Comment faire pour supprimer Trojan.Generic ?
Oxygen
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Depuis 1 semaine , mon pc est infecté pas un Trojan.Generic qui est précisément placer dans mon dossier system32 ! Je l'ai donc détecté grace a mon Anti-virus " Bullguard " mais il n'arrive pas a réparer ce probleme ... ni le mettre en quarantaine ! Que dois-je faire ?
Répondre assez vite svp , Je suis qq'un qui reste assez souvent sur son pc ! Et depuis qu'il est ralenti , je ne sais plus rien faire ...
Depuis 1 semaine , mon pc est infecté pas un Trojan.Generic qui est précisément placer dans mon dossier system32 ! Je l'ai donc détecté grace a mon Anti-virus " Bullguard " mais il n'arrive pas a réparer ce probleme ... ni le mettre en quarantaine ! Que dois-je faire ?
Répondre assez vite svp , Je suis qq'un qui reste assez souvent sur son pc ! Et depuis qu'il est ralenti , je ne sais plus rien faire ...
A voir également:
- Comment faire pour supprimer Trojan.Generic ?
- Supprimer rond bleu whatsapp - Guide
- Comment supprimer une page sur word - Guide
- Comment supprimer une application préinstallée sur android - Guide
- Supprimer pub youtube - Accueil - Streaming
- Fichier impossible à supprimer - Guide
36 réponses
Bonjour,
Pour voir cela:
Télécharge RSIT (de random/random) sur le bureau :
- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur "Continue" dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .
Les rapports sont dans le dossier ici C:\rsit
a+
Pour voir cela:
Télécharge RSIT (de random/random) sur le bureau :
- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur "Continue" dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .
Les rapports sont dans le dossier ici C:\rsit
a+
Oui alors voila le Log + Info :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Utilisateur at 2010-02-06 18:52:12
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 240 GB (79%) free of 305 GB
Total RAM: 2046 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:57, on 6/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Blaze Media Pro\NMSAccess32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Utilisateur\Mes documents\Programe + Jeux\RSIT.exe
C:\Program Files\trend micro\Utilisateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.proximus.be/pickx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [track monitor] C:\Program Files\MSN Track Monitor\msntrack.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Utilisateur at 2010-02-06 18:52:12
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 240 GB (79%) free of 305 GB
Total RAM: 2046 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:57, on 6/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Blaze Media Pro\NMSAccess32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Utilisateur\Mes documents\Programe + Jeux\RSIT.exe
C:\Program Files\trend micro\Utilisateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.proximus.be/pickx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [track monitor] C:\Program Files\MSN Track Monitor\msntrack.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Plusieurs infections....
---> Télécharge OTM (OldTimer) sur ton Bureau :
http: http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :
:Service
Boonty Games
:files
c:\program files\msn track monitor\msntrack.exe
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"track monitor"=-
:commands
[purity]
[emptytemp]
[Reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre:
Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Ensuite:
Télécharge USBFIX
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 2 " (suppression) et tape sur [entrée]
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
a+
........
---> Télécharge OTM (OldTimer) sur ton Bureau :
http: http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :
:Service
Boonty Games
:files
c:\program files\msn track monitor\msntrack.exe
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"track monitor"=-
:commands
[purity]
[emptytemp]
[Reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre:
Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Ensuite:
Télécharge USBFIX
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 2 " (suppression) et tape sur [entrée]
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
a+
........
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voila le rapport : ( je te l'envoi quand meme )
################## | Elements infectieux |
Supprimé ! C:\log.txt
Supprimé ! C:\$Recycle.Bin\S-1-5-18
Supprimé ! C:\Recycler\S-1-5-21-1477743597-2600872371-2775121126-1004
Non supprimé ! D:\drivers
Non supprimé ! D:\autorun.inf
################## | Registre |
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\L\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{e102eee0-4219-11de-90e8-000e50a771a7}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[18/12/2008 13:19|--a------|0] C:\AUTOEXEC.BAT
[23/02/2009 13:44|-rahs----|216] C:\boot.ini
[02/03/2006 13:00|-rahs----|4952] C:\Bootfont.bin
[18/12/2008 13:19|--a------|0] C:\CONFIG.SYS
[07/11/2007 07:00|--a------|17734] C:\eula.1028.txt
[07/11/2007 07:00|--a------|17734] C:\eula.1031.txt
[07/11/2007 07:00|--a------|10134] C:\eula.1033.txt
[07/11/2007 07:00|--a------|17734] C:\eula.1036.txt
[07/11/2007 07:00|--a------|17734] C:\eula.1040.txt
[07/11/2007 07:00|--a------|118] C:\eula.1041.txt
[07/11/2007 07:00|--a------|17734] C:\eula.1042.txt
[07/11/2007 07:00|--a------|17734] C:\eula.2052.txt
[07/11/2007 07:00|--a------|17734] C:\eula.3082.txt
[30/12/2009 23:03|--a------|0] C:\fftoutput.txt
[07/11/2007 07:00|--a------|1110] C:\globdata.ini
[07/11/2007 07:03|--a------|562688] C:\install.exe
[07/11/2007 07:00|--a------|843] C:\install.ini
[07/11/2007 07:03|--a------|76304] C:\install.res.1028.dll
[07/11/2007 07:03|--a------|96272] C:\install.res.1031.dll
[07/11/2007 07:03|--a------|91152] C:\install.res.1033.dll
[07/11/2007 07:03|--a------|97296] C:\install.res.1036.dll
[07/11/2007 07:03|--a------|95248] C:\install.res.1040.dll
[07/11/2007 07:03|--a------|81424] C:\install.res.1041.dll
[07/11/2007 07:03|--a------|79888] C:\install.res.1042.dll
[07/11/2007 07:03|--a------|75792] C:\install.res.2052.dll
[07/11/2007 07:03|--a------|96272] C:\install.res.3082.dll
[18/12/2008 13:19|-rahs----|0] C:\IO.SYS
[17/09/2009 15:18|--a------|249404] C:\MDL 2.0 Debug.txt
[18/12/2008 13:19|-rahs----|0] C:\MSDOS.SYS
[02/03/2006 13:00|-rahs----|47564] C:\NTDETECT.COM
[18/12/2008 13:48|-rahs----|252240] C:\ntldr
[29/02/2004 16:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[06/02/2010 20:26|--a------|4244] C:\UsbFix.txt
[07/11/2007 07:00|--a------|5686] C:\vcredist.bmp
[07/11/2007 07:09|--a------|1442522] C:\VC_RED.cab
[07/11/2007 07:12|--a------|232960] C:\VC_RED.MSI
[07/01/2005 18:28|-r-------|86016] D:\Cleanup.exe
[07/01/2005 18:28|-r-------|27] D:\autorun.inf
[07/01/2005 18:28|-r-------|1286144] D:\bcont.exe
[07/01/2005 18:28|-r-------|3262] D:\bcont.ico
[15/04/2005 15:00|-r-------|4140] D:\bcont.ini
[07/01/2005 18:28|-r-------|5] D:\setup.bat
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix .
################## | Elements infectieux |
Supprimé ! C:\log.txt
Supprimé ! C:\$Recycle.Bin\S-1-5-18
Supprimé ! C:\Recycler\S-1-5-21-1477743597-2600872371-2775121126-1004
Non supprimé ! D:\drivers
Non supprimé ! D:\autorun.inf
################## | Registre |
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\L\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{e102eee0-4219-11de-90e8-000e50a771a7}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[18/12/2008 13:19|--a------|0] C:\AUTOEXEC.BAT
[23/02/2009 13:44|-rahs----|216] C:\boot.ini
[02/03/2006 13:00|-rahs----|4952] C:\Bootfont.bin
[18/12/2008 13:19|--a------|0] C:\CONFIG.SYS
[07/11/2007 07:00|--a------|17734] C:\eula.1028.txt
[07/11/2007 07:00|--a------|17734] C:\eula.1031.txt
[07/11/2007 07:00|--a------|10134] C:\eula.1033.txt
[07/11/2007 07:00|--a------|17734] C:\eula.1036.txt
[07/11/2007 07:00|--a------|17734] C:\eula.1040.txt
[07/11/2007 07:00|--a------|118] C:\eula.1041.txt
[07/11/2007 07:00|--a------|17734] C:\eula.1042.txt
[07/11/2007 07:00|--a------|17734] C:\eula.2052.txt
[07/11/2007 07:00|--a------|17734] C:\eula.3082.txt
[30/12/2009 23:03|--a------|0] C:\fftoutput.txt
[07/11/2007 07:00|--a------|1110] C:\globdata.ini
[07/11/2007 07:03|--a------|562688] C:\install.exe
[07/11/2007 07:00|--a------|843] C:\install.ini
[07/11/2007 07:03|--a------|76304] C:\install.res.1028.dll
[07/11/2007 07:03|--a------|96272] C:\install.res.1031.dll
[07/11/2007 07:03|--a------|91152] C:\install.res.1033.dll
[07/11/2007 07:03|--a------|97296] C:\install.res.1036.dll
[07/11/2007 07:03|--a------|95248] C:\install.res.1040.dll
[07/11/2007 07:03|--a------|81424] C:\install.res.1041.dll
[07/11/2007 07:03|--a------|79888] C:\install.res.1042.dll
[07/11/2007 07:03|--a------|75792] C:\install.res.2052.dll
[07/11/2007 07:03|--a------|96272] C:\install.res.3082.dll
[18/12/2008 13:19|-rahs----|0] C:\IO.SYS
[17/09/2009 15:18|--a------|249404] C:\MDL 2.0 Debug.txt
[18/12/2008 13:19|-rahs----|0] C:\MSDOS.SYS
[02/03/2006 13:00|-rahs----|47564] C:\NTDETECT.COM
[18/12/2008 13:48|-rahs----|252240] C:\ntldr
[29/02/2004 16:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[06/02/2010 20:26|--a------|4244] C:\UsbFix.txt
[07/11/2007 07:00|--a------|5686] C:\vcredist.bmp
[07/11/2007 07:09|--a------|1442522] C:\VC_RED.cab
[07/11/2007 07:12|--a------|232960] C:\VC_RED.MSI
[07/01/2005 18:28|-r-------|86016] D:\Cleanup.exe
[07/01/2005 18:28|-r-------|27] D:\autorun.inf
[07/01/2005 18:28|-r-------|1286144] D:\bcont.exe
[07/01/2005 18:28|-r-------|3262] D:\bcont.ico
[15/04/2005 15:00|-r-------|4140] D:\bcont.ini
[07/01/2005 18:28|-r-------|5] D:\setup.bat
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix .
Comment veux-tu que je le sache sans les rapports !!!
Tu les trouveras ici:
OTM :
C:\_OTMoveIt\MovedFiles\
USBFIX:
C:\UsbFix.txt
Poste moi ces deux rapports stp....
a+
........
Tu les trouveras ici:
OTM :
C:\_OTMoveIt\MovedFiles\
USBFIX:
C:\UsbFix.txt
Poste moi ces deux rapports stp....
a+
........
Et sa c'est l'analyse de mon virus :
___________________________________________________________
BullGuard Scan Report
Scan Profile: "~10"
___________________________________________________________
----[ System Info ]------------
OS Version: Windows XP Home Edition - Service Pack 3 (Build 2600) [2 * x86 CPUs]
Physical memory: 2048 MB
System up-time: 0 days, 00 hours, 17 minutes, 48 seconds
BullGuard up-time: 0 days, 00 hours, 25 minutes, 42 seconds
TopLayer Version: 8, 7, 1, 17
FileSpy5 Version: N/A
BdFileSpy Version: 3.14.0.64 built by: WinDDK
BsFileScan Version: 8, 5, 0, 71
Reconn Version: N/A
MailProxy Version: 8, 5, 0, 21
AntiVirus Version: 8, 7, 0, 50
----[ Scan Parameters ]------------
Folders to scan:
C:\WINDOWS\system32
Excluded folders:
None
Files to scan:
None
Scan type:
[o] Scan all files
[ ] Scan program files only
[ ] Scan custom extensions:
[ ] Exclude user extensions:
[ ] Scan boot sectors
[X] Scan packed files
[X] Scan archives
[X] Scan emails
[ ] Scan running processes
[ ] Scan registry
[ ] Scan IE cookies
[X] Enable heuristic detection
[ ] Scan default action
___________________________________________________________
Scan Statistics
___________________________________________________________
Scan started: Saturday, February 06, 2010 20:39:27
Scan duration: 0 days, 00 hours, 02 minutes, 19 seconds
Completion status: Successful
Total files scanned: 6437
Total files skipped: 10
Identified viruses: 1
Scan speed: 46.31 files/sec
Files skipped:
C:\WINDOWS\system32\config\default [Open Failed]
C:\WINDOWS\system32\config\default.LOG [Open Failed]
C:\WINDOWS\system32\config\SAM [Open Failed]
C:\WINDOWS\system32\config\SAM.LOG [Open Failed]
C:\WINDOWS\system32\config\SECURITY [Open Failed]
C:\WINDOWS\system32\config\SECURITY.LOG [Open Failed]
C:\WINDOWS\system32\config\software [Open Failed]
C:\WINDOWS\system32\config\software.LOG [Open Failed]
C:\WINDOWS\system32\config\system [Open Failed]
C:\WINDOWS\system32\config\system.LOG [Open Failed]
___________________________________________________________
Infected Files
___________________________________________________________
----[ Infected Files ]------------
Malware: Trojan.Generic.2887322
C:\WINDOWS\system32=>:winsystem32.exe
___________________________________________________________
Results after ROUND 0
___________________________________________________________
Scan started: Saturday, February 06, 2010 20:37:08
Scan duration: 0 days, 00 hours, 02 minutes, 19 seconds
Infections solved: 0
Infections left: 1
Viruses left: 1
----[ Files Still Infected ]------------
Malware: Trojan.Generic.2887322
C:\WINDOWS\system32=>:winsystem32.exe
___________________________________________________________
BullGuard Scan Report
Scan Profile: "~10"
___________________________________________________________
----[ System Info ]------------
OS Version: Windows XP Home Edition - Service Pack 3 (Build 2600) [2 * x86 CPUs]
Physical memory: 2048 MB
System up-time: 0 days, 00 hours, 17 minutes, 48 seconds
BullGuard up-time: 0 days, 00 hours, 25 minutes, 42 seconds
TopLayer Version: 8, 7, 1, 17
FileSpy5 Version: N/A
BdFileSpy Version: 3.14.0.64 built by: WinDDK
BsFileScan Version: 8, 5, 0, 71
Reconn Version: N/A
MailProxy Version: 8, 5, 0, 21
AntiVirus Version: 8, 7, 0, 50
----[ Scan Parameters ]------------
Folders to scan:
C:\WINDOWS\system32
Excluded folders:
None
Files to scan:
None
Scan type:
[o] Scan all files
[ ] Scan program files only
[ ] Scan custom extensions:
[ ] Exclude user extensions:
[ ] Scan boot sectors
[X] Scan packed files
[X] Scan archives
[X] Scan emails
[ ] Scan running processes
[ ] Scan registry
[ ] Scan IE cookies
[X] Enable heuristic detection
[ ] Scan default action
___________________________________________________________
Scan Statistics
___________________________________________________________
Scan started: Saturday, February 06, 2010 20:39:27
Scan duration: 0 days, 00 hours, 02 minutes, 19 seconds
Completion status: Successful
Total files scanned: 6437
Total files skipped: 10
Identified viruses: 1
Scan speed: 46.31 files/sec
Files skipped:
C:\WINDOWS\system32\config\default [Open Failed]
C:\WINDOWS\system32\config\default.LOG [Open Failed]
C:\WINDOWS\system32\config\SAM [Open Failed]
C:\WINDOWS\system32\config\SAM.LOG [Open Failed]
C:\WINDOWS\system32\config\SECURITY [Open Failed]
C:\WINDOWS\system32\config\SECURITY.LOG [Open Failed]
C:\WINDOWS\system32\config\software [Open Failed]
C:\WINDOWS\system32\config\software.LOG [Open Failed]
C:\WINDOWS\system32\config\system [Open Failed]
C:\WINDOWS\system32\config\system.LOG [Open Failed]
___________________________________________________________
Infected Files
___________________________________________________________
----[ Infected Files ]------------
Malware: Trojan.Generic.2887322
C:\WINDOWS\system32=>:winsystem32.exe
___________________________________________________________
Results after ROUND 0
___________________________________________________________
Scan started: Saturday, February 06, 2010 20:37:08
Scan duration: 0 days, 00 hours, 02 minutes, 19 seconds
Infections solved: 0
Infections left: 1
Viruses left: 1
----[ Files Still Infected ]------------
Malware: Trojan.Generic.2887322
C:\WINDOWS\system32=>:winsystem32.exe
Otm :
All processes killed
Error: Unable to interpret <:Service > in the current context!
Error: Unable to interpret <Boonty Games > in the current context!
