MBR infesté par Alureon-g !!!!

Andre -  
 Utilisateur anonyme -
Bonjour,

j'ai un sérieux probleme, mon MBR est infesté par Alureon-G et je dois rebooter a partir d'un cd Ultimate Boot CD.
Quoi faire pour réparer le tout ?

merci


A voir également:

75 réponses

Réponse 1 / 75
Utilisateur anonyme
 
salut le pc ne demarre plus du tout ?
0
Réponse 2 / 75
Andre
 
seulement avec Ultimate Boot CD et de plus quand je fais une recherche avec Google ou Yahoo... les résultats de recherche sont corrompus
0
Réponse 3 / 75
Utilisateur anonyme
 
tu as essayé de le redemarrer en mode sans echec sans prise en charge reseau ?
0
Réponse 4 / 75
Andre
 
Et comment je fais ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 75
Utilisateur anonyme
 
tu demarres le pc , et avant le chargement de windows tu tapotes rapidement la touche F8, ou F5 et tu selectionnes mode sans echec

l'ecran est noir et tes icones seront gros car le pilote de la carte graphique n'est pas chargé , cest normal
0
Réponse 6 / 75
Andre
 
Oui ca fonctionne
0
Réponse 7 / 75
Utilisateur anonyme
 
alors fais ca :

▶ Télécharge Reload_TDSSKiller

▶ Lance le

choisis : lancer le nettoyage

l'outil va automatiquement télécharger la derniere version puis

TDSSKiller va s'ouvrir , clique sur "Start Scan"

Si TDSS.tdl2 est détecté l''option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.
Si Suspicious file est indiqué, laisse l''option cochée sur Skip

une fois qu'il a terminé , redemarre s'il te le demande pour finir de nettoyer

sinon , ferme tdssKiller et le rapport s'affichera sur le bureau

▶ Copie/Colle son contenu dans ta prochaine réponse.
0
Réponse 8 / 75
André
 
est ce que je le fais en mode sans echec ?
0
Réponse 9 / 75
André
 
voila...

2011/08/23 13:37:51.0484 3456 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/23 13:37:53.0593 3456 ================================================================================
2011/08/23 13:37:53.0593 3456 SystemInfo:
2011/08/23 13:37:53.0593 3456
2011/08/23 13:37:53.0593 3456 OS Version: 5.1.2600 ServicePack: 2.0
2011/08/23 13:37:53.0593 3456 Product type: Workstation
2011/08/23 13:37:53.0593 3456 ComputerName: LEPRO11
2011/08/23 13:37:53.0687 3456 UserName: Andre
2011/08/23 13:37:53.0687 3456 Windows directory: C:\WINDOWS
2011/08/23 13:37:53.0687 3456 System windows directory: C:\WINDOWS
2011/08/23 13:37:53.0687 3456 Processor architecture: Intel x86
2011/08/23 13:37:53.0687 3456 Number of processors: 1
2011/08/23 13:37:53.0687 3456 Page size: 0x1000
2011/08/23 13:37:53.0687 3456 Boot type: Normal boot
2011/08/23 13:37:53.0687 3456 ================================================================================
2011/08/23 13:37:56.0906 3456 Initialize success
2011/08/23 13:39:15.0437 2816 ================================================================================
2011/08/23 13:39:15.0437 2816 Scan started
2011/08/23 13:39:15.0437 2816 Mode: Manual;
2011/08/23 13:39:15.0437 2816 ================================================================================
2011/08/23 13:39:16.0781 2816 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/23 13:39:17.0328 2816 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/23 13:39:17.0515 2816 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/23 13:39:18.0062 2816 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/08/23 13:39:18.0218 2816 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/08/23 13:39:18.0437 2816 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/08/23 13:39:18.0671 2816 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/08/23 13:39:19.0593 2816 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/23 13:39:20.0296 2816 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/08/23 13:39:20.0671 2816 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/23 13:39:23.0375 2816 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/23 13:39:23.0578 2816 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/23 13:39:23.0750 2816 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/23 13:39:23.0921 2816 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/23 13:39:24.0078 2816 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/23 13:39:24.0265 2816 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/23 13:39:24.0484 2816 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/23 13:39:24.0593 2816 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/23 13:39:24.0843 2816 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/08/23 13:39:25.0093 2816 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/23 13:39:25.0312 2816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/23 13:39:25.0546 2816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/23 13:39:26.0125 2816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/23 13:39:26.0328 2816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/23 13:39:26.0437 2816 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/23 13:39:26.0609 2816 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/23 13:39:26.0890 2816 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/23 13:39:27.0093 2816 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/23 13:39:27.0953 2816 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/23 13:39:28.0171 2816 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/23 13:39:28.0328 2816 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/23 13:39:28.0421 2816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/23 13:39:28.0703 2816 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/23 13:39:28.0890 2816 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/23 13:39:29.0046 2816 EMSCR (d3d0ef132eb8f7351e0f6e8072e26331) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
2011/08/23 13:39:29.0250 2816 ESDCR (fcf25b9eb1876dbb3efe13baf37b7bf8) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
2011/08/23 13:39:29.0375 2816 ESMCR (7cec9e3a81142ea0294f2abba0b0a846) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
2011/08/23 13:39:29.0734 2816 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/23 13:39:29.0921 2816 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/23 13:39:30.0171 2816 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/23 13:39:30.0312 2816 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/23 13:39:30.0515 2816 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/23 13:39:30.0718 2816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/23 13:39:30.0953 2816 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/23 13:39:31.0125 2816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/23 13:39:31.0281 2816 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/23 13:39:31.0515 2816 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/23 13:39:31.0937 2816 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/23 13:39:32.0468 2816 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/23 13:39:32.0656 2816 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/23 13:39:32.0890 2816 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/23 13:39:33.0265 2816 IntelIde (1367812f8a974e0c13a4888fa5e7ede6) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/23 13:39:33.0437 2816 intelppm (dd5ad1e79ac26d3f8d8828ad4627f160) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/23 13:39:33.0562 2816 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/23 13:39:33.0671 2816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/23 13:39:33.0843 2816 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/23 13:39:34.0078 2816 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/23 13:39:34.0343 2816 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/23 13:39:34.0578 2816 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/23 13:39:34.0812 2816 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/23 13:39:34.0984 2816 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/23 13:39:35.0093 2816 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/23 13:39:35.0234 2816 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/23 13:39:35.0781 2816 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/08/23 13:39:35.0968 2816 MDC8021X (8fee53c104223973ed9919936d9cd156) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2011/08/23 13:39:36.0171 2816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/23 13:39:36.0453 2816 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/23 13:39:36.0562 2816 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/23 13:39:36.0734 2816 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/23 13:39:36.0906 2816 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/23 13:39:37.0250 2816 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/23 13:39:37.0484 2816 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/23 13:39:37.0796 2816 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/23 13:39:38.0218 2816 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/23 13:39:38.0390 2816 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/23 13:39:38.0562 2816 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/23 13:39:38.0843 2816 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/23 13:39:38.0984 2816 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/23 13:39:39.0187 2816 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/23 13:39:39.0390 2816 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/23 13:39:39.0578 2816 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/23 13:39:40.0078 2816 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/23 13:39:40.0421 2816 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/23 13:39:40.0734 2816 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/23 13:39:41.0171 2816 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/23 13:39:41.0453 2816 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/08/23 13:39:41.0796 2816 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/23 13:39:42.0031 2816 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/23 13:39:42.0234 2816 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/23 13:39:42.0609 2816 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/08/23 13:39:42.0828 2816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/23 13:39:43.0015 2816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/23 13:39:43.0140 2816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/23 13:39:43.0265 2816 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/23 13:39:43.0515 2816 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/23 13:39:43.0671 2816 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/23 13:39:43.0906 2816 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/23 13:39:44.0109 2816 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/23 13:39:44.0406 2816 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/23 13:39:44.0609 2816 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/23 13:39:45.0984 2816 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/23 13:39:46.0125 2816 prodrv06 (18d9789a4664bf417eea944d2776091a) C:\WINDOWS\System32\drivers\prodrv06.sys
2011/08/23 13:39:46.0312 2816 prohlp02 (8cc9671a7ed2902e747ee0892e1c8575) C:\WINDOWS\system32\drivers\prohlp02.sys
2011/08/23 13:39:46.0468 2816 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
2011/08/23 13:39:46.0671 2816 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/23 13:39:46.0843 2816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/23 13:39:47.0015 2816 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/23 13:39:47.0984 2816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/23 13:39:48.0203 2816 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/23 13:39:48.0421 2816 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/23 13:39:48.0546 2816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/23 13:39:48.0781 2816 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/23 13:39:48.0937 2816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/23 13:39:49.0218 2816 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/23 13:39:49.0375 2816 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/23 13:39:49.0578 2816 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/23 13:39:49.0953 2816 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/08/23 13:39:50.0140 2816 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/08/23 13:39:50.0375 2816 s24trans (c26a053e4db47f6cdd8653c83aaf22ee) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/08/23 13:39:50.0609 2816 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/08/23 13:39:50.0781 2816 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/23 13:39:50.0875 2816 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/23 13:39:51.0125 2816 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/23 13:39:51.0312 2816 SerTVOutCtlr (c996c839a3261cab5409c61e5702b620) C:\WINDOWS\system32\drivers\EPIOMngr.sys
2011/08/23 13:39:51.0609 2816 sfdrv01 (00de597b81b381053cb5b21a7f20e365) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/08/23 13:39:51.0859 2816 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/08/23 13:39:52.0031 2816 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/08/23 13:39:52.0171 2816 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
2011/08/23 13:39:52.0359 2816 sfhlp02 (64b9ab76f1b16eb059cb6cdd906c067a) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/08/23 13:39:52.0578 2816 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/23 13:39:52.0765 2816 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
2011/08/23 13:39:53.0453 2816 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/23 13:39:53.0734 2816 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/23 13:39:53.0796 2816 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/08/23 13:39:53.0859 2816 sptd - detected LockedFile.Multi.Generic (1)
2011/08/23 13:39:53.0937 2816 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/23 13:39:54.0156 2816 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/23 13:39:54.0375 2816 SrvcEKIOMngr (3b01a9316255cdd17f9c8e79aa573406) C:\WINDOWS\system32\Drivers\EKIoMngr.sys
2011/08/23 13:39:54.0531 2816 SrvcSSIOMngr (79b7af340d55861df1d69e7bac975fcc) C:\WINDOWS\system32\Drivers\SSIoMngr.sys
2011/08/23 13:39:54.0968 2816 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/23 13:39:55.0140 2816 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/23 13:39:56.0031 2816 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/23 13:39:56.0343 2816 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/23 13:39:56.0578 2816 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/23 13:39:56.0750 2816 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/23 13:39:56.0968 2816 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/23 13:39:57.0390 2816 TPwSav (542dd0c0d8a1aa428a8c8d1517edb679) C:\WINDOWS\system32\Drivers\TPwSav.sys
2011/08/23 13:39:57.0718 2816 Tvs (7bc87d123f504d161693f672cfe99ec4) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2011/08/23 13:39:58.0000 2816 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/23 13:39:58.0328 2816 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/23 13:39:58.0609 2816 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/23 13:39:58.0718 2816 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/23 13:39:58.0812 2816 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/23 13:39:58.0937 2816 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/23 13:39:59.0187 2816 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/23 13:39:59.0343 2816 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/23 13:39:59.0453 2816 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/23 13:39:59.0578 2816 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/23 13:39:59.0671 2816 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/08/23 13:39:59.0953 2816 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/23 13:40:00.0375 2816 w29n51 (a22abd73e0d6ba666cba4e86eeb001b3) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/08/23 13:40:00.0859 2816 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/23 13:40:01.0031 2816 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/23 13:40:01.0328 2816 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/23 13:40:02.0296 2816 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/23 13:40:03.0468 2816 Boot (0x1200) (d115ff881d028acc7f32586bd0574032) \Device\Harddisk0\DR0\Partition0
2011/08/23 13:40:03.0500 2816 ================================================================================
2011/08/23 13:40:03.0500 2816 Scan finished
2011/08/23 13:40:03.0500 2816 ================================================================================
2011/08/23 13:40:03.0578 2784 Detected object count: 1
2011/08/23 13:40:03.0578 2784 Actual detected object count: 1
2011/08/23 13:40:37.0828 2784 LockedFile.Multi.Generic(sptd) - User select action: Skip
0
Réponse 10 / 75
André
 
desolé, voici le bon

2011/08/23 13:48:36.0750 1672 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/23 13:48:38.0156 1672 ================================================================================
2011/08/23 13:48:38.0156 1672 SystemInfo:
2011/08/23 13:48:38.0156 1672
2011/08/23 13:48:38.0171 1672 OS Version: 5.1.2600 ServicePack: 2.0
2011/08/23 13:48:38.0171 1672 Product type: Workstation
2011/08/23 13:48:38.0171 1672 ComputerName: LEPRO11
2011/08/23 13:48:38.0218 1672 UserName: Andre
2011/08/23 13:48:38.0218 1672 Windows directory: C:\WINDOWS
2011/08/23 13:48:38.0218 1672 System windows directory: C:\WINDOWS
2011/08/23 13:48:38.0218 1672 Processor architecture: Intel x86
2011/08/23 13:48:38.0218 1672 Number of processors: 1
2011/08/23 13:48:38.0218 1672 Page size: 0x1000
2011/08/23 13:48:38.0218 1672 Boot type: Normal boot
2011/08/23 13:48:38.0218 1672 ================================================================================
2011/08/23 13:49:15.0593 1672 Initialize success
2011/08/23 13:49:32.0078 3568 ================================================================================
2011/08/23 13:49:32.0078 3568 Scan started
2011/08/23 13:49:32.0078 3568 Mode: Manual;
2011/08/23 13:49:32.0078 3568 ================================================================================
2011/08/23 13:49:36.0484 3568 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/23 13:49:36.0906 3568 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/23 13:49:37.0062 3568 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/23 13:49:37.0250 3568 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/08/23 13:49:37.0406 3568 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/08/23 13:49:37.0703 3568 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/08/23 13:49:38.0031 3568 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/08/23 13:49:38.0593 3568 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/23 13:49:39.0062 3568 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/08/23 13:49:39.0250 3568 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/23 13:49:39.0546 3568 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/23 13:49:39.0625 3568 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/23 13:49:39.0812 3568 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/23 13:49:40.0031 3568 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/23 13:49:40.0281 3568 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/23 13:49:40.0468 3568 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/23 13:49:40.0609 3568 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/23 13:49:40.0718 3568 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/23 13:49:40.0953 3568 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/08/23 13:49:41.0093 3568 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/23 13:49:41.0187 3568 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/23 13:49:41.0406 3568 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/23 13:49:41.0781 3568 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/23 13:49:42.0000 3568 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/23 13:49:42.0093 3568 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/23 13:49:42.0187 3568 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/23 13:49:42.0453 3568 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/23 13:49:43.0046 3568 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/23 13:49:43.0562 3568 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/23 13:49:43.0796 3568 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/23 13:49:44.0046 3568 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/23 13:49:44.0125 3568 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/23 13:49:44.0281 3568 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/23 13:49:44.0421 3568 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/23 13:49:44.0531 3568 EMSCR (d3d0ef132eb8f7351e0f6e8072e26331) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
2011/08/23 13:49:44.0609 3568 ESDCR (fcf25b9eb1876dbb3efe13baf37b7bf8) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
2011/08/23 13:49:44.0687 3568 ESMCR (7cec9e3a81142ea0294f2abba0b0a846) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
2011/08/23 13:49:44.0828 3568 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/23 13:49:45.0015 3568 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/23 13:49:45.0156 3568 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/23 13:49:45.0218 3568 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/23 13:49:45.0296 3568 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/23 13:49:45.0406 3568 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/23 13:49:45.0531 3568 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/23 13:49:45.0640 3568 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/23 13:49:45.0828 3568 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/23 13:49:46.0062 3568 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/23 13:49:46.0203 3568 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/23 13:49:46.0531 3568 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/23 13:49:46.0671 3568 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/23 13:49:46.0968 3568 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/23 13:49:47.0109 3568 IntelIde (1367812f8a974e0c13a4888fa5e7ede6) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/23 13:49:47.0250 3568 intelppm (dd5ad1e79ac26d3f8d8828ad4627f160) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/23 13:49:47.0328 3568 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/23 13:49:47.0500 3568 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/23 13:49:47.0578 3568 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/23 13:49:47.0718 3568 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/23 13:49:47.0890 3568 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/23 13:49:48.0062 3568 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/23 13:49:48.0171 3568 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/23 13:49:48.0343 3568 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/23 13:49:48.0531 3568 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/23 13:49:48.0703 3568 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/23 13:49:48.0984 3568 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/08/23 13:49:49.0109 3568 MDC8021X (8fee53c104223973ed9919936d9cd156) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2011/08/23 13:49:49.0203 3568 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/23 13:49:49.0328 3568 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/23 13:49:49.0484 3568 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/23 13:49:49.0578 3568 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/23 13:49:49.0625 3568 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/23 13:49:49.0718 3568 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/23 13:49:49.0906 3568 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/23 13:49:50.0218 3568 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/23 13:49:50.0296 3568 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/23 13:49:50.0359 3568 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/23 13:49:50.0390 3568 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/23 13:49:50.0453 3568 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/23 13:49:50.0593 3568 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/23 13:49:50.0750 3568 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/23 13:49:50.0875 3568 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/23 13:49:51.0000 3568 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/23 13:49:51.0078 3568 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/23 13:49:51.0187 3568 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/23 13:49:51.0421 3568 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/23 13:49:51.0750 3568 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/23 13:49:52.0515 3568 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/08/23 13:49:52.0984 3568 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/23 13:49:53.0562 3568 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/23 13:49:53.0703 3568 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/23 13:49:53.0937 3568 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/08/23 13:49:54.0093 3568 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/23 13:49:54.0265 3568 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/23 13:49:54.0453 3568 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/23 13:49:54.0562 3568 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/23 13:49:54.0687 3568 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/23 13:49:54.0750 3568 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/23 13:49:54.0828 3568 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/23 13:49:54.0953 3568 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/23 13:49:55.0281 3568 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/23 13:49:55.0437 3568 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/23 13:49:56.0640 3568 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/23 13:49:56.0734 3568 prodrv06 (18d9789a4664bf417eea944d2776091a) C:\WINDOWS\System32\drivers\prodrv06.sys
2011/08/23 13:49:56.0906 3568 prohlp02 (8cc9671a7ed2902e747ee0892e1c8575) C:\WINDOWS\system32\drivers\prohlp02.sys
2011/08/23 13:49:57.0015 3568 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
2011/08/23 13:49:57.0203 3568 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/23 13:49:57.0296 3568 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/23 13:49:57.0359 3568 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/23 13:49:58.0000 3568 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/23 13:49:58.0093 3568 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/23 13:49:58.0156 3568 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/23 13:49:58.0312 3568 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/23 13:49:58.0375 3568 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/23 13:49:58.0625 3568 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/23 13:49:59.0218 3568 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/23 13:49:59.0515 3568 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/23 13:49:59.0953 3568 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/23 13:50:00.0765 3568 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/08/23 13:50:00.0953 3568 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/08/23 13:50:01.0093 3568 s24trans (c26a053e4db47f6cdd8653c83aaf22ee) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/08/23 13:50:01.0406 3568 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/08/23 13:50:01.0578 3568 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/23 13:50:01.0734 3568 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/23 13:50:02.0000 3568 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/23 13:50:02.0140 3568 SerTVOutCtlr (c996c839a3261cab5409c61e5702b620) C:\WINDOWS\system32\drivers\EPIOMngr.sys
2011/08/23 13:50:02.0328 3568 sfdrv01 (00de597b81b381053cb5b21a7f20e365) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/08/23 13:50:02.0625 3568 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/08/23 13:50:02.0796 3568 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/08/23 13:50:02.0875 3568 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
2011/08/23 13:50:02.0984 3568 sfhlp02 (64b9ab76f1b16eb059cb6cdd906c067a) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/08/23 13:50:03.0078 3568 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/23 13:50:03.0265 3568 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
2011/08/23 13:50:03.0625 3568 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/23 13:50:03.0812 3568 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/23 13:50:03.0828 3568 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/08/23 13:50:03.0859 3568 sptd - detected LockedFile.Multi.Generic (1)
2011/08/23 13:50:03.0921 3568 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/23 13:50:04.0062 3568 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/23 13:50:04.0250 3568 SrvcEKIOMngr (3b01a9316255cdd17f9c8e79aa573406) C:\WINDOWS\system32\Drivers\EKIoMngr.sys
2011/08/23 13:50:04.0343 3568 SrvcSSIOMngr (79b7af340d55861df1d69e7bac975fcc) C:\WINDOWS\system32\Drivers\SSIoMngr.sys
2011/08/23 13:50:04.0593 3568 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/23 13:50:04.0703 3568 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/23 13:50:05.0343 3568 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/23 13:50:05.0625 3568 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/23 13:50:05.0796 3568 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/23 13:50:05.0937 3568 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/23 13:50:06.0171 3568 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/23 13:50:06.0328 3568 TPwSav (542dd0c0d8a1aa428a8c8d1517edb679) C:\WINDOWS\system32\Drivers\TPwSav.sys
2011/08/23 13:50:06.0468 3568 Tvs (7bc87d123f504d161693f672cfe99ec4) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2011/08/23 13:50:06.0609 3568 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/23 13:50:06.0859 3568 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/23 13:50:07.0125 3568 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/23 13:50:07.0343 3568 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/23 13:50:07.0468 3568 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/23 13:50:07.0609 3568 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/23 13:50:07.0750 3568 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/23 13:50:08.0000 3568 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/23 13:50:08.0171 3568 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/23 13:50:08.0265 3568 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/23 13:50:08.0375 3568 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/08/23 13:50:08.0609 3568 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/23 13:50:08.0953 3568 w29n51 (a22abd73e0d6ba666cba4e86eeb001b3) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/08/23 13:50:09.0437 3568 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/23 13:50:09.0531 3568 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/23 13:50:09.0718 3568 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/23 13:50:10.0125 3568 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/23 13:50:11.0171 3568 Boot (0x1200) (d115ff881d028acc7f32586bd0574032) \Device\Harddisk0\DR0\Partition0
2011/08/23 13:50:11.0203 3568 ================================================================================
2011/08/23 13:50:11.0203 3568 Scan finished
2011/08/23 13:50:11.0203 3568 ================================================================================
2011/08/23 13:50:11.0265 1372 Detected object count: 1
2011/08/23 13:50:11.0265 1372 Actual detected object count: 1
2011/08/23 13:50:49.0015 1372 LockedFile.Multi.Generic(sptd) - User select action: Skip
0
Réponse 11 / 75
André
 
Et ensuite ?
0
Réponse 12 / 75
Utilisateur anonyme
 

/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\

__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================

▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

Telecharge ici : Combofix

Avant d'utiliser ComboFix :

Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\

Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau

▶ Lance le

Une fenêtre apparait : clique sur "Disable"

▶ Fais redémarrer l'ordinateur si l'outil te le demande

Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur combofix renommé

¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤

▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.



0
Réponse 13 / 75
Andre
 
voila

ComboFix 10-04-14.01 - Andre 2010-04-14 20:04:59.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.502.239 [GMT -4:00]
Lancé depuis: c:\documents and settings\Andre\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\SET1C2.tmp
c:\program files\Internet Explorer\SET1C7.tmp
c:\windows\Fonts\NfoViewer.ttf

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-15 au 2010-04-15 ))))))))))))))))))))))))))))))))))))
.

2010-03-17 07:17 . 2010-03-17 07:17 -------- d-sh--w- c:\documents and settings\Andre\PrivacIE
2010-03-17 07:14 . 2010-03-17 07:14 -------- d-sh--w- c:\documents and settings\Andre\IETldCache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 22:53 . 2006-04-17 21:13 495306 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-14 22:53 . 2006-04-17 21:13 79466 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-07 05:30 . 2010-03-02 23:58 -------- d-----w- c:\documents and settings\Andre\Application Data\QuickScan
2010-04-02 19:50 . 2009-01-16 04:08 -------- d-----w- c:\documents and settings\Andre\Application Data\uTorrent
2010-03-31 01:56 . 2009-04-04 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-09 11:24 . 2010-03-03 00:45 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-03-03 00:45 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-03-03 00:45 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-03-03 00:45 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-03-03 00:45 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-03-03 00:45 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-03-03 00:45 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-03-03 00:45 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-03 00:44 . 2010-03-02 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-02 11:49 . 2009-01-08 17:44 -------- d-----w- c:\program files\Alwil Software
2010-03-01 10:03 . 2010-03-01 08:26 -------- d-----w- c:\program files\Amorous Professor Cherry
2010-03-01 06:55 . 2010-03-01 06:55 -------- d-----w- c:\program files\ILLUSION
2010-03-01 06:55 . 2009-01-08 05:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 08:40 . 2006-04-17 21:13 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-02-21 08:07 . 2010-02-14 16:18 -------- d-----w- c:\program files\Full Tilt Poker.Net
2010-02-11 18:53 . 2010-03-03 00:45 38848 ----a-w- c:\windows\system32\avastSS.scr
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-04-20 28672]
"TFncKy"="TFncKy.exe" [BU]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-06-22 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-06-22 88358]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-26 65536]
"TPSMain"="TPSMain.exe" [2005-01-21 266240]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-05-01 24576]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 675840]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-24 28672]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-06-22 192512]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"Zooming"="ZoomingHook.exe" [2004-07-14 24576]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-04-17 15360]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-11 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]
2005-06-22 22:12 386752 ----a-w- c:\progra~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 17:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-03-02 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-03-02 19024]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-01-08 721904]
S4 Trkwh!_a;Trkwh!_a; [x]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B5474B9D-C8B9-4345-A6B1-43E2E41BCAC5} = 24.200.241.37,24.201.245.77
TCP: {CF0B487D-FFB4-4E07-A563-C4AC691923D9} = 24.200.241.37,24.201.245.77
FF - ProfilePath - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\umefcsf6.default\
FF - prefs.js: browser.startup.homepage - hxxp://qc.news.yahoo.com/
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-kwwsvlor - c:\documents and settings\Andre\Local Settings\Application Data\hddhvh\sdxesftav.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 20:09
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1757981266-57989841-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:32,89,82,df,74,da,7b,4e,69,75,2c,bd,f5,a3,2f,92,ff,99,6a,45,25,
05,9e,99,7f,72,e6,78,99,0c,59,ef,5e,0a,6d,d9,dc,dd,4d,29,c1,6a,a9,d3,6a,43,\
"rkeysecu"=hex:05,6a,40,5b,28,97,3a,2f,a4,73,ee,7a,cf,14,ec,1d
.
Heure de fin: 2010-04-14 20:13:11
ComboFix-quarantined-files.txt 2010-04-15 00:12

Avant-CF: 28 887 150 592 octets libres
Après-CF: 28 856 942 592 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - 8DA235C2BC67F0DCCA251321DFBBF111
0
Réponse 14 / 75
Utilisateur anonyme
 

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

Folder::
c:\documents and settings\Andre\Local Settings\Application Data\hddhvh

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"QuickTime Task"=-
"iTunesHelper"=-

Driver::
Trkwh!_a



------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt


0
Réponse 15 / 75
Andre
 
qu'est ce que tu veux dire par Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes)
0
Réponse 16 / 75
Utilisateur anonyme
 
bah tu copies/colles tout le texte en gras dedans...
0
Réponse 17 / 75
Andre
 
voila

ComboFix 10-04-14.01 - Andre 2010-04-14 20:04:59.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.502.239 [GMT -4:00]
Lancé depuis: c:\documents and settings\Andre\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\SET1C2.tmp
c:\program files\Internet Explorer\SET1C7.tmp
c:\windows\Fonts\NfoViewer.ttf

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-15 au 2010-04-15 ))))))))))))))))))))))))))))))))))))
.

2010-03-17 07:17 . 2010-03-17 07:17 -------- d-sh--w- c:\documents and settings\Andre\PrivacIE
2010-03-17 07:14 . 2010-03-17 07:14 -------- d-sh--w- c:\documents and settings\Andre\IETldCache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 22:53 . 2006-04-17 21:13 495306 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-14 22:53 . 2006-04-17 21:13 79466 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-07 05:30 . 2010-03-02 23:58 -------- d-----w- c:\documents and settings\Andre\Application Data\QuickScan
2010-04-02 19:50 . 2009-01-16 04:08 -------- d-----w- c:\documents and settings\Andre\Application Data\uTorrent
2010-03-31 01:56 . 2009-04-04 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-09 11:24 . 2010-03-03 00:45 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-03-03 00:45 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-03-03 00:45 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-03-03 00:45 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-03-03 00:45 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-03-03 00:45 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-03-03 00:45 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-03-03 00:45 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-03 00:44 . 2010-03-02 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-02 11:49 . 2009-01-08 17:44 -------- d-----w- c:\program files\Alwil Software
2010-03-01 10:03 . 2010-03-01 08:26 -------- d-----w- c:\program files\Amorous Professor Cherry
2010-03-01 06:55 . 2010-03-01 06:55 -------- d-----w- c:\program files\ILLUSION
2010-03-01 06:55 . 2009-01-08 05:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 08:40 . 2006-04-17 21:13 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-02-21 08:07 . 2010-02-14 16:18 -------- d-----w- c:\program files\Full Tilt Poker.Net
2010-02-11 18:53 . 2010-03-03 00:45 38848 ----a-w- c:\windows\system32\avastSS.scr
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-04-20 28672]
"TFncKy"="TFncKy.exe" [BU]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-06-22 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-06-22 88358]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-26 65536]
"TPSMain"="TPSMain.exe" [2005-01-21 266240]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-05-01 24576]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 675840]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-24 28672]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-06-22 192512]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"Zooming"="ZoomingHook.exe" [2004-07-14 24576]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-04-17 15360]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-11 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]
2005-06-22 22:12 386752 ----a-w- c:\progra~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 17:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-03-02 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-03-02 19024]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-01-08 721904]
S4 Trkwh!_a;Trkwh!_a; [x]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B5474B9D-C8B9-4345-A6B1-43E2E41BCAC5} = 24.200.241.37,24.201.245.77
TCP: {CF0B487D-FFB4-4E07-A563-C4AC691923D9} = 24.200.241.37,24.201.245.77
FF - ProfilePath - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\umefcsf6.default\
FF - prefs.js: browser.startup.homepage - hxxp://qc.news.yahoo.com/
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-kwwsvlor - c:\documents and settings\Andre\Local Settings\Application Data\hddhvh\sdxesftav.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 20:09
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1757981266-57989841-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:32,89,82,df,74,da,7b,4e,69,75,2c,bd,f5,a3,2f,92,ff,99,6a,45,25,
05,9e,99,7f,72,e6,78,99,0c,59,ef,5e,0a,6d,d9,dc,dd,4d,29,c1,6a,a9,d3,6a,43,\
"rkeysecu"=hex:05,6a,40,5b,28,97,3a,2f,a4,73,ee,7a,cf,14,ec,1d
.
Heure de fin: 2010-04-14 20:13:11
ComboFix-quarantined-files.txt 2010-04-15 00:12

Avant-CF: 28 887 150 592 octets libres
Après-CF: 28 856 942 592 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - 8DA235C2BC67F0DCCA251321DFBBF111
0
Réponse 18 / 75
Utilisateur anonyme
 
t'as raté ^^
0
Réponse 19 / 75
Andre
 
et maintenant ?

ComboFix 10-04-14.01 - Andre 2010-04-14 20:04:59.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.502.239 [GMT -4:00]
Lancé depuis: c:\documents and settings\Andre\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\SET1C2.tmp
c:\program files\Internet Explorer\SET1C7.tmp
c:\windows\Fonts\NfoViewer.ttf

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-15 au 2010-04-15 ))))))))))))))))))))))))))))))))))))
.

2010-03-17 07:17 . 2010-03-17 07:17 -------- d-sh--w- c:\documents and settings\Andre\PrivacIE
2010-03-17 07:14 . 2010-03-17 07:14 -------- d-sh--w- c:\documents and settings\Andre\IETldCache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 22:53 . 2006-04-17 21:13 495306 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-14 22:53 . 2006-04-17 21:13 79466 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-07 05:30 . 2010-03-02 23:58 -------- d-----w- c:\documents and settings\Andre\Application Data\QuickScan
2010-04-02 19:50 . 2009-01-16 04:08 -------- d-----w- c:\documents and settings\Andre\Application Data\uTorrent
2010-03-31 01:56 . 2009-04-04 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-09 11:24 . 2010-03-03 00:45 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-03-03 00:45 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-03-03 00:45 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-03-03 00:45 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-03-03 00:45 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-03-03 00:45 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-03-03 00:45 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-03-03 00:45 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-03 00:44 . 2010-03-02 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-02 11:49 . 2009-01-08 17:44 -------- d-----w- c:\program files\Alwil Software
2010-03-01 10:03 . 2010-03-01 08:26 -------- d-----w- c:\program files\Amorous Professor Cherry
2010-03-01 06:55 . 2010-03-01 06:55 -------- d-----w- c:\program files\ILLUSION
2010-03-01 06:55 . 2009-01-08 05:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 08:40 . 2006-04-17 21:13 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-02-21 08:07 . 2010-02-14 16:18 -------- d-----w- c:\program files\Full Tilt Poker.Net
2010-02-11 18:53 . 2010-03-03 00:45 38848 ----a-w- c:\windows\system32\avastSS.scr
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-04-20 28672]
"TFncKy"="TFncKy.exe" [BU]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-06-22 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-06-22 88358]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-26 65536]
"TPSMain"="TPSMain.exe" [2005-01-21 266240]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-05-01 24576]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 675840]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-24 28672]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-06-22 192512]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"Zooming"="ZoomingHook.exe" [2004-07-14 24576]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-04-17 15360]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-11 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]
2005-06-22 22:12 386752 ----a-w- c:\progra~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 17:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-03-02 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-03-02 19024]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-01-08 721904]
S4 Trkwh!_a;Trkwh!_a; [x]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B5474B9D-C8B9-4345-A6B1-43E2E41BCAC5} = 24.200.241.37,24.201.245.77
TCP: {CF0B487D-FFB4-4E07-A563-C4AC691923D9} = 24.200.241.37,24.201.245.77
FF - ProfilePath - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\umefcsf6.default\
FF - prefs.js: browser.startup.homepage - hxxp://qc.news.yahoo.com/
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-kwwsvlor - c:\documents and settings\Andre\Local Settings\Application Data\hddhvh\sdxesftav.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 20:09
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1757981266-57989841-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:32,89,82,df,74,da,7b,4e,69,75,2c,bd,f5,a3,2f,92,ff,99,6a,45,25,
05,9e,99,7f,72,e6,78,99,0c,59,ef,5e,0a,6d,d9,dc,dd,4d,29,c1,6a,a9,d3,6a,43,\
"rkeysecu"=hex:05,6a,40,5b,28,97,3a,2f,a4,73,ee,7a,cf,14,ec,1d
.
Heure de fin: 2010-04-14 20:13:11
ComboFix-quarantined-files.txt 2010-04-15 00:12

Avant-CF: 28 887 150 592 octets libres
Après-CF: 28 856 942 592 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - 8DA235C2BC67F0DCCA251321DFBBF111
0
Réponse 20 / 75
Utilisateur anonyme
 
tu fais pas ce que je demande :(
0

Discussions similaires

A quoi sert ce boitier ?
regis5492 -
brupala -

7 réponses
Logitech G hub loop infini
snaillou -
LeeLems -

4 réponses
Problème avec logitech g hub
Keydan -
loz -

10 réponses
Logitech g29 chargements des ressources...
G29 -
Gianni -

7 réponses
Le son ne sort que d'un côté de mon casque, pourquoi ?
real1se -
LylouFR -

7 réponses