Se connecter / S'enregistrer
Votre question

PC refuse de fonctionner après 3 heures d'utilisation

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Novembre 2010 01:08:37

Alors voilà,
Depuis bientôt 6 mois, j'ai eu un virus, qui m'a téléchargé un espèce de faux antivirus et qui m'empêchait d'ouvrir toutes mes applications, sauf Internet. Grâce à Google, j'ai pu supprimer ce virus mais depuis, j'expérimente un énorme problème. Effectivement, après environ 3 heures/3 heures et demie d'utilisation, mon PC refuse de fonctionner. Si je suis en train de surfer sur le web. tous les caractères se superposent et la barre bleu en haut disparait. Si je ferme la fenêtre et que j'essaie de cliquer sur une application, j'obtiens un problème d'erreur ou le logo de l'application se blanchit. De plus, lorsque ce problème survient, le texte "Démarrer" de la barre Démarrer ne s'affiche plus et la barre bleue en bas devient inutilisable.
Voici quelques-uns des messages d'erreur que j'obtiens :

- L'application n'a pas réussi à s'initialiser correctement (0xc000012d). Cliquez sur OK pour arrêter l'application.
- L'application n'a pas réussi à s'initialiser correctement (0xc0000044). Cliquez sur OK pour arrêter l'application.
- L'application ou la DLL C:\Program Files\Mozilla Firefox\xul.dll n'est pas une image Windows valide.
- Le quota disponible est insuffisant pour traiter cette demande.
- L'application ou la DLL C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1FC8B3B9A1E18E3B_8.0.50727.4053_x_ww_e6967989\MSVOR80.dll n'est pas une image Windows valide.
- L'application ou la DLL C:\windows\system32\ole32.dll n'est pas une image Windows valide.
- Ressources systèmes insuffisantes pour terminer le service demandé.
- [...] n'est pas une application win32 valide.

Il y a environ 2 mois, l'ordinateur refusait de s'ouvrir. Je suis allé le mener chez le technicien. Celui-ci l'a fait démarrer normalement, mais n'a pas réparer mon problème. Il y a une semaine, je suis retourné chez le technicien et il a été incapable de fixer mon problème. Veuillez noter que je suis sous un compte Administrateur et que tous les droits sont activés sur ce compte. Veuillez m'aider, je ne sais plus quoi faire.
Merci,
Matt

Autres pages sur : refuse fonctionner heures utilisation

24 Novembre 2010 21:01:30

De plus, avant, l'heure affichée en bas en droite de l'écran demeurait gelée à l'heure précise où l'ordinateur bugait. Toutefois, depuis que j'ai enlevé quelques programmes, celle-ci ne gèle plus, mais le problème demeure. Lorsque je redémarre l'ordinateur, tout fonctionne correctement, jusqu'après 3 heures/3 heures 30.
Contenus similaires
27 Novembre 2010 17:48:05

Bonjour
Ce que je te propose:
On regarde s'il y a des restes d'infections, mais si je ne vois rien de flagrant, tu posteras en hardware pour vérifier ton matériel...

1

Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.

    <@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**

    ++

    ****
    2

    Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
    Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php

  • Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
  • Double-clique sur le fichier GMER téléchargé.
    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet "rootkit"
  • A droite, coche tout.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.


    ++++++++++++++++++++++++
    28 Novembre 2010 01:56:41

    Merci beaucoup de t'occuper de mon cas.
    Alors voici les fichiers :
    DDS :

    DDS (Ver_10-11-27.01) - NTFSx86
    Run by Andr‚ at 17:16:41,84 on 2010-11-27
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1014.380 [GMT -5:00]

    AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: ESET Smart Security 4.2 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    ============== Running Processes ===============

    C:\windows\system32\svchost -k DcomLaunch
    svchost.exe
    C:\windows\System32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\windows\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\windows\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\windows\Explorer.EXE
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\System32\StkASv2K.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\windows\system32\wuauclt.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\windows\system32\wscntfy.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Andre\Bureau\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page = ${URL_SEARCHPAGE}
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearch Bar =
    mSearch Page = ${URL_SEARCHPAGE}
    mStart Page = hxxp://www.bigseekpro.com/hypercam/{4328C0FE-3F76-4D6A-98FD-C805966A5C42}
    uInternet Settings,ProxyOverride = <local>
    mSearchAssistant =
    uURLSearchHooks: PHPNukeFR Toolbar: {1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\phpnukefr\tbPHP1.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: PHPNukeFR Toolbar: {1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\phpnukefr\tbPHP1.dll
    BHO: {3d0057a9-f084-429b-a8b0-ad5fd7b03b9b} - No File
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: PHPNukeFR Toolbar: {1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\phpnukefr\tbPHP1.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    TB: {A057A204-BACC-4D26-9A9E-3AF287E2699B} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    mRun: [SkyTel] SkyTel.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
    mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [UVS11 Preload] c:\program files\ulead systems\ulead videostudio 11\uvPL.exe
    mRun: [ArcSoft Connection Service] c:\program files\fichiers communs\arcsoft\connection service\bin\ACDaemon.exe
    StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\totalm~1.lnk - c:\program files\arcsoft\totalmedia extreme\backup & recorder\uBBMonitor.exe
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\andre\application data\dvdvideosoftiehelpers\youtubetomp3.htm
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    LSP: c:\program files\fichiers communs\pc tools\lsp\PCTLsp.dll
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/...
    DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://152.1.131.130/activex/AMC.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://bmm.imgag.com/imgag/cp/install/crusher-caf.cab
    DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://gogo.hangame.com/common/HanSetup1010.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
    DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRjgDts
    LSA: Notification Packages = scecli AsWlnPkg
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\
    FF - prefs.js: browser.search.selectedEngine - DAEMON Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.swagbucks.com/
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\andre\application data\mozilla\firefox\profiles\kzakl3kh.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\andre\application data\mozilla\firefox\profiles\kzakl3kh.default\extensions\flashplugin@idm\platform\winnt\plugins\npidmdcp.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: IDM FlashPlugin: flashplugin@idm - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\flashplugin@idm
    FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\Foxdie@tanjihay.com
    FF - Extension: Foxdie (Graphite): FoxdieGraphite@tanjihay.com - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\FoxdieGraphite@tanjihay.com
    FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\foxdie_ext_ocelot@foxdie.us
    FF - Extension: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
    FF - Extension: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
    FF - Extension: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
    FF - Extension: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
    FF - Extension: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
    FF - Extension: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
    FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    FF - Extension: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Extension: JSView: {cf15270e-cf08-4def-b4ea-6a5ac23f3bca} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}
    FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Extension: FoxReplace: fox@replace.fx - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\fox@replace.fx
    FF - Extension: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\noia2_option@kk.noia
    FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