========== FILES ==========
c:\program files\msn track monitor\msntrack.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\track monitor deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33664 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 119185265 bytes
User: Utilisateur
->Temp folder emptied: 296394320 bytes
->Temporary Internet Files folder emptied: 2486313 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42737193 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148155 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53105 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23965852 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33661 bytes
RecycleBin emptied: 106843123 bytes
Total Files Cleaned = 566,00 mb
OTM by OldTimer - Version 3.1.8.0 log created on 02062010_201042
Files moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
Error: Unable to interpret <:Service > in the current context!
Error: Unable to interpret <Boonty Games > in the current context!
========== FILES ==========
c:\program files\msn track monitor\msntrack.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\track monitor deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33664 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 119185265 bytes
User: Utilisateur
->Temp folder emptied: 296394320 bytes
->Temporary Internet Files folder emptied: 2486313 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42737193 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148155 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53105 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23965852 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33661 bytes
RecycleBin emptied: 106843123 bytes
Total Files Cleaned = 566,00 mb
OTM by OldTimer - Version 3.1.8.0 log created on 02062010_201042
Files moved on Reboot...
Registry entries deleted on Reboot...
C'est sa ? :
############################## | UsbFix V6.091 |
User : Utilisateur (Administrateurs) # PC-SCATOLA
Update on 05/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 20:22:36 | 6/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : BullGuard Antivirus X.0 [ Enabled | Updated ]
FW : BullGuard Firewall[ Enabled ]X.0
C:\ -> Disque fixe local # 298,09 Go (234,84 Go free) [System] # NTFS
D:\ -> Disque CD-ROM # 524,54 Mo (0 Mo free) [BEI] # CDFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
################## | Elements infectieux |
Supprimé ! C:\log.txt
Supprimé ! C:\$Recycle.Bin\S-1-5-18
Supprimé ! C:\Recycler\S-1-5-21-1477743597-2600872371-2775121126-1004
Non supprimé ! D:\drivers
Non supprimé ! D:\autorun.inf
################## | Registre |
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\L\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{e102eee0-4219-11de-90e8-000e50a771a7}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[18/12/2008 13:19|--a------|0] C:\AUTOEXEC.BAT
[23/02/2009 13:44|-rahs----|216] C:\boot.ini
[02/03/2006 13:00|-rahs----|4952] C:\Bootfont.bin
[18/12/2008 13:19|--a------|0] C:\CONFIG.SYS
[07/11/2007 07:00|--a------|17734] C:\eula.1028.txt
[07/11/2007 07:00|--a------|17734] C:\eula.1031.txt
[07/11/2007 07:00|--a------|10134] C:\eula.1033.txt
[07/11/2007 07:00|--a------|17734] C:\eula.1036.txt
[07/11/2007 07:00|--a------|17734] C:\eula.1040.txt
[07/11/2007 07:00|--a------|118] C:\eula.1041.txt
[07/11/2007 07:00|--a------|17734] C:\eula.1042.txt
[07/11/2007 07:00|--a------|17734] C:\eula.2052.txt
[07/11/2007 07:00|--a------|17734] C:\eula.3082.txt
[30/12/2009 23:03|--a------|0] C:\fftoutput.txt
[07/11/2007 07:00|--a------|1110] C:\globdata.ini
[07/11/2007 07:03|--a------|562688] C:\install.exe
[07/11/2007 07:00|--a------|843] C:\install.ini
[07/11/2007 07:03|--a------|76304] C:\install.res.1028.dll
[07/11/2007 07:03|--a------|96272] C:\install.res.1031.dll
[07/11/2007 07:03|--a------|91152] C:\install.res.1033.dll
[07/11/2007 07:03|--a------|97296] C:\install.res.1036.dll
[07/11/2007 07:03|--a------|95248] C:\install.res.1040.dll
[07/11/2007 07:03|--a------|81424] C:\install.res.1041.dll
[07/11/2007 07:03|--a------|79888] C:\install.res.1042.dll
[07/11/2007 07:03|--a------|75792] C:\install.res.2052.dll
[07/11/2007 07:03|--a------|96272] C:\install.res.3082.dll
[18/12/2008 13:19|-rahs----|0] C:\IO.SYS
[17/09/2009 15:18|--a------|249404] C:\MDL 2.0 Debug.txt
[18/12/2008 13:19|-rahs----|0] C:\MSDOS.SYS
[02/03/2006 13:00|-rahs----|47564] C:\NTDETECT.COM
[18/12/2008 13:48|-rahs----|252240] C:\ntldr
[29/02/2004 16:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[06/02/2010 20:26|--a------|4244] C:\UsbFix.txt
[07/11/2007 07:00|--a------|5686] C:\vcredist.bmp
[07/11/2007 07:09|--a------|1442522] C:\VC_RED.cab
[07/11/2007 07:12|--a------|232960] C:\VC_RED.MSI
[07/01/2005 18:28|-r-------|86016] D:\Cleanup.exe
[07/01/2005 18:28|-r-------|27] D:\autorun.inf
[07/01/2005 18:28|-r-------|1286144] D:\bcont.exe
[07/01/2005 18:28|-r-------|3262] D:\bcont.ico
[15/04/2005 15:00|-r-------|4140] D:\bcont.ini
[07/01/2005 18:28|-r-------|5] D:\setup.bat
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix .
############################## | UsbFix V6.091 |
User : Utilisateur (Administrateurs) # PC-SCATOLA
Update on 05/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 20:22:36 | 6/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : BullGuard Antivirus X.0 [ Enabled | Updated ]
FW : BullGuard Firewall[ Enabled ]X.0
C:\ -> Disque fixe local # 298,09 Go (234,84 Go free) [System] # NTFS
D:\ -> Disque CD-ROM # 524,54 Mo (0 Mo free) [BEI] # CDFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
################## | Elements infectieux |
Supprimé ! C:\log.txt
Supprimé ! C:\$Recycle.Bin\S-1-5-18
Supprimé ! C:\Recycler\S-1-5-21-1477743597-2600872371-2775121126-1004
Non supprimé ! D:\drivers
Non supprimé ! D:\autorun.inf
################## | Registre |
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\L\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{e102eee0-4219-11de-90e8-000e50a771a7}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[18/12/2008 13:19|--a------|0] C:\AUTOEXEC.BAT
[23/02/2009 13:44|-rahs----|216] C:\boot.ini
[02/03/2006 13:00|-rahs----|4952] C:\Bootfont.bin
[18/12/2008 13:19|--a------|0] C:\CONFIG.SYS
[07/11/2007 07:00|--a------|17734] C:\eula.1028.txt
[07/11/2007 07:00|--a------|17734] C:\eula.1031.txt
[07/11/2007 07:00|--a------|10134] C:\eula.1033.txt
[07/11/2007 07:00|--a------|17734] C:\eula.1036.txt
[07/11/2007 07:00|--a------|17734] C:\eula.1040.txt
[07/11/2007 07:00|--a------|118] C:\eula.1041.txt
[07/11/2007 07:00|--a------|17734] C:\eula.1042.txt
[07/11/2007 07:00|--a------|17734] C:\eula.2052.txt
[07/11/2007 07:00|--a------|17734] C:\eula.3082.txt
[30/12/2009 23:03|--a------|0] C:\fftoutput.txt
[07/11/2007 07:00|--a------|1110] C:\globdata.ini
[07/11/2007 07:03|--a------|562688] C:\install.exe
[07/11/2007 07:00|--a------|843] C:\install.ini
[07/11/2007 07:03|--a------|76304] C:\install.res.1028.dll
[07/11/2007 07:03|--a------|96272] C:\install.res.1031.dll
[07/11/2007 07:03|--a------|91152] C:\install.res.1033.dll
[07/11/2007 07:03|--a------|97296] C:\install.res.1036.dll
[07/11/2007 07:03|--a------|95248] C:\install.res.1040.dll
[07/11/2007 07:03|--a------|81424] C:\install.res.1041.dll
[07/11/2007 07:03|--a------|79888] C:\install.res.1042.dll
[07/11/2007 07:03|--a------|75792] C:\install.res.2052.dll
[07/11/2007 07:03|--a------|96272] C:\install.res.3082.dll
[18/12/2008 13:19|-rahs----|0] C:\IO.SYS
[17/09/2009 15:18|--a------|249404] C:\MDL 2.0 Debug.txt
[18/12/2008 13:19|-rahs----|0] C:\MSDOS.SYS
[02/03/2006 13:00|-rahs----|47564] C:\NTDETECT.COM
[18/12/2008 13:48|-rahs----|252240] C:\ntldr
[29/02/2004 16:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[06/02/2010 20:26|--a------|4244] C:\UsbFix.txt
[07/11/2007 07:00|--a------|5686] C:\vcredist.bmp
[07/11/2007 07:09|--a------|1442522] C:\VC_RED.cab
[07/11/2007 07:12|--a------|232960] C:\VC_RED.MSI
[07/01/2005 18:28|-r-------|86016] D:\Cleanup.exe
[07/01/2005 18:28|-r-------|27] D:\autorun.inf
[07/01/2005 18:28|-r-------|1286144] D:\bcont.exe
[07/01/2005 18:28|-r-------|3262] D:\bcont.ico
[15/04/2005 15:00|-r-------|4140] D:\bcont.ini
[07/01/2005 18:28|-r-------|5] D:\setup.bat
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix .
Ca va j'ai su le lancer , voici le rapport :
ComboFix 10-02-05.04 - Utilisateur 06/02/2010 21:16:01.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.2046.1579 [GMT 1:00]
Lancé depuis: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
.
[i] ADS - system32: deleted 3379200 bytes in 1 streams. /i
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\program files\WebExcellenceAdviceTool
c:\program files\WebExcellenceAdviceTool\uninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-06 au 2010-02-06 ))))))))))))))))))))))))))))))))))))
.
2010-02-06 19:32 . 2010-02-06 19:32 -------- d-----w- C:\UsbFix_Upload_Me
2010-02-06 19:26 . 2010-02-06 19:26 2396 ----a-w- C:\UsbFix_Upload_Me_PC-SCATOLA.zip
2010-02-06 19:19 . 2010-02-06 19:30 -------- d-----w- C:\UsbFix
2010-02-06 19:10 . 2010-02-06 19:10 -------- d-----w- C:\_OTM
2010-02-06 17:52 . 2010-02-06 19:24 -------- d-----w- C:\rsit
2010-02-06 17:52 . 2010-02-06 17:52 -------- d-----w- c:\program files\trend micro
2010-02-06 00:32 . 2010-02-06 18:07 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-02-06 00:16 . 2010-02-06 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-02-06 00:10 . 2010-02-06 00:10 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-06 00:03 . 2010-02-06 00:03 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Threat Expert
2010-02-05 23:38 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-05 23:38 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-05 23:38 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-05 23:37 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-05 23:37 . 2010-02-06 18:18 -------- d-----w- c:\program files\Spyware Doctor
2010-02-05 23:37 . 2010-02-05 23:40 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2010-02-05 23:37 . 2010-02-05 23:37 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\PC Tools
2010-02-05 23:37 . 2010-02-05 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-02-05 23:37 . 2010-02-06 18:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-05 20:08 . 2010-02-05 20:08 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\AliensVsPredator
2010-02-05 00:04 . 2010-02-05 00:04 184224 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-27 19:19 . 2010-01-27 19:19 -------- d-----w- c:\program files\Thomson
2010-01-22 01:33 . 2010-01-22 01:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-01-15 15:51 . 2010-02-06 18:10 -------- d-----w- c:\program files\Blaze Media Pro
2010-01-15 15:50 . 2010-01-15 15:50 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\PackageAware
2010-01-12 21:57 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 20:24 . 2009-02-23 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2010-02-06 20:23 . 2009-02-23 20:19 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\LimeWire
2010-02-06 19:59 . 2009-11-14 11:00 -------- d-----w- c:\program files\Steam
2010-02-06 19:24 . 2009-11-17 20:55 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\UseNeXT
2010-02-06 19:10 . 2009-08-17 15:11 -------- d-----w- c:\program files\MSN Track Monitor
2010-02-06 18:25 . 2009-02-23 13:39 -------- d-----w- c:\program files\ma-config.com
2010-02-06 18:25 . 2009-02-23 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2010-02-06 18:24 . 2009-02-27 12:15 -------- d-----w- c:\program files\HP
2010-02-06 18:17 . 2009-02-23 18:45 -------- d-----w- c:\program files\Belgacom
2010-02-06 17:36 . 2009-02-23 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-05 19:11 . 2009-02-23 15:30 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\BullGuard
2010-02-05 17:04 . 2009-02-23 15:30 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Xfire
2010-02-04 16:06 . 2009-08-02 11:37 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\vlc
2010-02-03 13:19 . 2009-02-23 21:48 -------- d-----w- c:\program files\Xfire
2010-02-03 12:39 . 2009-03-04 16:17 -------- d-----w- c:\program files\Turbine
2010-01-29 18:45 . 2006-03-02 12:00 85404 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-29 18:45 . 2006-03-02 12:00 513080 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-27 20:01 . 2009-02-23 20:18 -------- d-----w- c:\program files\LimeWire
2010-01-27 19:19 . 2009-02-23 14:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-27 19:18 . 2009-02-23 14:18 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-01-25 14:43 . 2009-07-24 13:32 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\dumbwavemath
2010-01-24 01:48 . 2009-12-30 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Screaming Bee
2010-01-24 01:48 . 2009-12-30 00:05 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Screaming Bee
2010-01-21 15:14 . 2009-09-17 14:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 11:07 . 2009-04-10 19:19 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2010-01-19 17:22 . 2009-12-30 00:04 -------- d-----w- c:\program files\Screaming Bee
2010-01-19 17:22 . 2009-12-16 15:22 -------- d-----w- c:\program files\Perfect World France
2010-01-19 17:21 . 2009-02-24 16:38 -------- d-----w- c:\program files\Mumble
2010-01-19 17:19 . 2009-11-29 22:17 -------- d-----w- c:\program files\MAGIX
2010-01-19 17:19 . 2009-11-29 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2010-01-19 17:16 . 2009-09-07 18:25 -------- d-----w- c:\program files\DofusBeta
2010-01-19 17:14 . 2009-03-04 16:20 -------- d-----w- c:\program files\Dofus
2010-01-19 17:06 . 2009-02-23 22:04 -------- d-----w- c:\program files\Activision
2010-01-17 14:19 . 2009-12-27 12:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\dumbwavemath
2010-01-14 16:09 . 2009-08-02 15:35 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\dvdcss
2010-01-13 02:05 . 2008-12-18 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-12 22:01 . 2009-11-16 21:46 -------- d-----w- c:\program files\PKR
2010-01-10 11:53 . 2009-07-25 14:43 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-09 00:07 . 2009-02-23 15:30 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\teamspeak2
2010-01-01 21:35 . 2009-11-29 22:17 -------- d-----w- c:\program files\Fichiers communs\MAGIX Services
2009-12-30 17:29 . 2009-02-23 16:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-30 00:33 . 2009-12-30 00:33 -------- d-----w- c:\program files\Fichiers communs\Screaming Bee
2009-12-21 19:07 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-20 22:42 . 2009-12-11 16:26 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\FileZilla
2009-12-20 15:13 . 2009-02-23 21:43 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-12-17 15:30 . 2009-02-23 22:13 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-17 14:00 . 2009-02-23 22:13 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-16 20:20 . 2009-07-24 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Cast ping base frag
2009-12-16 20:20 . 2009-12-16 20:20 -------- d-----w- c:\program files\dumbwavemath
2009-12-16 13:42 . 2009-12-20 13:48 872960 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 13:42 . 2009-12-20 13:48 43008 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 13:42 . 2009-12-20 13:48 340480 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 13:41 . 2009-12-20 13:48 346624 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-10 18:04 . 2009-09-05 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\TmForever
2009-12-02 12:45 . 2009-12-02 12:45 38208 ----a-w- c:\documents and settings\Utilisateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-02 12:45 . 2009-12-02 12:45 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-30 15:03 . 2009-02-23 18:25 87544 ----a-w- c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-28 22:04 . 2009-11-28 22:04 152576 ----a-w- c:\documents and settings\Utilisateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 22:04 . 2009-11-28 22:04 79488 ----a-w- c:\documents and settings\Utilisateur\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:58 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 05:00 . 2009-11-18 05:00 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-14 13:10 . 2009-02-23 15:30 2048 ----a-w- c:\documents and settings\Utilisateur\Application Data\invibes\gdiplusfont.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2009-09-08 304464]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"nwiz"="nwiz.exe" [2008-12-25 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-02 16269312]
"SkyTel"="SkyTel.EXE" [2006-11-02 2879488]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-09-08 304464]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Turbine Download Manager Tray Icon"="c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe" [2010-02-03 472568]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 11:49 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens vs predator demo\\AvP.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8767:UDP"= 8767:UDP:scato
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/02/2010 0:38 207792]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23/02/2009 15:17 21144]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [23/02/2009 17:47 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [2/03/2006 13:00 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [2/03/2006 13:00 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [2/03/2006 13:00 14336]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [17/09/2009 15:26 54752]
R2 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [4/03/2009 17:17 271856]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\Afw.sys [10/11/2008 14:51 31128]
R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\system32\drivers\AfwCore.sys [23/02/2009 17:47 257304]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [4/03/2009 17:17 218608]
S3 BGRaSvc;BGRaSvc;c:\program files\BullGuard Ltd\BullGuard\support\bgrasvc.exe [29/07/2008 8:40 79184]
S3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100B.sys [18/12/2008 13:32 18560]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 21:48 704864]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/08/2005 22:10 32512]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6/04/2009 13:19 23064]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/02/2010 0:37 359624]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [23/02/2009 16:28 215552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
2010-02-05 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 08:23]
2010-02-06 c:\windows\Tasks\User_Feed_Synchronization-{99CF1FB4-725E-41B9-820F-D7CDC73E5E11}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
2010-02-06 c:\windows\Tasks\User_Feed_Synchronization-{F50BEE20-2BE5-4071-AEA8-C32B71B9E609}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\bglsp.dll
FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{1B7EAEA6-1B5E-45B6-B4C3-BC5EA6182331} - (no file)
ActiveSetup-{24C76A61-EDCE-E8CA-D053-9B905C827AEF} - c:\windows\system32\winsystem32.exe
AddRemove-Save - c:\program files\Save\SaveUninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 21:23
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(1296)
c:\windows\system32\bglsp.dll
- - - - - - - > 'explorer.exe'(3132)
c:\program files\BullGuard Ltd\BullGuard\antispam\PluginHook.dll
c:\program files\BullGuard Ltd\BullGuard\res\fr\PluginHookRes.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-02-06 21:27:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-06 20:27
Avant-CF: 252.021.788.672 octets libres
Après-CF: 251.839.143.936 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
- - End Of File - - C92212879A7B6AAE56684DBF7A284CFE
ComboFix 10-02-05.04 - Utilisateur 06/02/2010 21:16:01.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.2046.1579 [GMT 1:00]
Lancé depuis: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
.
