Se connecter / S'enregistrer
Votre question

[Résolu]Virus très violent qui a tout sacagé

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Mars 2011 19:51:05

Bonjour , j'ai eu un virus qui a fait beaucoup de ravages :
* désactiver l'éditeur de registre
* désactiver le gestionnaires des taches
* a mis environ 50 trojans
* mon dossier windows a disparu dans C:\
* a chaque fois que je me connecte sur ma session il y a la bibliothèque qui s'ouvre automatiquement
* désactiver la restauration système et la sauvegarde système

j'ai tout essayer un coup d'antivirus , de Ccleaner , MalwareBytes et j'ai supprimé les virus mais j'ai réussi a réactiver l'éditeur de registre , le gestionnaire des taches .
Je possède Windows 7 avec un Dell Inspiron 545

Merci

Autres pages sur : resolu virus tres violent sacage

20 Mars 2011 14:55:33

Je précise , windows 7 était pré-installé dessus
20 Mars 2011 21:23:08

Bonsoir

Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
    Contenus similaires
    21 Mars 2011 15:45:12

    Voila le DDS :
    .
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\vds.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\GRAZIELLA\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
    mRunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    StartupFolder: C:\Users\GRAZIE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\E-CART~1.LNK - C:\Program Files (x86)\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    mASetup: {5Y2PD030-4R6R-I6WJ-Y58K-525YYO2057IG} - C:\Users\GRAZIELLA\AppData\Roaming\install\iexplorer.exe
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    Hosts: 127.0.0.1 www.virustotal.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\GRAZIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\sho1yt51.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\GRAZIELLA\AppData\Roaming\Mozilla\Firefox\Profiles\sho1yt51.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - user.js: keyword.enabled - 1
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-29 55280]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-1-5 273488]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-12-30 92160]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-1-5 20560]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-1-5 62032]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-2-4 40384]
    R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2011-2-9 20968]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-6 2101640]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-10 373640]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-2-21 72216]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-29 656624]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-12-30 83488]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-30 215040]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-11 136176]
    S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-2-15 21480]
    S3 qbgllrrko;{36F0E10D-D1F7-469D-BC60-9BB5BB10CC6B};C:\Program Files (x86)\ophcrack\pwdump\servpw.exe --> C:\Program Files (x86)\ophcrack\pwdump\servpw.exe [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
    S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-20 1255736]
    S4 MSSQLServerADHelper100;Service SQL Active Directory Helper;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
    S4 SQLAgent$SQLEXPRESS;Agent SQL Server (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-7-10 369688]
    .
    =============== Created Last 30 ================
    .
    2011-03-20 14:31:13 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
    2011-03-19 11:36:47 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL
    2011-03-19 11:36:47 -------- d-----w- C:\Users\GRAZIE~1\AppData\Roaming\FreeVideoConverter
    2011-03-19 11:36:47 -------- d-----w- C:\Program Files (x86)\Free Video Converter
    2011-03-18 07:37:46 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{C44766C4-F9D0-4184-BC6F-84B42C5FB35F}\mpengine.dll
    2011-03-09 20:40:22 -------- d-----w- C:\Users\GRAZIE~1\AppData\Roaming\Malwarebytes
    2011-03-09 20:40:10 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-09 20:40:10 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-03-09 20:40:07 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-03-09 20:40:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-03-09 10:16:58 3138048 ----a-w- C:\Windows\System32\mstscax.dll
    2011-03-09 10:16:58 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2011-03-09 10:16:58 1097216 ----a-w- C:\Windows\System32\mstsc.exe
    2011-03-09 10:16:58 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2011-03-08 13:50:11 -------- d-----w- C:\Program Files (x86)\Microsoft Games
    2011-03-08 13:46:56 -------- d-----w- C:\Users\GRAZIE~1\AppData\Roaming\Microsoft Games
    2011-03-08 13:46:56 -------- d-----w- C:\PROGRA~3\Microsoft Games
    2011-02-23 20:10:25 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2011-02-23 20:10:25 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2011-02-23 14:21:16 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-02-23 14:21:16 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-02-23 14:21:16 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-02-23 14:21:16 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-02-21 16:05:48 -------- d-----w- C:\PROGRA~3\ma-config.com
    2011-02-21 14:56:18 -------- d-----w- C:\Users\GRAZIE~1\AppData\Local\LogMeIn
    2011-02-21 14:56:12 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
    2011-02-21 14:56:12 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
    2011-02-21 14:56:12 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys
    2011-02-21 14:56:12 60800 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll
    2011-02-21 14:56:12 33152 ----a-w- C:\Windows\System32\LMIport.dll
    2011-02-21 14:56:11 80768 ----a-w- C:\Windows\System32\LMIinit.dll
    2011-02-21 14:56:09 -------- d-----w- C:\PROGRA~3\LogMeIn
    2011-02-21 11:03:45 21480 ----a-w- C:\Windows\System32\drivers\cpuz134_x64.sys
    .
    ==================== Find3M ====================
    .
    2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
    2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
    2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-02-02 16:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
    2011-01-14 20:17:12 400540 ----a-w- C:\Windows\System32\workgroup
    2011-01-14 20:17:12 17920 ----a-w- C:\Users\GRAZIE~1\AppData\Roaming\4tdvx7703TD.exe
    2011-01-14 20:16:17 3558 ----a-w- C:\Users\GRAZIE~1\AppData\Roaming\3zuxn9675ZU.exe
    2011-01-14 20:16:17 0 ----a-w- C:\Users\GRAZIE~1\AppData\Roaming\4zuxn9675ZU.exe
    2011-01-13 08:47:35 38848 ----a-w- C:\Windows\avastSS.scr
    2011-01-13 08:37:23 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
    2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
    2010-12-23 06:07:50 1118720 ----a-w- C:\Windows\System32\sbe.dll
    2010-12-23 06:07:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-12-23 06:07:49 723968 ----a-w- C:\Windows\System32\EncDec.dll
    2010-12-23 06:02:33 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-12-23 05:28:29 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
    2010-12-23 05:28:28 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-12-23 05:28:28 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2010-12-23 05:24:02 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-12-22 14:08:50 54864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
    2010-12-22 14:08:50 226448 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
    2010-12-22 14:08:50 154256 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
    .
    ============= FINISH: 15:42:26,68 ===============
    21 Mars 2011 20:40:57

    Bonsoir
    on attaque
    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>

    +++++++++++++++++++++


    22 Mars 2011 08:06:10

    ComboFix 11-03-21.02 - GRAZIELLA 22/03/2011 7:56.1.4 - x64
    Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.6142.4241 [GMT 1:00]
    Lancé depuis: c:\users\GRAZIELLA\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Un nouveau point de restauration a été créé
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\123.txt
    C:\Install.exe
    C:\start
    c:\users\GRAZIELLA\AppData\Roaming\3zuxn9675ZU.exe
    c:\users\GRAZIELLA\AppData\Roaming\4tdvx7703TD.exe
    c:\users\GRAZIELLA\AppData\Roaming\4zuxn9675ZU.exe
    c:\users\GRAZIELLA\AppData\Roaming\chrtmp
    c:\users\GRAZIELLA\ntuser.pol
    c:\users\LUCAS\ntuser.pol
    c:\windows\system32\workgroup
    c:\windows\SysWow64\autorun.ini
    c:\windows\SysWow64\install
    c:\windows\tmp.tmp.tmp
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-22 au 2011-03-22 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-03-22 06:51 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CA7F049-55EF-467C-87C7-A43E09F6F462}\mpengine.dll
    2011-03-20 15:26 . 2011-03-20 15:34 -------- d-----w- c:\users\GRAZIELLA\AppData\Roaming\vlc
    2011-03-20 14:31 . 2011-03-20 14:31 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
    2011-03-20 14:31 . 2011-03-20 14:31 -------- d-----w- c:\users\GRAZIELLA\AppData\Roaming\SystemRequirementsLab
    2011-03-19 11:36 . 2011-03-19 11:39 -------- d-----w- c:\users\GRAZIELLA\AppData\Roaming\FreeVideoConverter
    2011-03-19 11:36 . 2011-03-19 11:36 -------- d-----w- c:\program files (x86)\Free Video Converter
    2011-03-19 11:36 . 2009-06-19 17:51 119568 ----a-w- c:\windows\SysWow64\VB6FR.DLL
    2011-03-09 20:40 . 2011-03-09 20:40 -------- d-----w- c:\users\GRAZIELLA\AppData\Roaming\Malwarebytes
    2011-03-09 20:40 . 2011-03-09 20:40 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-09 20:40 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-09 20:40 . 2011-03-09 20:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-03-09 20:40 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-09 10:16 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 10:16 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-09 10:16 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
    2011-03-09 10:16 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
    2011-03-08 13:50 . 2011-03-08 13:50 -------- d-----w- c:\program files (x86)\Microsoft Games
    2011-03-08 13:46 . 2011-03-08 13:46 -------- d-----w- c:\users\GRAZIELLA\AppData\Roaming\Microsoft Games
    2011-03-08 13:46 . 2011-03-08 13:46 -------- d-----w- c:\programdata\Microsoft Games
    2011-02-23 20:10 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
    2011-02-23 20:10 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
    2011-02-23 14:21 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-02-23 14:21 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-23 14:21 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-02-23 14:21 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-02-21 16:05 . 2011-02-21 16:07 -------- d-----w- c:\programdata\ma-config.com
    2011-02-21 14:56 . 2011-02-21 14:56 -------- d-----w- c:\users\GRAZIELLA\AppData\Local\LogMeIn
    2011-02-21 14:56 . 2010-12-08 12:12 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2011-02-21 14:56 . 2010-12-08 12:12 60800 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
    2011-02-21 14:56 . 2010-12-08 12:12 33152 ----a-w- c:\windows\system32\LMIport.dll
    2011-02-21 14:56 . 2010-09-17 14:40 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
    2011-02-21 14:56 . 2010-12-08 12:12 80768 ----a-w- c:\windows\system32\LMIinit.dll
    2011-02-21 14:56 . 2011-03-22 06:46 -------- d-----w- c:\programdata\LogMeIn
    2011-02-21 11:03 . 2010-07-09 12:19 21480 ----a-w- c:\windows\system32\drivers\cpuz134_x64.sys
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-24 17:53 . 2010-03-07 17:46 639296 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-02-02 16:11 . 2010-01-05 16:09 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-26 06:53 . 2011-02-09 17:07 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-26 06:53 . 2011-02-09 17:07 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-01-26 06:31 . 2011-02-09 17:07 144384 ----a-w- c:\windows\system32\cdd.dll
    2011-01-13 08:47 . 2010-09-11 09:30 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-13 08:47 . 2010-01-05 16:21 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-01-13 08:47 . 2011-02-04 14:58 237168 ----a-w- c:\windows\system32\aswBoot.exe
    2011-01-13 08:41 . 2010-01-05 16:22 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-13 08:40 . 2010-01-05 16:22 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-13 08:37 . 2010-01-05 16:22 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-13 08:37 . 2010-01-05 16:22 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-01-13 08:37 . 2010-01-05 16:22 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-01-07 08:06 . 2011-02-09 17:07 46080 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 07:27 . 2011-02-09 17:07 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-01-07 05:49 . 2011-02-09 17:07 366080 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-07 05:33 . 2011-02-09 17:07 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
    2011-01-05 06:20 . 2011-02-09 17:07 612352 ----a-w- c:\windows\system32\vbscript.dll
    2011-01-05 05:37 . 2011-02-09 17:07 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-01-05 04:00 . 2011-02-09 17:08 3127808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 14:08 . 2011-01-11 19:44 226448 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2010-12-22 14:08 . 2011-01-11 19:15 54864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2010-12-22 14:08 . 2010-12-22 14:08 154256 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\steam\steam.exe" [2010-11-17 1242448]
    "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
    "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-06-15 141624]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-09-17 165104]
    "STToasterLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe" [2009-09-17 120048]
    .
    c:\users\LUCAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [N/A]
    .
    c:\users\GRAZIELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    e-Carte Bleue Banque Populaire.lnk - c:\program files (x86)\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe [2010-12-21 278528]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    R1 axhrhvcs;axhrhvcs;c:\windows\system32\drivers\axhrhvcs.sys [x]
    R1 bwhtpilo;bwhtpilo;c:\windows\system32\drivers\bwhtpilo.sys [x]
    R1 cewertke;cewertke;c:\windows\system32\drivers\cewertke.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 136176]
    R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
    R3 qbgllrrko;{36F0E10D-D1F7-469D-BC60-9BB5BB10CC6B};c:\program files (x86)\ophcrack\pwdump\servpw.exe [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 MSSQLServerADHelper100;Service SQL Active Directory Helper;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
    R4 SQLAgent$SQLEXPRESS;Agent SQL Server (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 aswSP;aswSP; [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-08 373640]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 09:31]
    .
    2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 09:31]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7834656]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.fr/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\GRAZIELLA\AppData\Roaming\Mozilla\Firefox\Profiles\sho1yt51.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
    FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - user.js: keyword.enabled - 1
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-hfd_ss_friday - c:\windows\system32\hfd_ss_friday.scr
    .
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Heure de fin: 2011-03-22 08:04:07
    ComboFix-quarantined-files.txt 2011-03-22 07:04
    .
    Avant-CF: 800 878 800 896 octets libres
    Après-CF: 801 985 056 768 octets libres
    .
    - - End Of File - - 1489827D3CACC61FAAF92C7A6B8EE011
    22 Mars 2011 10:30:08