    ---- FIREFOX POLICIES ----
    pref(dom.disable_open_during_load, true);
    ============= SERVICES / DRIVERS ===============

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-26 207280]
    R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-11-26 91264]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-15 165584]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-15 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-9 40384]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-4-26 198608]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-11-4 810144]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-12 47640]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-26 365280]
    R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-11-26 36224]
    R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-4-21 9344]
    S0 xdrmkdii;xdrmkdii;c:\windows\system32\drivers\qweoyvaz.sys --> c:\windows\system32\drivers\qweoyvaz.sys [?]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
    S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
    S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
    S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
    S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-9 136176]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
    S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;"c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" --> c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [?]
    S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe --> c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [?]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-9 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-9 40384]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-14 34448]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
    S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-26 1141712]
    S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [2010-11-21 1579144]
    S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-11-26 134912]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]

    =============== Created Last 30 ================

    2010-11-27 02:22:47 7680 ----a-w- c:\windows\system32\drivers\ArcRec.sys
    2010-11-27 02:22:47 36224 ----a-w- c:\windows\system32\drivers\ArcCD.sys
    2010-11-27 02:22:47 134912 ----a-w- c:\windows\system32\drivers\ArcUdfs.sys
    2010-11-27 02:22:45 11776 ----a-w- c:\windows\system32\drivers\afc.sys
    2010-11-27 02:21:16 91264 ----a-w- c:\windows\system32\drivers\ArcHlp.sys
    2010-11-27 02:21:04 61440 ----a-w- c:\windows\system32\MMCEDT.exe
    2010-11-27 02:20:59 -------- d-----w- c:\docume~1\andre\locals~1\applic~1\ArcSoft
    2010-11-27 02:20:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft
    2010-11-27 02:20:36 400128 ----a-w- c:\windows\system32\MSLUP60.dll
    2010-11-27 02:20:36 256768 ----a-w- c:\windows\system32\MSLURT.dll
    2010-11-26 13:39:18 -------- d-----w- c:\program files\Velvetmatter
    2010-11-23 12:52:53 -------- d-----w- c:\program files\ESET
    2010-11-23 00:29:08 -------- d-----w- c:\docume~1\andre\applic~1\Process Hacker 2
    2010-11-21 20:06:12 -------- d-----w- c:\program files\Noel Danjou
    2010-11-21 20:04:17 24576 ----a-w- c:\windows\system32\StkAUSD.dll
    2010-11-21 20:04:03 692224 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iKernel.dll
    2010-11-21 20:04:03 57344 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\ctor.dll
    2010-11-21 20:04:03 5632 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
    2010-11-21 20:04:03 237568 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iscript.dll
    2010-11-21 20:04:03 155648 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iuser.dll
    2010-11-21 20:04:02 282756 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\setup.dll
    2010-11-21 20:04:02 163972 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iGdi.dll
    2010-11-21 19:49:39 -------- d-----w- c:\program files\USB_video_device
    2010-11-21 19:02:37 -------- d-----w- c:\docume~1\andre\locals~1\applic~1\VHS to DVD
    2010-11-21 18:51:52 -------- d-----w- c:\program files\fichiers communs\InterVideo
    2010-11-21 18:51:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\InterVideo
    2010-11-21 18:51:39 210456 ----a-w- c:\windows\system32\IVIresizeW7.dll
    2010-11-21 18:51:39 194072 ----a-w- c:\windows\system32\IVIresizePX.dll
    2010-11-21 18:51:38 26136 ----a-w- c:\windows\system32\IVIresize.dll
    2010-11-21 18:51:38 206360 ----a-w- c:\windows\system32\IVIresizeA6.dll
    2010-11-21 18:51:38 198168 ----a-w- c:\windows\system32\IVIresizeP6.dll
    2010-11-21 18:51:38 198168 ----a-w- c:\windows\system32\IVIresizeM6.dll
    2010-11-21 18:51:32 212992 ----a-w- c:\program files\fichiers communs\installshield\engine\6\intel 32\ILog.dll
    2010-11-21 18:48:53 -------- d-----w- c:\program files\Ulead Systems
    2010-11-21 18:48:53 -------- d-----w- c:\program files\fichiers communs\Ulead Systems
    2010-11-21 18:17:23 -------- d-----w- c:\program files\honestech VHS to DVD 2.0 SE
    2010-11-21 18:16:50 -------- d-----w- c:\program files\honestech
    2010-11-21 18:15:25 84616 ----a-w- c:\windows\StkUnist.exe
    2010-11-21 18:15:25 76424 ----a-w- c:\windows\system32\StkCWIA.dll
    2010-11-21 18:15:25 55944 ----a-w- c:\windows\system32\StkSSrv.dll
    2010-11-21 18:15:25 347152 ----a-w- c:\windows\VideoView.exe
    2010-11-21 18:15:25 31368 ----a-w- c:\windows\system32\StkCSrv.exe
    2010-11-21 18:15:25 236168 ----a-w- c:\windows\system32\StkCProp.ax
    2010-11-21 18:15:25 113288 ----a-w- c:\windows\StkC112X.exe
    2010-11-21 18:15:24 25608 ----a-w- c:\windows\system32\drivers\StkCSam.sys
    2010-11-21 18:15:24 197648 ----a-w- c:\windows\system32\drivers\StkCSF.sys
    2010-11-21 18:15:22 1579144 ----a-w- c:\windows\system32\drivers\StkCMini.sys
    2010-11-21 18:15:22 13874824 ----a-w- c:\windows\system32\drivers\StkCPipe.sys
    2010-10-29 01:24:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-10-29 01:24:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-29 01:24:28 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

