Virus worm win 32.NetskyRésolu/Fermé

Question

Bonjour,
Voilà , depuis hier dés que j'allume mon ordinateur un message en anglais dit que mon pc est infecté par un virus j'ai pas tous compris mais apparemment c'est plutôt grave , 

bref  j'ai pourtant supprimé les virus avec windows defender mais ils reviennent tous le temps .

Il y' a en plus dans la barre des taches un rond rouge avec une croix et  un message me disant qu'il y' a un spyware

enfin c'est en anglais et je n'ai pas bien compris de  quoi ça parlait  .


Donc je sollicité votre aide  car je n'y connais rien en informatique .

Merci pour votre aide .

Utilisateur anonyme · Answer

Bonsoir

           Pour de plus amples informations;fait ceci stp;merci

a)	Télécharge et installe le logiciel HijackThis   : 

  https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe 
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html 

-->Clique sur le setup pour lancer l'installation : laisse toi guider et ne modifie pas les paramètres d'installation . 
A la fin de l’installation, le programme se lance automatiquement : ferme le en cliquant sur la croix rouge. 
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme : 
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " . 

 (Ne lance pas ce prg pour l'instant et fais la suite ... )   

b)	  Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.   

-> http://images.malwareremoval.com/random/RSIT.exe 

! Déconnecte toi et ferme toutes tes applications en cours ! 

Double-clique sur  " RSIT.exe "   pour le lancer.
 
 Clic droit sous VISTA (exécuter en tant que…)
 
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " . 

* Devant l'option "List files/folders created ..." , tu choisis : 2 months 

* clique ensuite sur " Continue "   pour lancer l'analyse ... 


-> laisse faire le scan et ne touche pas au PC ... 


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-notes). 

Poste le contenu de  " log.txt "   (c'est celui qui apparaît à l'écran), ainsi que de  " info.txt "   (que tu verras dans la barre des tâches), pour analyse et attends la suite ... 

Important : poste un rapport, puis l'autre dans la réponse suivante ... 
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ... 
( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... ) 

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit   

@+

ajnabie · Answer

Meric pour ta reponse très rapide ;)

Voilà le bloc note qui s'est ouvert lorsque j'ai fais l'analyse du random , mais il n' y a qu'un bloc note qui s'est ouvert 

Logfile of random's system information tool 1.06 (written by random/random)
Run by hp at 2010-02-17 19:38:52
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 20 GB (14%) free of 144 GB
Total RAM: 2037 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:08, on 17/02/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\Windows\System32\smss32.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\hp\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\hp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/nl-be?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/nl-be?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\system32\winlogon32.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [smss32.exe] C:\Windows\system32\smss32.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [smss32.exe] C:\Windows\system32\smss32.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: netuza32.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O15 - Trusted Zone: http://*.buy-security-essentials.com
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)
O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

ajnabie · Answer

End of file - 8713 bytes

======Scheduled tasks folder======

C:\Windows	asks\GlaryInitialize.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll [2010-01-26 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2009-06-29 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-11-29 95536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-06-30 159744]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-27 202032]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-11-29 69632]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-11-29 782336]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OBealsched.exe [2010-01-26 198160]
"smss32.exe"=C:\Windows\system32\smss32.exe [2010-02-17 39936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"smss32.exe"=C:\Windows\system32\smss32.exe [2010-02-17 39936]

C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
netuza32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-08-20 200704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30371fce-cb96-11de-a0d1-001b387f9a75}]
shell\AutoRun\command - G:\EmDesk.exe
shell\EmDesk\command - G:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bf8646b-c887-11de-a610-001b387f9a75}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2010-02-17 19:31:54 ----DC---- C:sit
2010-02-17 19:29:41 ----D---- C:\Program Files\Trend Micro
2010-02-17 16:34:55 ----D---- C:\Users\hp\AppData\Roaming\Malwarebytes
2010-02-17 16:34:42 ----D---- C:\ProgramData\Malwarebytes
2010-02-17 16:34:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-17 15:29:15 ----D---- C:\Program Files\Spyware Doctor
2010-02-17 15:29:15 ----D---- C:\Program Files\Common Files\PC Tools
2010-02-17 15:28:14 ----AD---- C:\ProgramData\TEMP
2010-02-17 14:10:47 ----D---- C:\ProgramData\Office Genuine Advantage
2010-02-17 04:54:46 ----A---- C:\Windows\system32\24464.exe
2010-02-17 04:34:25 ----A---- C:\Windows\system32\26962.exe
2010-02-17 04:14:04 ----A---- C:\Windows\system32\29358.exe
2010-02-17 03:53:43 ----A---- C:\Windows\system32\11478.exe
2010-02-17 03:33:22 ----A---- C:\Windows\system32\15724.exe
2010-02-17 03:13:01 ----A---- C:\Windows\system32\19169.exe
2010-02-17 02:52:40 ----A---- C:\Windows\system32\26500.exe
2010-02-17 02:32:19 ----A---- C:\Windows\system32\6334.exe
2010-02-17 02:11:58 ----A---- C:\Windows\system32\18467.exe
2010-02-17 01:42:24 ----A---- C:\Windows\system32\41.exe
2010-02-17 01:42:03 ----A---- C:\Windows\system32\ES15.exe
2010-02-17 01:41:41 ----A---- C:\Windows\system32\helpers32.dll
2010-02-17 01:40:53 ----A---- C:\Windows\system32\winlogon32.exe
2010-02-17 01:40:53 ----A---- C:\Windows\system32\smss32.exe
2010-02-11 22:11:55 ----DC---- C:\0222e4aae9b09cf74cf461
2010-02-10 20:46:35 ----A---- C:\Windows\system32
tkrnlpa.exe
2010-02-10 20:46:34 ----A---- C:\Windows\system32
toskrnl.exe
2010-02-10 20:46:20 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 20:46:19 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 20:46:19 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 20:46:18 ----A---- C:\Windows\system32	sbyuv.dll
2010-02-10 20:46:18 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 20:46:18 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 20:46:18 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 20:46:18 ----A---- C:\Windows\system32\avicap32.dll
2010-02-10 20:46:17 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 20:46:17 ----A---- C:\Windows\system32\avifil32.dll
2010-02-08 22:01:14 ----DC---- C:\Windows\system32\DRVSTORE
2010-02-08 21:55:28 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-02-08 21:51:36 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-01-26 21:14:26 ----A---- C:\Windows\system32\TubeFinder.exe
2010-01-26 21:14:19 ----A---- C:\Windows\system32\PCCLPFR.DLL
2010-01-26 21:14:18 ----D---- C:\Users\hp\AppData\Roaming\FreeFLVConverter
2010-01-26 21:14:18 ----D---- C:\Program Files\Free FLV Converter
2010-01-26 21:00:32 ----D---- C:\Users\hp\AppData\Roaming\NCH Software
2010-01-26 20:37:25 ----A---- C:\Windows\system32moc3260.dll
2010-01-26 20:36:36 ----D---- C:\Program Files\Common Files\xing shared
2010-01-26 20:35:31 ----D---- C:\ProgramData\Real
2010-01-25 16:21:33 ----D---- C:\Program Files\Free Download Manager
2010-01-21 22:15:11 ----D---- C:\Program Files\MegaSms
2010-01-21 16:03:55 ----D---- C:\Users\hp\AppData\Roaming\Real
2010-01-20 23:36:44 ----D---- C:\Users\hp\AppData\Roaming\VistaCodecs
2010-01-20 23:36:21 ----D---- C:\Program Files\VistaCodecPack
2010-01-20 23:34:18 ----D---- C:\ProgramData\VistaCodecs
2010-01-18 22:44:05 ----D---- C:\Program Files\Easy Video Joiner
2010-01-18 20:52:39 ----D---- C:\ProgramData\NCH Swift Sound
2010-01-18 20:52:37 ----D---- C:\ProgramData\NCH Software
2010-01-18 20:52:32 ----D---- C:\Program Files\NCH Software
2010-01-18 20:52:15 ----D---- C:\Users\hp\AppData\Roaming\NCH Swift Sound
2010-01-18 20:51:27 ----D---- C:\Program Files\NCH Swift Sound
2010-01-17 22:02:37 ----D---- C:\ProgramData\Canneverbe Limited
2010-01-16 17:31:34 ----D---- C:\ProgramData\WindowsSearch
2010-01-14 21:34:11 ----A---- C:\Windows\bdagent.INI
2010-01-12 22:22:24 ----A---- C:\Windows\system32	2embed.dll
2010-01-12 22:22:24 ----A---- C:\Windows\system32\fontsub.dll
2010-01-04 03:03:02 ----A---- C:\Windows\system32\msshooks.dll
2010-01-04 03:03:02 ----A---- C:\Windows\system32\msscb.dll
2010-01-04 03:02:57 ----A---- C:\Windows\system32\SearchFilterHost.exe
2010-01-04 03:02:57 ----A---- C:\Windows\system32\propsys.dll
2010-01-04 03:02:57 ----A---- C:\Windows\system32\propdefs.dll
2010-01-04 03:02:57 ----A---- C:\Windows\system32\msstrc.dll
2010-01-04 03:02:57 ----A---- C:\Windows\system32\mssprxy.dll
2010-01-04 03:02:57 ----A---- C:\Windows\system32\mssitlb.dll
2010-01-04 03:02:57 ----A---- C:\Windows\system32\msshsq.dll
2010-01-04 03:02:56 ----A---- C:\Windows\system32	hawbrkr.dll
2010-01-04 03:02:56 ----A---- C:\Windows\system32\srchadmin.dll
2010-01-04 03:02:56 ----A---- C:\Windows\system32\korwbrkr.dll
2010-01-04 03:02:54 ----A---- C:\Windows\system32\xmlfilter.dll
2010-01-04 03:02:54 ----A---- C:\Windows\system32\wsepno.dll
2010-01-04 03:02:54 ----A---- C:\Windows\system32tffilt.dll
2010-01-04 03:02:54 ----A---- C:\Windows\system32\offfilt.dll
2010-01-04 03:02:54 ----A---- C:\Windows\system32
lhtml.dll
2010-01-04 03:02:54 ----A---- C:\Windows\system32\msscntrs.dll
2010-01-04 03:02:54 ----A---- C:\Windows\system32\mimefilt.dll
2010-01-04 03:02:53 ----A---- C:\Windows\system32\chtbrkr.dll
2010-01-04 03:02:53 ----A---- C:\Windows\system32\chsbrkr.dll
2010-01-04 03:02:52 ----A---- C:\Windows\system32	query.dll
2010-01-04 03:02:52 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2010-01-04 03:02:52 ----A---- C:\Windows\system32\SearchIndexer.exe
2010-01-04 03:02:51 ----A---- C:\Windows\system32\mssvp.dll
2010-01-04 03:02:51 ----A---- C:\Windows\system32\mssrch.dll
2010-01-04 03:02:51 ----A---- C:\Windows\system32\mssphtb.dll
2010-01-04 03:02:51 ----A---- C:\Windows\system32\mssph.dll
2010-01-03 13:25:06 ----A---- C:\Windows\system32\pacerprf.dll
2010-01-03 13:25:02 ----A---- C:\Windows\system32\wersvc.dll
2010-01-03 13:25:02 ----A---- C:\Windows\system32\Faultrep.dll
2010-01-03 13:24:59 ----A---- C:\Windows\system32\emdmgmt.dll
2010-01-03 13:24:59 ----A---- C:\Windows\system32\dataclen.dll
2010-01-03 13:24:59 ----A---- C:\Windows\system32\cdd.dll
2010-01-03 13:24:54 ----A---- C:\Windows\system32\wshext.dll
2010-01-03 13:24:54 ----A---- C:\Windows\system32\wscript.exe
2010-01-03 13:24:54 ----A---- C:\Windows\system32\scrrun.dll
2010-01-03 13:24:54 ----A---- C:\Windows\system32\scrobj.dll
2010-01-03 13:24:54 ----A---- C:\Windows\system32\cscript.exe
2010-01-03 01:14:08 ----DC---- C:\Downloads
2010-01-03 01:13:31 ----D---- C:\Program Files\BitComet
2010-01-03 00:53:25 ----D---- C:\ProgramData\Estsoft
2010-01-02 23:40:58 ----D---- C:\Program Files\eMule
2010-01-02 03:00:53 ----D---- C:\Windows\CheckSur
2010-01-01 22:05:34 ----D---- C:\Windows\Sun
2010-01-01 20:45:44 ----D---- C:\Program Files\Joboshare
2010-01-01 20:11:02 ----D---- C:\ProgramData\DVD Shrink
2010-01-01 20:11:00 ----D---- C:\Program Files\DVD Shrink
2010-01-01 17:16:46 ----D---- C:\Users\hp\AppData\Roaming\gtk-2.0
2010-01-01 16:54:49 ----D---- C:\Program Files\GTK2-Runtime
2009-12-31 01:15:03 ----D---- C:\Program Files\DVDVideoSoft
2009-12-31 01:15:03 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-12-31 00:01:20 ----A---- C:\Windows\system32\coodest.dll
2009-12-29 16:07:49 ----D---- C:\Program Files\QuickTime
2009-12-29 16:07:48 ----D---- C:\ProgramData\Apple Computer
2009-12-28 22:28:55 ----D---- C:\Users\hp\AppData\Roaming\vlc
2009-12-28 22:21:28 ----D---- C:\Users\hp\AppData\Roaming\RayV
2009-12-24 01:22:48 ----D---- C:\Program Files\Common Files\Apple
2009-12-24 01:22:18 ----D---- C:\ProgramData\Apple
2009-12-24 01:22:18 ----D---- C:\Program Files\Apple Software Update
2009-12-24 00:24:23 ----A---- C:\Windows\system32\msvcr71.dll
2009-12-24 00:24:19 ----D---- C:\Program Files\Real
2009-12-18 23:15:58 ----D---- C:\Users\hp\AppData\Roaming\Nero
2009-12-18 22:39:19 ----D---- C:\Program Files\Nero
2009-12-18 22:38:25 ----D---- C:\ProgramData\Nero
2009-12-18 22:38:21 ----D---- C:\Program Files\Common Files\Nero
2009-12-18 22:36:35 ----A---- C:\Windows\system32\d3dx9_30.dll

======List of files/folders modified in the last 2 months======

2010-02-17 19:39:08 ----D---- C:\Windows\Temp
2010-02-17 19:37:53 ----D---- C:\Users\hp\AppData\Roaming\LimeWire
2010-02-17 19:37:52 ----D---- C:\Program Files\Mozilla Firefox
2010-02-17 19:36:56 ----D---- C:\Windows\System32
2010-02-17 19:29:41 ----RD---- C:\Program Files
2010-02-17 18:57:44 ----D---- C:\Windows\Prefetch
2010-02-17 18:50:38 ----HD---- C:\ProgramData
2010-02-17 18:50:33 ----D---- C:\Windows\system32\drivers
2010-02-17 18:50:11 ----D---- C:\Windows
2010-02-17 18:41:51 ----SHD---- C:\Windows\Installer
2010-02-17 18:41:30 ----SHD---- C:\System Volume Information
2010-02-17 18:40:43 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-02-17 15:55:05 ----D---- C:\Windows\system32\LogFiles
2010-02-17 15:30:23 ----D---- C:\Windows\winsxs
2010-02-17 15:29:15 ----D---- C:\Program Files\Common Files
2010-02-17 05:43:01 ----D---- C:\Windows\system32\zh-TW
2010-02-17 05:43:01 ----D---- C:\Windows\system32\zh-HK
2010-02-17 05:43:01 ----D---- C:\Windows\system32	r-TR
2010-02-17 05:42:56 ----D---- C:\Windows\system32\sv-SE
2010-02-17 05:42:56 ----D---- C:\Windows\system32\pt-BR
2010-02-17 05:42:56 ----D---- C:\Windows\system32
l-NL
2010-02-17 05:42:56 ----D---- C:\Windows\system32
b-NO
2010-02-17 05:42:56 ----D---- C:\Windows\system32\ko-KR
2010-02-17 05:42:56 ----D---- C:\Windows\system32\it-IT
2010-02-17 05:42:56 ----D---- C:\Windows\system32\he-IL
2010-02-17 05:42:56 ----D---- C:\Windows\system32\fr-FR
2010-02-17 05:42:55 ----D---- C:\Windows\system32\fi-FI
2010-02-17 05:42:55 ----D---- C:\Windows\system32\es-ES
2010-02-17 05:42:55 ----D---- C:\Windows\system32\en-US
2010-02-17 05:42:55 ----D---- C:\Windows\system32\el-GR
2010-02-17 05:42:55 ----D---- C:\Windows\system32\de-DE
2010-02-17 05:42:55 ----D---- C:\Windows\system32\da-DK
2010-02-17 05:42:55 ----D---- C:\Windows\system32\ar-SA
2010-02-17 02:35:08 ----D---- C:\Users\hp\AppData\Roaming\dvdcss
2010-02-16 02:18:19 ----D---- C:\Windows\inf
2010-02-16 02:18:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-12 22:03:05 ----RSD---- C:\Windows\assembly
2010-02-11 23:11:24 ----D---- C:\Windows\Minidump
2010-02-11 23:11:24 ----D---- C:\Windows\Debug
2010-02-11 22:23:39 ----D---- C:\Windows\system32\catroot
2010-02-11 22:21:13 ----D---- C:\Program Files\Windows Mail
2010-02-11 22:11:34 ----D---- C:\ProgramData\Microsoft Help
2010-02-10 20:46:04 ----D---- C:\Windows\system32\catroot2
2010-02-08 22:01:33 ----D---- C:\Program Files\Microsoft
2010-02-08 22:01:09 ----D---- C:\Program Files\Windows Live
2010-02-08 21:48:13 ----D---- C:\Windows\SoftwareDistribution
2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-01-28 03:01:49 ----D---- C:\Program Files\Internet Explorer
2010-01-26 21:14:30 ----SD---- C:\ProgramData\Microsoft
2010-01-26 20:36:47 ----A---- C:\Windows\system32\pndx5032.dll
2010-01-26 20:36:47 ----A---- C:\Windows\system32\pndx5016.dll
2010-01-26 20:35:46 ----A---- C:\Windows\system32\pncrt.dll
2010-01-26 20:22:39 ----D---- C:\Windows\system32\WDI
2010-01-25 23:48:09 ----D---- C:\Program Files\Free Easy Burner
2010-01-21 16:03:02 ----D---- C:\Program Files\K-Lite Codec Pack
2010-01-20 23:37:44 ----D---- C:\Users\hp\AppData\Roaming\DivX
2010-01-19 19:54:25 ----D---- C:\Program Files\CDBurnerXP
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-13 16:39:26 ----D---- C:\Program Files\Glary Utilities
2010-01-12 21:17:47 ----D---- C:\Windows\Tasks
2010-01-12 21:11:11 ----D---- C:\Windows\system32\Tasks
2010-01-10 18:03:12 ----D---- C:\Users\hp\AppData\Roaming\ESTsoft
2010-01-04 07:40:57 ----D---- C:\Windowsescache
2010-01-04 07:40:56 ----D---- C:\Windows\Microsoft.NET
2010-01-04 07:21:56 ----D---- C:\Windows\PolicyDefinitions
2010-01-03 04:28:04 ----D---- C:\Windows\Logs
2010-01-02 22:56:54 ----D---- C:\ProgramData\BitDefender
2010-01-02 22:23:03 ----D---- C:\Program Files\adslTV
2010-01-02 21:33:30 ----ASH---- C:\Program Files\desktop.ini
2010-01-02 21:33:29 ----SHD---- C:\boot
2010-01-02 21:20:12 ----D---- C:\Program Files\Windows Calendar
2010-01-02 21:20:11 ----D---- C:\Program Files\Windows Sidebar
2010-01-02 21:20:11 ----D---- C:\Program Files\Movie Maker
2010-01-02 21:20:06 ----D---- C:\Program Files\Windows Media Player
2010-01-02 21:20:04 ----D---- C:\Program Files\Windows Collaboration
2010-01-02 21:20:02 ----D---- C:\Program Files\Windows Journal
2010-01-02 21:20:01 ----D---- C:\Program Files\Windows Photo Gallery
2010-01-02 21:19:53 ----D---- C:\Program Files\Common Files\System
2010-01-02 21:19:52 ----D---- C:\Program Files\Windows Defender
2010-01-02 21:19:51 ----D---- C:\Windows\servicing
2010-01-02 21:19:48 ----D---- C:\Windows\ehome
2010-01-02 21:19:41 ----D---- C:\Windows\MSAgent
2010-01-02 21:19:39 ----D---- C:\Windows\L2Schemas
2010-01-02 21:19:39 ----D---- C:\Windows\IME
2010-01-02 21:19:39 ----D---- C:\Windows\DigitalLocker
2010-01-02 21:19:36 ----D---- C:\Windows\system32\com
2010-01-02 21:19:31 ----D---- C:\Windows\system32\oobe
2010-01-02 21:19:30 ----D---- C:\Windows\system32\sysprep
2010-01-02 21:19:30 ----D---- C:\Windows\system32\migration
2010-01-02 21:19:30 ----D---- C:\Windows\system32\fr
2010-01-02 21:19:21 ----D---- C:\Windows\system32\AdvancedInstallers
2010-01-02 21:19:20 ----D---- C:\Windows\system32u-RU
2010-01-02 21:19:20 ----D---- C:\Windows\system32\ias
2010-01-02 21:18:53 ----D---- C:\Windows\system32\setup
2010-01-02 21:18:53 ----D---- C:\Windows\system32\hu-HU
2010-01-02 21:18:53 ----D---- C:\Windows\system32\cs-CZ
2010-01-02 21:18:52 ----D---- C:\Windows\system32\SLUI
2010-01-02 21:18:52 ----D---- C:\Windows\system32\pt-PT
2010-01-02 21:18:43 ----D---- C:\Windows\system32\zh-CN
2010-01-02 21:18:43 ----D---- C:\Windows\system32\manifeststore
2010-01-02 21:18:42 ----D---- C:\Windows\system32\pl-PL
2010-01-02 21:18:42 ----D---- C:\Windows\system32\ja-JP
2010-01-02 21:18:41 ----D---- C:\Windows\system32o-RO
2010-01-02 21:18:31 ----D---- C:\Windows\system32\wbem
2010-01-02 21:18:16 ----D---- C:\Windows\system32\migwiz
2010-01-02 21:16:05 ----D---- C:\Windows\AppPatch
2010-01-02 21:15:43 ----D---- C:\Windows\Boot
2010-01-02 21:15:35 ----D---- C:\Windows\system32\Boot
2010-01-02 19:46:33 ----A---- C:\Windows\system32\ifxcardm.dll
2010-01-02 19:46:28 ----A---- C:\Windows\system32\axaltocm.dll
2010-01-01 23:47:30 ----D---- C:\Users\hp\AppData\Roaming\uTorrent
2009-12-31 21:12:01 ----D---- C:\divx
2009-12-31 20:52:15 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-31 03:06:59 ----D---- C:\Users\hp\AppData\Roaming\CyberLink
2009-12-31 02:51:09 ----SD---- C:\Users\hp\AppData\Roaming\Microsoft
2009-12-31 00:01:40 ----D---- C:\Program Files\AviSynth 2.5
2009-12-21 20:39:03 ----D---- C:\Program Files\BitTorrent
2009-12-21 20:39:00 ----D---- C:\Users\hp\AppData\Roaming\BitTorrent
2009-12-18 22:35:33 ----D---- C:\Program Files\Common Files\microsoft shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-11-29 137224]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-25 155136]
R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-08 1044472]
R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2009-11-29 104456]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-12-10 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2009-11-29 8832]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 188416]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 1790976]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-04-23 50176]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R4 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore.sys []
S3 ACSSCR;ACR38 Smart Card Reader; C:\Windows\system32\DRIVERS\a38usbxp.sys [2004-04-30 24832]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-08 1044472]
S3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-10-25 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-10-25 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-10-25 29184]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-06-29 163328]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 1790976]
S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers
pf.sys [2007-11-06 34064]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2008-09-02 13056]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERSfcomm.sys [2008-01-19 49664]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner	rufos.sys [2009-11-29 39808]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-11-29 413696]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-11-29 1638240]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
S2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcappcapd.exe [2007-11-06 92792]
S3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504]

-----------------EOF-----------------

ajnabie · Answer

Voici le rapport du hijackthis 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:51, on 17/02/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_be&c=81&bd=HP&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_be&c=81&bd=HP&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\system32\winlogon32.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [smss32.exe] C:\Windows\system32\smss32.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [smss32.exe] C:\Windows\system32\smss32.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: netuza32.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O15 - Trusted Zone: http://*.buy-security-essentials.com
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)
O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

ajnabie · Answer

Bonsoir voici le bloc note comboFix

ComboFix 10-02-12.01 - hp 17/02/2010  21:46:06.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.32.1036.18.2037.1016 [GMT 1:00]
Lancé depuis: c:\users\hp\Desktop\asdehi.exe
AV: Antivirus BitDefender  *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Pare-feu BitDefender  *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender AntiSpam *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3680863834-4064941680-1721992971-500
c:\$recycle.bin\S-1-5-21-496770924-2321444939-1791698453-500
c:\users\hp\AppData\Local\ibxkfb.dat
c:\users\hp\AppData\Local\ibxkfb_nav.dat
c:\users\hp\AppData\Local\ibxkfb_navps.dat
c:\users\hp\AppData\Roaming\avdrn.dat
c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
etuza32.exe
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\29358.exe
c:\windows\system32\41.exe
c:\windows\system32\6334.exe
c:\windows\system32\ES15.exe
c:\windows\system32\helpers32.dll
c:\windows\system32\KBL.LOG
c:\windows\system32\oem11.inf
c:\windows\system32\smss32.exe
c:\windows\system32\winlogon32.exe

.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-01-17 au 2010-02-17  ))))))))))))))))))))))))))))))))))))
.

2010-02-17 18:31 . 2010-02-17 18:32	--------	dc----w-	C:sit
2010-02-17 18:29 . 2010-02-17 18:29	--------	d-----w-	c:\program files\Trend Micro
2010-02-17 15:34 . 2010-02-17 15:34	--------	d-----w-	c:\users\hp\AppData\Roaming\Malwarebytes
2010-02-17 15:34 . 2010-01-07 15:07	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-17 15:34 . 2010-02-17 15:34	--------	d-----w-	c:\programdata\Malwarebytes
2010-02-17 15:34 . 2010-01-07 15:07	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-02-17 15:34 . 2010-02-17 15:34	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-02-17 14:29 . 2010-02-17 17:50	--------	d-----w-	c:\program files\Spyware Doctor
2010-02-17 14:29 . 2010-02-17 17:50	--------	d-----w-	c:\program files\Common Files\PC Tools
2010-02-17 13:10 . 2010-02-17 13:10	--------	d-----w-	c:\programdata\Office Genuine Advantage
2010-02-11 21:11 . 2010-02-11 21:12	--------	dc----w-	C:\0222e4aae9b09cf74cf461
2010-02-08 21:01 . 2009-08-05 21:48	54632	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2010-02-08 21:01 . 2010-02-08 21:01	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-02-08 20:55 . 2006-11-29 12:06	3426072	----a-w-	c:\windows\system32\d3dx9_32.dll
2010-02-08 20:51 . 2010-02-08 20:51	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2010-01-26 20:14 . 2010-01-15 17:30	315392	----a-w-	c:\windows\system32\TubeFinder.exe
2010-01-26 20:14 . 2009-06-19 17:51	9728	----a-w-	c:\windows\system32\PCCLPFR.DLL
2010-01-26 20:14 . 2010-01-26 20:23	--------	d-----w-	c:\users\hp\AppData\Roaming\FreeFLVConverter
2010-01-26 20:14 . 2010-01-26 20:14	--------	d-----w-	c:\program files\Free FLV Converter
2010-01-26 20:00 . 2010-01-26 20:00	--------	d-----w-	c:\users\hp\AppData\Roaming\NCH Software
2010-01-26 19:36 . 2010-01-26 19:36	--------	d-----w-	c:\program files\Common Files\xing shared
2010-01-25 15:21 . 2010-02-03 19:44	--------	d-----w-	c:\program files\Free Download Manager
2010-01-21 21:15 . 2010-02-08 20:34	--------	d-----w-	c:\program files\MegaSms
2010-01-20 22:36 . 2010-01-20 22:36	--------	d-----w-	c:\users\hp\AppData\Roaming\VistaCodecs
2010-01-20 22:36 . 2010-01-20 22:36	--------	d-----w-	c:\program files\VistaCodecPack
2010-01-20 22:34 . 2010-01-20 22:36	--------	d-----w-	c:\programdata\VistaCodecs
2010-01-18 21:44 . 2010-01-18 21:44	--------	d-----w-	c:\program files\Easy Video Joiner

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 21:09 . 2009-10-31 12:42	--------	d-----w-	c:\users\hp\AppData\Roaming\LimeWire
2010-02-17 14:44 . 2009-11-29 18:24	81984	----a-w-	c:\windows\system32\bdod.bin
2010-02-17 14:43 . 2009-12-11 19:32	12	----a-w-	c:\windows\bthservsdp.dat
2010-02-17 03:02 . 2009-12-28 21:28	--------	d-----w-	c:\users\hp\AppData\Roaming\vlc
2010-02-17 01:35 . 2009-12-08 02:11	--------	d-----w-	c:\users\hp\AppData\Roaming\dvdcss
2010-02-17 00:40 . 2010-02-17 00:40	16	----a-w-	c:\users\hp\AppData\Roaming\sgcpom.dat
2010-02-16 17:21 . 2010-01-02 22:40	--------	d-----w-	c:\program files\eMule
2010-02-16 01:18 . 2009-10-12 20:04	672322	----a-w-	c:\windows\system32\perfh00C.dat
2010-02-16 01:18 . 2009-10-12 20:04	124434	----a-w-	c:\windows\system32\perfc00C.dat
2010-02-12 21:03 . 2009-12-31 00:15	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2010-02-11 21:21 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-02-11 21:11 . 2009-10-25 13:04	--------	d-----w-	c:\programdata\Microsoft Help
2010-02-08 21:01 . 2009-10-22 19:04	--------	d-----w-	c:\program files\Microsoft
2010-02-08 21:01 . 2009-10-22 19:03	--------	d-----w-	c:\program files\Windows Live
2010-01-26 20:00 . 2010-01-18 19:52	--------	d-----w-	c:\program files\NCH Software
2010-01-25 22:48 . 2009-10-22 20:01	--------	d-----w-	c:\program files\Free Easy Burner
2010-01-21 15:03 . 2009-10-22 21:40	--------	d-----w-	c:\program files\K-Lite Codec Pack
2010-01-20 22:37 . 2009-11-07 23:34	--------	d-----w-	c:\users\hp\AppData\Roaming\DivX
2010-01-20 21:47 . 2010-01-18 19:52	--------	d-----w-	c:\programdata\NCH Swift Sound
2010-01-19 22:38 . 2010-01-19 22:16	525	----a-w-	c:\program files\mplayerc - Raccourci.lnk
2010-01-19 18:54 . 2009-11-15 15:26	--------	d-----w-	c:\program files\CDBurnerXP
2010-01-18 19:52 . 2010-01-18 19:52	--------	d-----w-	c:\programdata\NCH Software
2010-01-18 19:52 . 2010-01-18 19:51	--------	d-----w-	c:\program files\NCH Swift Sound
2010-01-18 19:52 . 2010-01-18 19:52	--------	d-----w-	c:\users\hp\AppData\Roaming\NCH Swift Sound
2010-01-17 21:02 . 2010-01-17 21:02	--------	d-----w-	c:\programdata\Canneverbe Limited
2010-01-16 21:46 . 2010-01-16 21:46	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-01-16 16:31 . 2010-01-16 16:31	--------	d-----w-	c:\programdata\WindowsSearch
2010-01-14 10:12 . 2009-10-22 20:21	181120	------w-	c:\windows\system32\MpSigStub.exe
2010-01-13 15:39 . 2009-10-27 22:48	--------	d-----w-	c:\program files\Glary Utilities
2010-01-10 17:03 . 2009-11-03 21:02	--------	d-----w-	c:\users\hp\AppData\Roaming\ESTsoft
2010-01-05 21:47 . 2010-01-03 00:13	--------	d-----w-	c:\program files\BitComet
2010-01-05 20:56 . 2010-01-05 20:56	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-01-03 00:13 . 2010-01-03 00:13	1036288	----a-w-	c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profilesj9sc9i9.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2010-01-02 23:53 . 2010-01-02 23:53	--------	d-----w-	c:\programdata\Estsoft
2010-01-02 21:56 . 2009-11-29 18:09	--------	d-----w-	c:\programdata\BitDefender
2010-01-02 21:23 . 2009-12-29 15:07	--------	d-----w-	c:\program files\QuickTime
2010-01-02 21:23 . 2009-12-04 21:34	--------	d-----w-	c:\program files\adslTV
2010-01-02 20:20 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Calendar
2010-01-02 20:20 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar
2010-01-02 20:20 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Collaboration
2010-01-02 20:20 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Journal
2010-01-02 20:20 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Photo Gallery
2010-01-02 20:19 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Defender
2010-01-02 20:15 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2010-01-02 18:46 . 2006-11-02 10:32	101888	----a-w-	c:\windows\system32\ifxcardm.dll
2010-01-02 18:46 . 2006-11-02 10:32	82432	----a-w-	c:\windows\system32\axaltocm.dll
2010-01-01 22:47 . 2009-10-31 12:16	--------	d-----w-	c:\users\hp\AppData\Roaming\uTorrent
2010-01-01 19:45 . 2010-01-01 19:45	--------	d-----w-	c:\program files\Joboshare
2010-01-01 19:27 . 2010-01-01 19:11	--------	d-----w-	c:\programdata\DVD Shrink
2010-01-01 19:11 . 2010-01-01 19:11	--------	d-----w-	c:\program files\DVD Shrink
2010-01-01 16:17 . 2010-01-01 16:16	--------	d-----w-	c:\users\hp\AppData\Roaming\gtk-2.0
2010-01-01 15:55 . 2010-01-01 15:54	--------	d-----w-	c:\program files\GTK2-Runtime
2009-12-31 20:15 . 2009-12-31 00:15	--------	d-----w-	c:\program files\DVDVideoSoft
2009-12-31 19:52 . 2009-10-12 10:33	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-12-31 02:06 . 2009-10-29 20:11	--------	d-----w-	c:\users\hp\AppData\Roaming\CyberLink
2009-12-30 23:01 . 2009-11-25 15:40	--------	d-----w-	c:\program files\AviSynth 2.5
2009-12-29 15:07 . 2009-12-29 15:07	--------	d-----w-	c:\programdata\Apple Computer
2009-12-28 21:21 . 2009-12-28 21:21	--------	d-----w-	c:\users\hp\AppData\Roaming\RayV
2009-12-28 12:35 . 2010-02-10 19:46	11776	----a-w-	c:\windows\system32	sbyuv.dll
2009-12-28 12:35 . 2010-02-10 19:46	1314816	----a-w-	c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 19:46	22528	----a-w-	c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 19:46	31744	----a-w-	c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 19:46	123904	----a-w-	c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 19:46	13312	----a-w-	c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 19:46	82944	----a-w-	c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 19:46	50176	----a-w-	c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 19:46	65024	----a-w-	c:\windows\system32\avicap32.dll
2009-12-28 12:28 . 2010-02-10 19:46	91136	----a-w-	c:\windows\system32\avifil32.dll
2009-12-24 00:22 . 2009-12-24 00:22	--------	d-----w-	c:\program files\Common Files\Apple
2009-12-24 00:22 . 2009-12-24 00:22	--------	d-----w-	c:\program files\Apple Software Update
2009-12-24 00:22 . 2009-12-24 00:22	--------	d-----w-	c:\programdata\Apple
2009-12-23 23:24 . 2009-12-23 23:24	348160	----a-w-	c:\windows\system32\msvcr71.dll
2009-12-23 23:24 . 2009-12-23 23:24	--------	d-----w-	c:\program files\Real
2009-12-21 19:39 . 2009-11-02 14:42	--------	d-----w-	c:\program files\BitTorrent
2009-12-21 19:39 . 2009-12-08 00:30	--------	d-----w-	c:\users\hp\AppData\Roaming\BitTorrent
2009-12-11 12:07 . 2010-02-10 19:46	301568	----a-w-	c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 19:46	98304	----a-w-	c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 19:46	897624	----a-w-	c:\windows\system32\drivers	cpip.sys
2009-12-08 20:52 . 2010-02-10 19:46	3597912	----a-w-	c:\windows\system32
tkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 19:46	3546200	----a-w-	c:\windows\system32
toskrnl.exe
2009-12-04 16:12 . 2010-02-10 19:46	212992	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 16:12 . 2010-02-10 19:46	105472	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2009-12-03 12:46 . 2009-12-03 12:46	2026	----a-w-	c:\users\hp\AppData\Local\ooopw.exe
2009-12-03 12:46 . 2009-11-04 22:05	86	----a-w-	c:\users\hp\AppData\Localefqb.bat
2009-12-02 13:21 . 2009-12-02 13:21	5083136	----a-w-	c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\chute d'eau.tls.dll
2009-11-30 22:50 . 2009-11-30 22:50	2026	----a-w-	c:\users\hp\AppData\Local\mcgmlz.exe
2009-11-29 23:29 . 2009-10-13 04:52	103552	----a-w-	c:\users\hp\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-29 18:34 . 2008-10-17 13:01	104456	----a-w-	c:\windows\system32\drivers\bdfndisf.sys
2009-11-21 06:40 . 2009-12-09 20:30	916480	----a-w-	c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 20:30	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 20:30	109056	----a-w-	c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 20:30	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2009-11-29 18:33 . 2008-10-30 16:34	65536	----a-w-	c:\program files\mozilla firefox\components\FFComm.dll
2009-09-25 16:41 . 2009-09-25 16:41	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-11-29 69632]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-11-29 782336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OBealsched.exe" [2010-01-26 198160]

c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OBealsched.exe"  -osboot
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [6/10/2008 17:16 82696]
R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [18/09/2008 11:09 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [17/10/2008 14:01 104456]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\System32\drivers\a38usbxp.sys [30/04/2004 13:35 24832]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 12:06 118784]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [8/02/2010 22:01 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 22:48 704864]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers
pf.sys [6/11/2007 21:22 34064]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - PCTSDInjDriver32
*Deregistered* - TuneUpUtilitiesDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx	REG_MULTI_SZ   	scan
bthsvcs	REG_MULTI_SZ   	BthServ
.
Contenu du dossier 'Tâches planifiées'

2010-02-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-10-27 11:09]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.atcomet.com/b/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_be&c=81&bd=HP&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profilesj9sc9i9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components
prpffbrowserrecordext.dll
FF - component: c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profilesj9sc9i9.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Microsoft\Office Live
pOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
p-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
pref(dom.disable_open_during_load, true);
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-smss32.exe - c:\windows\system32\smss32.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 22:08
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(6036)
c:\program files\Spyware Doctor\pctgmhk.dll
.
Heure de fin: 2010-02-17  22:16:03
ComboFix-quarantined-files.txt  2010-02-17 21:15

Avant-CF: 18.838.855.680 octets libres
Après-CF: 18.855.419.904 octets libres

- - End Of File - - B9389A076406FC99C773D8077055F645

ajnabie · Answer

Bonjour , voici le rapport :  

.
======= LOGFILE OF AD-REMOVER 1.1.4.6_J | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 05.02.2010 at 17:34
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 15:06:32, ven. 19/02/2010 | Normal Boot | Option: CLEAN
Executed from: C:\Ad-Remover\
Operating system: Microsoft® Windows Vista™ HomePremium Service Pack 2 v6.0.6001
Computer Name: PC-DE-HP | Current user: hp
.
============== NEUTRALIZED ELEMENT(S) ==============
.

C:\Users\hp\AppData\Roaming\Mozilla\FireFox\Profiles\rj9sc9i9.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} 
C:\Users\hp\AppData\Roaming\Mozilla\FireFox\Profiles\rj9sc9i9.default\searchplugins\ask.xml 
C:\Program Files\Mozilla FireFox\Components\AskSearch.js 
C:\Users\hp\AppData\Local\refqb.bat 

(!) -- Temp files deleted.
 
.
HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
HKLM\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
HKLM\software\microsoft\windows\currentversion\uninstall\refqb
.
============== Added scan ==============
.
.
* Mozilla FireFox Version 3.6 [fr] *
.
 ProfilePath: rj9sc9i9.default (hp)
.
(hp, prefs.js) Browser.download.lastDir, C:\Users\hp\Downloads
(hp, prefs.js) Browser.search.defaultenginename, Ask
(hp, prefs.js) Browser.search.selectedEngine, Google
(hp, prefs.js) Browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
(hp, prefs.js) Extensions.enabledItems, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3,{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.17,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
(hp, prefs.js) Keyword.URL, hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
. 
(hp, prefs.js) ERASED - Extensions.snipit.chromeURL, hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1
(hp, prefs.js) ERASED - Keyword.URL, hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
. 
. 
.
* Internet Explorer Version 8.0.6001.18865 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Do404Search: 01000000
Local Page: C:\Windows\system32\blank.htm
Show_ToolBar: yes
Enable Browser Extensions: yes
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
3253 Byte(s) - C:\Ad-Report-CLEAN[1].log 
.
11 File(s) - C:\Users\hp\AppData\Local\Temp 
11 File(s) - C:\Windows\Temp 
0 File(s) - C:\Windows\Prefetch 
.
21 File(s) - C:\Ad-Remover\BACKUP
3 File(s) - C:\Ad-Remover\QUARANTINE
.
End at: 15:13:29 | ven. 19/02/2010 - CLEAN[1]
.
============== E.O.F ==============
.

ajnabie · Answer

Voici le rapport de usbfix :



############################## | UsbFix V6.096 |

User : hp (Administrateurs) # PC-DE-HP
Update on 19/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 15:28:38 | 19/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) Dual  CPU  T2310  @ 1.46GHz
Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled
AV : Antivirus BitDefender  12.0 [ Enabled | Updated ]
FW : Pare-feu BitDefender [ Enabled ]12.0

C:\ -> Disque fixe local # 140,34 Go (23,84 Go free) # NTFS
D:\ -> Disque fixe local # 8,71 Go (2,82 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 481,72 Mo (423,76 Mo free) # FAT
G:\ -> Disque fixe local # 465,76 Go (12,16 Go free) [Iomega_HDD] # NTFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32unonce.exe
C:\Windows\system32\conime.exe

################## | Elements infectieux |

Supprimé ! C:\$Recycle.Bin\S-1-5-21-3680863834-4064941680-1721992971-1000 
Supprimé ! D:\$Recycle.Bin\S-1-5-21-3680863834-4064941680-1721992971-1000 
Supprimé ! D:\$Recycle.Bin\S-1-5-21-3680863834-4064941680-1721992971-500 
Supprimé ! D:\$Recycle.Bin\S-1-5-21-3680863834-4064941680-1721992971-501 
Supprimé ! G:\$Recycle.Bin\S-1-5-21-2764618780-970644224-1006795166-1000 
Supprimé ! G:\$Recycle.Bin\S-1-5-21-2764618780-970644224-1006795166-501 
Supprimé ! G:\$Recycle.Bin\S-1-5-21-3680863834-4064941680-1721992971-1000 
Supprimé ! G:\$Recycle.Bin\S-1-5-21-3680863834-4064941680-1721992971-501 

################## | Registre |

Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	askmgr.exe]  
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"  
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"  

################## | Mountpoints2 |


################## | Listing des fichiers présent |

[19/02/2010 15:13|--a--c---|3579] C:\Ad-Report-CLEAN[1].log 
[18/09/2006 22:43|--a------|24] C:\autoexec.bat 
[19/01/2008 08:45|-rahs----|333203] C:\bootmgr 
[17/02/2010 23:20|--a--c---|19817] C:\ComboFix.txt 
[18/09/2006 22:43|--a------|10] C:\config.sys 
[05/12/2009 01:56|-rahsc---|0] C:\IO.SYS 
[05/12/2009 01:56|-rahsc---|0] C:\MSDOS.SYS 
[?|?|?] C:\pagefile.sys 
[19/02/2010 15:36|--a--c---|3875] C:\UsbFix.txt 
[11/09/2005 16:18|---hs----|340] D:\AUTOMODE 
[13/10/2009 05:40|---hs----|13] D:\BLOCK.RIN 
[04/10/2006 00:02|---hs----|438328] D:\bootmgr 
[06/09/2008 12:19|---hs----|891] D:\Desktop.ini 
[10/09/2002 17:14|---hs----|8134] D:\Folder.htt 
[13/10/2009 05:52|--ahs----|814] D:\MASTER.LOG 
[16/09/2002 15:37|---hs----|181898] D:\protect.chinese hong kong 
[16/09/2002 15:37|---hs----|181916] D:\protect.chinese simplified 
[16/09/2002 15:37|---hs----|181898] D:\protect.chinese traditional 
[27/04/2006 17:19|---hs----|181865] D:\protect.czech 
[03/11/2005 16:21|---hs----|181726] D:\protect.danish 
[10/09/2002 14:56|---hs----|181605] D:\protect.dutch 
[10/09/2002 14:50|---hs----|181651] D:\protect.ed 
[22/11/2004 16:28|---hs----|181648] D:\protect.english 
[03/11/2005 16:20|---hs----|181673] D:\protect.finnish 
[03/11/2005 16:19|---hs----|181736] D:\protect.french 
[03/11/2005 16:18|---hs----|181669] D:\protect.german 
[23/11/2005 16:56|---hs----|182689] D:\protect.greek 
[23/01/2006 10:18|---hs----|182605] D:\protect.hebrew 
[28/08/2007 15:58|---hs----|181696] D:\protect.hungarian 
[03/11/2005 16:17|---hs----|181554] D:\protect.italian 
[10/04/2006 10:46|---hs----|182566] D:\protect.japanese 
[24/11/2005 12:24|---hs----|218295] D:\protect.korean 
[03/11/2005 16:15|---hs----|181578] D:\protect.norwegian 
[25/04/2006 15:44|---hs----|181789] D:\protect.polish 
[03/11/2005 16:13|---hs----|181624] D:\protect.portuguese 
[27/10/2005 20:24|---hs----|181882] D:\protect.portuguese brazilian 
[28/06/2004 09:52|---hs----|211936] D:\protect.russian 
[03/11/2005 16:11|---hs----|181586] D:\protect.spanish 
[10/09/2002 15:15|---hs----|181602] D:\protect.swedish 
[12/08/2003 11:37|---hs----|181783] D:\protect.turkish 
[12/10/2009 14:22|---hs----|0] D:\USER 
[07/02/2010 17:59|--a------|473497600] G:\Derrick.1x01.Der.Waldweg.GER.[tvu.org.ru].avi 
[25/01/2010 23:03|--a------|498087936] G:\Inspecteur DERRICK - 015 - Une Mauvaise Reussite (FR) BY ADVRIP.avi 
[25/01/2010 23:39|--a------|462982166] G:\Inspecteur DERRICK - 022 - TRISTE DIMANCHE (FR) BY ADVRIP.AVI 
[25/01/2009 00:04|--a------|28087432] G:\Tv Total - Stefan Raab und Will Smith_TubeMaster.avi 

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). 
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). 
# F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). 
# G:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). 

################## | Upload | 

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PC-de-hp.zip : https://www.ionos.fr/?affiliate_id=77097 
Merci pour votre contribution .  

################## | ! Fin du rapport # UsbFix V6.096 ! |

ajnabie · Answer

voici le rapport navilog1

Fix Navipromo version 4.0.6 commencé le ven. 19/02/2010 15:53:30,13

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 03.01.2010 à 11h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual  CPU  T2310  @ 1.46GHz )
BIOS : Default System BIOS
USER : hp ( Not Administrator ! )
BOOT : Normal boot

Antivirus : Antivirus BitDefender  12.0 (Activated)
Firewall  : Pare-feu BitDefender  12.0 (Activated)

C:\ (Local Disk) - NTFS - Total:140 Go (Free:23 Go)
D:\ (Local Disk) - NTFS - Total:8 Go (Free:2 Go)
E:\ (CD or DVD)


Recherche executée en mode normal 


[b]Aucune Infection Navipromo/Egdaccess trouvée/b



*** Scan terminé ven. 19/02/2010 15:54:08,52 ***

ajnabie · Answer

Bonsoir voici le rapport 

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3761
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

19/02/2010 22:54:09
mbam-log-2010-02-19 (22-54-09).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 268028
Temps écoulé: 1 hour(s), 51 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\Windows\System32\smss32.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\winlogon32.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

ajnabie · Answer

Bonsoir Guillaume5188 , voilà je n'arrive pas a mettre a jour mon ordinateur avec windows update dès que j'essaye d'installer les mises a jour un message d'erreur apparait , le code d'erreur est 80073712 j'ai essayer de résoudre le problème mais pour le moment sans succès .

ajnabie · Answer

Re

Merci pour ta reponse le problème c'est que le fichier pending.xml: est introuvable .

TechiG · Answer

http://www6.techvts.com/?tdfs=1&searchbox=1&showDomain=1

ajnabie · Answer

Bonsoir ,je l'est telecharger mais le programme n'installe pas les mises a jour .

en tous cas merci beaucoup pour ton aide car je n'ai plus de problème par rapport au virus worm il n'y a plus de fenêtre d'alerte  au démarrage de mon ordinateur tous fonctionne très bien :) encore merci .

ajnabie · Answer

re 

Je voulais te remercier pour ton aide car windows  update refonctionne .

ajnabie · Answer

Bonsoir ,  Guillaume5188


[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche: 

C:\Combofix.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Qoobox: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Ad-remover: trouvé !
C:\Ad-Remover\BACKUP\Ad-R.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programma's\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programma's\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\hp\Desktop\HijackThis.lnk: trouvé !
C:\Users\hp\Desktop\Navilog1.exe: trouvé !
C:\Users\hp\Desktop\Ad-R.exe: trouvé !
C:\Users\hp\Desktop\UsbFix.exe: trouvé !
C:\Users\Invité\Desktop\HijackThis.lnk: trouvé !
C:\Windows\mbr.exe: trouvé !

---------------------------------
--> Suppression: 

C:\Ad-Remover\BACKUP\Ad-R.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\hp\Desktop\HijackThis.lnk: supprimé !
C:\Users\hp\Desktop\Navilog1.exe: supprimé !
C:\Users\hp\Desktop\Ad-R.exe: supprimé !
C:\Users\Invité\Desktop\HijackThis.lnk: supprimé !
C:\Combofix.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\Users\hp\Desktop\UsbFix.exe: supprimé !
C:\Windows\mbr.exe: supprimé !
C:\Qoobox: supprimé !
C:\UsbFix: supprimé !
C:\Rsit: supprimé !
C:\Ad-remover: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programma's\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !

ajnabie · Answer

Bonsoir oui j'ai suivis  toutes tes recommandations , mon ordinateur se porte très bien , 
Encore merci pour ton aide si précieuse ;). 

Je voulais juste savoir si je pouvais crée des points de restauration  ?

ajnabie · Answer

Re, ah d'accord merci .
Et bien encore une fois de plus merci pour toute ton  aide ;) 
passe une très Bonne soirée .

Virus worm win 32.Netsky

17 réponses

Discussions similaires

Newsletters