[i] ADS - system32: deleted 3379200 bytes in 1 streams. /i
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\program files\WebExcellenceAdviceTool
c:\program files\WebExcellenceAdviceTool\uninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-06 au 2010-02-06 ))))))))))))))))))))))))))))))))))))
.
2010-02-06 19:32 . 2010-02-06 19:32 -------- d-----w- C:\UsbFix_Upload_Me
2010-02-06 19:26 . 2010-02-06 19:26 2396 ----a-w- C:\UsbFix_Upload_Me_PC-SCATOLA.zip
2010-02-06 19:19 . 2010-02-06 19:30 -------- d-----w- C:\UsbFix
2010-02-06 19:10 . 2010-02-06 19:10 -------- d-----w- C:\_OTM
2010-02-06 17:52 . 2010-02-06 19:24 -------- d-----w- C:\rsit
2010-02-06 17:52 . 2010-02-06 17:52 -------- d-----w- c:\program files\trend micro
2010-02-06 00:32 . 2010-02-06 18:07 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-02-06 00:16 . 2010-02-06 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-02-06 00:10 . 2010-02-06 00:10 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-06 00:03 . 2010-02-06 00:03 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Threat Expert
2010-02-05 23:38 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-05 23:38 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-05 23:38 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-05 23:37 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-05 23:37 . 2010-02-06 18:18 -------- d-----w- c:\program files\Spyware Doctor
2010-02-05 23:37 . 2010-02-05 23:40 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2010-02-05 23:37 . 2010-02-05 23:37 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\PC Tools
2010-02-05 23:37 . 2010-02-05 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-02-05 23:37 . 2010-02-06 18:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-05 20:08 . 2010-02-05 20:08 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\AliensVsPredator
2010-02-05 00:04 . 2010-02-05 00:04 184224 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-27 19:19 . 2010-01-27 19:19 -------- d-----w- c:\program files\Thomson
2010-01-22 01:33 . 2010-01-22 01:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-01-15 15:51 . 2010-02-06 18:10 -------- d-----w- c:\program files\Blaze Media Pro
2010-01-15 15:50 . 2010-01-15 15:50 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\PackageAware
2010-01-12 21:57 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 20:24 . 2009-02-23 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2010-02-06 20:23 . 2009-02-23 20:19 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\LimeWire
2010-02-06 19:59 . 2009-11-14 11:00 -------- d-----w- c:\program files\Steam
2010-02-06 19:24 . 2009-11-17 20:55 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\UseNeXT
2010-02-06 19:10 . 2009-08-17 15:11 -------- d-----w- c:\program files\MSN Track Monitor
2010-02-06 18:25 . 2009-02-23 13:39 -------- d-----w- c:\program files\ma-config.com
2010-02-06 18:25 . 2009-02-23 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2010-02-06 18:24 . 2009-02-27 12:15 -------- d-----w- c:\program files\HP
2010-02-06 18:17 . 2009-02-23 18:45 -------- d-----w- c:\program files\Belgacom
2010-02-06 17:36 . 2009-02-23 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-05 19:11 . 2009-02-23 15:30 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\BullGuard
2010-02-05 17:04 . 2009-02-23 15:30 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Xfire
2010-02-04 16:06 . 2009-08-02 11:37 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\vlc
2010-02-03 13:19 . 2009-02-23 21:48 -------- d-----w- c:\program files\Xfire
2010-02-03 12:39 . 2009-03-04 16:17 -------- d-----w- c:\program files\Turbine
2010-01-29 18:45 . 2006-03-02 12:00 85404 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-29 18:45 . 2006-03-02 12:00 513080 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-27 20:01 . 2009-02-23 20:18 -------- d-----w- c:\program files\LimeWire
2010-01-27 19:19 . 2009-02-23 14:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-27 19:18 . 2009-02-23 14:18 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-01-25 14:43 . 2009-07-24 13:32 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\dumbwavemath
2010-01-24 01:48 . 2009-12-30 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Screaming Bee
2010-01-24 01:48 . 2009-12-30 00:05 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Screaming Bee
2010-01-21 15:14 . 2009-09-17 14:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 11:07 . 2009-04-10 19:19 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2010-01-19 17:22 . 2009-12-30 00:04 -------- d-----w- c:\program files\Screaming Bee
2010-01-19 17:22 . 2009-12-16 15:22 -------- d-----w- c:\program files\Perfect World France
2010-01-19 17:21 . 2009-02-24 16:38 -------- d-----w- c:\program files\Mumble
2010-01-19 17:19 . 2009-11-29 22:17 -------- d-----w- c:\program files\MAGIX
2010-01-19 17:19 . 2009-11-29 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2010-01-19 17:16 . 2009-09-07 18:25 -------- d-----w- c:\program files\DofusBeta
2010-01-19 17:14 . 2009-03-04 16:20 -------- d-----w- c:\program files\Dofus
2010-01-19 17:06 . 2009-02-23 22:04 -------- d-----w- c:\program files\Activision
2010-01-17 14:19 . 2009-12-27 12:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\dumbwavemath
2010-01-14 16:09 . 2009-08-02 15:35 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\dvdcss
2010-01-13 02:05 . 2008-12-18 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-12 22:01 . 2009-11-16 21:46 -------- d-----w- c:\program files\PKR
2010-01-10 11:53 . 2009-07-25 14:43 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-09 00:07 . 2009-02-23 15:30 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\teamspeak2
2010-01-01 21:35 . 2009-11-29 22:17 -------- d-----w- c:\program files\Fichiers communs\MAGIX Services
2009-12-30 17:29 . 2009-02-23 16:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-30 00:33 . 2009-12-30 00:33 -------- d-----w- c:\program files\Fichiers communs\Screaming Bee
2009-12-21 19:07 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-20 22:42 . 2009-12-11 16:26 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\FileZilla
2009-12-20 15:13 . 2009-02-23 21:43 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-12-17 15:30 . 2009-02-23 22:13 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-17 14:00 . 2009-02-23 22:13 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-16 20:20 . 2009-07-24 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Cast ping base frag
2009-12-16 20:20 . 2009-12-16 20:20 -------- d-----w- c:\program files\dumbwavemath
2009-12-16 13:42 . 2009-12-20 13:48 872960 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 13:42 . 2009-12-20 13:48 43008 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 13:42 . 2009-12-20 13:48 340480 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 13:41 . 2009-12-20 13:48 346624 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-10 18:04 . 2009-09-05 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\TmForever
2009-12-02 12:45 . 2009-12-02 12:45 38208 ----a-w- c:\documents and settings\Utilisateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-02 12:45 . 2009-12-02 12:45 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-30 15:03 . 2009-02-23 18:25 87544 ----a-w- c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-28 22:04 . 2009-11-28 22:04 152576 ----a-w- c:\documents and settings\Utilisateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 22:04 . 2009-11-28 22:04 79488 ----a-w- c:\documents and settings\Utilisateur\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:58 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 05:00 . 2009-11-18 05:00 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-14 13:10 . 2009-02-23 15:30 2048 ----a-w- c:\documents and settings\Utilisateur\Application Data\invibes\gdiplusfont.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2009-09-08 304464]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"nwiz"="nwiz.exe" [2008-12-25 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-02 16269312]
"SkyTel"="SkyTel.EXE" [2006-11-02 2879488]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-09-08 304464]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Turbine Download Manager Tray Icon"="c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe" [2010-02-03 472568]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 11:49 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens vs predator demo\\AvP.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8767:UDP"= 8767:UDP:scato
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/02/2010 0:38 207792]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23/02/2009 15:17 21144]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [23/02/2009 17:47 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [2/03/2006 13:00 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [2/03/2006 13:00 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [2/03/2006 13:00 14336]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [17/09/2009 15:26 54752]
R2 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [4/03/2009 17:17 271856]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\Afw.sys [10/11/2008 14:51 31128]
R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\system32\drivers\AfwCore.sys [23/02/2009 17:47 257304]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [4/03/2009 17:17 218608]
S3 BGRaSvc;BGRaSvc;c:\program files\BullGuard Ltd\BullGuard\support\bgrasvc.exe [29/07/2008 8:40 79184]
S3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100B.sys [18/12/2008 13:32 18560]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 21:48 704864]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/08/2005 22:10 32512]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6/04/2009 13:19 23064]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/02/2010 0:37 359624]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [23/02/2009 16:28 215552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
2010-02-05 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 08:23]
2010-02-06 c:\windows\Tasks\User_Feed_Synchronization-{99CF1FB4-725E-41B9-820F-D7CDC73E5E11}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
2010-02-06 c:\windows\Tasks\User_Feed_Synchronization-{F50BEE20-2BE5-4071-AEA8-C32B71B9E609}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\bglsp.dll
FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{1B7EAEA6-1B5E-45B6-B4C3-BC5EA6182331} - (no file)
ActiveSetup-{24C76A61-EDCE-E8CA-D053-9B905C827AEF} - c:\windows\system32\winsystem32.exe
AddRemove-Save - c:\program files\Save\SaveUninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 21:23
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(1296)
c:\windows\system32\bglsp.dll
- - - - - - - > 'explorer.exe'(3132)
c:\program files\BullGuard Ltd\BullGuard\antispam\PluginHook.dll
c:\program files\BullGuard Ltd\BullGuard\res\fr\PluginHookRes.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-02-06 21:27:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-06 20:27
Avant-CF: 252.021.788.672 octets libres
Après-CF: 251.839.143.936 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
- - End Of File - - C92212879A7B6AAE56684DBF7A284CFE
Ok
Fais exactement ce qui suit:
Supprimes cette version de Combo fix Combofix ainsi :
->Cliques sur " Démarrer "( ou combine la touche Windows + R ) -> " Executer " -> copie/colles cette ligne :
ComboFix /uninstall
-->Valides .
***************************
ENSUITE :
Re- télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
IMPORTANT:
==> Choisis Enregistrer (sur le bureau) et renommes le:
Non du fichier : Oxygen.exe
Type: tous les fichiers
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
a+
........
Fais exactement ce qui suit:
Supprimes cette version de Combo fix Combofix ainsi :
->Cliques sur " Démarrer "( ou combine la touche Windows + R ) -> " Executer " -> copie/colles cette ligne :
ComboFix /uninstall
-->Valides .
***************************
ENSUITE :
Re- télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
IMPORTANT:
==> Choisis Enregistrer (sur le bureau) et renommes le:
Non du fichier : Oxygen.exe
Type: tous les fichiers
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
a+
........
Bon voila j'ai fait comme vous m'avez dit et voici le nouveau rapport mais avant je tiens a vous prévenir d'un truc p-e important , quand je Double-clique sur Combofix.exe il n'y a pas de pop-up qui s'ouvre et je ne peux meme pas le mettre en francais car il y es déja et le scan se lance automatiquement ... Soite voici le rapport :
ComboFix 10-02-05.04 - Utilisateur 06/02/2010 21:37:50.2.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.2046.1411 [GMT 1:00]
Lancé depuis: c:\documents and settings\Utilisateur\Bureau\Oxygen.exe
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *enabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\UTILIS~1\LOCALS~1\Temp\jna8844547614138925680.tmp
c:\documents and settings\Utilisateur\Local Settings\temp\jna8844547614138925680.tmp
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-06 au 2010-02-06 ))))))))))))))))))))))))))))))))))))
.
2010-02-06 19:32 . 2010-02-06 19:32 -------- d-----w- C:\UsbFix_Upload_Me
2010-02-06 19:26 . 2010-02-06 19:26 2396 ----a-w- C:\UsbFix_Upload_Me_PC-SCATOLA.zip
2010-02-06 19:19 . 2010-02-06 19:30 -------- d-----w- C:\UsbFix
2010-02-06 19:10 . 2010-02-06 19:10 -------- d-----w- C:\_OTM
2010-02-06 17:52 . 2010-02-06 19:24 -------- d-----w- C:\rsit
2010-02-06 17:52 . 2010-02-06 17:52 -------- d-----w- c:\program files\trend micro
2010-02-06 00:32 . 2010-02-06 18:07 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-02-06 00:16 . 2010-02-06 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-02-06 00:10 . 2010-02-06 00:10 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-06 00:03 . 2010-02-06 00:03 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Threat Expert
2010-02-05 23:38 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-05 23:38 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-05 23:38 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-05 23:37 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-05 23:37 . 2010-02-06 18:18 -------- d-----w- c:\program files\Spyware Doctor
2010-02-05 23:37 . 2010-02-05 23:40 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2010-02-05 23:37 . 2010-02-05 23:37 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\PC Tools
2010-02-05 23:37 . 2010-02-05 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-02-05 23:37 . 2010-02-06 18:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-05 20:08 . 2010-02-05 20:08 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\AliensVsPredator
2010-02-05 00:04 . 2010-02-05 00:04 184224 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-27 19:19 . 2010-01-27 19:19 -------- d-----w- c:\program files\Thomson
2010-01-22 01:33 . 2010-01-22 01:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-01-15 15:51 . 2010-02-06 18:10 -------- d-----w- c:\program files\Blaze Media Pro
2010-01-15 15:50 . 2010-01-15 15:50 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\PackageAware
2010-01-12 21:57 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 20:45 . 2009-02-23 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2010-02-06 20:44 . 2009-02-23 20:19 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\LimeWire
2010-02-06 19:59 . 2009-11-14 11:00 -------- d-----w- c:\program files\Steam
2010-02-06 19:24 . 2009-11-17 20:55 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\UseNeXT
2010-02-06 19:10 . 2009-08-17 15:11 -------- d-----w- c:\program files\MSN Track Monitor
2010-02-06 18:25 . 2009-02-23 13:39 -------- d-----w- c:\program files\ma-config.com
2010-02-06 18:25 . 2009-02-23 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2010-02-06 18:24 . 2009-02-27 12:15 -------- d-----w- c:\program files\HP
2010-02-06 18:17 . 2009-02-23 18:45 -------- d-----w- c:\program files\Belgacom
2010-02-06 17:36 . 2009-02-23 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-05 19:11 . 2009-02-23 15:30 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\BullGuard
2010-02-05 17:04 . 2009-02-23 15:30 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Xfire
2010-02-04 16:06 . 2009-08-02 11:37 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\vlc
2010-02-03 13:19 . 2009-02-23 21:48 -------- d-----w- c:\program files\Xfire
2010-02-03 12:39 . 2009-03-04 16:17 -------- d-----w- c:\program files\Turbine
2010-01-29 18:45 . 2006-03-02 12:00 85404 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-29 18:45 . 2006-03-02 12:00 513080 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-27 20:01 . 2009-02-23 20:18 -------- d-----w- c:\program files\LimeWire
2010-01-27 19:19 . 2009-02-23 14:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-27 19:18 . 2009-02-23 14:18 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-01-25 14:43 . 2009-07-24 13:32 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\dumbwavemath
2010-01-24 01:48 . 2009-12-30 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Screaming Bee
2010-01-24 01:48 . 2009-12-30 00:05 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Screaming Bee
2010-01-21 15:14 . 2009-09-17 14:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 11:07 . 2009-04-10 19:19 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2010-01-19 17:22 . 2009-12-30 00:04 -------- d-----w- c:\program files\Screaming Bee
2010-01-19 17:22 . 2009-12-16 15:22 -------- d-----w- c:\program files\Perfect World France
2010-01-19 17:21 . 2009-02-24 16:38 -------- d-----w- c:\program files\Mumble
2010-01-19 17:19 . 2009-11-29 22:17 -------- d-----w- c:\program files\MAGIX
2010-01-19 17:19 . 2009-11-29 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2010-01-19 17:16 . 2009-09-07 18:25 -------- d-----w- c:\program files\DofusBeta
2010-01-19 17:14 . 2009-03-04 16:20 -------- d-----w- c:\program files\Dofus
2010-01-19 17:06 . 2009-02-23 22:04 -------- d-----w- c:\program files\Activision
2010-01-17 14:19 . 2009-12-27 12:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\dumbwavemath
2010-01-14 16:09 . 2009-08-02 15:35 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\dvdcss
2010-01-13 02:05 . 2008-12-18 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-12 22:01 . 2009-11-16 21:46 -------- d-----w- c:\program files\PKR
2010-01-10 11:53 . 2009-07-25 14:43 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-09 00:07 . 2009-02-23 15:30 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\teamspeak2
2010-01-01 21:35 . 2009-11-29 22:17 -------- d-----w- c:\program files\Fichiers communs\MAGIX Services
2009-12-30 17:29 . 2009-02-23 16:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-30 00:33 . 2009-12-30 00:33 -------- d-----w- c:\program files\Fichiers communs\Screaming Bee
2009-12-21 19:07 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-20 22:42 . 2009-12-11 16:26 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\FileZilla
2009-12-20 15:13 . 2009-02-23 21:43 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-12-17 15:30 . 2009-02-23 22:13 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-17 14:00 . 2009-02-23 22:13 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-16 20:20 . 2009-07-24 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Cast ping base frag
2009-12-16 20:20 . 2009-12-16 20:20 -------- d-----w- c:\program files\dumbwavemath
2009-12-16 13:42 . 2009-12-20 13:48 872960 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 13:42 . 2009-12-20 13:48 43008 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 13:42 . 2009-12-20 13:48 340480 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 13:41 . 2009-12-20 13:48 346624 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-10 18:04 . 2009-09-05 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\TmForever
2009-12-02 12:45 . 2009-12-02 12:45 38208 ----a-w- c:\documents and settings\Utilisateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-02 12:45 . 2009-12-02 12:45 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-30 15:03 . 2009-02-23 18:25 87544 ----a-w- c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-28 22:04 . 2009-11-28 22:04 152576 ----a-w- c:\documents and settings\Utilisateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 22:04 . 2009-11-28 22:04 79488 ----a-w- c:\documents and settings\Utilisateur\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:58 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 05:00 . 2009-11-18 05:00 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-14 13:10 . 2009-02-23 15:30 2048 ----a-w- c:\documents and settings\Utilisateur\Application Data\invibes\gdiplusfont.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2009-09-08 304464]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"nwiz"="nwiz.exe" [2008-12-25 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-02 16269312]
"SkyTel"="SkyTel.EXE" [2006-11-02 2879488]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-09-08 304464]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Turbine Download Manager Tray Icon"="c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe" [2010-02-03 472568]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 11:49 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens vs predator demo\\AvP.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8767:UDP"= 8767:UDP:scato
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/02/2010 0:38 207792]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23/02/2009 15:17 21144]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [23/02/2009 17:47 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [2/03/2006 13:00 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [2/03/2006 13:00 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [2/03/2006 13:00 14336]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [17/09/2009 15:26 54752]
R2 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [4/03/2009 17:17 271856]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\Afw.sys [10/11/2008 14:51 31128]
R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\system32\drivers\AfwCore.sys [23/02/2009 17:47 257304]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [4/03/2009 17:17 218608]
S3 BGRaSvc;BGRaSvc;c:\program files\BullGuard Ltd\BullGuard\support\bgrasvc.exe [29/07/2008 8:40 79184]
S3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100B.sys [18/12/2008 13:32 18560]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 21:48 704864]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/08/2005 22:10 32512]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6/04/2009 13:19 23064]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/02/2010 0:37 359624]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [23/02/2009 16:28 215552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
2010-02-05 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 08:23]
2010-02-06 c:\windows\Tasks\User_Feed_Synchronization-{99CF1FB4-725E-41B9-820F-D7CDC73E5E11}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
2010-02-06 c:\windows\Tasks\User_Feed_Synchronization-{F50BEE20-2BE5-4071-AEA8-C32B71B9E609}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\bglsp.dll
FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 21:45
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(1304)
c:\windows\system32\bglsp.dll
- - - - - - - > 'explorer.exe'(3152)
c:\program files\BullGuard Ltd\BullGuard\antispam\PluginHook.dll
c:\program files\BullGuard Ltd\BullGuard\res\fr\PluginHookRes.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-02-06 21:49:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-06 20:49
ComboFix2.txt 2010-02-06 20:27
Avant-CF: 251.910.402.048 octets libres
Après-CF: 251.839.115.264 octets libres
- - End Of File - - 8B624C7BEABD663876CFBEB7580A9E5F
ComboFix 10-02-05.04 - Utilisateur 06/02/2010 21:37:50.2.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.2046.1411 [GMT 1:00]
Lancé depuis: c:\documents and settings\Utilisateur\Bureau\Oxygen.exe
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *enabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\UTILIS~1\LOCALS~1\Temp\jna8844547614138925680.tmp
c:\documents and settings\Utilisateur\Local Settings\temp\jna8844547614138925680.tmp
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-06 au 2010-02-06 ))))))))))))))))))))))))))))))))))))
.
2010-02-06 19:32 . 2010-02-06 19:32 -------- d-----w- C:\UsbFix_Upload_Me
2010-02-06 19:26 . 2010-02-06 19:26 2396 ----a-w- C:\UsbFix_Upload_Me_PC-SCATOLA.zip
2010-02-06 19:19 . 2010-02-06 19:30 -------- d-----w- C:\UsbFix
2010-02-06 19:10 . 2010-02-06 19:10 -------- d-----w- C:\_OTM
2010-02-06 17:52 . 2010-02-06 19:24 -------- d-----w- C:\rsit
2010-02-06 17:52 . 2010-02-06 17:52 -------- d-----w- c:\program files\trend micro
2010-02-06 00:32 . 2010-02-06 18:07 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-02-06 00:16 . 2010-02-06 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-02-06 00:10 . 2010-02-06 00:10 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-06 00:03 . 2010-02-06 00:03 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Threat Expert
2010-02-05 23:38 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-05 23:38 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-05 23:38 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-05 23:37 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-05 23:37 . 2010-02-06 18:18 -------- d-----w- c:\program files\Spyware Doctor
2010-02-05 23:37 . 2010-02-05 23:40 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2010-02-05 23:37 . 2010-02-05 23:37 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\PC Tools
2010-02-05 23:37 . 2010-02-05 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-02-05 23:37 . 2010-02-06 18:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-05 20:08 . 2010-02-05 20:08 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\AliensVsPredator
2010-02-05 00:04 . 2010-02-05 00:04 184224 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-27 19:19 . 2010-01-27 19:19 -------- d-----w- c:\program files\Thomson
2010-01-22 01:33 . 2010-01-22 01:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-01-15 15:51 . 2010-02-06 18:10 -------- d-----w- c:\program files\Blaze Media Pro
2010-01-15 15:50 . 2010-01-15 15:50 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\PackageAware
2010-01-12 21:57 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 20:45 . 2009-02-23 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2010-02-06 20:44 . 2009-02-23 20:19 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\LimeWire
2010-02-06 19:59 . 2009-11-14 11:00 -------- d-----w- c:\program files\Steam
2010-02-06 19:24 . 2009-11-17 20:55 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\UseNeXT
2010-02-06 19:10 . 2009-08-17 15:11 -------- d-----w- c:\program files\MSN Track Monitor
2010-02-06 18:25 . 2009-02-23 13:39 -------- d-----w- c:\program files\ma-config.com
2010-02-06 18:25 . 2009-02-23 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2010-02-06 18:24 . 2009-02-27 12:15 -------- d-----w- c:\program files\HP
2010-02-06 18:17 . 2009-02-23 18:45 -------- d-----w- c:\program files\Belgacom
2010-02-06 17:36 . 2009-02-23 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-05 19:11 . 2009-02-23 15:30 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\BullGuard
2010-02-05 17:04 . 2009-02-23 15:30 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Xfire
2010-02-04 16:06 . 2009-08-02 11:37 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\vlc
2010-02-03 13:19 . 2009-02-23 21:48 -------- d-----w- c:\program files\Xfire
2010-02-03 12:39 . 2009-03-04 16:17 -------- d-----w- c:\program files\Turbine
2010-01-29 18:45 . 2006-03-02 12:00 85404 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-29 18:45 . 2006-03-02 12:00 513080 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-27 20:01 . 2009-02-23 20:18 -------- d-----w- c:\program files\LimeWire
2010-01-27 19:19 . 2009-02-23 14:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-27 19:18 . 2009-02-23 14:18 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-01-25 14:43 . 2009-07-24 13:32 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\dumbwavemath
2010-01-24 01:48 . 2009-12-30 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Screaming Bee
2010-01-24 01:48 . 2009-12-30 00:05 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Screaming Bee
2010-01-21 15:14 . 2009-09-17 14:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 11:07 . 2009-04-10 19:19 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2010-01-19 17:22 . 2009-12-30 00:04 -------- d-----w- c:\program files\Screaming Bee
2010-01-19 17:22 . 2009-12-16 15:22 -------- d-----w- c:\program files\Perfect World France
2010-01-19 17:21 . 2009-02-24 16:38 -------- d-----w- c:\program files\Mumble
2010-01-19 17:19 . 2009-11-29 22:17 -------- d-----w- c:\program files\MAGIX
2010-01-19 17:19 . 2009-11-29 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2010-01-19 17:16 . 2009-09-07 18:25 -------- d-----w- c:\program files\DofusBeta
2010-01-19 17:14 . 2009-03-04 16:20 -------- d-----w- c:\program files\Dofus
2010-01-19 17:06 . 2009-02-23 22:04 -------- d-----w- c:\program files\Activision
2010-01-17 14:19 . 2009-12-27 12:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\dumbwavemath
2010-01-14 16:09 . 2009-08-02 15:35 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\dvdcss
2010-01-13 02:05 . 2008-12-18 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-12 22:01 . 2009-11-16 21:46 -------- d-----w- c:\program files\PKR
2010-01-10 11:53 . 2009-07-25 14:43 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-09 00:07 . 2009-02-23 15:30 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\teamspeak2
2010-01-01 21:35 . 2009-11-29 22:17 -------- d-----w- c:\program files\Fichiers communs\MAGIX Services
2009-12-30 17:29 . 2009-02-23 16:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-30 00:33 . 2009-12-30 00:33 -------- d-----w- c:\program files\Fichiers communs\Screaming Bee
2009-12-21 19:07 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-20 22:42 . 2009-12-11 16:26 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\FileZilla
2009-12-20 15:13 . 2009-02-23 21:43 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-12-17 15:30 . 2009-02-23 22:13 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-17 14:00 . 2009-02-23 22:13 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-16 20:20 . 2009-07-24 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Cast ping base frag
2009-12-16 20:20 . 2009-12-16 20:20 -------- d-----w- c:\program files\dumbwavemath
2009-12-16 13:42 . 2009-12-20 13:48 872960 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 13:42 . 2009-12-20 13:48 43008 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 13:42 . 2009-12-20 13:48 340480 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 13:41 . 2009-12-20 13:48 346624 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-10 18:04 . 2009-09-05 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\TmForever
2009-12-02 12:45 . 2009-12-02 12:45 38208 ----a-w- c:\documents and settings\Utilisateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-02 12:45 . 2009-12-02 12:45 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-30 15:03 . 2009-02-23 18:25 87544 ----a-w- c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-28 22:04 . 2009-11-28 22:04 152576 ----a-w- c:\documents and settings\Utilisateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 22:04 . 2009-11-28 22:04 79488 ----a-w- c:\documents and settings\Utilisateur\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:58 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 05:00 . 2009-11-18 05:00 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-14 13:10 . 2009-02-23 15:30 2048 ----a-w- c:\documents and settings\Utilisateur\Application Data\invibes\gdiplusfont.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2009-09-08 304464]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"nwiz"="nwiz.exe" [2008-12-25 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-02 16269312]
"SkyTel"="SkyTel.EXE" [2006-11-02 2879488]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-09-08 304464]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Turbine Download Manager Tray Icon"="c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe" [2010-02-03 472568]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 11:49 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens vs predator demo\\AvP.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8767:UDP"= 8767:UDP:scato
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/02/2010 0:38 207792]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23/02/2009 15:17 21144]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [23/02/2009 17:47 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [2/03/2006 13:00 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [2/03/2006 13:00 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [2/03/2006 13:00 14336]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [17/09/2009 15:26 54752]
R2 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [4/03/2009 17:17 271856]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\Afw.sys [10/11/2008 14:51 31128]
R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\system32\drivers\AfwCore.sys [23/02/2009 17:47 257304]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [4/03/2009 17:17 218608]
S3 BGRaSvc;BGRaSvc;c:\program files\BullGuard Ltd\BullGuard\support\bgrasvc.exe [29/07/2008 8:40 79184]
S3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100B.sys [18/12/2008 13:32 18560]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 21:48 704864]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/08/2005 22:10 32512]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6/04/2009 13:19 23064]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/02/2010 0:37 359624]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [23/02/2009 16:28 215552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
2010-02-05 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 08:23]
2010-02-06 c:\windows\Tasks\User_Feed_Synchronization-{99CF1FB4-725E-41B9-820F-D7CDC73E5E11}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
2010-02-06 c:\windows\Tasks\User_Feed_Synchronization-{F50BEE20-2BE5-4071-AEA8-C32B71B9E609}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\bglsp.dll
FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\ktwxie8k.default\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 21:45
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(1304)
c:\windows\system32\bglsp.dll
- - - - - - - > 'explorer.exe'(3152)
c:\program files\BullGuard Ltd\BullGuard\antispam\PluginHook.dll
c:\program files\BullGuard Ltd\BullGuard\res\fr\PluginHookRes.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-02-06 21:49:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-06 20:49
ComboFix2.txt 2010-02-06 20:27
Avant-CF: 251.910.402.048 octets libres
Après-CF: 251.839.115.264 octets libres
- - End Of File - - 8B624C7BEABD663876CFBEB7580A9E5F
Laisses tomber le post 15.....
Le rapport Combo ayant été obtenu !!!!
==> Reprends OTM avec ce script:
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :
:files
c:\program files\save\saveuninst.exe
:commands
[purity]
[emptytemp]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre:
Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
==> Copies/colles le rapport qui s'ouvrira stp...
a+
Le rapport Combo ayant été obtenu !!!!
==> Reprends OTM avec ce script:
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :
:files
c:\program files\save\saveuninst.exe
:commands
[purity]
[emptytemp]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre:
Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
==> Copies/colles le rapport qui s'ouvrira stp...
a+
Voila :
All processes killed
========== FILES ==========
File/Folder c:\program files\save\saveuninst.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
User: Utilisateur
->Temp folder emptied: 335742 bytes
->Temporary Internet Files folder emptied: 2860921 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14602230 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 17,00 mb
OTM by OldTimer - Version 3.1.8.0 log created on 02062010_215650
Files moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== FILES ==========
File/Folder c:\program files\save\saveuninst.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
User: Utilisateur
->Temp folder emptied: 335742 bytes
->Temporary Internet Files folder emptied: 2860921 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14602230 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 17,00 mb
OTM by OldTimer - Version 3.1.8.0 log created on 02062010_215650
Files moved on Reboot...
Registry entries deleted on Reboot...
Relances OTM avec ce ce sript stp
:files
c:\documents and settings\All Users\Application Data\Cast ping base frag
:commands
[purity]
[emptytemp]
Colles le rapport .....
a+
:files
c:\documents and settings\All Users\Application Data\Cast ping base frag
:commands
[purity]
[emptytemp]
Colles le rapport .....
a+
Bon écoutes je suis pas très doué en informatique dans ce genre chose a effectuer mais la je recomence a chaque fois la meme chose , sa me seche , je sais que tu fais de ton mieux mais quand je vais dans le dossier OTM le rapport n'y est pas , j'ai juste un rapport écrit dans Bloc Note qui s'affiche automatiquement après l'analyse ... Merci de m'avoir aidez !
Bonne soirer ... je pense que je vais devoir porter mon pc pour le defragmenter ...
Bonne soirer ... je pense que je vais devoir porter mon pc pour le defragmenter ...