    ==================== Find3M ====================

    2010-10-21 22:48:32 1294336 ----a-w- c:\windows\system32\SET115.tmp
    2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-18 16:23:26 974848 ------w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:24 974848 ------w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:24 954368 ------w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:24 953856 ------w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:50:18 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:50:15 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:50:15 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-01 11:51:51 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-09-01 07:55:16 1852928 ------w- c:\windows\system32\win32k.sys
    2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

    ============= FINISH: 17:18:05,54 ===============
    28 Novembre 2010 01:57:08

    GMER :
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-27 19:55:11
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380815AS rev.3.CHF
    Running: tsc7dp59.exe; Driver: C:\DOCUME~1\Andre\LOCALS~1\Temp\uwldipog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xAA12F610]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA9E32CF0]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7324E22]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7305CDC]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7305ECE]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xAA12FC10]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7325610]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF73258C4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA9E32782]
    SSDT spob.sys ZwEnumerateKey [0xF7421DA4]
    SSDT spob.sys ZwEnumerateValueKey [0xF7422132]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7323B14]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA9E326C2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA9E32726]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xAA12F6D0]
    SSDT spob.sys ZwQueryKey [0xF742220A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA9E32DA6]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7325D30]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA9E32D66]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xAA12F690]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xAA12F650]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xAA12F7D0]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF73250E2]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xAA12F510]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xAA12F590]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7305982]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xAA12F5D0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xAA12F750]

    INT 0x62 ? 86BD8BF8
    INT 0x63 ? 86918BF8
    INT 0x73 ? 86918BF8
    INT 0x82 ? 86BD8BF8
    INT 0x83 ? 86918BF8
    INT 0xB4 ? 86918BF8

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA9E3F9D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA9E3FB0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2FE9 80504885 7 Bytes [59, 30, F7, D0, F5, 12, AA]
    PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A9E3FB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A9E3F9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A9E3B5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A9E3CFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    ? spob.sys Le fichier spécifié est introuvable. !
    .text USBPORT.SYS!DllUnload F60FC8AC 5 Bytes JMP 869181D8
    init C:\windows\System32\Drivers\ArcRec.SYS entry point in "init" section [0xF7B4D138]
    ? C:\DOCUME~1\Andre\LOCALS~1\Temp\mbr.sys Le fichier spécifié est introuvable. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1252] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F740A042] spob.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F740A13E] spob.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F740A0C0] spob.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F740A800] spob.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F740A6D6] spob.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7419B90] spob.sys

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\windows\system32\services.exe[1964] @ C:\windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
    IAT C:\windows\system32\services.exe[1964] @ C:\windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\Ntfs \Ntfs 86BD71F8

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\NetBT \Device\NetBT_Tcpip_{0E97A1A8-FA55-41CF-B4CA-E15ECF7D3E25} 860281F8
    Device \Driver\usbuhci \Device\USBPDO-0 868221F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 86B651F8
    Device \Driver\dmio \Device\DmControl\DmConfig 86B651F8
    Device \Driver\dmio \Device\DmControl\DmPnP 86B651F8
    Device \Driver\dmio \Device\DmControl\DmInfo 86B651F8
    Device \Driver\usbuhci \Device\USBPDO-1 868221F8
    Device \Driver\usbuhci \Device\USBPDO-2 868221F8
    Device \Driver\usbuhci \Device\USBPDO-3 868221F8
    Device \Driver\usbehci \Device\USBPDO-4 869001F8

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 86BD91F8
    Device \Driver\Cdrom \Device\CdRom0 867F71F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\Cdrom \Device\CdRom1 867F71F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 860281F8
    Device \Driver\NetBT \Device\NetbiosSmb 860281F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{B361863F-C304-4AFC-83C7-0F907B416EE5} 860281F8

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\usbuhci \Device\USBFDO-0 868221F8
    Device \Driver\usbuhci \Device\USBFDO-1 868221F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85FF81F8
    Device \Driver\usbuhci \Device\USBFDO-2 868221F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 85FF81F8
    Device \Driver\usbuhci \Device\USBFDO-3 868221F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{36625128-4C12-424B-AB32-07485E4B812F} 860281F8
    Device \Driver\usbehci \Device\USBFDO-4 869001F8
    Device \Driver\Ftdisk \Device\FtControl 86BD91F8
    Device \FileSystem\Cdfs \Cdfs 86698430

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0x94 0xE6 0x52 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0x94 0xE6 0x52 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C038FD21-7045-A7F2-9DBB-E4312ED84029}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C038FD21-7045-A7F2-9DBB-E4312ED84029}@hapbfpdpjgnibnho 0x6A 0x61 0x6A 0x6A ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C038FD21-7045-A7F2-9DBB-E4312ED84029}@iafldilakpibmgnmgn 0x63 0x61 0x6C 0x67 ...

    ---- EOF - GMER 1.0.15 ----
    29 Novembre 2010 20:43:28

    Bonsoir,
    effectivement, il reste des trucs...

    mais commence par choisir entre tes antivirus avast/eset, un seul antivirus suffit!!!
    lire: Conséquences de la multi-protection
    +
    Tuto:désinstaller un antivirus (utilise le remove tool pour virer les restes d'avg8 également)


    ++++++++++++++++++++


    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>


    30 Novembre 2010 02:09:18

    ComboFix 10-11-29.03 - André 2010-11-29 19:23:50.1.2 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1014.448 [GMT -5:00]
    Lancé depuis: c:\documents and settings\Andre\Bureau\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: ESET Smart Security 4.2 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Andre\Application Data\inst.exe
    c:\program files\MSNCS
    c:\program files\MSNCS\data\emxfile001.dat
    c:\program files\MSNCS\data\msnusr.ini
    c:\program files\MSNCS\data\ps_demo_report.html
    c:\program files\MSNCS\data\testftpok.html
    c:\program files\MSNCS\help.chm
    c:\program files\MSNCS\License.txt
    c:\program files\MSNCS\readme.txt
    c:\program files\MSNCS\unins000.dat
    c:\program files\MSNCS\unins000.exe
    c:\windows\f96ac0e5-19d2-42c5-8f68-eb7a99861769.ocx
    c:\windows\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
    c:\windows\system32\msnappini.ini
    c:\windows\system32\mxpvct22.dat
    c:\windows\system32\mxpvct25.dat
    c:\windows\system32\win32.dll
    c:\windows\wpe pro.INI
    c:\windows\XSxS

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-10-28 au 2010-11-30 ))))))))))))))))))))))))))))))))))))
    .

    2010-11-30 00:00 . 2010-11-30 00:00 -------- d-----w- c:\program files\Unlocker
    2010-11-27 02:22 . 2007-11-06 18:22 36224 ----a-w- c:\windows\system32\drivers\ArcCD.sys
    2010-11-27 02:22 . 2007-04-25 13:55 134912 ----a-w- c:\windows\system32\drivers\ArcUdfs.sys
    2010-11-27 02:22 . 2007-04-24 16:33 7680 ----a-w- c:\windows\system32\drivers\ArcRec.sys
    2010-11-27 02:22 . 2005-02-23 19:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
    2010-11-27 02:21 . 2009-08-13 16:45 91264 ----a-w- c:\windows\system32\drivers\ArcHlp.sys
    2010-11-27 02:21 . 2008-08-08 21:31 61440 ----a-w- c:\windows\system32\MMCEDT.exe
    2010-11-27 02:20 . 2010-11-27 02:23 -------- d-----w- c:\documents and settings\Andre\Local Settings\Application Data\ArcSoft
    2010-11-27 02:20 . 2010-11-28 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
    2010-11-27 02:20 . 2010-11-27 02:20 -------- d-----w- c:\program files\ArcSoft
    2010-11-27 02:20 . 2007-04-19 14:39 256768 ----a-w- c:\windows\system32\MSLURT.dll
    2010-11-27 02:20 . 2007-04-19 14:39 400128 ----a-w- c:\windows\system32\MSLUP60.dll
    2010-11-26 13:39 . 2010-11-26 13:39 -------- d-----w- c:\program files\Velvetmatter
    2010-11-23 00:29 . 2010-11-23 00:29 -------- d-----w- c:\documents and settings\Andre\Application Data\Process Hacker 2
    2010-11-21 20:06 . 2010-11-21 20:06 -------- d-----w- c:\program files\Noel Danjou
    2010-11-21 20:04 . 2006-05-24 04:48 24576 ----a-w- c:\windows\system32\StkAUSD.dll
    2010-11-21 20:04 . 2002-12-05 19:12 692224 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
    2010-11-21 20:04 . 2002-12-05 19:10 155648 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
    2010-11-21 20:04 . 2002-12-02 20:22 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
    2010-11-21 20:04 . 2002-12-02 18:33 57344 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
    2010-11-21 20:04 . 2002-12-02 18:33 237568 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
    2010-11-21 20:04 . 2010-11-21 20:04 282756 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
    2010-11-21 20:04 . 2010-11-21 20:04 163972 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
    2010-11-21 19:49 . 2010-11-21 19:49 -------- d-----w- c:\program files\DIFX
    2010-11-21 19:49 . 2010-11-21 19:49 -------- d-----w- c:\program files\USB_video_device
    2010-11-21 19:02 . 2010-11-21 19:02 -------- d-----w- c:\documents and settings\Andre\Local Settings\Application Data\VHS to DVD
    2010-11-21 18:52 . 2010-11-21 18:53 -------- d-----w- c:\documents and settings\Andre\Application Data\Ulead Systems
    2010-11-21 18:51 . 2010-11-21 18:51 -------- d-----w- c:\program files\Fichiers communs\InterVideo
    2010-11-21 18:51 . 2010-11-21 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
    2010-11-21 18:51 . 2007-03-06 16:58 210456 ----a-w- c:\windows\system32\IVIresizeW7.dll
    2010-11-21 18:51 . 2007-03-06 16:58 194072 ----a-w- c:\windows\system32\IVIresizePX.dll
    2010-11-21 18:51 . 2007-03-06 16:58 198168 ----a-w- c:\windows\system32\IVIresizeP6.dll
    2010-11-21 18:51 . 2007-03-06 16:58 198168 ----a-w- c:\windows\system32\IVIresizeM6.dll
    2010-11-21 18:51 . 2007-03-06 16:58 206360 ----a-w- c:\windows\system32\IVIresizeA6.dll
    2010-11-21 18:51 . 2007-03-06 16:58 26136 ----a-w- c:\windows\system32\IVIresize.dll
    2010-11-21 18:51 . 2000-01-04 11:39 212992 ----a-w- c:\program files\Fichiers communs\InstallShield\Engine\6\Intel 32\ILog.dll
    2010-11-21 18:48 . 2010-11-21 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
    2010-11-21 18:48 . 2010-11-21 18:50 -------- d-----w- c:\program files\Fichiers communs\Ulead Systems
    2010-11-21 18:48 . 2010-11-21 18:48 -------- d-----w- c:\program files\Ulead Systems
    2010-11-21 18:17 . 2010-11-21 18:17 -------- d-----w- c:\program files\honestech VHS to DVD 2.0 SE
    2010-11-21 18:16 . 2010-11-21 18:16 -------- d-----w- c:\program files\honestech
    2010-11-21 18:15 . 2010-04-16 18:59 236168 ----a-w- c:\windows\system32\StkCProp.ax
    2010-11-21 18:15 . 2010-03-30 01:35 84616 ----a-w- c:\windows\StkUnist.exe
    2010-11-21 18:15 . 2010-03-27 01:24 55944 ----a-w- c:\windows\system32\StkSSrv.dll
    2010-11-21 18:15 . 2010-03-27 01:24 76424 ----a-w- c:\windows\system32\StkCWIA.dll
    2010-11-21 18:15 . 2010-03-27 01:23 31368 ----a-w- c:\windows\system32\StkCSrv.exe
    2010-11-21 18:15 . 2010-03-27 01:23 113288 ----a-w- c:\windows\StkC112X.exe
    2010-11-21 18:15 . 2009-06-11 20:15 347152 ----a-w- c:\windows\VideoView.exe
    2010-11-21 18:15 . 2010-05-28 22:43 25608 ----a-w- c:\windows\system32\drivers\StkCSam.sys
    2010-11-21 18:15 . 2009-05-03 20:04 197648 ----a-w- c:\windows\system32\drivers\StkCSF.sys
    2010-11-21 18:15 . 2010-06-07 21:02 1579144 ----a-w- c:\windows\system32\drivers\StkCMini.sys
    2010-11-21 18:15 . 2010-03-26 20:43 13874824 ----a-w- c:\windows\system32\drivers\StkCPipe.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-29 01:24 . 2010-10-29 01:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-10-29 01:24 . 2010-10-29 01:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-21 22:48 . 2010-10-21 22:48 1294336 ----a-w- c:\windows\system32\SET115.tmp
    2010-10-19 20:51 . 2010-07-20 18:54 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-18 16:23 . 2004-08-19 21:09 974848 ------w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-19 21:09 974848 ------w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2002-08-30 12:00 954368 ------w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2002-08-30 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:50 . 2004-08-19 21:09 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:50 . 2004-08-19 21:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-10 05:50 . 2004-08-19 21:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-07 15:12 . 2010-10-09 16:01 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2008-01-25 22:05 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2008-01-25 22:05 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2008-04-15 23:20 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2008-01-25 22:05 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2008-01-25 22:05 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-07 14:47 . 2008-01-25 22:05 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-07 14:47 . 2008-04-15 23:20 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-07 14:46 . 2008-01-25 22:05 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-09-01 11:51 . 2004-08-19 21:08 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-09-01 07:55 . 2004-08-19 21:00 1852928 ------w- c:\windows\system32\win32k.sys
    2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-11-27 274224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-27 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-27 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-27 150040]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-12 185872]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
    "UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
    "ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    TotalMedia BackUp & Recorder Monitor.lnk - c:\program files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe [2010-11-26 286720]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-10-02 23:45 87352 ----a-w- c:\windows\system32\LMIinit.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Andre^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
    path=c:\documents and settings\Andre\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
    backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-15 06:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
    2010-03-20 17:19 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2009-08-19 14:15 1217784 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2010-11-27 02:02 274224 ----a-w- c:\program files\uTorrent\uTorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MyWebSearchService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
    "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmDedicatedServer\\TrackManiaServer.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Media Components\\Encoder\\wmenc.exe"=
    "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\SquawkBox\\squawkbox_fs.exe"=
    "c:\\Program Files\\FSFDT\\FWInn\\FWINN.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
    "c:\\Program Files\\Net Tools\\nettools5.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3306:TCP"= 3306:TCP:MySQL Server
    "56838:TCP"= 56838:TCP:p ando Media Booster
    "56838:UDP"= 56838:UDP:p ando Media Booster
    "47624:TCP"= 47624:TCP:Yay
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundTimestampRequest"= 1 (0x1)
    "AllowInboundMaskRequest"= 1 (0x1)
    "AllowInboundRouterRequest"= 1 (0x1)
    "AllowOutboundDestinationUnreachable"= 1 (0x1)
    "AllowOutboundSourceQuench"= 1 (0x1)
    "AllowOutboundParameterProblem"= 1 (0x1)
    "AllowOutboundTimeExceeded"= 1 (0x1)
    "AllowRedirect"= 1 (0x1)
    "AllowOutboundPacketTooBig"= 1 (0x1)

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-04-26 207280]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-08-16 691696]
    R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-11-26 91264]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-04-15 165584]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-07-29 115008]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-08-03 95896]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-15 17744]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-04-26 198608]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-04-26 365280]
    R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-11-26 36224]
    R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
    S0 xdrmkdii;xdrmkdii;c:\windows\system32\drivers\qweoyvaz.sys --> c:\windows\system32\drivers\qweoyvaz.sys [?]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
    S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
    S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
    S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
    S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 136176]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
    S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;"c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" --> c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [?]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-14 34448]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
    S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [2010-11-21 1579144]
    S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-11-26 134912]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - ArcRec

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contenu du dossier 'Tâches planifiées'

    2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 16:02]

    2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 16:02]

    2009-08-11 c:\windows\Tasks\NSSstub.job
    - c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-07-08 16:24]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.bigseekpro.com/hypercam/{4328C0FE-3F76-4D6A-98FD-C805966A5C42}
    uInternet Settings,ProxyOverride = <local>
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\Andre\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    LSP: c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://gogo.hangame.com/common/HanSetup1010.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    FF - ProfilePath - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\
    FF - prefs.js: browser.search.selectedEngine - DAEMON Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.swagbucks.com/
    FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: IDM FlashPlugin: flashplugin@idm - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\flashplugin@idm
    FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\Foxdie@tanjihay.com
    FF - Extension: Foxdie (Graphite): FoxdieGraphite@tanjihay.com - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\FoxdieGraphite@tanjihay.com
    FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\foxdie_ext_ocelot@foxdie.us
    FF - Extension: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
    FF - Extension: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
    FF - Extension: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
    FF - Extension: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
    FF - Extension: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
    FF - Extension: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
    FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    FF - Extension: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Extension: JSView: {cf15270e-cf08-4def-b4ea-6a5ac23f3bca} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}
    FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Extension: FoxReplace: fox@replace.fx - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\fox@replace.fx
    FF - Extension: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\noia2_option@kk.noia
    FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

    ---- PARAMETRES FIREFOX ----
    pref(dom.disable_open_during_load, true);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    URLSearchHooks-{1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\PHPNukeFR\tbPHP1.dll
    BHO-{1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\PHPNukeFR\tbPHP1.dll
    BHO-{3d0057a9-f084-429b-a8b0-ad5fd7b03b9b} - (no file)
    Toolbar-SITEguard - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
    Toolbar-{1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\PHPNukeFR\tbPHP1.dll
    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    WebBrowser-{A057A204-BACC-4D26-9A9E-3AF287E2699B} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
    HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    Notify-avgrsstarter - avgrsstx.dll
    MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
    MSConfigStartUp-AppleSyncNotifier - c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
    MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
    AddRemove-DVA ACARS 2 - c:\program files\Delta Virtual\ACARSv2\DVA-ACARS2-Uninst.exe
    AddRemove-HijackThis - j:\cleaning\HijackThis.exe
    AddRemove-MOV to AVI MPEG WMV Converter_is1 - c:\program files\MOV to AVI MPEG WMV Converter\unins000.exe
    AddRemove-PHPNukeFR Toolbar - c:\progra~1\PHPNUK~1\UNWISE.EXE
    AddRemove-SUPER © - c:\progra~1\ERIGHT~1\SUPER\Setup.exe
    AddRemove-{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1 - c:\program files\Free Video Cutter\unins000.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-29 19:40
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-3193426433-2467464653-2156346605-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C038FD21-7045-A7F2-9DBB-E4312ED84029}*]
    "hapbfpdpjgnibnho"=hex:6a,61,6a,6a,69,6a,63,69,6f,69,6c,6b,69,63,67,68,62,64,
    67,67,00,22
    "iafldilakpibmgnmgn"=hex:63,61,6c,67,6a,69,00,7c
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1900)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll

    - - - - - - - > 'lsass.exe'(1956)
    c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll

    - - - - - - - > 'explorer.exe'(3968)
    c:\program files\Unlocker\UnlockerHook.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\System32\StkASv2K.exe
    c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\igfxsrvc.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-11-29 19:46:53 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-11-30 00:46

    Avant-CF: 11 021 352 960 octets libres
    Après-CF: 13 753 794 560 octets libres

    - - End Of File - - EAF7D24261539942B430FEB453DA10FB
    30 Novembre 2010 11:01:51

    re

    Je t'ai demandé de virer les restes d'avg8 et eset nod 32...

    tu ne l'as pas fait, donc tu le fais maintenant. :o 
    http://assiste.forum.free.fr/viewtopic.php?t=14926


    Copie (Ctrl+C) le texte ci-dessous :
    Driver::
    drmkdii

    File::
    c:\windows\system32\drivers\qweoyvaz.sys



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Combofix se lance, laisse toi guider..

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    ++++++++++++++++++****************

    * Fais un scan en ligne Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera et copie_colle le rapport dans ta prochaine reponse
    http://www.malekal.com/scan_Av_en_ligne.php#mozTocId291...
    1 Décembre 2010 01:27:44

    ComboFix 10-11-30.02 - André 2010-11-30 19:13:41.3.2 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1014.457 [GMT -5:00]
    Lancé depuis: c:\documents and settings\Andre\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Andre\Bureau\CFScript.txt
    AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    "c:\windows\system32\drivers\qweoyvaz.sys"
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-11-01 au 2010-12-01 ))))))))))))))))))))))))))))))))))))
    .

    2010-11-30 12:31 . 2010-11-30 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2010-11-30 00:00 . 2010-11-30 00:00 -------- d-----w- c:\program files\Unlocker
    2010-11-27 02:22 . 2007-11-06 18:22 36224 ----a-w- c:\windows\system32\drivers\ArcCD.sys
    2010-11-27 02:22 . 2007-04-25 13:55 134912 ----a-w- c:\windows\system32\drivers\ArcUdfs.sys
    2010-11-27 02:22 . 2007-04-24 16:33 7680 ----a-w- c:\windows\system32\drivers\ArcRec.sys
    2010-11-27 02:22 . 2005-02-23 19:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
    2010-11-27 02:21 . 2009-08-13 16:45 91264 ----a-w- c:\windows\system32\drivers\ArcHlp.sys
    2010-11-27 02:21 . 2008-08-08 21:31 61440 ----a-w- c:\windows\system32\MMCEDT.exe
    2010-11-27 02:20 . 2010-11-27 02:23 -------- d-----w- c:\documents and settings\Andre\Local Settings\Application Data\ArcSoft
    2010-11-27 02:20 . 2010-11-28 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
    2010-11-27 02:20 . 2010-11-27 02:20 -------- d-----w- c:\program files\ArcSoft
    2010-11-27 02:20 . 2007-04-19 14:39 256768 ----a-w- c:\windows\system32\MSLURT.dll
    2010-11-27 02:20 . 2007-04-19 14:39 400128 ----a-w- c:\windows\system32\MSLUP60.dll
    2010-11-26 13:39 . 2010-11-26 13:39 -------- d-----w- c:\program files\Velvetmatter
    2010-11-23 00:29 . 2010-11-23 00:29 -------- d-----w- c:\documents and settings\Andre\Application Data\Process Hacker 2
    2010-11-21 20:06 . 2010-11-21 20:06 -------- d-----w- c:\program files\Noel Danjou
    2010-11-21 20:04 . 2006-05-24 04:48 24576 ----a-w- c:\windows\system32\StkAUSD.dll
    2010-11-21 20:04 . 2002-12-05 19:12 692224 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
    2010-11-21 20:04 . 2002-12-05 19:10 155648 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
    2010-11-21 20:04 . 2002-12-02 20:22 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
    2010-11-21 20:04 . 2002-12-02 18:33 57344 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
    2010-11-21 20:04 . 2002-12-02 18:33 237568 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
    2010-11-21 20:04 . 2010-11-21 20:04 282756 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
    2010-11-21 20:04 . 2010-11-21 20:04 163972 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
    2010-11-21 19:49 . 2010-11-21 19:49 -------- d-----w- c:\program files\DIFX
    2010-11-21 19:49 . 2010-11-21 19:49 -------- d-----w- c:\program files\USB_video_device
    2010-11-21 19:02 . 2010-11-21 19:02 -------- d-----w- c:\documents and settings\Andre\Local Settings\Application Data\VHS to DVD
    2010-11-21 18:52 . 2010-11-21 18:53 -------- d-----w- c:\documents and settings\Andre\Application Data\Ulead Systems
    2010-11-21 18:51 . 2010-11-21 18:51 -------- d-----w- c:\program files\Fichiers communs\InterVideo
    2010-11-21 18:51 . 2010-11-21 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
    2010-11-21 18:51 . 2007-03-06 16:58 210456 ----a-w- c:\windows\system32\IVIresizeW7.dll
    2010-11-21 18:51 . 2007-03-06 16:58 194072 ----a-w- c:\windows\system32\IVIresizePX.dll
    2010-11-21 18:51 . 2007-03-06 16:58 198168 ----a-w- c:\windows\system32\IVIresizeP6.dll
    2010-11-21 18:51 . 2007-03-06 16:58 198168 ----a-w- c:\windows\system32\IVIresizeM6.dll
    2010-11-21 18:51 . 2007-03-06 16:58 206360 ----a-w- c:\windows\system32\IVIresizeA6.dll
    2010-11-21 18:51 . 2007-03-06 16:58 26136 ----a-w- c:\windows\system32\IVIresize.dll
    2010-11-21 18:51 . 2000-01-04 11:39 212992 ----a-w- c:\program files\Fichiers communs\InstallShield\Engine\6\Intel 32\ILog.dll
    2010-11-21 18:48 . 2010-11-21 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
    2010-11-21 18:48 . 2010-11-21 18:50 -------- d-----w- c:\program files\Fichiers communs\Ulead Systems
    2010-11-21 18:48 . 2010-11-21 18:48 -------- d-----w- c:\program files\Ulead Systems
    2010-11-21 18:17 . 2010-11-21 18:17 -------- d-----w- c:\program files\honestech VHS to DVD 2.0 SE
    2010-11-21 18:16 . 2010-11-21 18:16 -------- d-----w- c:\program files\honestech
    2010-11-21 18:15 . 2010-04-16 18:59 236168 ----a-w- c:\windows\system32\StkCProp.ax
    2010-11-21 18:15 . 2010-03-30 01:35 84616 ----a-w- c:\windows\StkUnist.exe
    2010-11-21 18:15 . 2010-03-27 01:24 55944 ----a-w- c:\windows\system32\StkSSrv.dll
    2010-11-21 18:15 . 2010-03-27 01:24 76424 ----a-w- c:\windows\system32\StkCWIA.dll
    2010-11-21 18:15 . 2010-03-27 01:23 31368 ----a-w- c:\windows\system32\StkCSrv.exe
    2010-11-21 18:15 . 2010-03-27 01:23 113288 ----a-w- c:\windows\StkC112X.exe
    2010-11-21 18:15 . 2009-06-11 20:15 347152 ----a-w- c:\windows\VideoView.exe
    2010-11-21 18:15 . 2010-05-28 22:43 25608 ----a-w- c:\windows\system32\drivers\StkCSam.sys
    2010-11-21 18:15 . 2009-05-03 20:04 197648 ----a-w- c:\windows\system32\drivers\StkCSF.sys
    2010-11-21 18:15 . 2010-06-07 21:02 1579144 ----a-w- c:\windows\system32\drivers\StkCMini.sys
    2010-11-21 18:15 . 2010-03-26 20:43 13874824 ----a-w- c:\windows\system32\drivers\StkCPipe.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-29 01:24 . 2010-10-29 01:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-10-29 01:24 . 2010-10-29 01:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-21 22:48 . 2010-10-21 22:48 1294336 ----a-w- c:\windows\system32\SET115.tmp
    2010-10-19 20:51 . 2010-07-20 18:54 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-18 16:23 . 2004-08-19 21:09 974848 ------w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-19 21:09 974848 ------w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2002-08-30 12:00 954368 ------w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2002-08-30 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:50 . 2004-08-19 21:09 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:50 . 2004-08-19 21:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-10 05:50 . 2004-08-19 21:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-07 15:12 . 2010-10-09 16:01 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2008-01-25 22:05 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2008-01-25 22:05 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2008-04-15 23:20 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2008-01-25 22:05 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2008-01-25 22:05 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-07 14:47 . 2008-01-25 22:05 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-07 14:47 . 2008-04-15 23:20 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-07 14:46 . 2008-01-25 22:05 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-11-30_23.23.11 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-30 23:51 . 2010-11-30 23:51 16384 c:\windows\Temp\Perflib_Perfdata_294.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1c491116-c175-45e1-a570-6fb14fea8b7b}"= "c:\program files\PHPNukeFR\tbPHP1.dll" [BU]

    [HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
    c:\program files\PHPNukeFR\tbPHP1.dll [BU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1c491116-c175-45e1-a570-6fb14fea8b7b}"= "c:\program files\PHPNukeFR\tbPHP1.dll" [BU]

    [HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [BU]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-11-27 274224]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-27 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-27 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-27 150040]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-12 185872]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
    "UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
    "ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    TotalMedia BackUp & Recorder Monitor.lnk - c:\program files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe [2010-11-26 286720]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-10-02 23:45 87352 ----a-w- c:\windows\system32\LMIinit.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Andre^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
    path=c:\documents and settings\Andre\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
    backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-15 06:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    c:\program files\DAEMON Tools Lite\daemon.exe [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
    2010-03-20 17:19 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2009-08-19 14:15 1217784 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2010-11-27 02:02 274224 ----a-w- c:\program files\uTorrent\uTorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MyWebSearchService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "ekrn"=2 (0x2)
    "EhttpSrv"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
    "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmDedicatedServer\\TrackManiaServer.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Media Components\\Encoder\\wmenc.exe"=
    "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\SquawkBox\\squawkbox_fs.exe"=
    "c:\\Program Files\\FSFDT\\FWInn\\FWINN.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
    "c:\\Program Files\\Net Tools\\nettools5.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3306:TCP"= 3306:TCP:MySQL Server
    "56838:TCP"= 56838:TCP:p ando Media Booster
    "56838:UDP"= 56838:UDP:p ando Media Booster
    "47624:TCP"= 47624:TCP:Yay
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundTimestampRequest"= 1 (0x1)
    "AllowInboundMaskRequest"= 1 (0x1)
    "AllowInboundRouterRequest"= 1 (0x1)
    "AllowOutboundDestinationUnreachable"= 1 (0x1)
    "AllowOutboundSourceQuench"= 1 (0x1)
    "AllowOutboundParameterProblem"= 1 (0x1)
    "AllowOutboundTimeExceeded"= 1 (0x1)
    "AllowRedirect"= 1 (0x1)
    "AllowOutboundPacketTooBig"= 1 (0x1)

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-04-26 207280]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-08-16 691696]
    R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-11-26 91264]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-04-15 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-15 17744]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-04-26 198608]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-04-26 365280]
    R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-11-26 36224]
    R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
    S0 xdrmkdii;xdrmkdii;c:\windows\system32\drivers\qweoyvaz.sys --> c:\windows\system32\drivers\qweoyvaz.sys [?]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
    S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 136176]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
    S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;"c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" --> c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [?]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-14 34448]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
    S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [2010-11-21 1579144]
    S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-11-26 134912]
    S4 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - EKRN
    *Deregistered* - ArcRec

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contenu du dossier 'Tâches planifiées'

    2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 16:02]

    2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 16:02]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.bigseekpro.com/hypercam/{4328C0FE-3F76-4D6A-98FD-C805966A5C42}
    uInternet Settings,ProxyOverride = <local>
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\Andre\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    LSP: c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://gogo.hangame.com/common/HanSetup1010.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    FF - ProfilePath - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\
    FF - prefs.js: browser.search.selectedEngine - DAEMON Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.swagbucks.com/
    FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: IDM FlashPlugin: flashplugin@idm - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\flashplugin@idm
    FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\Foxdie@tanjihay.com
    FF - Extension: Foxdie (Graphite): FoxdieGraphite@tanjihay.com - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\FoxdieGraphite@tanjihay.com
    FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\foxdie_ext_ocelot@foxdie.us
    FF - Extension: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
    FF - Extension: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
    FF - Extension: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
    FF - Extension: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
    FF - Extension: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
    FF - Extension: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
    FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    FF - Extension: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Extension: JSView: {cf15270e-cf08-4def-b4ea-6a5ac23f3bca} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}
    FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Extension: FoxReplace: fox@replace.fx - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\fox@replace.fx
    FF - Extension: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\noia2_option@kk.noia
    FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

    ---- PARAMETRES FIREFOX ----
    pref(dom.disable_open_during_load, true);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-30 19:22
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-3193426433-2467464653-2156346605-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C038FD21-7045-A7F2-9DBB-E4312ED84029}*]
    "hapbfpdpjgnibnho"=hex:6a,61,6a,6a,69,6a,63,69,6f,69,6c,6b,69,63,67,68,62,64,
    67,67,00,22
    "iafldilakpibmgnmgn"=hex:63,61,6c,67,6a,69,00,7c
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1900)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll

    - - - - - - - > 'lsass.exe'(1956)
    c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll

    - - - - - - - > 'explorer.exe'(2540)
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    Heure de fin: 2010-11-30 19:26:01
    ComboFix-quarantined-files.txt 2010-12-01 00:25
    ComboFix2.txt 2010-11-30 23:28
    ComboFix3.txt 2010-11-30 00:46

    Avant-CF: 13 419 544 576 octets libres
    Après-CF: 13 405 016 064 octets libres

    - - End Of File - - BF37502B8587649B555D51E490B98802
    1 Décembre 2010 03:06:22

    Pour l'autre j'ai toujours cette erreur :


    Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.



    Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]
    2 Décembre 2010 03:30:26

    C:\Documents and Settings\Andre\Menu Démarrer\eBay.lnk Win32/Adware.ADON application nettoyé par suppression - mis en quarantaine
    C:\Documents and Settings\Andre\Mes documents\Downloads\Unlocker-1.9.0.exe Win32/Adware.ADON application supprimé - mis en quarantaine
    C:\System Volume Information\_restore{2145BA2F-3422-4F65-B755-040E6DE1893B}\RP1\A0000026.lnk Win32/Adware.ADON application nettoyé par suppression - mis en quarantaine
    C:\System Volume Information\_restore{2145BA2F-3422-4F65-B755-040E6DE1893B}\RP4\A0003869.lnk Win32/Adware.ADON application nettoyé par suppression - mis en quarantaine
    C:\System Volume Information\_restore{2145BA2F-3422-4F65-B755-040E6DE1893B}\RP4\A0003870.lnk Win32/Adware.ADON application nettoyé par suppression - mis en quarantaine
    C:\System Volume Information\_restore{81B163D5-8327-4267-B15D-C3450A502F9A}\RP117\A0080633.exe une variante probable de Win32/Agent.LBAGULZ cheval de troie nettoyé par suppression - mis en quarantaine
    C:\System Volume Information\_restore{81B163D5-8327-4267-B15D-C3450A502F9A}\RP117\A0080634.exe une variante probable de Win32/Agent.GSJCINI cheval de troie nettoyé par suppression - mis en quarantaine
    C:\System Volume Information\_restore{81B163D5-8327-4267-B15D-C3450A502F9A}\RP117\A0080637.ini Win32/Adware.Virtumonde.NEO application nettoyé par suppression - mis en quarantaine
    C:\System Volume Information\_restore{81B163D5-8327-4267-B15D-C3450A502F9A}\RP117\A0080638.ini Win32/Adware.Virtumonde.NEO application nettoyé par suppression - mis en quarantaine
    C:\System Volume Information\_restore{81B163D5-8327-4267-B15D-C3450A502F9A}\RP117\A0080639.exe une variante de Win32/HotSpotShield application nettoyé par suppression - mis en quarantaine
    2 Décembre 2010 20:41:00

    Bonsoir
    le rapport n'est pas complet....
    comment se comporte ton pc?
    2 Décembre 2010 22:49:45

    Mon PC se comporte exactement comme avant (incapable de travailler plus de 3 heures).
    Et le rapport n'est pas complet?
    Étrange, j'ai fait comme demandé. Je vais rebooter et recommencer.
    3 Décembre 2010 22:07:49

    re


    on va faire autrement

    Telecharge:: http://swandog46.geekstogo.com/avenger2/download.php
    http://swandog46.geekstogo.com/avenger2/avenger.zip

    • dezippe le , Lance le , executer en tant qu'administrateur sous vista



    Dans le cadre , sous Input Script here , copie_colle le contenu du cadre ci dessous et clic execute:


    Drivers to delete:
    xdrmkdii
    Files to delete:
    c:\windows\system32\drivers\qweoyvaz.sys


    * Après le re-démarrage, il crée un fichier log qui s'ouvrira,que tu posteras dans ta prochaine reponse, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt

    * The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip protégé par mot de passe ici : C:\avenger\backup.zip

    3 Décembre 2010 22:51:08

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    Driver "xdrmkdii" deleted successfully.

    Error: file "c:\windows\system32\drivers\qweoyvaz.sys" not found!
    Deletion of file "c:\windows\system32\drivers\qweoyvaz.sys" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Completed script processing.

    *******************

    Finished! Terminate.
    3 Décembre 2010 23:05:57

    re
    c'est le moment de faire vérifier tes composants dans cette section du forum:
    Section hardware

    Tiens-moi au courant
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS