Votre question

[Résolu] Probleme internet : pages non voulues a la place du site demandé

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Novembre 2011 01:55:36

Bonjour,
alors voilà, je vous expose mon problème, il se trouve que j'ai du attraper un virus quelque part et je ne trouve pas de solution pour m'en débarrasser. En effet, dès que je me connecte sur internet que se soit avec Mozilla, ou Internet Explorer etc, dès que je veux ouvrir une page, un site, correspondant a ma recherche, une page de pub s'ouvre a la place et je ne sais pas quoi faire pour que cela cesse ...
Voilà, j’espère fortement que quelqu'un pourra m'aider a résoudre ce problème.
Merci.

Autres pages sur : probleme internet pages voulues place site demande

1 Novembre 2011 09:55:14

Bonjour et [:bienvenue]

Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.

    <@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**

    ++
    1 Novembre 2011 12:20:55

    Bonjour et merci pour votre réponse rapide,
    alors, voici le rapport du scan DDS.txt : .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
    Run by Didier at 12:12:48 on 2011-11-01
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1116 [GMT 1:00]
    .
    AV: Pack Sécurité SFR 9.12 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    FW: Pack Sécurité SFR 9.12 *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\3987711081:2522566674.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\SFR\Kit\9props.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\IProsetMonitor.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\SFR\Pack Sécurité\Common\FSLAUNCHER0.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    "C:\WINDOWS\system32\svchost.exe"
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.club-internet.fr/
    uWindow Title = Internet Explorer avec Club-Internet
    uSearch Bar = hxxp://search.msn.fr/spbasic.htm
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    uInternet Settings,ProxyServer = 127.0.0.1:8088
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uWinlogon: Shell=c:\documents and settings\didier\local settings\application data\69a4afed\X
    BHO: Objet d'aide à la navigation SFR: {0f6e720a-1a6b-40e1-a294-1d4d19f156c8} - c:\program files\sfr\kit\SFRNavErrorHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\sfr\pack sécurité\nrs\iescript\baselitmus.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
    TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\sfr\pack sécurité\nrs\iescript\baselitmus.dll
    TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Connexion SFR 9props.exe] "c:\program files\sfr\kit\9props.exe" /trayicon
    uRun: [SandboxieControl] c:\program files\sandboxie\SbieCtrl.exe
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [F-Secure TNB] "c:\program files\sfr\pack sécurité\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
    mRun: [F-Secure Manager] "c:\program files\sfr\pack sécurité\common\FSM32.EXE" /splash
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [rkfree] "c:\documents and settings\didier\bureau\camille\rkfree.exe" /b
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: c:\program files\sfr\pack se9,curite9,\fsps\program\FSLSP.DLL
    LSP: mswsock.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237467984828
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{1C55B368-3962-47B9-B0CB-E4546B56DFA2} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{ABE5E3E1-B79D-4887-A5C1-EEC3C0900FC6} : DhcpNameServer = 192.168.1.1
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\didier\application data\mozilla\firefox\profiles\52l9ks3w.default\
    FF - prefs.js: browser.startup.homepage - hxxp://google.fr
    FF - plugin: c:\documents and settings\all users\application data\nexoneu\ngm\npNxGameeu.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-3-19 42672]
    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-3-19 81864]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\sfr\pack sécurité\hips\drivers\fshs.sys [2009-3-19 69928]
    R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-4-10 33824]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2010-12-25 110240]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-4-9 47640]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-5-21 173352]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\sfr\pack sécurité\anti-virus\minifilter\fsgk.sys [2009-3-19 148632]
    R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-2-3 115432]
    R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-1 41272]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\sfr\pack sécurité\anti-virus\fsgk32st.exe [2009-3-19 221608]
    S2 gupdate1ca0e14a8ba716a;Service Google Update (gupdate1ca0e14a8ba716a);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104]
    S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys --> c:\windows\system32\drivers\activhidsermini.sys [?]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 FSORSPClient;F-Secure ORSP Client;c:\program files\sfr\pack sécurité\orsp client\fsorsp.exe [2009-3-19 61088]
    S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
    S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys --> c:\windows\system32\drivers\activmouse.sys [?]
    S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-3-13 476416]
    S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [2004-8-10 12800]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 XDva309;XDva309;\??\c:\windows\system32\xdva309.sys --> c:\windows\system32\XDva309.sys [?]
    S3 XDva326;XDva326;\??\c:\windows\system32\xdva326.sys --> c:\windows\system32\XDva326.sys [?]
    S3 XDva328;XDva328;\??\c:\windows\system32\xdva328.sys --> c:\windows\system32\XDva328.sys [?]
    S3 XDva332;XDva332;\??\c:\windows\system32\xdva332.sys --> c:\windows\system32\XDva332.sys [?]
    S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?]
    S3 XDva341;XDva341;\??\c:\windows\system32\xdva341.sys --> c:\windows\system32\XDva341.sys [?]
    S3 XDva343;XDva343;\??\c:\windows\system32\xdva343.sys --> c:\windows\system32\XDva343.sys [?]
    S3 XDva346;XDva346;\??\c:\windows\system32\xdva346.sys --> c:\windows\system32\XDva346.sys [?]
    S3 XDva347;XDva347;\??\c:\windows\system32\xdva347.sys --> c:\windows\system32\XDva347.sys [?]
    S3 XDva349;XDva349;\??\c:\windows\system32\xdva349.sys --> c:\windows\system32\XDva349.sys [?]
    S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]
    S3 XDva354;XDva354;\??\c:\windows\system32\xdva354.sys --> c:\windows\system32\XDva354.sys [?]
    S3 XDva358;XDva358;\??\c:\windows\system32\xdva358.sys --> c:\windows\system32\XDva358.sys [?]
    S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]
    S3 XDva362;XDva362;\??\c:\windows\system32\xdva362.sys --> c:\windows\system32\XDva362.sys [?]
    S3 XDva365;XDva365;\??\c:\windows\system32\xdva365.sys --> c:\windows\system32\XDva365.sys [?]
    S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]
    S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]
    S3 XDva380;XDva380;\??\c:\windows\system32\xdva380.sys --> c:\windows\system32\XDva380.sys [?]
    S3 XDva383;XDva383;\??\c:\windows\system32\xdva383.sys --> c:\windows\system32\XDva383.sys [?]
    S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
    S3 XDva386;XDva386;\??\c:\windows\system32\xdva386.sys --> c:\windows\system32\XDva386.sys [?]
    S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?]
    S3 XDva388;XDva388;\??\c:\windows\system32\xdva388.sys --> c:\windows\system32\XDva388.sys [?]
    S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]
    S3 XDva390;XDva390;\??\c:\windows\system32\xdva390.sys --> c:\windows\system32\XDva390.sys [?]
    S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?]
    S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;"c:\program files\logmein hamachi\hamachi-2.exe" -s --> c:\program files\logmein hamachi\hamachi-2.exe [?]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
    .
    =============== Created Last 30 ================
    .
    2011-11-01 10:41:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-01 10:41:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-01 10:37:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-11-01 10:33:41 -------- d-----w- c:\documents and settings\didier\application data\Malwarebytes
    2011-11-01 10:33:36 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-11-01 00:37:43 -------- d-----w- c:\program files\Trend Micro
    2011-11-01 00:19:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-11-01 00:19:07 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2011-10-31 23:57:44 -------- d-sh--w- c:\documents and settings\didier\local settings\application data\69a4afed
    2011-10-30 12:51:37 -------- d-----w- c:\documents and settings\all users\application data\EA Core
    2011-10-30 12:03:09 -------- d-----w- c:\program files\fichiers communs\BioWare
    2011-10-15 15:39:50 -------- d-----r- c:\program files\Skype
    2011-10-05 17:25:47 -------- d-----w- c:\documents and settings\didier\local settings\application data\CrashRpt
    .
    ==================== Find3M ====================
    .
    2011-10-01 15:42:24 0 ----a-w- c:\windows\ativpsrm.bin
    2011-09-27 17:05:40 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-09-27 17:05:33 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-09-26 09:41:40 614400 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 09:41:40 22528 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-26 09:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-09 09:12:01 606208 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 14:10:01 1859072 ----a-w- c:\windows\system32\win32k.sys
    2011-08-23 19:05:58 74752 ----a-w- c:\windows\ST6UNST.EXE
    2011-08-23 19:05:58 253952 ------w- c:\windows\Setup1.exe
    2011-08-22 23:41:31 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:41:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:41:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:53 385024 ----a-w- c:\windows\system32\html.iec
    2011-08-17 15:56:08 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    ============= FINISH: 12:18:11,79 ===============

    Merci de votre aide.
    Contenus similaires
    1 Novembre 2011 13:42:05

    re
    Citation :
    C:\WINDOWS\3987711081:2522566674.exe

    c'est une grosse infection (Zero access, Max++)

    Sauvegarde tes données avant de lancer le nettoyage.


    étape 1

    telecharge sur ton bureau http://support.kaspersky.com/downloads/utils/tdsskiller... , dezippe le et execute le , un rapport sera crée ici:

    C:\TDSSKillerVersion_Date_Time_log.txt.<< copie_colle son contenu

    tu as aussi directement l'executable là : http://support.kaspersky.com/downloads/utils/tdsskiller...

    o execute le , La fenêtre suivante va s'ouvrir::



    o Clique sur Start scan et laisse l'outil scanner ton disque dur sans l'interrompre et sans utiliser le PC.
    o Si des fichiers infectés sont trouvées, une nouvelle fenêtre va s'ouvrir:



    o Si TDSS.tdl2 est détecté l'option delete sera cochée par défaut.

    o Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.

    o Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.

    o Si Suspicious file est indiqué, laisse l'option cochée sur Skip

    o Clique sur Continue puis sur Reboot now pour redémarrer le PC.

    o Copie-colle le rapport généré dans ta prochaine réponse (Il est aussi sauvegardé à la racine de ta partition système sous le nom C:\TDSSKiller_Quarantine\JJ.MM.AA_HH.MM.SS. (JJ.MM.AA date du passage de l'outil, HH.MM.SS heure de passage).

    tutoriel--> http://support.kaspersky.com/viruses/solutions?qid=2082...



    étape 2



  • Télécharge ZeroAccessRemover (de Webroot) sur ton bureau.

  • Lance-le (utilisateurs Vista/7 >> Clic droit dessus --> Exécuter en tant qu'administrateur).

  • Une fenêtre noire s'affiche et te demande de confirmer le scan. Tape Y et valide.

    ==> Deux solutions sont possibles :

  • Le fix t'informe qu’un des fichiers systèmes a été patché et te propose de le nettoyer (des lignes rouges apparaissent à l'écran). Tape alors Y (oui) et Entrée pour lancer le nettoyage.

    --> Si l’opération a réussi, tu dois avoir le message Cleaned en vert.
    Appuye sur une touche et redémarre l’ordinateur.

    Poste le contenu du rapport qui se trouve sur ton bureau, et qui s'appelle AntiZeroAccess_Log.txt

  • Le fix t'informe que le système n'est pas infecté par ZeroAccess (des lignes vertes s'affichent), dans ce cas dis-le moi.



    étape 3

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>
    1 Novembre 2011 15:07:14

    Etape 1 : voice le rapport de TDSkiller :

    13:58:18.0703 5628 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
    13:58:19.0015 5628 ============================================================
    13:58:19.0015 5628 Current date / time: 2011/11/01 13:58:19.0015
    13:58:19.0015 5628 SystemInfo:
    13:58:19.0015 5628
    13:58:19.0015 5628 OS Version: 5.1.2600 ServicePack: 3.0
    13:58:19.0015 5628 Product type: Workstation
    13:58:19.0015 5628 ComputerName: FAMILLE-4713C43
    13:58:19.0015 5628 UserName: Didier
    13:58:19.0015 5628 Windows directory: C:\WINDOWS
    13:58:19.0015 5628 System windows directory: C:\WINDOWS
    13:58:19.0015 5628 Processor architecture: Intel x86
    13:58:19.0015 5628 Number of processors: 2
    13:58:19.0015 5628 Page size: 0x1000
    13:58:19.0015 5628 Boot type: Normal boot
    13:58:19.0015 5628 ============================================================
    13:58:19.0281 5628 Initialize success
    13:58:56.0734 5780 ============================================================
    13:58:56.0734 5780 Scan started
    13:58:56.0734 5780 Mode: Manual;
    13:58:56.0734 5780 ============================================================
    13:58:59.0062 5780 69a4afed ( Rootkit.Win32.PMax.gen ) - infected
    13:58:59.0062 5780 69a4afed - detected Rootkit.Win32.PMax.gen (0)
    13:58:59.0125 5780 Abiosdsk - ok
    13:58:59.0156 5780 abp480n5 - ok
    13:58:59.0218 5780 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    13:58:59.0234 5780 ACPI - ok
    13:58:59.0312 5780 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
    13:58:59.0328 5780 ACPIEC - ok
    13:58:59.0375 5780 ActivHidSerMini - ok
    13:58:59.0390 5780 adpu160m - ok
    13:58:59.0406 5780 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    13:58:59.0406 5780 aec - ok
    13:58:59.0484 5780 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    13:58:59.0500 5780 AFD - ok
    13:58:59.0562 5780 Aha154x - ok
    13:58:59.0593 5780 aic78u2 - ok
    13:58:59.0656 5780 aic78xx - ok
    13:58:59.0718 5780 AliIde - ok
    13:58:59.0781 5780 amsint - ok
    13:58:59.0890 5780 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
    13:58:59.0890 5780 ANIO - ok
    13:58:59.0937 5780 asc - ok
    13:58:59.0937 5780 asc3350p - ok
    13:58:59.0953 5780 asc3550 - ok
    13:59:00.0031 5780 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    13:59:00.0031 5780 AsyncMac - ok
    13:59:00.0109 5780 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
    13:59:00.0109 5780 atapi - ok
    13:59:00.0156 5780 Atdisk - ok
    13:59:00.0296 5780 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    13:59:00.0406 5780 ati2mtag - ok
    13:59:00.0500 5780 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys
    13:59:00.0515 5780 atksgt - ok
    13:59:00.0546 5780 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    13:59:00.0546 5780 Atmarpc - ok
    13:59:00.0625 5780 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    13:59:00.0625 5780 audstub - ok
    13:59:00.0703 5780 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    13:59:00.0703 5780 Beep - ok
    13:59:00.0765 5780 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    13:59:00.0765 5780 cbidf2k - ok
    13:59:00.0828 5780 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    13:59:00.0828 5780 CCDECODE - ok
    13:59:00.0828 5780 cd20xrnt - ok
    13:59:00.0859 5780 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    13:59:00.0875 5780 Cdaudio - ok
    13:59:00.0906 5780 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    13:59:00.0921 5780 Cdfs - ok
    13:59:00.0953 5780 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    13:59:00.0953 5780 Cdrom - ok
    13:59:01.0062 5780 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
    13:59:01.0062 5780 cercsr6 - ok
    13:59:01.0093 5780 Changer - ok
    13:59:01.0156 5780 CmdIde - ok
    13:59:01.0218 5780 Cpqarray - ok
    13:59:01.0296 5780 dac2w2k - ok
    13:59:01.0359 5780 dac960nt - ok
    13:59:01.0484 5780 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    13:59:01.0484 5780 Disk - ok
    13:59:01.0531 5780 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
    13:59:01.0578 5780 dmboot - ok
    13:59:01.0578 5780 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\DRIVERS\dmio.sys
    13:59:01.0578 5780 dmio - ok
    13:59:01.0593 5780 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    13:59:01.0593 5780 dmload - ok
    13:59:01.0640 5780 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    13:59:01.0640 5780 DMusic - ok
    13:59:01.0656 5780 dpti2o - ok
    13:59:01.0718 5780 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    13:59:01.0718 5780 drmkaud - ok
    13:59:01.0734 5780 e1express (6de32a9123ef60f9d423e9163af0e305) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    13:59:01.0750 5780 e1express - ok
    13:59:01.0750 5780 EagleNT - ok
    13:59:01.0765 5780 EagleXNt - ok
    13:59:01.0953 5780 F-Secure Gatekeeper (29d12e1e45d93b45d2598e2663bbeff4) C:\Program Files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys
    13:59:01.0968 5780 F-Secure Gatekeeper - ok
    13:59:02.0046 5780 F-Secure HIPS (dc0720248dc4d1f303df94ccc3adff96) C:\Program Files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys
    13:59:02.0046 5780 F-Secure HIPS - ok
    13:59:02.0125 5780 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    13:59:02.0125 5780 Fastfat - ok
    13:59:02.0187 5780 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    13:59:02.0187 5780 Fdc - ok
    13:59:02.0218 5780 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
    13:59:02.0218 5780 Fips - ok
    13:59:02.0265 5780 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    13:59:02.0265 5780 Flpydisk - ok
    13:59:02.0296 5780 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    13:59:02.0296 5780 FltMgr - ok
    13:59:02.0328 5780 fsbts (343786e182b9c9ae3066e00dec650f50) C:\WINDOWS\system32\Drivers\fsbts.sys
    13:59:02.0328 5780 fsbts - ok
    13:59:02.0390 5780 FSFW (fe5918f5c839f7bbf74fb91743dd4262) C:\WINDOWS\system32\drivers\fsdfw.sys
    13:59:02.0390 5780 FSFW - ok
    13:59:02.0468 5780 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    13:59:02.0484 5780 Fs_Rec - ok
    13:59:02.0546 5780 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    13:59:02.0546 5780 Ftdisk - ok
    13:59:02.0625 5780 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    13:59:02.0625 5780 GEARAspiWDM - ok
    13:59:02.0656 5780 GGSAFERDriver - ok
    13:59:02.0718 5780 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    13:59:02.0718 5780 Gpc - ok
    13:59:02.0781 5780 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
    13:59:02.0781 5780 hamachi - ok
    13:59:02.0875 5780 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    13:59:02.0890 5780 HDAudBus - ok
    13:59:02.0968 5780 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    13:59:02.0968 5780 hidusb - ok
    13:59:03.0000 5780 hpn - ok
    13:59:03.0062 5780 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    13:59:03.0078 5780 HTTP - ok
    13:59:03.0109 5780 i2omgmt - ok
    13:59:03.0156 5780 i2omp - ok
    13:59:03.0171 5780 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\drivers\i8042prt.sys
    13:59:03.0171 5780 i8042prt - ok
    13:59:03.0250 5780 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
    13:59:03.0250 5780 iastor - ok
    13:59:03.0578 5780 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    13:59:03.0578 5780 Imapi - ok
    13:59:03.0625 5780 ini910u - ok
    13:59:03.0640 5780 IntelIde - ok
    13:59:03.0750 5780 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    13:59:03.0750 5780 intelppm - ok
    13:59:03.0812 5780 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    13:59:03.0812 5780 Ip6Fw - ok
    13:59:03.0890 5780 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    13:59:03.0890 5780 IpFilterDriver - ok
    13:59:03.0968 5780 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    13:59:03.0968 5780 IpInIp - ok
    13:59:04.0046 5780 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    13:59:04.0062 5780 IpNat - ok
    13:59:04.0109 5780 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    13:59:04.0109 5780 IPSec - ok
    13:59:04.0171 5780 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    13:59:04.0171 5780 IRENUM - ok
    13:59:04.0312 5780 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    13:59:04.0328 5780 isapnp - ok
    13:59:04.0375 5780 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    13:59:04.0375 5780 Kbdclass - ok
    13:59:04.0406 5780 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    13:59:04.0406 5780 kbdhid - ok
    13:59:04.0421 5780 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    13:59:04.0421 5780 kmixer - ok
    13:59:04.0484 5780 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    13:59:04.0484 5780 KSecDD - ok
    13:59:04.0546 5780 lbrtfdc - ok
    13:59:04.0656 5780 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
    13:59:04.0656 5780 lirsgt - ok
    13:59:04.0781 5780 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
    13:59:04.0781 5780 LMIInfo - ok
    13:59:04.0859 5780 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    13:59:04.0859 5780 lmimirr - ok
    13:59:04.0890 5780 LMIRfsClientNP - ok
    13:59:05.0062 5780 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    13:59:05.0062 5780 LMIRfsDriver - ok
    13:59:05.0140 5780 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
    13:59:05.0140 5780 LVPr2Mon - ok
    13:59:05.0234 5780 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
    13:59:05.0234 5780 LVRS - ok
    13:59:05.0312 5780 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\drivers\LVUSBSta.sys
    13:59:05.0312 5780 LVUSBSta - ok
    13:59:05.0390 5780 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    13:59:05.0390 5780 MHNDRV - ok
    13:59:05.0468 5780 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    13:59:05.0484 5780 mnmdd - ok
    13:59:05.0546 5780 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
    13:59:05.0546 5780 Modem - ok
    13:59:05.0640 5780 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    13:59:05.0640 5780 Mouclass - ok
    13:59:05.0687 5780 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    13:59:05.0687 5780 mouhid - ok
    13:59:05.0765 5780 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    13:59:05.0765 5780 MountMgr - ok
    13:59:05.0781 5780 mraid35x - ok
    13:59:05.0890 5780 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
    13:59:05.0890 5780 MRENDIS5 - ok
    13:59:05.0984 5780 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    13:59:06.0000 5780 MRxDAV - ok
    13:59:06.0078 5780 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    13:59:06.0078 5780 MRxSmb - ok
    13:59:06.0109 5780 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    13:59:06.0109 5780 Msfs - ok
    13:59:06.0140 5780 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    13:59:06.0140 5780 MSKSSRV - ok
    13:59:06.0187 5780 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    13:59:06.0187 5780 MSPCLOCK - ok
    13:59:06.0203 5780 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    13:59:06.0203 5780 MSPQM - ok
    13:59:06.0281 5780 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    13:59:06.0281 5780 mssmbios - ok
    13:59:06.0312 5780 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    13:59:06.0312 5780 MSTEE - ok
    13:59:06.0328 5780 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    13:59:06.0343 5780 Mup - ok
    13:59:06.0421 5780 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    13:59:06.0421 5780 NABTSFEC - ok
    13:59:06.0484 5780 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    13:59:06.0484 5780 NDIS - ok
    13:59:06.0531 5780 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    13:59:06.0531 5780 NdisIP - ok
    13:59:06.0671 5780 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    13:59:06.0671 5780 NdisTapi - ok
    13:59:06.0718 5780 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    13:59:06.0718 5780 Ndisuio - ok
    13:59:06.0781 5780 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    13:59:06.0781 5780 NdisWan - ok
    13:59:06.0828 5780 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    13:59:06.0828 5780 NDProxy - ok
    13:59:06.0843 5780 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    13:59:06.0843 5780 NetBIOS - ok
    13:59:06.0859 5780 NetBT (4c879007c1bd5811cf5021eb94646b1b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    13:59:06.0859 5780 NetBT - ok
    13:59:06.0906 5780 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    13:59:06.0906 5780 Npfs - ok
    13:59:07.0046 5780 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
    13:59:07.0062 5780 NPPTNT2 - ok
    13:59:07.0093 5780 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    13:59:07.0109 5780 Ntfs - ok
    13:59:07.0140 5780 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    13:59:07.0140 5780 Null - ok
    13:59:07.0187 5780 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    13:59:07.0187 5780 NwlnkFlt - ok
    13:59:07.0203 5780 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    13:59:07.0218 5780 NwlnkFwd - ok
    13:59:07.0234 5780 oreans32 (b99575d16f887883b821d372ff292c20) C:\WINDOWS\system32\drivers\oreans32.sys
    13:59:07.0234 5780 oreans32 - ok
    13:59:07.0296 5780 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
    13:59:07.0296 5780 Parport - ok
    13:59:07.0328 5780 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    13:59:07.0328 5780 PartMgr - ok
    13:59:07.0375 5780 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
    13:59:07.0375 5780 ParVdm - ok
    13:59:07.0421 5780 PCASp50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\WINDOWS\system32\Drivers\PCASp50.sys
    13:59:07.0437 5780 PCASp50 - ok
    13:59:07.0484 5780 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys
    13:59:07.0484 5780 PCI - ok
    13:59:07.0500 5780 PCIDump - ok
    13:59:07.0531 5780 PCIIde - ok
    13:59:07.0562 5780 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
    13:59:07.0562 5780 Pcmcia - ok
    13:59:07.0625 5780 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
    13:59:07.0625 5780 pcouffin - ok
    13:59:07.0625 5780 PDCOMP - ok
    13:59:07.0640 5780 PDFRAME - ok
    13:59:07.0640 5780 PDRELI - ok
    13:59:07.0656 5780 PDRFRAME - ok
    13:59:07.0781 5780 pepifilter (4349c7dc0c982cffc11946fff20f8524) C:\WINDOWS\system32\DRIVERS\lv302af.sys
    13:59:07.0781 5780 pepifilter - ok
    13:59:07.0781 5780 perc2 - ok
    13:59:07.0796 5780 perc2hib - ok
    13:59:08.0359 5780 PID_PEPI (4fc23dae30ef4f6a2952cd93104909e7) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
    13:59:08.0421 5780 PID_PEPI - ok
    13:59:08.0484 5780 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    13:59:08.0484 5780 PptpMiniport - ok
    13:59:08.0500 5780 prmvmouse - ok
    13:59:08.0500 5780 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    13:59:08.0500 5780 PSched - ok
    13:59:08.0546 5780 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    13:59:08.0546 5780 Ptilink - ok
    13:59:08.0578 5780 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    13:59:08.0578 5780 PxHelp20 - ok
    13:59:08.0593 5780 ql1080 - ok
    13:59:08.0593 5780 Ql10wnt - ok
    13:59:08.0625 5780 ql12160 - ok
    13:59:08.0640 5780 ql1240 - ok
    13:59:08.0671 5780 ql1280 - ok
    13:59:08.0750 5780 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    13:59:08.0750 5780 RasAcd - ok
    13:59:08.0796 5780 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    13:59:08.0812 5780 Rasl2tp - ok
    13:59:08.0843 5780 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    13:59:08.0843 5780 RasPppoe - ok
    13:59:08.0843 5780 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    13:59:08.0843 5780 Raspti - ok
    13:59:08.0875 5780 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    13:59:08.0890 5780 Rdbss - ok
    13:59:08.0984 5780 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    13:59:08.0984 5780 RDPCDD - ok
    13:59:09.0031 5780 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    13:59:09.0031 5780 rdpdr - ok
    13:59:09.0140 5780 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    13:59:09.0156 5780 RDPWD - ok
    13:59:09.0250 5780 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
    13:59:09.0281 5780 redbook - ok
    13:59:09.0375 5780 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
    13:59:09.0375 5780 RsFx0103 - ok
    13:59:09.0484 5780 rt2870 (2be6b34244e2a2aaaf1e93d765483512) C:\WINDOWS\system32\DRIVERS\rt2870.sys
    13:59:09.0484 5780 rt2870 - ok
    13:59:09.0562 5780 SbieDrv (0e5a3d6b8362d7b44dbf56acd2c090ce) C:\Program Files\Sandboxie\SbieDrv.sys
    13:59:09.0562 5780 SbieDrv - ok
    13:59:09.0656 5780 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    13:59:09.0656 5780 Secdrv - ok
    13:59:09.0765 5780 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
    13:59:09.0765 5780 Serial - ok
    13:59:09.0843 5780 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    13:59:09.0843 5780 Sfloppy - ok
    13:59:09.0890 5780 Simbad - ok
    13:59:10.0031 5780 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    13:59:10.0046 5780 SLIP - ok
    13:59:10.0093 5780 Sparrow - ok
    13:59:10.0171 5780 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    13:59:10.0171 5780 splitter - ok
    13:59:10.0218 5780 sptd - ok
    13:59:10.0312 5780 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
    13:59:10.0312 5780 sr - ok
    13:59:10.0390 5780 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    13:59:10.0421 5780 Srv - ok
    13:59:10.0453 5780 StarOpen - ok
    13:59:10.0578 5780 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
    13:59:10.0687 5780 STHDA - ok
    13:59:10.0718 5780 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    13:59:10.0718 5780 streamip - ok
    13:59:10.0750 5780 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    13:59:10.0750 5780 swenum - ok
    13:59:10.0781 5780 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    13:59:10.0781 5780 swmidi - ok
    13:59:10.0828 5780 symc810 - ok
    13:59:10.0906 5780 symc8xx - ok
    13:59:10.0984 5780 sym_hi - ok
    13:59:11.0046 5780 sym_u3 - ok
    13:59:11.0171 5780 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    13:59:11.0171 5780 sysaudio - ok
    13:59:11.0265 5780 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    13:59:11.0265 5780 Tcpip - ok
    13:59:11.0328 5780 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    13:59:11.0328 5780 TDPIPE - ok
    13:59:11.0453 5780 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    13:59:11.0453 5780 TDTCP - ok
    13:59:11.0546 5780 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    13:59:11.0562 5780 TermDD - ok
    13:59:11.0609 5780 TosIde - ok
    13:59:11.0625 5780 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    13:59:11.0640 5780 Udfs - ok
    13:59:11.0671 5780 UIUSys - ok
    13:59:11.0718 5780 ultra - ok
    13:59:11.0812 5780 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    13:59:11.0828 5780 Update - ok
    13:59:11.0906 5780 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    13:59:11.0906 5780 USBAAPL - ok
    13:59:11.0984 5780 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
    13:59:11.0984 5780 usbaudio - ok
    13:59:12.0078 5780 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    13:59:12.0093 5780 usbccgp - ok
    13:59:12.0140 5780 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    13:59:12.0156 5780 usbehci - ok
    13:59:12.0218 5780 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    13:59:12.0234 5780 usbhub - ok
    13:59:12.0312 5780 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    13:59:12.0312 5780 usbprint - ok
    13:59:12.0375 5780 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    13:59:12.0375 5780 usbscan - ok
    13:59:12.0406 5780 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    13:59:12.0406 5780 usbstor - ok
    13:59:12.0453 5780 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    13:59:12.0453 5780 usbuhci - ok
    13:59:12.0531 5780 USB_RNDIS_51 (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
    13:59:12.0531 5780 USB_RNDIS_51 - ok
    13:59:12.0593 5780 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    13:59:12.0593 5780 VgaSave - ok
    13:59:12.0625 5780 ViaIde - ok
    13:59:12.0640 5780 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
    13:59:12.0640 5780 VolSnap - ok
    13:59:12.0703 5780 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    13:59:12.0703 5780 Wanarp - ok
    13:59:12.0734 5780 WDICA - ok
    13:59:12.0750 5780 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    13:59:12.0750 5780 wdmaud - ok
    13:59:12.0843 5780 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
    13:59:12.0843 5780 WpdUsb - ok
    13:59:12.0921 5780 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    13:59:12.0937 5780 WSTCODEC - ok
    13:59:13.0015 5780 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    13:59:13.0015 5780 WudfPf - ok
    13:59:13.0109 5780 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    13:59:13.0109 5780 WudfRd - ok
    13:59:13.0171 5780 XDva309 - ok
    13:59:13.0187 5780 XDva326 - ok
    13:59:13.0203 5780 XDva328 - ok
    13:59:13.0234 5780 XDva332 - ok
    13:59:13.0265 5780 XDva337 - ok
    13:59:13.0296 5780 XDva341 - ok
    13:59:13.0312 5780 XDva343 - ok
    13:59:13.0375 5780 XDva346 - ok
    13:59:13.0390 5780 XDva347 - ok
    13:59:13.0421 5780 XDva349 - ok
    13:59:13.0437 5780 XDva352 - ok
    13:59:13.0468 5780 XDva354 - ok
    13:59:13.0484 5780 XDva358 - ok
    13:59:13.0531 5780 XDva359 - ok
    13:59:13.0531 5780 XDva362 - ok
    13:59:13.0609 5780 XDva365 - ok
    13:59:13.0625 5780 XDva370 - ok
    13:59:13.0703 5780 XDva375 - ok
    13:59:13.0703 5780 XDva380 - ok
    13:59:13.0781 5780 XDva383 - ok
    13:59:13.0796 5780 XDva385 - ok
    13:59:13.0859 5780 XDva386 - ok
    13:59:13.0875 5780 XDva387 - ok
    13:59:13.0953 5780 XDva388 - ok
    13:59:13.0953 5780 XDva389 - ok
    13:59:14.0031 5780 XDva390 - ok
    13:59:14.0031 5780 XDva391 - ok
    13:59:14.0062 5780 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
    13:59:14.0203 5780 \Device\Harddisk0\DR0 - ok
    13:59:14.0203 5780 Boot (0x1200) (14e6efb5b7ef184aa1505b1686fdf75a) \Device\Harddisk0\DR0\Partition0
    13:59:14.0203 5780 \Device\Harddisk0\DR0\Partition0 - ok
    13:59:14.0203 5780 ============================================================
    13:59:14.0203 5780 Scan finished
    13:59:14.0203 5780 ============================================================
    13:59:14.0218 4728 Detected object count: 1
    13:59:14.0218 4728 Actual detected object count: 1
    14:00:07.0031 4728 HKLM\SYSTEM\ControlSet001\services\69a4afed - will be deleted on reboot
    14:00:07.0031 4728 HKLM\SYSTEM\ControlSet003\services\69a4afed - will be deleted on reboot
    14:00:07.0031 4728 C:\WINDOWS\3987711081:2522566674.exe - will be deleted on reboot
    14:00:07.0031 4728 69a4afed ( Rootkit.Win32.PMax.gen ) - User select action: Delete
    14:00:12.0406 0456 Deinitialize success


    Etape 2 : Maintenant le rapport de ZeroAccessRemover :

    Webroot AntiZeroAccess 0.8 Log File
    Execution time: 01/11/2011 - 14:06
    Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3
    14:07:00 - CheckSystem - Begin to check system...
    14:07:00 - OpenRootDrive - Opening system root volume and physical drive....
    14:07:01 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x254297C1 sectors.
    14:07:01 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
    14:07:01 - InstallAndStartDriver - Main driver was installed and now is running.
    14:07:01 - CheckSystem - Warning! Disk class driver is INFECTED.
    14:07:04 - CheckFile - Warning! File "netbt.sys" is Infected by ZeroAccess Rootkit.
    14:07:14 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: c:\program files\ani\aniwzcs2 service\aniwzcsds.exe
    14:07:14 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    14:07:14 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: c:\windows\system32\ati2evxx.exe
    14:07:14 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
    14:07:14 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.exe
    14:07:14 - CheckExecutableEP - Unable to open "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" file. CreateFile last error: 3
    14:07:14 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: c:\windows\system32\iprosetmonitor.exe
    14:07:14 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: C:\Program Files\Java\jre6\bin\jqs.exe
    14:07:14 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    14:07:14 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    14:07:15 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: c:\windows\system32\pnkbstra.exe
    14:07:15 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: C:\Program Files\Sandboxie\SbieSvc.exe
    14:07:15 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    14:07:15 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    14:07:15 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.exe
    14:07:51 - DoRepair - Begin to perform system repair....
    14:07:51 - DoRepair - System Disk class driver was repaired.
    14:07:51 - DoRepair - Infected "netbt.sys" file was renamed.
    14:07:51 - DoRepair - Infected "netbt.sys" file was successfully cleaned!
    14:07:51 - CheckExecutableEP - Error! Unable to repair read-only "c:\program files\ani\aniwzcs2 service\aniwzcsds.exe" file.
    14:07:51 - CheckExecutableEP - Successfuly rewritten repaired "c:\program files\ani\aniwzcs2 service\Pre1C.tmp" file.
    14:07:51 - DoRepair - Unable to repair read-only "aniwzcsds.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
    14:07:51 - DoRepair - Infected "aniwzcsds.exe" file was successfully cleaned!
    14:07:51 - CheckExecutableEP - Error! Unable to repair read-only "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe" file.
    14:07:51 - CheckExecutableEP - Successfuly rewritten repaired "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\Pre1D.tmp" file.
    14:07:51 - DoRepair - Unable to repair read-only "AppleMobileDeviceService.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
    14:07:51 - DoRepair - Infected "AppleMobileDeviceService.exe" file was successfully cleaned!
    14:07:51 - CheckExecutableEP - Error! Unable to repair read-only "c:\windows\system32\ati2evxx.exe" file.
    14:07:51 - CheckExecutableEP - Successfuly rewritten repaired "c:\windows\system32\Pre1E.tmp" file.
    14:07:51 - DoRepair - Unable to repair read-only "ati2evxx.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
    14:07:51 - DoRepair - Infected "ati2evxx.exe" file was successfully cleaned!
    14:07:51 - CheckExecutableEP - Successfuly rewritten repaired "C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe" file.
    14:07:51 - DoRepair - Infected "fsdfwd.exe" file was successfully cleaned!
    14:07:51 - CheckExecutableEP - Error! Unable to repair read-only "C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.exe" file.
    14:07:51 - CheckExecutableEP - Successfuly rewritten repaired "C:\Program Files\SFR\Pack Sécurité\Common\Pre1F.tmp" file.
    14:07:51 - DoRepair - Unable to repair read-only "FSMA32.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
    14:07:51 - DoRepair - Infected "FSMA32.exe" file was successfully cleaned!
    14:07:51 - CheckExecutableEP - Error! Unable to repair read-only "c:\windows\system32\iprosetmonitor.exe" file.
    14:07:51 - CheckExecutableEP - Successfuly rewritten repaired "c:\windows\system32\Pre20.tmp" file.
    14:07:51 - DoRepair - Unable to repair read-only "iprosetmonitor.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
    14:07:51 - DoRepair - Infected "iprosetmonitor.exe" file was successfully cleaned!
    14:07:51 - CheckExecutableEP - Error! Unable to repair read-only "C:\Program Files\Java\jre6\bin\jqs.exe" file.
    14:07:51 - CheckExecutableEP - Successfuly rewritten repaired "C:\Program Files\Java\jre6\bin\Pre21.tmp" file.
    14:07:51 - DoRepair - Unable to repair read-only "jqs.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
    14:07:51 - DoRepair - Infected "jqs.exe" file was successfully cleaned!
    14:07:51 - CheckExecutableEP - Error! Unable to repair read-only "C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe" file.
    14:07:51 - CheckExecutableEP - Successfuly rewritten repaired "C:\Program Files\LogMeIn\x86\Pre22.tmp" file.
    14:07:51 - DoRepair - Unable to repair read-only "LMIGuardianSvc.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
    14:07:51 - DoRepair - Infected "LMIGuardianSvc.exe" file was successfully cleaned!
    14:07:51 - CheckExecutableEP - Error! Unable to repair read-only "C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe" file.
    14:07:51 - CheckExecutableEP - Successfuly rewritten repaired "C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\Pre23.tmp" file.
    14:07:51 - DoRepair - Unable to repair read-only "LVPrcSrv.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
    14:07:51 - DoRepair - Infected "LVPrcSrv.exe" file was successfully cleaned!
    14:07:51 - CheckExecutableEP - Error! Unable to repair read-only "c:\windows\system32\pnkbstra.exe" file.
    14:07:51 - CheckExecutableEP - Successfuly rewritten repaired "c:\windows\system32\Pre24.tmp" file.
    14:07:51 - DoRepair - Unable to repair read-only "pnkbstra.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
    14:07:51 - DoRepair - Infected "pnkbstra.exe" file was successfully cleaned!
    14:07:51 - CheckExecutableEP - Error! Unable to repair read-only "C:\Program Files\Sandboxie\SbieSvc.exe" file.
    14:07:51 - CheckExecutableEP - Successfuly rewritten repaired "C:\Program Files\Sandboxie\Pre25.tmp" file.
    14:07:51 - DoRepair - Unable to repair read-only "SbieSvc.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
    14:07:51 - DoRepair - Infected "SbieSvc.exe" file was successfully cleaned!
    14:07:51 - CheckExecutableEP - Error! Unable to repair read-only "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" file.
    14:07:51 - CheckExecutableEP - Successfuly rewritten repaired "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\Pre26.tmp" file.
    14:07:51 - DoRepair - Unable to repair read-only "SeaPort.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
    14:07:51 - DoRepair - Infected "SeaPort.exe" file was successfully cleaned!
    14:07:51 - CheckExecutableEP - Error! Unable to repair read-only "C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe" file.
    14:07:51 - CheckExecutableEP - Successfuly rewritten repaired "C:\Program Files\TeamViewer\Version5\Pre27.tmp" file.
    14:07:51 - DoRepair - Unable to repair read-only "TeamViewer_Service.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
    14:07:51 - DoRepair - Infected "TeamViewer_Service.exe" file was successfully cleaned!
    14:07:51 - CheckExecutableEP - Error! Unable to repair read-only "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.exe" file.
    14:07:51 - CheckExecutableEP - Successfuly rewritten repaired "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\Pre28.tmp" file.
    14:07:51 - DoRepair - Unable to repair read-only "WLIDSVC.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
    14:07:51 - DoRepair - Infected "WLIDSVC.exe" file was successfully cleaned!
    14:07:51 - DoRepair - "c_12345.nls" ZeroAccess file NOT found.
    14:07:51 - DoRepair - Warning! Unable to delete "desktop.ini" ZeroAccess file, last error: 5. This file will be removed at next reboot.
    14:07:58 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
    14:07:58 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
    14:07:58 - Execution Ended!

    Etape 3 : Et pour finir le rapport de ComboFix :

    ComboFix 11-11-01.02 - Didier 01/11/2011 14:32:13.1.2 - x86
    Lancé depuis: c:\documents and settings\Didier\Bureau\ComboFix.exe
    AV: Pack Sécurité SFR 9.12 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    FW: Pack Sécurité SFR 9.12 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Didier\Application Data\ezpinst.log
    c:\documents and settings\Didier\Application Data\inst.exe
    c:\documents and settings\Didier\Local Settings\Application Data\69a4afed
    c:\documents and settings\Didier\Local Settings\Application Data\69a4afed\@
    c:\documents and settings\Didier\Local Settings\Application Data\69a4afed\U\80000000.@
    c:\documents and settings\Didier\Local Settings\Application Data\69a4afed\U\800000cb.@
    c:\documents and settings\Didier\Local Settings\Application Data\69a4afed\X
    c:\documents and settings\Didier\Mes documents\~WRL0005.tmp
    c:\documents and settings\Didier\WINDOWS
    C:\Thumbs.db
    c:\windows\$NtUninstallKB14774$
    c:\windows\$NtUninstallKB14774$\1772400621\@
    c:\windows\$NtUninstallKB14774$\1772400621\L\rzdylbkm
    c:\windows\$NtUninstallKB14774$\1772400621\loader.tlb
    c:\windows\$NtUninstallKB14774$\1772400621\U\@00000001
    c:\windows\$NtUninstallKB14774$\1772400621\U\@000000c0
    c:\windows\$NtUninstallKB14774$\1772400621\U\@000000cb
    c:\windows\$NtUninstallKB14774$\1772400621\U\@000000cf
    c:\windows\$NtUninstallKB14774$\1772400621\U\@80000000
    c:\windows\$NtUninstallKB14774$\1772400621\U\@800000c0
    c:\windows\$NtUninstallKB14774$\1772400621\U\@800000cb
    c:\windows\$NtUninstallKB14774$\1772400621\U\@800000cf
    c:\windows\$NtUninstallKB14774$\760238957
    c:\windows\3987711081
    c:\windows\driver.exe
    c:\windows\help\tours\htmltour\unlock_playing.htm
    c:\windows\system32\
    c:\windows\system32\c_11355.nls
    c:\windows\system32\Cache
    c:\windows\system32\d3d9caps.dat
    .
    Une copie infectée de c:\windows\system32\drivers\cdrom.sys a été trouvée et désinfectée
    Copie restaurée à partir de - The cat found it :) 
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-10-01 au 2011-11-01 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-11-01 13:24 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
    2011-11-01 13:24 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2011-11-01 13:09 . 2011-11-01 13:09 48016 --sha-w- c:\windows\system32\c_11355.nl_
    2011-11-01 10:41 . 2011-11-01 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-01 10:37 . 2011-11-01 10:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-11-01 10:33 . 2011-11-01 10:33 -------- d-----w- c:\documents and settings\Didier\Application Data\Malwarebytes
    2011-11-01 10:33 . 2011-11-01 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-11-01 00:37 . 2011-11-01 00:37 -------- d-----w- c:\program files\Trend Micro
    2011-11-01 00:19 . 2011-11-01 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-11-01 00:19 . 2011-11-01 00:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-11-01 00:09 . 2011-11-01 00:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-10-30 12:51 . 2011-10-30 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\EA Core
    2011-10-30 12:03 . 2011-11-01 00:40 -------- d-----w- c:\program files\Fichiers communs\BioWare
    2011-10-15 15:39 . 2011-10-15 15:39 -------- d-----r- c:\program files\Skype
    2011-10-05 17:25 . 2011-10-05 17:25 -------- d-----w- c:\documents and settings\Didier\Local Settings\Application Data\CrashRpt
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-01 13:07 . 2011-01-28 19:24 81920 ----a-w- c:\windows\system32\pnkbstra.exe
    2011-11-01 13:07 . 2010-12-25 10:31 110240 ----a-w- c:\windows\system32\iprosetmonitor.exe
    2011-11-01 13:07 . 2009-03-15 21:34 606208 ----a-w- c:\windows\system32\ati2evxx.exe
    2011-11-01 13:07 . 2004-08-10 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2011-09-27 17:05 . 2011-01-28 19:24 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-09-27 17:05 . 2011-01-28 19:24 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-09-26 09:41 . 2010-03-18 08:09 614400 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 09:41 . 2004-08-10 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-26 09:41 . 2004-08-10 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-09 09:12 . 2004-08-10 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 14:10 . 2004-08-10 12:00 1859072 ----a-w- c:\windows\system32\win32k.sys
    2011-08-23 19:05 . 2011-08-23 19:02 253952 ------w- c:\windows\Setup1.exe
    2011-08-23 19:05 . 2011-08-23 19:02 74752 ----a-w- c:\windows\ST6UNST.EXE
    2011-08-22 23:41 . 2006-03-04 03:35 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:41 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:41 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56 . 2004-08-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-08-17 15:56 . 2009-03-19 20:45 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2011-08-17 13:49 . 2004-08-10 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-09-29 07:16 . 2011-10-05 13:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
    [-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
    [-] 2005-08-03 17:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
    [-] 2004-08-10 12:00 . B751CE6043B33A2EFEABB2D6BA83EC67 . 25600 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
    2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-18 323392]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-02-03 394984]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-03 3077528]
    "Steam"="c:\program files\Steam\steam.exe" [2011-09-10 1242448]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
    "F-Secure TNB"="c:\program files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" [2011-08-23 1655464]
    "F-Secure Manager"="c:\program files\SFR\Pack Sécurité\Common\FSM32.EXE" [2009-11-18 201128]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-01-07 253672]
    "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "rkfree"="c:\documents and settings\Didier\Bureau\Camille\rkfree.exe" [2011-10-31 71168]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2011-03-01 10:12 87424 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2008-12-20 05:50 2656528 -c--a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-03-15 04:58 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Hamachi2Svc"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe"=
    "c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
    "c:\nexon\Combat Arms EU\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
    "c:\\Nexon\\Combat Arms EU\\NMService.exe"=
    "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
    "c:\\Program Files\\GigaTribe\\gigatribe.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Outspark\\Divine Souls\\client.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\nexon\Combat Arms EU\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\gokugeney0\\condition zero\\hl.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\gokugeney0\\counter-strike\\hl.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\gokugeney0\\half-life\\hl.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "56515:TCP"= 56515:TCP:p ando Media Booster
    "56515:UDP"= 56515:UDP:p ando Media Booster
    "58274:TCP"= 58274:TCP:p ando Media Booster
    "58274:UDP"= 58274:UDP:p ando Media Booster
    "58795:TCP"= 58795:TCP:p ando Media Booster
    "58795:UDP"= 58795:UDP:p ando Media Booster
    "1062:TCP"= 1062:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [19/03/2009 21:45 42672]
    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [19/03/2009 21:31 81864]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys [19/03/2009 21:31 69928]
    R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [10/04/2010 06:48 33824]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [10/08/2004 13:00 14336]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\iprosetmonitor.exe [25/12/2010 11:31 110240]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [01/03/2011 11:11 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17/09/2010 14:40 12856]
    R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [21/05/2010 12:27 173352]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys [19/03/2009 21:31 148632]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
    S2 gupdate1ca0e14a8ba716a;Service Google Update (gupdate1ca0e14a8ba716a);c:\program files\Google\Update\GoogleUpdate.exe [26/07/2009 18:15 133104]
    S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys --> c:\windows\system32\DRIVERS\activhidsermini.sys [?]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 FSORSPClient;F-Secure ORSP Client;c:\program files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe [19/03/2009 21:31 61088]
    S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
    S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/07/2009 18:15 133104]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [06/01/2010 21:39 47360]
    S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys --> c:\windows\system32\DRIVERS\activmouse.sys [?]
    S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [10/08/2004 13:00 12800]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
    S3 XDva309;XDva309;\??\c:\windows\system32\XDva309.sys --> c:\windows\system32\XDva309.sys [?]
    S3 XDva326;XDva326;\??\c:\windows\system32\XDva326.sys --> c:\windows\system32\XDva326.sys [?]
    S3 XDva328;XDva328;\??\c:\windows\system32\XDva328.sys --> c:\windows\system32\XDva328.sys [?]
    S3 XDva332;XDva332;\??\c:\windows\system32\XDva332.sys --> c:\windows\system32\XDva332.sys [?]
    S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]
    S3 XDva341;XDva341;\??\c:\windows\system32\XDva341.sys --> c:\windows\system32\XDva341.sys [?]
    S3 XDva343;XDva343;\??\c:\windows\system32\XDva343.sys --> c:\windows\system32\XDva343.sys [?]
    S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?]
    S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]
    S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
    S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
    S3 XDva354;XDva354;\??\c:\windows\system32\XDva354.sys --> c:\windows\system32\XDva354.sys [?]
    S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?]
    S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
    S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?]
    S3 XDva365;XDva365;\??\c:\windows\system32\XDva365.sys --> c:\windows\system32\XDva365.sys [?]
    S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
    S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
    S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]
    S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]
    S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
    S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys --> c:\windows\system32\XDva386.sys [?]
    S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?]
    S3 XDva388;XDva388;\??\c:\windows\system32\XDva388.sys --> c:\windows\system32\XDva388.sys [?]
    S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]
    S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
    S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
    S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;"c:\program files\LogMeIn Hamachi\hamachi-2.exe" -s --> c:\program files\LogMeIn Hamachi\hamachi-2.exe [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23/07/2009 04:08 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30/03/2009 02:09 239336]
    S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 02:23 366936]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-10-30 c:\windows\Tasks\At1.job
    - c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 14:07]
    .
    2011-10-31 c:\windows\Tasks\At2.job
    - c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 14:07]
    .
    2011-10-31 c:\windows\Tasks\At3.job
    - c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 14:07]
    .
    2011-11-01 c:\windows\Tasks\At4.job
    - c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 14:07]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 17:15]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 17:15]
    .
    2011-11-01 c:\windows\Tasks\Scheduled scanning task.job
    - c:\progra~1\SFR\PACKSC~1\ANTI-V~1\fsav.exe [2009-03-19 16:06]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.club-internet.fr/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    uInternet Settings,ProxyServer = 127.0.0.1:8088
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    LSP: c:\program files\SFR\Pack Se9,curite9,\FSPS\program\FSLSP.DLL
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Didier\Application Data\Mozilla\Firefox\Profiles\52l9ks3w.default\
    FF - prefs.js: browser.startup.homepage - hxxp://google.fr
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    SafeBoot-37479469.sys
    MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-01 14:45
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\S-1-5-21-299502267-1563985344-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-299502267-1563985344-839522115-1003\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "datasecu"=hex:08,86,28,1e,9d,61,74,8e,91,34,96,d8,6c,dc,ce,0d,3a,9e,8a,96,0d,
    ed,20,28,45,38,ca,00,38,29,f1,3a,e7,03,26,0d,29,08,7d,57,bb,ba,4e,25,ca,f8,\
    "rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'winlogon.exe'(784)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    c:\program files\SFR\Pack Sécurité\FWES\Program\fsdc32.dll
    .
    - - - - - - - > 'lsass.exe'(840)
    c:\program files\SFR\Pack Sécurité\FSPS\program\FSLSP.DLL
    c:\program files\SFR\Pack Sécurité\FWES\Program\fsdc32.dll
    .
    - - - - - - - > 'explorer.exe'(7420)
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    - - - - - - - > 'csrss.exe'(752)
    c:\program files\SFR\Pack Sécurité\FWES\Program\fsdc32.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\stsystra.exe
    c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\SFR\Pack Sécurité\Common\FSMA32.EXE
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Sandboxie\SbieSvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\dllhost.exe
    c:\windows\eHome\ehmsas.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\SFR\Pack Sécurité\Common\FSLAUNCHER0.EXE
    .
    **************************************************************************
    .
    Heure de fin: 2011-11-01 14:51:34 - La machine a redémarré
    ComboFix-quarantined-files.txt 2011-11-01 13:51
    .
    Avant-CF: 87 276 789 760 octets libres
    Après-CF: 88 333 647 872 octets libres
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - C134C3EF33FC63DA42CE6F0DABF15436

    Voila.
    Merci.
    1 Novembre 2011 15:15:31

    PS : Le problème semble avoir cessé, je vous remercie donc énormément ! Et vous me direz surement si quelque chose ne tourne pas rond dans les rapports que je vous ai envoyés. Mais tout de même un grand merci pour cette aide précieuse !
    1 Novembre 2011 22:19:40

    Bonsoir
    ce n'est pas terminé :) 
    C'est toi qui a installé un proxy sur ton pc?
    Citation :
    uInternet Settings,ProxyServer = 127.0.0.1:8088


    au passage, je vire les restes d'un keylogger (rkfree), je ne sais pas qui l'a installé/désinstallé chez toi mais il restait une clé de registre...
    +++++

    Copie (Ctrl+C) le texte ci-dessous :

    Driver::
    XDva309
    XDva326
    XDva328
    XDva332
    XDva337
    XDva341
    XDva343
    XDva346
    XDva347
    XDva349
    XDva352
    XDva354
    XDva358
    XDva359
    XDva362
    XDva365
    XDva370
    XDva375
    XDva380
    XDva383
    XDva385
    XDva386
    XDva387
    XDva388
    XDva389
    XDva390
    XDva391
    Akamai
    File::
    c:\windows\system32\c_11355.nl_
    c:\windows\system32\XDva309.sys
    c:\windows\system32\XDva326.sys
    c:\windows\system32\XDva328.sys
    c:\windows\system32\XDva332.sys
    c:\windows\system32\XDva337.sys
    c:\windows\system32\XDva341.sys
    c:\windows\system32\XDva343.sys
    c:\windows\system32\XDva346.sys
    c:\windows\system32\XDva347.sys
    c:\windows\system32\XDva349.sys
    c:\windows\system32\XDva352.sys
    c:\windows\system32\XDva354.sys
    c:\windows\system32\XDva358.sys
    c:\windows\system32\XDva359.sys
    c:\windows\system32\XDva362.sys
    c:\windows\system32\XDva365.sys
    c:\windows\system32\XDva370.sys
    c:\windows\system32\XDva375.sys
    c:\windows\system32\XDva380.sys
    c:\windows\system32\XDva383.sys
    c:\windows\system32\XDva385.sys
    c:\windows\system32\XDva386.sys
    c:\windows\system32\XDva387.sys
    c:\windows\system32\XDva388.sys
    c:\windows\system32\XDva389.sys
    c:\windows\system32\XDva390.sys
    c:\windows\system32\XDva391.sys

    Folder::


    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    rkfree"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    "Akamai"=-



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Combofix se lance, laisse toi guider..

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    ++++++++++++++++++****************
    2 Novembre 2011 20:56:01

    Bonsoir
    vu que tu n'as pas répondu à ma question sur le proxy:
    Citation :
    C'est toi qui a installé un proxy sur ton pc?
    Citation :
    uInternet Settings,ProxyServer = 127.0.0.1:8088


    si tu n'as pas installé de proxy, tu peux suivre cette procédure:
    http://forum.security-x.fr/tutoriels-317/%28tutoriel%29...

    puis:





    Supprime/Désinstalle tous les programmes utilisés pour la désinfection.
    (mais garde Malwarebytes' Anti-Malware pour faire des scan réguliers (en n'omettant pas de le mettre à jour)

    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    Lire aussi:
  • Antispyware gratuit : ça sert à rien!

    ~Clique, sur ton premier message, sur le bouton "Editer" et marque [résolu] dans le titre.

    Clique ensuite sur "Valider votre message"

    Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

    :hello: 

    ++++++
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS