Virus pub intempestives
marlie78
Messages postés
18
Statut
Membre
-
ep44 Messages postés 7432 Statut Contributeur -
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,
Je n'arrive pas à me débarrasser de ces publicités intempestives. suite à différents conseils glanés sur le forum, j'ai effectué ccleaner, puis avg anti spyware, fait un scan bitdefender en ligne et un rapport highjakthis. Mais je ne sais pas aller plus loin. Est-ce que quelqu'un peut m'aider ? Merci d'avance.
Je joins les 3 rapports :
1.AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:32:20 26/12/2007
+ Résultat de l'analyse:
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP473\A0163442.dll -> Not-A-Virus.Adware.BHO : Nettoyé.
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP446\A0148133.dll -> Not-A-Virus.Adware.TrafficSol : Nettoyé.
Fin du rapport
2. BitDefender Online Scanner
Scan report generated at: Thu, Dec 27, 2007 - 00:01:03
Scan path: C:\;D:\;E:\;F:\;
Statistics
Time
01:24:13
Files
181829
Folders
4973
Boot Sectors
4
Archives
8543
Packed Files
10025
Results
Identified Viruses
3
Infected Files
3
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
3
Engines Info
Virus Definitions
884349
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0001
Infected with: Trojan.Statblasterad.D
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0001
Disinfection failed
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0001
Deleted
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)
Update failed
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0002
Infected with: Dropped:Adware.Statblaster.T
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0002
Disinfection failed
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0002
Deleted
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Detected with: Adware.Fotomoto.I
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Disinfection failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Deleted
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)
Update failed
C:\WINDOWS\$NtUninstallKB925398_WMP64$\dxmasf.dll
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.inf
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.txt
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\updspapi.dll
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\strmdll.dll
Clean
C:\WINDOWS\$NtUninstallKB925486$\
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.inf
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.txt
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\updspapi.dll
Clean
C:\WINDOWS\$NtUninstallKB925486$\vgx.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\
Clean
C:\WINDOWS\$NtUninstallKB925902$\gdi32.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\mf3216.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.inf
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.txt
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\updspapi.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\user32.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\win32k.sys
Clean
C:\WINDOWS\$NtUninstallKB926255$\
Clean
C:\WINDOWS\$NtUninstallKB926255$\spuninst\
Clean
C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe
Clean
C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.inf
Clean
C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.txt
Clean
3.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:30, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ECB.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\l?ass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\CROSOF~1\nopdb.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A0C6FA0-8E4C-D6B1-4A41-A62FF2E5AC96} - (no file)
O2 - BHO: (no name) - {23797386-8754-B0F3-4C86-B520C2B9DDAC} - (no file)
O2 - BHO: (no name) - {2A215FA7-A37F-9281-6771-9F02C0D181AE} - (no file)
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {448B2C63-8FE3-EC4B-FA2D-EA35639BE0F8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {959B6A53-D2B7-A911-BB5A-F98A37F02BC2} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B0DEAF38-1285-6A2A-DA5C-39E671870891} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NAV Scan Service] NAVscan32.exe
O4 - HKLM\..\Run: [03nS3sj] navax13s.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [NAV Scan Service] NAVscan32.exe
O4 - HKLM\..\RunServices: [mswkork Service] msework.exe
O4 - HKCU\..\Run: [NAV Scan Service] NAVscan32.exe
O4 - HKCU\..\Run: [mswkork Service] msework.exe
O4 - HKCU\..\Run: [Xtxevzci] C:\WINDOWS\system32\l?ass.exe
O4 - HKCU\..\Run: [H042RiH4U] mycrddlg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Eeos] "C:\PROGRA~1\CROSOF~1\nopdb.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [mswkork Service] msework.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/album-photo/wistiti/Upload/ImageUploader35.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Je n'arrive pas à me débarrasser de ces publicités intempestives. suite à différents conseils glanés sur le forum, j'ai effectué ccleaner, puis avg anti spyware, fait un scan bitdefender en ligne et un rapport highjakthis. Mais je ne sais pas aller plus loin. Est-ce que quelqu'un peut m'aider ? Merci d'avance.
Je joins les 3 rapports :
1.AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:32:20 26/12/2007
+ Résultat de l'analyse:
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP473\A0163442.dll -> Not-A-Virus.Adware.BHO : Nettoyé.
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP446\A0148133.dll -> Not-A-Virus.Adware.TrafficSol : Nettoyé.
Fin du rapport
2. BitDefender Online Scanner
Scan report generated at: Thu, Dec 27, 2007 - 00:01:03
Scan path: C:\;D:\;E:\;F:\;
Statistics
Time
01:24:13
Files
181829
Folders
4973
Boot Sectors
4
Archives
8543
Packed Files
10025
Results
Identified Viruses
3
Infected Files
3
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
3
Engines Info
Virus Definitions
884349
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0001
Infected with: Trojan.Statblasterad.D
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0001
Disinfection failed
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0001
Deleted
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)
Update failed
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0002
Infected with: Dropped:Adware.Statblaster.T
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0002
Disinfection failed
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0002
Deleted
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Detected with: Adware.Fotomoto.I
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Disinfection failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Deleted
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)
Update failed
C:\WINDOWS\$NtUninstallKB925398_WMP64$\dxmasf.dll
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.inf
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.txt
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\updspapi.dll
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\strmdll.dll
Clean
C:\WINDOWS\$NtUninstallKB925486$\
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.inf
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.txt
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\updspapi.dll
Clean
C:\WINDOWS\$NtUninstallKB925486$\vgx.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\
Clean
C:\WINDOWS\$NtUninstallKB925902$\gdi32.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\mf3216.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.inf
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.txt
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\updspapi.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\user32.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\win32k.sys
Clean
C:\WINDOWS\$NtUninstallKB926255$\
Clean
C:\WINDOWS\$NtUninstallKB926255$\spuninst\
Clean
C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe
Clean
C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.inf
Clean
C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.txt
Clean
3.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:30, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ECB.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\l?ass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\CROSOF~1\nopdb.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A0C6FA0-8E4C-D6B1-4A41-A62FF2E5AC96} - (no file)
O2 - BHO: (no name) - {23797386-8754-B0F3-4C86-B520C2B9DDAC} - (no file)
O2 - BHO: (no name) - {2A215FA7-A37F-9281-6771-9F02C0D181AE} - (no file)
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {448B2C63-8FE3-EC4B-FA2D-EA35639BE0F8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {959B6A53-D2B7-A911-BB5A-F98A37F02BC2} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B0DEAF38-1285-6A2A-DA5C-39E671870891} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NAV Scan Service] NAVscan32.exe
O4 - HKLM\..\Run: [03nS3sj] navax13s.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [NAV Scan Service] NAVscan32.exe
O4 - HKLM\..\RunServices: [mswkork Service] msework.exe
O4 - HKCU\..\Run: [NAV Scan Service] NAVscan32.exe
O4 - HKCU\..\Run: [mswkork Service] msework.exe
O4 - HKCU\..\Run: [Xtxevzci] C:\WINDOWS\system32\l?ass.exe
O4 - HKCU\..\Run: [H042RiH4U] mycrddlg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Eeos] "C:\PROGRA~1\CROSOF~1\nopdb.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [mswkork Service] msework.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/album-photo/wistiti/Upload/ImageUploader35.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
A voir également:
- Virus pub intempestives
- Supprimer pub youtube - Accueil - Streaming
- Virus mcafee - Accueil - Piratage
- Stop pub gratuit - Télécharger - Divers Utilitaires
- Supprimer la pub - Guide
- Virus facebook demande d'amis - Accueil - Facebook
57 réponses
Bonsoir
relance hijack et coche ceci
ensuite clic sur fix checked
O2 - BHO: (no name) - {1A0C6FA0-8E4C-D6B1-4A41-A62FF2E5AC96} - (no file)
O2 - BHO: (no name) - {23797386-8754-B0F3-4C86-B520C2B9DDAC} - (no file)
O2 - BHO: (no name) - {2A215FA7-A37F-9281-6771-9F02C0D181AE} - (no file)
O2 - BHO: (no name) - {448B2C63-8FE3-EC4B-FA2D-EA35639BE0F8} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {959B6A53-D2B7-A911-BB5A-F98A37F02BC2} - (no file)
O2 - BHO: (no name) - {B0DEAF38-1285-6A2A-DA5C-39E671870891} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
ensuite
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
relance hijack et coche ceci
ensuite clic sur fix checked
O2 - BHO: (no name) - {1A0C6FA0-8E4C-D6B1-4A41-A62FF2E5AC96} - (no file)
O2 - BHO: (no name) - {23797386-8754-B0F3-4C86-B520C2B9DDAC} - (no file)
O2 - BHO: (no name) - {2A215FA7-A37F-9281-6771-9F02C0D181AE} - (no file)
O2 - BHO: (no name) - {448B2C63-8FE3-EC4B-FA2D-EA35639BE0F8} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {959B6A53-D2B7-A911-BB5A-F98A37F02BC2} - (no file)
O2 - BHO: (no name) - {B0DEAF38-1285-6A2A-DA5C-39E671870891} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
ensuite
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Voilà le rapport, je pense avoir fait comme tu l'as demandé, mais les fenêtres de pub sont toujours là. Dis-moi ceque tu en penses.
ComboFix 07-12-21.4 - Moi 2007-12-27 22:23:57.1 - NTFSx86
Running from: C:\Documents and Settings\Moi\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Moi\Mes documents\FNTS~1
C:\Program Files\crosof~1\nopdb.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\npf
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))))))))
.
2007-12-17 22:06 . 2007-12-17 22:06 <REP> d-------- C:\Documents and Settings\Moi\Application Data\Grisoft
2007-12-17 22:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-29 21:24 . 2007-12-27 00:04 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-29 19:38 . 2007-11-29 19:45 <REP> d-------- C:\Documents and Settings\Moi\.housecall6.6
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 21:21 12,464 ----a-w C:\Documents and Settings\Moi\Application Data\wklnhst.dat
2007-12-27 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-03 17:36 87,952 ------w C:\WINDOWS\system32\drivers\bdfndisf.sys
2007-11-25 09:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-23 20:51 --------- d-----w C:\Program Files\Trend Micro
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 20:51 --------- d-----w C:\Program Files\Common Files
2007-10-28 22:27 --------- d-----w C:\Program Files\Picasa2
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-01-02 09:44 60,800 ----a-w C:\Documents and Settings\Moi\Application Data\GDIPFONTCACHEV1.DAT
2006-06-01 17:17 1,683,871 ----a-w C:\Program Files\photofiltre_photofiltre_6.2.5_francais_10731.exe
2005-12-13 14:37 200,704 ----a-w C:\Program Files\ECB.exe
2005-12-13 14:37 117 ----a-w C:\Program Files\Config.ini
2005-09-02 21:05 10,834,615 ----a-w C:\WINDOWS\Internet Logs\GLBF_2nd_2005_09_02_18_56_06.dmp.zip
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}
[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
"Xtxevzci"="C:\WINDOWS\system32\l?ass.exe" [2004-08-05 13:00]
"H042RiH4U"="mycrddlg.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37]
"Eeos"="C:\PROGRA~1\CROSOF~1\nopdb.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 16:06]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 17:49]
"NAV Scan Service"="NAVscan32.exe" []
"03nS3sj"="navax13s.exe" []
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59]
"eCarteBleue-LP-P1"="C:\Program Files\ECB.exe" [2005-12-13 15:37]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-12-03 18:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax DllCmd 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax DllCmd 4.0.lnk
backup=C:\WINDOWS\pss\eFax DllCmd 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax Tray Menu 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax Tray Menu 4.0.lnk
backup=C:\WINDOWS\pss\eFax Tray Menu 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^FotoStation Easy AutoLaunch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\FotoStation Easy AutoLaunch.lnk
backup=C:\WINDOWS\pss\FotoStation Easy AutoLaunch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkvMon.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk
backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WD Backup Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WD Backup Monitor.lnk
backup=C:\WINDOWS\pss\WD Backup Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 09:37 2321600 -ra------ C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-07-24 15:45 335872 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-LP-P1]
C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe /dontopenmycards
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eeos]
C:\Program Files\esrh\sssc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 12:00 204800 --a------ C:\Program Files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM-Reset]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-03 22:10 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDxxyH]
c:\documents and settings\moi\local settings\temp\ZDxxyH.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDxxyH.exe]
C:\documents and settings\moi\local settings\temp\ZDxxyH.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
R1 bdftdif;bdftdif;C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys [2007-11-28 18:15]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-12-03 18:36]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-09-30 17:05]
R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-09-10 16:20]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx []
S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys []
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41878ed0-6611-11dc-8c8b-000272b00026}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-27 21:37:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 22:35:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2007-12-27 22:38:21 - machine was rebooted
.
2007-12-11 21:05:19 --- E O F ---
ComboFix 07-12-21.4 - Moi 2007-12-27 22:23:57.1 - NTFSx86
Running from: C:\Documents and Settings\Moi\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Moi\Mes documents\FNTS~1
C:\Program Files\crosof~1\nopdb.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\npf
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))))))))
.
2007-12-17 22:06 . 2007-12-17 22:06 <REP> d-------- C:\Documents and Settings\Moi\Application Data\Grisoft
2007-12-17 22:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-29 21:24 . 2007-12-27 00:04 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-29 19:38 . 2007-11-29 19:45 <REP> d-------- C:\Documents and Settings\Moi\.housecall6.6
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 21:21 12,464 ----a-w C:\Documents and Settings\Moi\Application Data\wklnhst.dat
2007-12-27 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-03 17:36 87,952 ------w C:\WINDOWS\system32\drivers\bdfndisf.sys
2007-11-25 09:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-23 20:51 --------- d-----w C:\Program Files\Trend Micro
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 20:51 --------- d-----w C:\Program Files\Common Files
2007-10-28 22:27 --------- d-----w C:\Program Files\Picasa2
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-01-02 09:44 60,800 ----a-w C:\Documents and Settings\Moi\Application Data\GDIPFONTCACHEV1.DAT
2006-06-01 17:17 1,683,871 ----a-w C:\Program Files\photofiltre_photofiltre_6.2.5_francais_10731.exe
2005-12-13 14:37 200,704 ----a-w C:\Program Files\ECB.exe
2005-12-13 14:37 117 ----a-w C:\Program Files\Config.ini
2005-09-02 21:05 10,834,615 ----a-w C:\WINDOWS\Internet Logs\GLBF_2nd_2005_09_02_18_56_06.dmp.zip
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}
[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
"Xtxevzci"="C:\WINDOWS\system32\l?ass.exe" [2004-08-05 13:00]
"H042RiH4U"="mycrddlg.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37]
"Eeos"="C:\PROGRA~1\CROSOF~1\nopdb.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 16:06]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 17:49]
"NAV Scan Service"="NAVscan32.exe" []
"03nS3sj"="navax13s.exe" []
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59]
"eCarteBleue-LP-P1"="C:\Program Files\ECB.exe" [2005-12-13 15:37]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-12-03 18:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax DllCmd 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax DllCmd 4.0.lnk
backup=C:\WINDOWS\pss\eFax DllCmd 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax Tray Menu 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax Tray Menu 4.0.lnk
backup=C:\WINDOWS\pss\eFax Tray Menu 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^FotoStation Easy AutoLaunch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\FotoStation Easy AutoLaunch.lnk
backup=C:\WINDOWS\pss\FotoStation Easy AutoLaunch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkvMon.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk
backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WD Backup Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WD Backup Monitor.lnk
backup=C:\WINDOWS\pss\WD Backup Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 09:37 2321600 -ra------ C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-07-24 15:45 335872 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-LP-P1]
C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe /dontopenmycards
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eeos]
C:\Program Files\esrh\sssc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 12:00 204800 --a------ C:\Program Files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM-Reset]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-03 22:10 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDxxyH]
c:\documents and settings\moi\local settings\temp\ZDxxyH.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDxxyH.exe]
C:\documents and settings\moi\local settings\temp\ZDxxyH.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
R1 bdftdif;bdftdif;C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys [2007-11-28 18:15]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-12-03 18:36]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-09-30 17:05]
R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-09-10 16:20]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx []
S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys []
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41878ed0-6611-11dc-8c8b-000272b00026}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-27 21:37:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 22:35:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2007-12-27 22:38:21 - machine was rebooted
.
2007-12-11 21:05:19 --- E O F ---
très bien maintenant
Télécharge sur le bureau : [url=http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe]navilog.exe[/url]
= installe le
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1 ( = taper 1 )
ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes
le rapport se trouve dans c: fixnavi.txt
tu postes ce rapport.
---------------------
Télecharge http://www.malekal.com/download/clean.zip sur le bureau
Dézippe sur le bureau.
= ouvrir le dossier clean
= clique sur le symbole roue dentée avec le nom clean
= choisir l'option 1 et laisser clean travailler jusqu'à l'apparition du texte "appuyer sur une touche pour continuer"
= ensuite colle le rapport
@+
Télécharge sur le bureau : [url=http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe]navilog.exe[/url]
= installe le
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1 ( = taper 1 )
ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes
le rapport se trouve dans c: fixnavi.txt
tu postes ce rapport.
---------------------
Télecharge http://www.malekal.com/download/clean.zip sur le bureau
Dézippe sur le bureau.
= ouvrir le dossier clean
= clique sur le symbole roue dentée avec le nom clean
= choisir l'option 1 et laisser clean travailler jusqu'à l'apparition du texte "appuyer sur une touche pour continuer"
= ensuite colle le rapport
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonsoir,
Désolée, je n'étais pas disponible avant !
Voilà le 1er rapport:
Search Navipromo version 3.3.8 commencé le 28/12/2007 à 21:51:15,41
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Recherche dossiers dans "C:\Documents and Settings\Moi\application data" ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\WINDOWS\system32 *
* Recherche dans "C:\Documents and Settings\Moi\local settings\application data" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\WINDOWS\system32 :
* Dans "C:\Documents and Settings\Moi\local settings\application data" :
3)Recherche Certificats :
Certificat Egroup absent !
4)Recherche fichiers connus :
*** Analyse terminée le 28/12/2007 à 21:58:22,34 ***
Je m'occupe du suivant.
A+
Désolée, je n'étais pas disponible avant !
Voilà le 1er rapport:
Search Navipromo version 3.3.8 commencé le 28/12/2007 à 21:51:15,41
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Recherche dossiers dans "C:\Documents and Settings\Moi\application data" ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\WINDOWS\system32 *
* Recherche dans "C:\Documents and Settings\Moi\local settings\application data" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\WINDOWS\system32 :
* Dans "C:\Documents and Settings\Moi\local settings\application data" :
3)Recherche Certificats :
Certificat Egroup absent !
4)Recherche fichiers connus :
*** Analyse terminée le 28/12/2007 à 21:58:22,34 ***
Je m'occupe du suivant.
A+
rapport clean : 28/12/2007 a 22:06:42,79
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\bdod.bin FOUND
C:\WINDOWS\system32\ftpupd.exe FOUND
"C:\WINDOWS\Downloaded Program Files\imloader.exe" FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\WildArcade\" FOUND
*** Fin du rapport !
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\bdod.bin FOUND
C:\WINDOWS\system32\ftpupd.exe FOUND
"C:\WINDOWS\Downloaded Program Files\imloader.exe" FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\WildArcade\" FOUND
*** Fin du rapport !
ok maintenant tu vas travailler en mode sans échec
imprime les instructions si besoin
pour commencer Télécharge:
http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware
ensuite
=> Installer
=> Le lancer
=> Clic : Mise à jour
une fois ceci effectuer
va en mode sans échec
et tu relance clean en option 2
ensuite pour AVG as fait ceci
=> Dans ANALYSE ( en forme de loupe )
=> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
=> Clic : Analyse complète du système
-------
=> à la fin du scan ( qui est assez long)
=> Clic Appliquer toutes les actions <== ceci Très important
=> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport
et auusi celui de clean
@+
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes) Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes. Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
imprime les instructions si besoin
pour commencer Télécharge:
http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware
ensuite
=> Installer
=> Le lancer
=> Clic : Mise à jour
une fois ceci effectuer
va en mode sans échec
et tu relance clean en option 2
ensuite pour AVG as fait ceci
=> Dans ANALYSE ( en forme de loupe )
=> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
=> Clic : Analyse complète du système
-------
=> à la fin du scan ( qui est assez long)
=> Clic Appliquer toutes les actions <== ceci Très important
=> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport
et auusi celui de clean
@+
un grand merci pour ton aide. Voilà les rapports, les fenêtres de pub sont toujours là...
1 Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 28/12/2007 a 23:00:54,48
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\bdod.bin
tentative de suppression de C:\WINDOWS\system32\ftpupd.exe
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\imloader.exe"
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\WildArcade\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
2.AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 02:36:51 29/12/2007
+ Résultat de l'analyse:
C:\Documents and Settings\Moi\Local Settings\Temp\!update.exe -> Downloader.PurityScan.ee : Nettoyé.
C:\WINDOWS\Оracle\cmd.exe -> Downloader.PurityScan.ee : Nettoyé.
C:\qoobox\Quarantine\catchme2007-12-27_223406.37.zip/nopdb.exe -> Downloader.PurityScan.ee : Nettoyé.
C:\Documents and Settings\Moi\Cookies\moi@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Moi\Cookies\moi@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Moi\Cookies\moi@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Moi\Cookies\moi@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
Fin du rapport
1 Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 28/12/2007 a 23:00:54,48
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\bdod.bin
tentative de suppression de C:\WINDOWS\system32\ftpupd.exe
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\imloader.exe"
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\WildArcade\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
2.AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 02:36:51 29/12/2007
+ Résultat de l'analyse:
C:\Documents and Settings\Moi\Local Settings\Temp\!update.exe -> Downloader.PurityScan.ee : Nettoyé.
C:\WINDOWS\Оracle\cmd.exe -> Downloader.PurityScan.ee : Nettoyé.
C:\qoobox\Quarantine\catchme2007-12-27_223406.37.zip/nopdb.exe -> Downloader.PurityScan.ee : Nettoyé.
C:\Documents and Settings\Moi\Cookies\moi@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Moi\Cookies\moi@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Moi\Cookies\moi@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Moi\Cookies\moi@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
Fin du rapport
ok maintenant
Fais un scan antivirus en ligne avec Internet Explorer
https://www.bitdefender.fr/
=> En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
=> Dans la nouvelle fenêtre, clique sur I agree
=> La fenêtre change encore, clique sur Click here to scan
=> Les signatures se chargent, etc.
=> copie colle le résultat ici
tuto en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
et
reposte un nouveau rapport hijackthis
Fais un scan antivirus en ligne avec Internet Explorer
https://www.bitdefender.fr/
=> En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
=> Dans la nouvelle fenêtre, clique sur I agree
=> La fenêtre change encore, clique sur Click here to scan
=> Les signatures se chargent, etc.
=> copie colle le résultat ici
tuto en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
et
reposte un nouveau rapport hijackthis
Voilà les 2 rapports :
1.BitDefender Online Scanner
Scan report generated at: Sat, Dec 29, 2007 - 23:10:25
Scan path: C:\;D:\;E:\;F:\;
Statistics
Time
01:38:37
Files
184994
Folders
5045
Boot Sectors
4
Archives
8532
Packed Files
10196
Results
Identified Viruses
4
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
884743
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\qoobox\Quarantine\catchme2007-12-27_223406.37.zip=>nopdb.exe
Infected with: Trojan.Downloader.PurityScan.DH
C:\qoobox\Quarantine\catchme2007-12-27_223406.37.zip=>nopdb.exe
Disinfection failed
C:\qoobox\Quarantine\catchme2007-12-27_223406.37.zip=>nopdb.exe
Deleted
C:\qoobox\Quarantine\catchme2007-12-27_223406.37.zip
Updated
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Detected with: Adware.Fotomoto.I
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Disinfection failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Deleted
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP491\A0164543.exe=>(NSIS o)=>zlib_nsis0001
Infected with: Trojan.Statblasterad.D
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP491\A0164543.exe=>(NSIS o)=>zlib_nsis0001
Disinfection failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP491\A0164543.exe=>(NSIS o)=>zlib_nsis0001
Deleted
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP491\A0164543.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP491\A0164543.exe=>(NSIS o)=>zlib_nsis0002
Infected with: Dropped:Adware.Statblaster.T
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP491\A0164543.exe=>(NSIS o)=>zlib_nsis0002
Disinfection failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP491\A0164543.exe=>(NSIS o)=>zlib_nsis0002
Deleted
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP491\A0164543.exe=>(NSIS o)
Update failed
C:\upload_moi_MARTINE.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2007-12-27_223406.37.zip=>nopdb.exe
Infected with: Trojan.Downloader.PurityScan.DH
C:\upload_moi_MARTINE.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2007-12-27_223406.37.zip=>nopdb.exe
Disinfection failed
C:\upload_moi_MARTINE.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2007-12-27_223406.37.zip=>nopdb.exe
Deleted
C:\upload_moi_MARTINE.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2007-12-27_223406.37.zip
Updated
C:\upload_moi_MARTINE.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_MARTINE.tar.gz
Updated
2.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:13:49, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ECB.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\l?ass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NAV Scan Service] NAVscan32.exe
O4 - HKLM\..\Run: [03nS3sj] navax13s.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [NAV Scan Service] NAVscan32.exe
O4 - HKLM\..\RunServices: [mswkork Service] msework.exe
O4 - HKCU\..\Run: [NAV Scan Service] NAVscan32.exe
O4 - HKCU\..\Run: [mswkork Service] msework.exe
O4 - HKCU\..\Run: [Xtxevzci] C:\WINDOWS\system32\l?ass.exe
O4 - HKCU\..\Run: [H042RiH4U] mycrddlg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eeos] "C:\WINDOWS\RACLE~1\cmd.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [NAV Scan Service] NAVscan32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NAV Scan Service] NAVscan32.exe (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/album-photo/wistiti/Upload/ImageUploader35.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
1.BitDefender Online Scanner
Scan report generated at: Sat, Dec 29, 2007 - 23:10:25
Scan path: C:\;D:\;E:\;F:\;
Statistics
Time
01:38:37
Files
184994
Folders
5045
Boot Sectors
4
Archives
8532
Packed Files
10196
Results
Identified Viruses
4
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
884743
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\qoobox\Quarantine\catchme2007-12-27_223406.37.zip=>nopdb.exe
Infected with: Trojan.Downloader.PurityScan.DH
C:\qoobox\Quarantine\catchme2007-12-27_223406.37.zip=>nopdb.exe
Disinfection failed
C:\qoobox\Quarantine\catchme2007-12-27_223406.37.zip=>nopdb.exe
Deleted
C:\qoobox\Quarantine\catchme2007-12-27_223406.37.zip
Updated
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Detected with: Adware.Fotomoto.I
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Disinfection failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Deleted
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP491\A0164543.exe=>(NSIS o)=>zlib_nsis0001
Infected with: Trojan.Statblasterad.D
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP491\A0164543.exe=>(NSIS o)=>zlib_nsis0001
Disinfection failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP491\A0164543.exe=>(NSIS o)=>zlib_nsis0001
Deleted
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP491\A0164543.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP491\A0164543.exe=>(NSIS o)=>zlib_nsis0002
Infected with: Dropped:Adware.Statblaster.T
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP491\A0164543.exe=>(NSIS o)=>zlib_nsis0002
Disinfection failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP491\A0164543.exe=>(NSIS o)=>zlib_nsis0002
Deleted
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP491\A0164543.exe=>(NSIS o)
Update failed
C:\upload_moi_MARTINE.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2007-12-27_223406.37.zip=>nopdb.exe
Infected with: Trojan.Downloader.PurityScan.DH
C:\upload_moi_MARTINE.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2007-12-27_223406.37.zip=>nopdb.exe
Disinfection failed
C:\upload_moi_MARTINE.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2007-12-27_223406.37.zip=>nopdb.exe
Deleted
C:\upload_moi_MARTINE.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2007-12-27_223406.37.zip
Updated
C:\upload_moi_MARTINE.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_MARTINE.tar.gz
Updated
2.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:13:49, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ECB.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\l?ass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NAV Scan Service] NAVscan32.exe
O4 - HKLM\..\Run: [03nS3sj] navax13s.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [NAV Scan Service] NAVscan32.exe
O4 - HKLM\..\RunServices: [mswkork Service] msework.exe
O4 - HKCU\..\Run: [NAV Scan Service] NAVscan32.exe
O4 - HKCU\..\Run: [mswkork Service] msework.exe
O4 - HKCU\..\Run: [Xtxevzci] C:\WINDOWS\system32\l?ass.exe
O4 - HKCU\..\Run: [H042RiH4U] mycrddlg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eeos] "C:\WINDOWS\RACLE~1\cmd.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [NAV Scan Service] NAVscan32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NAV Scan Service] NAVscan32.exe (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/album-photo/wistiti/Upload/ImageUploader35.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
toujours infectés
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
@+
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
@+
Bonsoir,
Voilà le rapport Combofix :
ComboFix 07-12-21.4 - Moi 2007-12-30 19:29:42.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.260 [GMT 1:00]
Running from: C:\Documents and Settings\Moi\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\racle~1
C:\WINDOWS\racle~1\?racle\
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))))))))
.
2007-12-29 19:27 . 2007-12-30 19:39 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-12-28 22:07 . 2007-12-29 22:35 9,259,531 --a------ C:\upload_moi_MARTINE.tar.gz
2007-12-28 21:48 . 2007-12-28 21:58 <REP> d-------- C:\Program Files\Navilog1
2007-12-17 22:06 . 2007-12-17 22:06 <REP> d-------- C:\Documents and Settings\Moi\Application Data\Grisoft
2007-12-17 22:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-29 21:24 . 2007-12-29 21:31 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-29 19:38 . 2007-11-29 19:45 <REP> d-------- C:\Documents and Settings\Moi\.housecall6.6
2007-11-23 21:51 . 2007-11-23 21:51 <REP> d-------- C:\Program Files\Trend Micro
2007-11-12 19:49 . 2007-11-12 19:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 21:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-28 21:46 12,620 ----a-w C:\Documents and Settings\Moi\Application Data\wklnhst.dat
2007-12-03 17:36 87,952 ------w C:\WINDOWS\system32\drivers\bdfndisf.sys
2007-11-29 17:55 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2007-11-25 09:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 20:51 --------- d-----w C:\Program Files\Common Files
2007-11-01 13:45 230,400 --sh--r C:\WINDOWS\system32\l?ass.exe
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 22:27 --------- d-----w C:\Program Files\Picasa2
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-26 20:31 39,881 ----a-w C:\WINDOWS\system32\gzmrot-uninst.exe
2007-01-02 09:44 60,800 ----a-w C:\Documents and Settings\Moi\Application Data\GDIPFONTCACHEV1.DAT
2006-06-01 17:17 1,683,871 ----a-w C:\Program Files\photofiltre_photofiltre_6.2.5_francais_10731.exe
2005-12-13 14:37 200,704 ----a-w C:\Program Files\ECB.exe
2005-12-13 14:37 117 ----a-w C:\Program Files\Config.ini
2005-09-02 21:05 10,834,615 ----a-w C:\WINDOWS\Internet Logs\GLBF_2nd_2005_09_02_18_56_06.dmp.zip
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}
[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
"Xtxevzci"="C:\WINDOWS\system32\l?ass.exe" [2004-08-05 13:00]
"H042RiH4U"="mycrddlg.exe" []
"Eeos"="C:\WINDOWS\RACLE~1\cmd.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 16:06]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 17:49]
"NAV Scan Service"="NAVscan32.exe" []
"03nS3sj"="navax13s.exe" []
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59]
"eCarteBleue-LP-P1"="C:\Program Files\ECB.exe" [2005-12-13 15:37]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-12-03 18:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax DllCmd 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax DllCmd 4.0.lnk
backup=C:\WINDOWS\pss\eFax DllCmd 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax Tray Menu 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax Tray Menu 4.0.lnk
backup=C:\WINDOWS\pss\eFax Tray Menu 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^FotoStation Easy AutoLaunch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\FotoStation Easy AutoLaunch.lnk
backup=C:\WINDOWS\pss\FotoStation Easy AutoLaunch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkvMon.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk
backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WD Backup Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WD Backup Monitor.lnk
backup=C:\WINDOWS\pss\WD Backup Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 09:37 2321600 -ra------ C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-07-24 15:45 335872 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-LP-P1]
C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe /dontopenmycards
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eeos]
C:\Program Files\esrh\sssc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 12:00 204800 --a------ C:\Program Files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM-Reset]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-03 22:10 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDxxyH]
c:\documents and settings\moi\local settings\temp\ZDxxyH.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDxxyH.exe]
C:\documents and settings\moi\local settings\temp\ZDxxyH.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
R1 bdftdif;bdftdif;C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys [2007-11-28 18:15]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-12-03 18:36]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-09-30 17:05]
R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-09-10 16:20]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx []
S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys []
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41878ed0-6611-11dc-8c8b-000272b00026}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-30 18:42:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 19:41:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2007-12-30 19:44:09 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-27 22:38
.
2007-12-11 21:05:19 --- E O F ---
Voilà le rapport Combofix :
ComboFix 07-12-21.4 - Moi 2007-12-30 19:29:42.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.260 [GMT 1:00]
Running from: C:\Documents and Settings\Moi\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\racle~1
C:\WINDOWS\racle~1\?racle\
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))))))))
.
2007-12-29 19:27 . 2007-12-30 19:39 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-12-28 22:07 . 2007-12-29 22:35 9,259,531 --a------ C:\upload_moi_MARTINE.tar.gz
2007-12-28 21:48 . 2007-12-28 21:58 <REP> d-------- C:\Program Files\Navilog1
2007-12-17 22:06 . 2007-12-17 22:06 <REP> d-------- C:\Documents and Settings\Moi\Application Data\Grisoft
2007-12-17 22:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-29 21:24 . 2007-12-29 21:31 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-29 19:38 . 2007-11-29 19:45 <REP> d-------- C:\Documents and Settings\Moi\.housecall6.6
2007-11-23 21:51 . 2007-11-23 21:51 <REP> d-------- C:\Program Files\Trend Micro
2007-11-12 19:49 . 2007-11-12 19:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 21:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-28 21:46 12,620 ----a-w C:\Documents and Settings\Moi\Application Data\wklnhst.dat
2007-12-03 17:36 87,952 ------w C:\WINDOWS\system32\drivers\bdfndisf.sys
2007-11-29 17:55 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2007-11-25 09:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 20:51 --------- d-----w C:\Program Files\Common Files
2007-11-01 13:45 230,400 --sh--r C:\WINDOWS\system32\l?ass.exe
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 22:27 --------- d-----w C:\Program Files\Picasa2
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-26 20:31 39,881 ----a-w C:\WINDOWS\system32\gzmrot-uninst.exe
2007-01-02 09:44 60,800 ----a-w C:\Documents and Settings\Moi\Application Data\GDIPFONTCACHEV1.DAT
2006-06-01 17:17 1,683,871 ----a-w C:\Program Files\photofiltre_photofiltre_6.2.5_francais_10731.exe
2005-12-13 14:37 200,704 ----a-w C:\Program Files\ECB.exe
2005-12-13 14:37 117 ----a-w C:\Program Files\Config.ini
2005-09-02 21:05 10,834,615 ----a-w C:\WINDOWS\Internet Logs\GLBF_2nd_2005_09_02_18_56_06.dmp.zip
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}
[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
"Xtxevzci"="C:\WINDOWS\system32\l?ass.exe" [2004-08-05 13:00]
"H042RiH4U"="mycrddlg.exe" []
"Eeos"="C:\WINDOWS\RACLE~1\cmd.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 16:06]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 17:49]
"NAV Scan Service"="NAVscan32.exe" []
"03nS3sj"="navax13s.exe" []
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59]
"eCarteBleue-LP-P1"="C:\Program Files\ECB.exe" [2005-12-13 15:37]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-12-03 18:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax DllCmd 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax DllCmd 4.0.lnk
backup=C:\WINDOWS\pss\eFax DllCmd 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax Tray Menu 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax Tray Menu 4.0.lnk
backup=C:\WINDOWS\pss\eFax Tray Menu 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^FotoStation Easy AutoLaunch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\FotoStation Easy AutoLaunch.lnk
backup=C:\WINDOWS\pss\FotoStation Easy AutoLaunch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkvMon.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk
backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WD Backup Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WD Backup Monitor.lnk
backup=C:\WINDOWS\pss\WD Backup Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 09:37 2321600 -ra------ C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-07-24 15:45 335872 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-LP-P1]
C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe /dontopenmycards
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eeos]
C:\Program Files\esrh\sssc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 12:00 204800 --a------ C:\Program Files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM-Reset]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-03 22:10 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDxxyH]
c:\documents and settings\moi\local settings\temp\ZDxxyH.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDxxyH.exe]
C:\documents and settings\moi\local settings\temp\ZDxxyH.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
R1 bdftdif;bdftdif;C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys [2007-11-28 18:15]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-12-03 18:36]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-09-30 17:05]
R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-09-10 16:20]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx []
S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys []
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41878ed0-6611-11dc-8c8b-000272b00026}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-30 18:42:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 19:41:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2007-12-30 19:44:09 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-27 22:38
.
2007-12-11 21:05:19 --- E O F ---
Fait une sauvegarde du registre
=> démarrer
=> exécuter
=> regedit
=> fichier
=> exporter
=> exporter vers poste de travail
un lien si besoin http://www.commentcamarche.net/faq/sujet 363 sauvegarde de la base de registre
selectionne ceci
registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"=-
"mswkork Service"=-
"Xtxevzci"=-
"H042RiH4U"=-
"Eeos"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"NAV Scan Service"=-
"mswkork Service"=-
=> Copie le texte sélectionné (CTRL+C).
=> Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
=> Colle le texte copié dans ce bloc-notes (CTRL+V).
=> Sauvegarde ce fichier sous le nom de CFScript.txt
=> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
=> Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
=> Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
=> Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
=> Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
ensuite refais un nouveau hijack
@+
=> démarrer
=> exécuter
=> regedit
=> fichier
=> exporter
=> exporter vers poste de travail
un lien si besoin http://www.commentcamarche.net/faq/sujet 363 sauvegarde de la base de registre
selectionne ceci
registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"=-
"mswkork Service"=-
"Xtxevzci"=-
"H042RiH4U"=-
"Eeos"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"NAV Scan Service"=-
"mswkork Service"=-
=> Copie le texte sélectionné (CTRL+C).
=> Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
=> Colle le texte copié dans ce bloc-notes (CTRL+V).
=> Sauvegarde ce fichier sous le nom de CFScript.txt
=> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
=> Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
=> Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
=> Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
=> Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
ensuite refais un nouveau hijack
@+
ComboFix 07-12-21.4 - Moi 2007-12-27 22:23:57.1 - NTFSx86
Running from: C:\Documents and Settings\Moi\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Moi\Mes documents\FNTS~1
C:\Program Files\crosof~1\nopdb.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\npf
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))))))))
.
2007-12-17 22:06 . 2007-12-17 22:06 <REP> d-------- C:\Documents and Settings\Moi\Application Data\Grisoft
2007-12-17 22:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-29 21:24 . 2007-12-27 00:04 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-29 19:38 . 2007-11-29 19:45 <REP> d-------- C:\Documents and Settings\Moi\.housecall6.6
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 21:21 12,464 ----a-w C:\Documents and Settings\Moi\Application Data\wklnhst.dat
2007-12-27 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-03 17:36 87,952 ------w C:\WINDOWS\system32\drivers\bdfndisf.sys
2007-11-25 09:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-23 20:51 --------- d-----w C:\Program Files\Trend Micro
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 20:51 --------- d-----w C:\Program Files\Common Files
2007-10-28 22:27 --------- d-----w C:\Program Files\Picasa2
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-01-02 09:44 60,800 ----a-w C:\Documents and Settings\Moi\Application Data\GDIPFONTCACHEV1.DAT
2006-06-01 17:17 1,683,871 ----a-w C:\Program Files\photofiltre_photofiltre_6.2.5_francais_10731.exe
2005-12-13 14:37 200,704 ----a-w C:\Program Files\ECB.exe
2005-12-13 14:37 117 ----a-w C:\Program Files\Config.ini
2005-09-02 21:05 10,834,615 ----a-w C:\WINDOWS\Internet Logs\GLBF_2nd_2005_09_02_18_56_06.dmp.zip
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}
[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
"Xtxevzci"="C:\WINDOWS\system32\l?ass.exe" [2004-08-05 13:00]
"H042RiH4U"="mycrddlg.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37]
"Eeos"="C:\PROGRA~1\CROSOF~1\nopdb.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 16:06]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 17:49]
"NAV Scan Service"="NAVscan32.exe" []
"03nS3sj"="navax13s.exe" []
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59]
"eCarteBleue-LP-P1"="C:\Program Files\ECB.exe" [2005-12-13 15:37]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-12-03 18:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax DllCmd 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax DllCmd 4.0.lnk
backup=C:\WINDOWS\pss\eFax DllCmd 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax Tray Menu 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax Tray Menu 4.0.lnk
backup=C:\WINDOWS\pss\eFax Tray Menu 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^FotoStation Easy AutoLaunch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\FotoStation Easy AutoLaunch.lnk
backup=C:\WINDOWS\pss\FotoStation Easy AutoLaunch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkvMon.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk
backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WD Backup Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WD Backup Monitor.lnk
backup=C:\WINDOWS\pss\WD Backup Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 09:37 2321600 -ra------ C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-07-24 15:45 335872 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-LP-P1]
C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe /dontopenmycards
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eeos]
C:\Program Files\esrh\sssc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 12:00 204800 --a------ C:\Program Files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM-Reset]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-03 22:10 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDxxyH]
c:\documents and settings\moi\local settings\temp\ZDxxyH.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDxxyH.exe]
C:\documents and settings\moi\local settings\temp\ZDxxyH.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
R1 bdftdif;bdftdif;C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys [2007-11-28 18:15]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-12-03 18:36]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-09-30 17:05]
R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-09-10 16:20]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx []
S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys []
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41878ed0-6611-11dc-8c8b-000272b00026}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-27 21:37:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 22:35:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2007-12-27 22:38:21 - machine was rebooted
Je suis obligée de m'arrêter là pour ce soir je reviens demain Bonne nuit
.