

0
Réponse 14 / 30
airwomen60 Messages postés 24 Date d'inscription mercredi 19 janvier 2011 Statut Membre Dernière intervention 23 janvier 2011
21 janv. 2011 à 14:30
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2011/01/21 08:19
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF185D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B12000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB5808000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\robert duhaime\local settings\temp\~df1223.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\robert duhaime\local settings\temp\~dfcbff.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

==EOF====EOF==
0
Réponse 15 / 30
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
21 janv. 2011 à 23:46
Re,

1/ Ouvre le lien suivant et copie le texte de la page ouvrerte ( CTRAL + A puis CTRL + C ):
http://www.cijoint.fr/cjlink.php?file=cj201101/cij1VjJfxV.txt

2/ Relance OTL.exe.

* Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte de la page du lien ( CTRL +V )

* Puis clique sur le bouton Correction en haut de la fenêtre.
* Laisse le programme travailler, le PC va redémarrer.

Tu verras un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi).
sauvegarde-le sur ton Bureau et poste-le après redémarrage.

Note : Si tu ne le trouves pas, c'est un fichier log dans C:\_OTL\MovedFiles
Regarde suivant la date : mmjjaaaa_xxxxxxxx.log


2/ Relance OTL et choisis analyse.

A+
0
Réponse 16 / 30
airwomen60 Messages postés 24 Date d'inscription mercredi 19 janvier 2011 Statut Membre Dernière intervention 23 janvier 2011
22 janv. 2011 à 02:43
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
Service aankixvy stopped successfully!
Service aankixvy deleted successfully!
Service adiqoyud stopped successfully!
Service adiqoyud deleted successfully!
Service ahgpdtjl stopped successfully!
Service ahgpdtjl deleted successfully!
Service akheuhvc stopped successfully!
Service akheuhvc deleted successfully!
Service amxvtdru stopped successfully!
Service amxvtdru deleted successfully!
Error: No service named aroklfpoathlisoa was found to stop!
Service\Driver key aroklfpoathlisoa not found.
Service awyuzbqg stopped successfully!
Service awyuzbqg deleted successfully!
Service bcxocgbi stopped successfully!
Service bcxocgbi deleted successfully!
Service ckorduwt stopped successfully!
Service ckorduwt deleted successfully!
Service clgiylqw stopped successfully!
Service clgiylqw deleted successfully!
Service cmxltrgv stopped successfully!
Service cmxltrgv deleted successfully!
Service cvznqtmf stopped successfully!
Service cvznqtmf deleted successfully!
Service cyshhcjn stopped successfully!
Service cyshhcjn deleted successfully!
Service duuryvrv stopped successfully!
Service duuryvrv deleted successfully!
Service dzcfqnac stopped successfully!
Service dzcfqnac deleted successfully!
Service ecwvyisl stopped successfully!
Service ecwvyisl deleted successfully!
Service eenmzazg stopped successfully!
Service eenmzazg deleted successfully!
Service eoupkysu stopped successfully!
Service eoupkysu deleted successfully!
Error: No service named epglillg1 was found to stop!
Service\Driver key epglillg1 not found.
Service eyatuall stopped successfully!
Service eyatuall deleted successfully!
Service fliulhmx stopped successfully!
Service fliulhmx deleted successfully!
Service fsobzxtr stopped successfully!
Service fsobzxtr deleted successfully!
Service gtyqjlfk stopped successfully!
Service gtyqjlfk deleted successfully!
Service hnwypfly stopped successfully!
Service hnwypfly deleted successfully!
Service hqlbxqhz stopped successfully!
Service hqlbxqhz deleted successfully!
Service hvtjqvrk stopped successfully!
Service hvtjqvrk deleted successfully!
Service ieikixrx stopped successfully!
Service ieikixrx deleted successfully!
Service ifawufcy stopped successfully!
Service ifawufcy deleted successfully!
Service ifmzlryv stopped successfully!
Service ifmzlryv deleted successfully!
Service jxsepicc stopped successfully!
Service jxsepicc deleted successfully!
Service jzsetnto stopped successfully!
Service jzsetnto deleted successfully!
Service kfnczxlv stopped successfully!
Service kfnczxlv deleted successfully!
Service knlmagpb stopped successfully!
Service knlmagpb deleted successfully!
Service kpleflic stopped successfully!
Service kpleflic deleted successfully!
Service kukaosct stopped successfully!
Service kukaosct deleted successfully!
Service kyiutfxh stopped successfully!
Service kyiutfxh deleted successfully!
Service libaaqch stopped successfully!
Service libaaqch deleted successfully!
Service llxrmbfv stopped successfully!
Service llxrmbfv deleted successfully!
Service lrredmxj stopped successfully!
Service lrredmxj deleted successfully!
Service mhcbstvh stopped successfully!
Service mhcbstvh deleted successfully!
Service mpuwcmsd stopped successfully!
Service mpuwcmsd deleted successfully!
Service njcoahsr stopped successfully!
Service njcoahsr deleted successfully!
Service nntkredi stopped successfully!
Service nntkredi deleted successfully!
Service nxlfveke stopped successfully!
Service nxlfveke deleted successfully!
Service obuurptf stopped successfully!
Service obuurptf deleted successfully!
Service ocmwxleo stopped successfully!
Service ocmwxleo deleted successfully!
Service oenqtozd stopped successfully!
Service oenqtozd deleted successfully!
Service oerjsvhe stopped successfully!
Service oerjsvhe deleted successfully!
Service oeswcbly stopped successfully!
Service oeswcbly deleted successfully!
Service ojeonzzy stopped successfully!
Service ojeonzzy deleted successfully!
Service oosrpkre stopped successfully!
Service oosrpkre deleted successfully!
Service otkeepll stopped successfully!
Service otkeepll deleted successfully!
Service oxjjmndw stopped successfully!
Service oxjjmndw deleted successfully!
Service pcgftyxf stopped successfully!
Service pcgftyxf deleted successfully!
Service pscmpaeo stopped successfully!
Service pscmpaeo deleted successfully!
Service pvfphffh stopped successfully!
Service pvfphffh deleted successfully!
Service pypxgwyk stopped successfully!
Service pypxgwyk deleted successfully!
Service qbuheakh stopped successfully!
Service qbuheakh deleted successfully!
Service qluhgonp stopped successfully!
Service qluhgonp deleted successfully!
Service rcykubmr stopped successfully!
Service rcykubmr deleted successfully!
Service rdmczmxz stopped successfully!
Service rdmczmxz deleted successfully!
Service rptlmvlh stopped successfully!
Service rptlmvlh deleted successfully!
Service sanjlhur stopped successfully!
Service sanjlhur deleted successfully!
Service smccyhef stopped successfully!
Service smccyhef deleted successfully!
Service solxdjcj stopped successfully!
Service solxdjcj deleted successfully!
Service svfegsjw stopped successfully!
Service svfegsjw deleted successfully!
Service syevkifa stopped successfully!
Service syevkifa deleted successfully!
Service tadhxezx stopped successfully!
Service tadhxezx deleted successfully!
Service uezyuixf stopped successfully!
Service uezyuixf deleted successfully!
Service ufhrbykb stopped successfully!
Service ufhrbykb deleted successfully!
Service ufisloes stopped successfully!
Service ufisloes deleted successfully!
Service uflggnkg stopped successfully!
Service uflggnkg deleted successfully!
Service uncawbyr stopped successfully!
Service uncawbyr deleted successfully!
Service uoehezkv stopped successfully!
Service uoehezkv deleted successfully!
Service uqelqhvg stopped successfully!
Service uqelqhvg deleted successfully!
Service uyjafuye stopped successfully!
Service uyjafuye deleted successfully!
Service vhzujttv stopped successfully!
Service vhzujttv deleted successfully!
Service vvvjqiuk stopped successfully!
Service vvvjqiuk deleted successfully!
Service wetubrnq stopped successfully!
Service wetubrnq deleted successfully!
Service xeuzswyd stopped successfully!
Service xeuzswyd deleted successfully!
Service ybqgquhj stopped successfully!
Service ybqgquhj deleted successfully!
Service ybxqhfjj stopped successfully!
Service ybxqhfjj deleted successfully!
Service yktmwoon stopped successfully!
Service yktmwoon deleted successfully!
Service yrxmroax stopped successfully!
Service yrxmroax deleted successfully!
Service yxeowqen stopped successfully!
Service yxeowqen deleted successfully!
Service zmofgddc stopped successfully!
Service zmofgddc deleted successfully!
Service znwfychw stopped successfully!
Service znwfychw deleted successfully!
Service zopgctmv stopped successfully!
Service zopgctmv deleted successfully!
Service zplnzttj stopped successfully!
Service zplnzttj deleted successfully!
Error: No service named ;Files was found to stop!
Service\Driver key ;Files not found.
Error: No service named c:\documents and settings\robert duhaime\local settings\temp\~dfcbff.tmp was found to stop!
Service\Driver key c:\documents and settings\robert duhaime\local settings\temp\~dfcbff.tmp not found.
Error: No service named c:\documents and settings\robert duhaime\local settings\temp\~df1223.tmp was found to stop!
Service\Driver key c:\documents and settings\robert duhaime\local settings\temp\~df1223.tmp not found.
Error: No service named C:\WINDOWS\System32\dllcache\*.* was found to stop!
Service\Driver key C:\WINDOWS\System32\dllcache\*.* not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur

User: All Users

User: All Users.WINDOWS

User: b
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.AUTORITE NT
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.AUTORITE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 360582 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 765 bytes

User: ROBERT DUHAIME
->Temp folder emptied: 22149942 bytes
->Temporary Internet Files folder emptied: 99022706 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3438 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 555520 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2532385 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 766207880 bytes

Total Files Cleaned = 850,00 mb


[EMPTYFLASH]

User: Administrateur

User: All Users

User: All Users.WINDOWS

User: b
->Flash cache emptied: 0 bytes

User: Default User

User: Default User.WINDOWS

User: Invité

User: LocalService

User: LocalService.AUTORITE NT
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.AUTORITE NT
->Flash cache emptied: 0 bytes

User: ROBERT DUHAIME
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.20.3 log created on 01212011_203623

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFAE42.tmp not found!
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFAE58.tmp not found!
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFAE6B.tmp not found!
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFAEE9.tmp not found!
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFB05D.tmp not found!
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFB063.tmp not found!
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFB0AE.tmp not found!
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFB0FF.tmp not found!
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFB844.tmp not found!
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFB920.tmp not found!
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFBAA0.tmp not found!
File\Folder C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temp\~DFBAAB.tmp not found!
C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temporary Internet Files\Content.IE5\NQNBZGZS\cij1VjJfxV[1].txt moved successfully.
C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temporary Internet Files\Content.IE5\8TMMI4BR\ads[9].htm moved successfully.
C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temporary Internet Files\Content.IE5\8TMMI4BR\affich-20581180-fenetres-intempestives-comme-boulic[3].htm moved successfully.
C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temporary Internet Files\Content.IE5\7RIHQX7W\cjlink[1].htm moved successfully.
C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\ROBERT DUHAIME\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_664.dat moved successfully.

Registry entries deleted on Reboot...
0
Réponse 17 / 30
Chuck666 Messages postés 53 Date d'inscription mercredi 11 août 2010 Statut Membre Dernière intervention 30 décembre 2013 5
22 janv. 2011 à 02:59
Essais avec Malwarebytes Anti-Malware
Voici le lien pour le télécharger: https://www.01net.com/telecharger/windows/Securite/anti-spam/fiches/44096.html
Moi j'en avais justement tout a l'heure et avec un scan complet j'ai régler mon problème! Tu nous en redonneras des nouvelles.
0
airwomen60 Messages postés 24 Date d'inscription mercredi 19 janvier 2011 Statut Membre Dernière intervention 23 janvier 2011
22 janv. 2011 à 03:08
ok merci beaucoup! j-ai des virus?encore
0
Chuck666 Messages postés 53 Date d'inscription mercredi 11 août 2010 Statut Membre Dernière intervention 30 décembre 2013 5
22 janv. 2011 à 03:09
quel est ton Antivirus?
0
airwomen60 Messages postés 24 Date d'inscription mercredi 19 janvier 2011 Statut Membre Dernière intervention 23 janvier 2011
22 janv. 2011 à 23:04
allo mon anti virus c-est malware bytes
0
Réponse 18 / 30
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
22 janv. 2011 à 10:40
airwomen60, 

ok merci beaucoup! j-ai des virus?encore

Non, je pense que cela doit être bon.
----------------------------------------

Une dernière vérification.

1/ On va enlever les outils pour ne pas biaiser les résultats.

# Ouvre OTL et clique sur Purge Outils.
Le PC va redémarrer.

2/ Effectue une analyse en ligne :
Tuto : https://www.commentcamarche.net/faq/29643-scanner-en-ligne-avec-eset-nod32

Poste le rapport si infections.

A+
0
Réponse 19 / 30
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
22 janv. 2011 à 17:12
Re,


Regarde si tu n'as pas ce fichier : C:\Program Files\ESET Online Scanner\log.txt

A+
0
Réponse 20 / 30
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
Modifié par verni29 le 22/01/2011 à 18:50
Airwomen60,

En plus du rapport d'ESET ( message précédent ),

Deux choses à vérifier :

Télécharge OTL (de OldTimer) sur ton Bureau.
http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

* clique sur aucun
* Puis sous personnalisation , copie le texte suivant : 

/md5start 
atapi.sys 
atapi.*
/md5stop


* Clique ensuite sur Analyse.

L'analyse va à peine prendre quelques secondes. Un rapport va s'ouvrir.
Poste le dans ta prochaine réponse.

2/ Télécharge USBFix ( par El Desaparecido ) sur ton bureau.

* Double clique sur UsbFix.exe présent sur ton bureau .
* clique sur Recherche .
* Un message t'avertira de brancher les supports amovibles.
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir
FAIS-LE.
* Laisse travailler l'outil.
* Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

A+
Allez jusqu'au bout de la procédure de désinfection.
0
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
23 janv. 2011 à 09:00
airwomen,

Inutile de relancer malwarebytes. Tu l'as déjà fait.

Passe les deux outils comme je te l'ai indiqué.
USBFix va vacciner le PC et les supports ( clés, ... ) pour éviter qu'ils soient à l'avenir infectés.

A+
0

Discussions similaires

Problème de clavier, des fenêtre s'ouvrent !!
Lyon691D -
tanteelise -

5 réponses
Afficher deux fenêtres côte à côte
ptitchinoise -
pistouri -

11 réponses
Mon ordinateur ouvre des pages du bureau tout seul
Tanguy -
Tanguy -

9 réponses
comment activer les fenètre pop-up
zipou -
Tif -

14 réponses
Mon pc ouvre des fenetres tout seul
ilvyans -
bugiuglg -

25 réponses