    alors , bonne nouvelle , le fichier windows est réapparu , la bibliothèque a disparu , et la sauvegarde et restauration !!
    22 Mars 2011 21:44:34

    help-manformatique a dit :
    Alors qu'est ce que tu en pense ?

    j'en pense que tu n'as pas fait semblant de t'infecter :lol: 


    +++++++++


    Copie (Ctrl+C) le texte ci-dessous :
    Driver::
    axhrhvcs
    bwhtpilo
    cewertke
    qbgllrrko
    File::
    c:\windows\system32\drivers\axhrhvcs.sys
    c:\windows\system32\drivers\bwhtpilo.sys
    c:\windows\system32\drivers\cewertke.sys

    Folder::
    C:\WINDOWS\system32\AppCert
    c:\program files (x86)\ophcrack



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Combofix se lance, laisse toi guider..

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    ++++++++++++++++++****************


    telecharge sur ton bureau http://support.kaspersky.com/downloads/utils/tdsskiller... , dezippe le et execute le , un rapport sera crée ici:

    C:\TDSSKillerVersion_Date_Time_log.txt.<< copie_colle son contenu

    tu as aussi directement l'executable là : http://support.kaspersky.com/downloads/utils/tdsskiller...

    o execute le , La fenêtre suivante va s'ouvrir::



    o Clique sur Start scan et laisse l'outil scanner ton disque dur sans l'interrompre et sans utiliser le PC.
    o Si des fichiers infectés sont trouvées, une nouvelle fenêtre va s'ouvrir:



    o Si TDSS.tdl2 est détecté l'option delete sera cochée par défaut.

    o Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.

    o Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.

    o Si Suspicious file est indiqué, laisse l'option cochée sur Skip

    o Clique sur Continue puis sur Reboot now pour redémarrer le PC.

    o Copie-colle le rapport généré dans ta prochaine réponse (Il est aussi sauvegardé à la racine de ta partition système sous le nom C:\TDSSKiller_Quarantine\JJ.MM.AA_HH.MM.SS. (JJ.MM.AA date du passage de l'outil, HH.MM.SS heure de passage).

    tutoriel--> http://support.kaspersky.com/viruses/solutions?qid=2082...
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS