Votre question

virus de redirection google et lenteur internet

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Octobre 2011 17:35:33

Bonjour à tous, un virus de redirection s'est infiltré dans mon ordinateur, impossible de faire un recherche avec google, je suis automatiquement renvoyé sur un moteur de recherche complètement inconnu. De plus internet rame à mort.
Je précise que J'utilise windows xp.
Après quelques tours sur des forums, j'ai installé hijackthis et d'autres antivirus, je l'utilise une fois et ensuite impossible de l'ouvrir à nouveau, de plus, le log n'est enregistré nulle part.
Seul spybot fonctionne.

Quelqu'un peut-il m'aider?

Merci d'avance.

Autres pages sur : virus redirection google lenteur internet

3 Octobre 2011 21:12:39

Bonsoir

1

Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.

    <@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**


    2
    telecharge sur ton bureau http://support.kaspersky.com/downloads/utils/tdsskiller... , dezippe le et execute le , un rapport sera crée ici:

    C:\TDSSKillerVersion_Date_Time_log.txt.<< copie_colle son contenu

    tu as aussi directement l'executable là : http://support.kaspersky.com/downloads/utils/tdsskiller...

    o execute le , La fenêtre suivante va s'ouvrir::



    o Clique sur Start scan et laisse l'outil scanner ton disque dur sans l'interrompre et sans utiliser le PC.
    o Si des fichiers infectés sont trouvées, une nouvelle fenêtre va s'ouvrir:



    o Si TDSS.tdl2 est détecté l'option delete sera cochée par défaut.

    o Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.

    o Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.

    o Si Suspicious file est indiqué, laisse l'option cochée sur Skip

    o Clique sur Continue puis sur Reboot now pour redémarrer le PC.

    o Copie-colle le rapport généré dans ta prochaine réponse (Il est aussi sauvegardé à la racine de ta partition système sous le nom C:\TDSSKiller_Quarantine\JJ.MM.AA_HH.MM.SS. (JJ.MM.AA date du passage de l'outil, HH.MM.SS heure de passage).

    tutoriel--> http://support.kaspersky.com/viruses/solutions?qid=2082...

    4 Octobre 2011 11:49:43

    Bonjour Sham_Rock, merci pour ton aide, le rapport dds.txt n'est pas lisible, il me met au début, "this programm cannot be run in DOS mode" et je n'ai pas eu d'invite optionnal scan.
    Mais voici le rapport tdsskiller:
    11:20:58.0609 3932 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
    11:20:58.0796 3932 ============================================================
    11:20:58.0796 3932 Current date / time: 2011/10/04 11:20:58.0796
    11:20:58.0796 3932 SystemInfo:
    11:20:58.0796 3932
    11:20:58.0796 3932 OS Version: 5.1.2600 ServicePack: 3.0
    11:20:58.0796 3932 Product type: Workstation
    11:20:58.0796 3932 ComputerName: MEDIA-CDE1ECD79
    11:20:58.0859 3932 UserName: MEDIA
    11:20:58.0859 3932 Windows directory: C:\WINDOWS
    11:20:58.0859 3932 System windows directory: C:\WINDOWS
    11:20:58.0859 3932 Processor architecture: Intel x86
    11:20:58.0859 3932 Number of processors: 1
    11:20:58.0859 3932 Page size: 0x1000
    11:20:58.0859 3932 Boot type: Normal boot
    11:20:58.0859 3932 ============================================================
    11:21:00.0234 3932 Initialize success
    11:21:06.0203 0128 ============================================================
    11:21:06.0203 0128 Scan started
    11:21:06.0203 0128 Mode: Manual;
    11:21:06.0203 0128 ============================================================
    11:21:07.0078 0128 Abiosdsk - ok
    11:21:07.0093 0128 abp480n5 - ok
    11:21:07.0156 0128 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    11:21:07.0156 0128 ACPI - ok
    11:21:07.0328 0128 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
    11:21:07.0328 0128 ACPIEC - ok
    11:21:07.0484 0128 adpu160m - ok
    11:21:07.0656 0128 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    11:21:07.0656 0128 aec - ok
    11:21:07.0812 0128 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    11:21:07.0812 0128 AFD - ok
    11:21:08.0000 0128 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
    11:21:08.0015 0128 AFS2K - ok
    11:21:08.0171 0128 Aha154x - ok
    11:21:08.0312 0128 aic78u2 - ok
    11:21:08.0328 0128 aic78xx - ok
    11:21:08.0375 0128 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
    11:21:08.0375 0128 alcan5wn - ok
    11:21:08.0531 0128 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
    11:21:08.0531 0128 alcaudsl - ok
    11:21:08.0796 0128 ALCXWDM (706aa8374b4fc02d8a42493f16d5c3a4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    11:21:08.0859 0128 ALCXWDM - ok
    11:21:09.0109 0128 AliIde - ok
    11:21:09.0171 0128 amsint - ok
    11:21:09.0265 0128 asc - ok
    11:21:09.0328 0128 asc3350p - ok
    11:21:09.0437 0128 asc3550 - ok
    11:21:09.0531 0128 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    11:21:09.0531 0128 AsyncMac - ok
    11:21:09.0640 0128 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    11:21:09.0640 0128 atapi - ok
    11:21:09.0718 0128 Atdisk - ok
    11:21:09.0765 0128 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    11:21:09.0765 0128 Atmarpc - ok
    11:21:09.0875 0128 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    11:21:09.0875 0128 audstub - ok
    11:21:10.0062 0128 bdfm (f040e9fff03bc19aff03cb922e131cd7) C:\WINDOWS\system32\drivers\bdfm.sys
    11:21:10.0078 0128 bdfm - ok
    11:21:10.0265 0128 bdfsfltr (d281217152b9fc5774863e70e3fab4d3) C:\WINDOWS\system32\drivers\bdfsfltr.sys
    11:21:10.0281 0128 bdfsfltr - ok
    11:21:10.0421 0128 BDSelfPr (5eaf583c0b1cc2499761ea3b065f5db2) C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys
    11:21:10.0421 0128 BDSelfPr - ok
    11:21:10.0593 0128 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    11:21:10.0593 0128 Beep - ok
    11:21:10.0750 0128 c7d77cef (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\4017936327:942179088.exe
    11:21:11.0875 0128 Suspicious file (Hidden): C:\WINDOWS\4017936327:942179088.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
    11:21:11.0875 0128 c7d77cef ( HiddenFile.Multi.Generic ) - warning
    11:21:11.0875 0128 c7d77cef - detected HiddenFile.Multi.Generic (1)
    11:21:12.0078 0128 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    11:21:12.0078 0128 cbidf2k - ok
    11:21:12.0281 0128 cd20xrnt - ok
    11:21:12.0343 0128 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    11:21:12.0343 0128 Cdaudio - ok
    11:21:12.0500 0128 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    11:21:12.0500 0128 Cdfs - ok
    11:21:12.0671 0128 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    11:21:12.0671 0128 Cdrom - ok
    11:21:12.0812 0128 Changer - ok
    11:21:12.0843 0128 CmdIde - ok
    11:21:12.0875 0128 Cpqarray - ok
    11:21:12.0890 0128 dac2w2k - ok
    11:21:12.0906 0128 dac960nt - ok
    11:21:12.0968 0128 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    11:21:12.0968 0128 Disk - ok
    11:21:13.0156 0128 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
    11:21:13.0171 0128 dmboot - ok
    11:21:13.0328 0128 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
    11:21:13.0328 0128 dmio - ok
    11:21:13.0484 0128 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    11:21:13.0484 0128 dmload - ok
    11:21:13.0656 0128 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    11:21:13.0656 0128 DMusic - ok
    11:21:13.0828 0128 dpti2o - ok
    11:21:13.0859 0128 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    11:21:13.0859 0128 drmkaud - ok
    11:21:14.0046 0128 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    11:21:14.0046 0128 Fastfat - ok
    11:21:14.0093 0128 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    11:21:14.0093 0128 Fdc - ok
    11:21:14.0234 0128 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
    11:21:14.0234 0128 Fips - ok
    11:21:14.0265 0128 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    11:21:14.0265 0128 Flpydisk - ok
    11:21:14.0437 0128 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    11:21:14.0437 0128 FltMgr - ok
    11:21:14.0625 0128 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    11:21:14.0625 0128 Fs_Rec - ok
    11:21:14.0796 0128 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    11:21:14.0812 0128 Ftdisk - ok
    11:21:15.0000 0128 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
    11:21:15.0000 0128 gagp30kx - ok
    11:21:15.0187 0128 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    11:21:15.0203 0128 Gpc - ok
    11:21:15.0406 0128 hpn - ok
    11:21:15.0437 0128 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    11:21:15.0437 0128 HPZid412 - ok
    11:21:15.0593 0128 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    11:21:15.0593 0128 HPZipr12 - ok
    11:21:15.0734 0128 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    11:21:15.0734 0128 HPZius12 - ok
    11:21:15.0765 0128 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    11:21:15.0781 0128 HTTP - ok
    11:21:15.0953 0128 i2omgmt - ok
    11:21:15.0968 0128 i2omp - ok
    11:21:16.0015 0128 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    11:21:16.0015 0128 i8042prt - ok
    11:21:16.0187 0128 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    11:21:16.0187 0128 Imapi - ok
    11:21:16.0343 0128 InCDfs (b87fc7c71632240dac8f4d20e9ce8377) C:\WINDOWS\system32\drivers\InCDfs.sys
    11:21:16.0359 0128 InCDfs - ok
    11:21:16.0515 0128 InCDPass (2e878405128ec98886eb9c2216ac7bd6) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
    11:21:16.0515 0128 InCDPass - ok
    11:21:16.0671 0128 InCDrec (ddf078917a42f105385d7eb6debb3433) C:\WINDOWS\system32\drivers\InCDrec.sys
    11:21:16.0671 0128 InCDrec - ok
    11:21:16.0828 0128 incdrm (7f352360e947ad2cd4ba60de27b1a299) C:\WINDOWS\system32\drivers\incdrm.sys
    11:21:16.0828 0128 incdrm - ok
    11:21:17.0031 0128 ini910u - ok
    11:21:17.0062 0128 IntelIde - ok
    11:21:17.0109 0128 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    11:21:17.0109 0128 Ip6Fw - ok
    11:21:17.0250 0128 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    11:21:17.0250 0128 IpFilterDriver - ok
    11:21:17.0406 0128 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    11:21:17.0406 0128 IpInIp - ok
    11:21:17.0500 0128 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    11:21:17.0500 0128 IpNat - ok
    11:21:17.0593 0128 IPSec (8f72e0ab8c6e8280b6969ad629d48f4b) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    11:21:17.0593 0128 IPSec ( Rootkit.Win32.ZAccess.h ) - infected
    11:21:17.0593 0128 IPSec - detected Rootkit.Win32.ZAccess.h (0)
    11:21:17.0734 0128 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    11:21:17.0750 0128 IRENUM - ok
    11:21:17.0781 0128 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    11:21:17.0781 0128 isapnp - ok
    11:21:17.0968 0128 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    11:21:17.0984 0128 Kbdclass - ok
    11:21:18.0046 0128 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    11:21:18.0046 0128 kmixer - ok
    11:21:18.0093 0128 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    11:21:18.0109 0128 KSecDD - ok
    11:21:18.0250 0128 lbrtfdc - ok
    11:21:18.0343 0128 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    11:21:18.0343 0128 mnmdd - ok
    11:21:18.0500 0128 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
    11:21:18.0500 0128 Modem - ok
    11:21:18.0531 0128 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    11:21:18.0531 0128 Mouclass - ok
    11:21:18.0687 0128 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    11:21:18.0687 0128 MountMgr - ok
    11:21:18.0765 0128 mraid35x - ok
    11:21:18.0875 0128 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    11:21:18.0875 0128 MRxDAV - ok
    11:21:18.0937 0128 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    11:21:18.0937 0128 MRxSmb - ok
    11:21:19.0109 0128 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    11:21:19.0109 0128 Msfs - ok
    11:21:19.0140 0128 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    11:21:19.0140 0128 MSKSSRV - ok
    11:21:19.0171 0128 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    11:21:19.0171 0128 MSPCLOCK - ok
    11:21:19.0312 0128 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    11:21:19.0312 0128 MSPQM - ok
    11:21:19.0484 0128 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    11:21:19.0484 0128 mssmbios - ok
    11:21:19.0640 0128 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    11:21:19.0656 0128 Mup - ok
    11:21:19.0718 0128 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    11:21:19.0718 0128 NDIS - ok
    11:21:19.0890 0128 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    11:21:19.0890 0128 NdisTapi - ok
    11:21:19.0921 0128 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    11:21:19.0921 0128 Ndisuio - ok
    11:21:20.0078 0128 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    11:21:20.0078 0128 NdisWan - ok
    11:21:20.0140 0128 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    11:21:20.0140 0128 NDProxy - ok
    11:21:20.0265 0128 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    11:21:20.0265 0128 NetBIOS - ok
    11:21:20.0343 0128 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    11:21:20.0343 0128 NetBT - ok
    11:21:20.0500 0128 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    11:21:20.0500 0128 Npfs - ok
    11:21:20.0609 0128 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    11:21:20.0625 0128 Ntfs - ok
    11:21:20.0796 0128 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    11:21:20.0796 0128 Null - ok
    11:21:20.0953 0128 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    11:21:20.0953 0128 NwlnkFlt - ok
    11:21:21.0109 0128 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    11:21:21.0109 0128 NwlnkFwd - ok
    11:21:21.0265 0128 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
    11:21:21.0281 0128 Parport - ok
    11:21:21.0421 0128 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    11:21:21.0421 0128 PartMgr - ok
    11:21:21.0484 0128 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
    11:21:21.0484 0128 ParVdm - ok
    11:21:21.0656 0128 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
    11:21:21.0656 0128 PCI - ok
    11:21:21.0812 0128 PCIDump - ok
    11:21:21.0843 0128 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
    11:21:21.0843 0128 PCIIde - ok
    11:21:22.0031 0128 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
    11:21:22.0031 0128 Pcmcia - ok
    11:21:22.0203 0128 PDCOMP - ok
    11:21:22.0281 0128 PDFRAME - ok
    11:21:22.0375 0128 PDRELI - ok
    11:21:22.0453 0128 PDRFRAME - ok
    11:21:22.0562 0128 perc2 - ok
    11:21:22.0578 0128 perc2hib - ok
    11:21:22.0640 0128 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    11:21:22.0640 0128 PptpMiniport - ok
    11:21:22.0703 0128 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys
    11:21:22.0703 0128 Processor - ok
    11:21:22.0812 0128 Profos (1bfe86c679a43994e36e623fb6898cdb) C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys
    11:21:22.0812 0128 Profos - ok
    11:21:22.0953 0128 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    11:21:22.0953 0128 PSched - ok
    11:21:23.0046 0128 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    11:21:23.0046 0128 Ptilink - ok
    11:21:23.0187 0128 ql1080 - ok
    11:21:23.0218 0128 Ql10wnt - ok
    11:21:23.0343 0128 ql12160 - ok
    11:21:23.0359 0128 ql1240 - ok
    11:21:23.0406 0128 ql1280 - ok
    11:21:23.0437 0128 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    11:21:23.0437 0128 RasAcd - ok
    11:21:23.0562 0128 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    11:21:23.0562 0128 Rasl2tp - ok
    11:21:23.0625 0128 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    11:21:23.0625 0128 RasPppoe - ok
    11:21:23.0734 0128 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    11:21:23.0734 0128 Raspti - ok
    11:21:23.0812 0128 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    11:21:23.0828 0128 Rdbss - ok
    11:21:23.0968 0128 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    11:21:23.0968 0128 RDPCDD - ok
    11:21:24.0140 0128 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    11:21:24.0140 0128 RDPWD - ok
    11:21:24.0296 0128 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
    11:21:24.0296 0128 redbook - ok
    11:21:24.0500 0128 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    11:21:24.0500 0128 RTL8023xp - ok
    11:21:24.0687 0128 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    11:21:24.0687 0128 rtl8139 - ok
    11:21:24.0875 0128 S3GIGP (1c0ca1dc8b2e2a576e4be89ad1ccf4bf) C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys
    11:21:24.0890 0128 S3GIGP - ok
    11:21:25.0062 0128 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    11:21:25.0062 0128 Secdrv - ok
    11:21:25.0203 0128 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    11:21:25.0203 0128 serenum - ok
    11:21:25.0234 0128 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
    11:21:25.0250 0128 Serial - ok
    11:21:25.0406 0128 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    11:21:25.0406 0128 Sfloppy - ok
    11:21:25.0562 0128 Simbad - ok
    11:21:25.0578 0128 Sparrow - ok
    11:21:25.0609 0128 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    11:21:25.0625 0128 splitter - ok
    11:21:25.0781 0128 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
    11:21:25.0781 0128 sr - ok
    11:21:25.0968 0128 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    11:21:25.0968 0128 Srv - ok
    11:21:26.0140 0128 ssmdrv (3d2829fde1c52fc64da5413889ce4dee) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    11:21:26.0140 0128 ssmdrv - ok
    11:21:26.0296 0128 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    11:21:26.0296 0128 swenum - ok
    11:21:26.0437 0128 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    11:21:26.0437 0128 swmidi - ok
    11:21:26.0640 0128 symc810 - ok
    11:21:26.0671 0128 symc8xx - ok
    11:21:26.0687 0128 sym_hi - ok
    11:21:26.0703 0128 sym_u3 - ok
    11:21:26.0796 0128 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    11:21:26.0796 0128 sysaudio - ok
    11:21:26.0953 0128 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    11:21:26.0968 0128 Tcpip - ok
    11:21:27.0140 0128 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    11:21:27.0140 0128 TDPIPE - ok
    11:21:27.0312 0128 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    11:21:27.0312 0128 TDTCP - ok
    11:21:27.0328 0128 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    11:21:27.0328 0128 TermDD - ok
    11:21:27.0500 0128 TosIde - ok
    11:21:27.0625 0128 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys
    11:21:27.0625 0128 Trufos - ok
    11:21:27.0812 0128 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    11:21:27.0812 0128 Udfs - ok
    11:21:27.0953 0128 ultra - ok
    11:21:27.0984 0128 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    11:21:28.0000 0128 Update - ok
    11:21:28.0156 0128 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    11:21:28.0156 0128 usbccgp - ok
    11:21:28.0343 0128 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    11:21:28.0343 0128 usbehci - ok
    11:21:28.0500 0128 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    11:21:28.0500 0128 usbhub - ok
    11:21:28.0656 0128 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    11:21:28.0656 0128 usbprint - ok
    11:21:28.0812 0128 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    11:21:28.0812 0128 usbscan - ok
    11:21:28.0953 0128 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    11:21:28.0953 0128 USBSTOR - ok
    11:21:29.0140 0128 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    11:21:29.0140 0128 usbuhci - ok
    11:21:29.0281 0128 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    11:21:29.0281 0128 VgaSave - ok
    11:21:29.0437 0128 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    11:21:29.0437 0128 ViaIde - ok
    11:21:29.0593 0128 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
    11:21:29.0593 0128 VolSnap - ok
    11:21:29.0781 0128 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    11:21:29.0781 0128 Wanarp - ok
    11:21:29.0828 0128 WDICA - ok
    11:21:29.0859 0128 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    11:21:29.0859 0128 wdmaud - ok
    11:21:30.0062 0128 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    11:21:30.0062 0128 WudfPf - ok
    11:21:30.0218 0128 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    11:21:30.0218 0128 WudfRd - ok
    11:21:30.0281 0128 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
    11:21:30.0390 0128 \Device\Harddisk0\DR0 - ok
    11:21:30.0406 0128 Boot (0x1200) (d446b679c4ef5e1f3c2c99ec75b34c49) \Device\Harddisk0\DR0\Partition0
    11:21:30.0406 0128 \Device\Harddisk0\DR0\Partition0 - ok
    11:21:30.0406 0128 ============================================================
    11:21:30.0406 0128 Scan finished
    11:21:30.0406 0128 ============================================================
    11:21:30.0421 4012 Detected object count: 2
    11:21:30.0421 4012 Actual detected object count: 2
    11:23:59.0828 4012 c7d77cef ( HiddenFile.Multi.Generic ) - skipped by user
    11:23:59.0828 4012 c7d77cef ( HiddenFile.Multi.Generic ) - User select action: Skip
    11:24:00.0000 4012 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 13
    11:24:02.0250 4012 Backup copy found, using it..
    11:24:02.0281 4012 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
    11:24:02.0281 4012 IPSec ( Rootkit.Win32.ZAccess.h ) - User select action: Cure
    11:24:10.0750 3928 Deinitialize success
    Contenus similaires
    4 Octobre 2011 22:10:54

    bonsoir
    Zaccess...
    Tdsskiller a commencé le boulot...
    Citation :
    11:23:59.0828 4012 c7d77cef ( HiddenFile.Multi.Generic ) - skipped by user
    11:23:59.0828 4012 c7d77cef ( HiddenFile.Multi.Generic ) - User select action: Skip
    11:24:00.0000 4012 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 13
    11:24:02.0250 4012 Backup copy found, using it..
    11:24:02.0281 4012 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
    11:24:02.0281 4012 IPSec ( Rootkit.Win32.ZAccess.h ) - User select action: Cure
    11:24:10.0750 3928 Deinitialize success


    on continue:

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>

    +++++++++++++++++++++


    5 Octobre 2011 15:14:20

    ça fonctionne mieux, voici le rapport:

    ComboFix 11-10-05.01 - MEDIA 05/10/2011 14:27:42.1.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.208 [GMT 2:00]
    Lancé depuis: c:\documents and settings\MEDIA\Bureau\ComboFix.exe
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {7C920732-0013-0000-180A-850000008500}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00C8-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00C8-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00D9-0D24-347CA8A3377C}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\MEDIA\Mes documents\~WRL0004.tmp
    c:\documents and settings\MEDIA\WINDOWS
    c:\program files\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.00.47_version_win_9x_anglais_10821.exe
    c:\program files\google\common\google updater\googleupdaterservice.exe
    c:\windows\$NtUninstallKB17607$\1260891303
    c:\windows\$NtUninstallKB17607$\3352788207\@
    c:\windows\$NtUninstallKB17607$\3352788207\click.tlb
    c:\windows\$NtUninstallKB17607$\3352788207\L\mmthzwvd
    c:\windows\$NtUninstallKB17607$\3352788207\loader.tlb
    c:\windows\$NtUninstallKB17607$\3352788207\U\@00000001
    c:\windows\$NtUninstallKB17607$\3352788207\U\@000000c0
    c:\windows\$NtUninstallKB17607$\3352788207\U\@000000cb
    c:\windows\$NtUninstallKB17607$\3352788207\U\@000000cf
    c:\windows\$NtUninstallKB17607$\3352788207\U\@80000000
    c:\windows\$NtUninstallKB17607$\3352788207\U\@800000c0
    c:\windows\$NtUninstallKB17607$\3352788207\U\@800000cb
    c:\windows\$NtUninstallKB17607$\3352788207\U\@800000cf
    c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
    c:\windows\assembly\GAC_MSIL\desktop.ini
    c:\windows\system32\
    c:\windows\$NtUninstallKB17607$ . . . . impossible à supprimer
    .
    c:\windows\system32\drivers\AFS2K.sys . . . est infecté!! . . . Impossible de trouver un substitut valide.
    Une copie infectée de c:\windows\system32\userinit.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\userinit.exe
    .
    c:\program files\Securitoo\av_fw\fswsclds.exe . . . est infecté!!
    c:\program files\Securitoo\av_fw\fswsclds.exe . . . was deleted!! You should re-install the program it pertains to
    .
    c:\program files\Google\Update\GoogleUpdate.exe . . . est infecté!!
    c:\program files\Google\Update\GoogleUpdate.exe . . . was deleted!! You should re-install the program it pertains to
    .
    c:\program files\Java\jre6\bin\jqs.exe . . . est infecté!!
    c:\program files\Java\jre6\bin\jqs.exe . . . was deleted!! You should re-install the program it pertains to
    .
    c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe . . . est infecté!!
    c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe . . . was deleted!! You should re-install the program it pertains to
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_c7d77cef
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-09-05 au 2011-10-05 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-10-04 09:25 . 2011-10-04 14:13 48016 --sha-w- c:\windows\system32\c_40444.nl_
    2011-10-03 14:54 . 2011-10-03 14:54 -------- d-----w- c:\documents and settings\Administrateur
    2011-10-03 14:43 . 2011-10-03 15:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-10-03 14:42 . 2011-10-03 14:42 -------- d-----w- c:\documents and settings\MEDIA\Application Data\Malwarebytes
    2011-10-03 14:42 . 2011-10-03 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-10-03 14:42 . 2011-10-03 15:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-03 13:22 . 2011-10-03 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
    2011-10-03 13:14 . 2011-10-05 07:58 -------- d-----w- c:\program files\Microsoft Silverlight
    2011-10-03 13:08 . 2011-10-03 13:08 -------- d-----w- c:\documents and settings\MEDIA\Local Settings\Application Data\PackageAware
    2011-10-03 09:57 . 2011-10-03 09:57 -------- d-----w- c:\program files\Trend Micro
    2011-10-02 20:10 . 2011-10-02 20:10 401720 ----a-w- C:\HiJackThis.exe
    2011-10-02 18:50 . 2011-10-02 18:50 126586 ----a-w- C:\TomsDownloader15149.exe
    2011-10-02 16:35 . 2011-10-03 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-10-02 16:35 . 2011-10-02 16:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-10-02 16:32 . 2011-10-02 16:32 16409960 ----a-w- C:\spybotsd162.exe
    2011-10-02 13:22 . 2011-10-02 13:22 -------- d-----w- c:\documents and settings\MEDIA\Application Data\BitDefender
    2011-10-02 13:21 . 2011-10-02 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
    2011-10-02 13:21 . 2011-10-02 13:21 -------- d-----w- c:\program files\BitDefender
    2011-10-02 13:18 . 2011-10-02 13:21 -------- d-----w- c:\program files\Fichiers communs\BitDefender
    2011-10-02 13:15 . 2011-10-02 13:16 66681160 ----a-w- C:\bitdefender_free_2009_32b.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-04 14:13 . 2006-03-02 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2011-10-04 09:25 . 2006-03-02 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
    2011-10-02 14:29 . 2009-04-21 09:57 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
    2011-09-09 09:12 . 2006-03-02 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
    2011-07-15 13:29 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02 . 2006-03-02 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2009-04-25 14:46 . 2009-04-25 14:46 1161576 -c--a-w- c:\program files\wlsetup-custom.exe
    2009-04-25 14:39 . 2009-04-25 14:39 1161576 -c--a-w- c:\program files\wlsetup-web.exe
    2009-04-18 10:21 . 2009-04-18 10:21 10049016 -c--a-w- c:\program files\picasa3-setup.exe
    2008-10-13 10:04 . 2008-10-13 10:04 7606832 -c--a-w- c:\program files\Firefox Setup 3.0.3.exe
    2004-10-01 13:00 . 2006-10-17 07:18 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-15 68856]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-05-13 24576]
    "WooCnxMon"="c:\progra~1\Wanadoo\CnxMon.exe" [2004-05-13 24576]
    "VTTimer"="VTTimer.exe" [2006-06-16 53248]
    "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
    "SoundMan"="SOUNDMAN.EXE" [2006-03-02 577536]
    "S3Trayp"="S3Trayp.exe" [2005-10-31 163840]
    "RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
    "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-19 778240]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\MEDIA\Menu D‚marrer\Programmes\D‚marrage\
    Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2006-10-17 208896]
    .
    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-14 110592]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
    "c:\\TomsDownloader15149.exe"=
    "c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
    "c:\\Program Files\\Wanadoo\\EspaceWanadoo.exe"=
    "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
    .
    S2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;c:\program files\Securitoo\av_fw\fswsclds.exe --> c:\program files\Securitoo\av_fw\fswsclds.exe [?]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [21/04/2009 11:57 146312]
    S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
    .
    2007-01-22 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8161184155.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://google.fr/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\MEDIA\Application Data\Mozilla\Firefox\Profiles\undo6mk8.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.wanadoo.fr/
    FF - prefs.js: network.proxy.type - 4
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    .
    ------- Associations de fichier -------
    .
    .scr=AutoCADScriptFile
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    HKCU-Run-PowerBar - (no file)
    SafeBoot-37621014.sys
    SafeBoot-63285253.sys
    AddRemove-RD - c:\documents and settings\MEDIA\Mes documents\regisbourdaud\DT\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-05 14:41
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    PowerBar = ???????????????????????????????????????????????????????????? ??|`??|????]??|?d>~??????????????@?8?@??????????!?s?%?s??????@?????D&?s?T3??s?s????????????^=?s?????????!?s?&?s??????@?8?@?D&?sDx3??$@?8?@?8?@?????????Px3??@3????s???s@T3?0@3??@3?0??s?????????T3????
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'explorer.exe'(2528)
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\VTTimer.exe
    c:\windows\SOUNDMAN.EXE
    c:\windows\system32\S3Trayp.exe
    c:\program files\BitDefender\BitDefender 2009\seccenter.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2011-10-05 14:44:20 - La machine a redémarré
    ComboFix-quarantined-files.txt 2011-10-05 12:44
    .
    Avant-CF: 48 295 378 944 octets libres
    Après-CF: 48 716 873 728 octets libres
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
    .
    - - End Of File - - 646AB45F6DD7DC03473F7495FD0EB3D3
    5 Octobre 2011 20:52:33

    re
    je suis loin d'être aussi optimiste que toi :/ 
    on va commencer par vérifier un truc...


    Clique ici pour télécharger CKScanner sur ton Bureau
    http://downloads.malwareremoval.com/CKScanner.exe

    Lance CKScanner.exe et clique sur le bouton Search For Files.
    Patiente un peu, quand le scan est terminé clique sur le bouton Save List to file
    Un message apparaitra pour te dire que le rapport est sauvegardé.
    Ouvre le rapport CKFiles.txt placé sur ton bureau
    Copie-Colle le contenu dans ta prochaine réponse.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS