Virus alert

cedric -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
j ai un probleme le message virus alert reste indiqué a cote de l horloge je n ai plus de disque c et les programe ne defilleent plus que faire?
Configuration: Windows XP
Internet Explorer 7.0

3 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    -1
    1. cedric
       
      ogfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:52: VIRUS ALERT!, on 22/09/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16705)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
      C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
      c:\APPS\HIDSERVICE\HIDSERVICE.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\svchost.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Apps\Powercinema\PCMService.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
      C:\Program Files\Belgacom\bin\sprtcmd.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
      C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\WINDOWS\system32\sistray.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      C:\WINDOWS\system32\SearchProtocolHost.exe
      C:\WINDOWS\system32\cmd.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: QXK Olive - {1530CA4C-149B-4801-8DD4-5CD093B45D63} - C:\WINDOWS\vmgspntbgbw.dll
      O2 - BHO: {616ca205-9740-f59a-9e64-0dba2f382162} - {261283f2-abd0-46e9-a95f-0479502ac616} - C:\WINDOWS\system32\hublnr.dll
      O2 - BHO: (no name) - {5BDD48D1-86BC-4216-80F2-51141B8F9D28} - C:\WINDOWS\system32\ddcAtQHB.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7F4B3F23-B720-4E7C-8903-96D249123C7E} - C:\WINDOWS\system32\khfgecBq.dll (file missing)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)
      O3 - Toolbar: (no name) - {E22B6A50-4AE1-42CC-90F7-6CB1086D3A2D} - (no file)
      O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [\YUR78.exe] C:\Windows\system32\YUR78.exe
      O4 - HKLM\..\Run: [\YUR79.exe] C:\Windows\system32\YUR79.exe
      O4 - HKLM\..\Run: [\YUR7A.exe] C:\Windows\system32\YUR7A.exe
      O4 - HKLM\..\Run: [\YUR7B.exe] C:\Windows\system32\YUR7B.exe
      O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
      O4 - HKLM\..\Run: [\YUR7C.exe] C:\Windows\system32\YUR7C.exe
      O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
      O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
      O4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
      O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
      O4 - HKLM\..\Run: [\YUR71.exe] C:\Windows\system32\YUR71.exe
      O4 - HKLM\..\Run: [\YUR73.exe] C:\Windows\system32\YUR73.exe
      O4 - HKLM\..\Run: [542a7a86] rundll32.exe "C:\WINDOWS\system32\betxrrpj.dll",b
      O4 - HKLM\..\Run: [BitDefender Security Center] "C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe" /init
      O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
      O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - S-1-5-18 Startup: .protected (User 'SYSTEM')
      O4 - .DEFAULT Startup: .protected (User 'Default user')
      O4 - Startup: .protected
      O4 - Global Startup: .protected
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
      O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL hublnr.dll
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
      O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
      O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok tu en as pas mal....

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    ___________________

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    _____________________

    remets un rapport hijackthis et dis tes soucis actuels
    -1
    1. sédryc Messages postés 1 Statut Membre
       
      ComboFix 08-09-20.05 - cedric 2008-09-22 14:07:37.2 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.579 [GMT 2:00]
      Lancé depuis: C:\Documents and Settings\cedric\Bureau\ComboFix.exe
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\.protected
      C:\Documents and Settings\cedric\Bureaublackbird.jpg
      C:\Documents and Settings\cedric\BureauEditorFKWP1.5.exe
      C:\Documents and Settings\cedric\BureauEditorFKWP2.0.exe
      C:\Documents and Settings\cedric\Bureaufilemanagerclient.exe
      C:\Documents and Settings\cedric\Bureaufkwp1.5.exe
      C:\Documents and Settings\cedric\Bureaufkwp2.0.exe
      C:\Documents and Settings\cedric\Bureaufwebd.exe
      C:\Documents and Settings\cedric\BureauFWebdEditor.exe
      C:\Documents and Settings\cedric\BureauTrojan.Win32.BlackBird.exe
      C:\Documents and Settings\cedric\Bureauvirii
      C:\Documents and Settings\cedric\Bureauvirii\Trojan-Downloader.Win32.Agent.bl.exe
      C:\Documents and Settings\cedric\Bureauvirii\Trojan-Downloader.Win32.Agent.p.exe
      C:\Documents and Settings\cedric\Bureauvirii\Trojan-Downloader.Win32.Agent.r.exe
      C:\Documents and Settings\cedric\Bureauvirii\Trojan-Downloader.Win32.Agent.t.exe
      C:\Documents and Settings\cedric\Bureauvirii\Trojan-Downloader.Win32.Agent.v.exe
      C:\Documents and Settings\cedric\Favoris\Error Cleaner.url
      C:\Documents and Settings\cedric\Favoris\Privacy Protector.url
      C:\Documents and Settings\cedric\Favoris\Spyware&Malware Protection.url
      C:\Documents and Settings\cedric\Menu D‚marrer\Programmes\D‚marrage\.protected
      C:\Program Files\akl
      C:\Program Files\akl\akl.dll
      C:\Program Files\akl\akl.exe
      C:\Program Files\akl\uninstall.exe
      C:\Program Files\akl\unsetup.exe
      C:\Program Files\Dynamic Toolbar
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\home.bmp
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\logo_pb.bmp
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\parent_off.bmp
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\parent_on.bmp
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\pbbefrv2tb0200.cfg
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\popup_off.bmp
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\popup_on.bmp
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\search.bmp
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\services.bmp
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin.bmp
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin1.bmp
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin2.bmp
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin3.bmp
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin4.bmp
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin5.bmp
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\store.bmp
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\style.css
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\support.bmp
      C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\ticker.xml
      C:\Program Files\Inet Delivery
      C:\Program Files\Inet Delivery\inetdl.exe
      C:\Program Files\Inet Delivery\intdel.exe
      C:\Program Files\MicroAV
      C:\Program Files\PC-Cleaner
      C:\Program Files\PCHealthCenter
      C:\WINDOWS\.protected
      C:\WINDOWS\a.bat
      C:\WINDOWS\base64.tmp
      C:\WINDOWS\bdn.com
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\ewvd.exe
      C:\WINDOWS\FVProtect.exe
      C:\WINDOWS\iTunesMusic.exe
      C:\WINDOWS\mslagent
      C:\WINDOWS\mslagent\2_mslagent.dll
      C:\WINDOWS\mslagent\mslagent.exe
      C:\WINDOWS\mslagent\uninstall.exe
      C:\WINDOWS\mssecu.exe
      C:\WINDOWS\privacy_danger
      C:\WINDOWS\privacy_danger\images\capt.gif
      C:\WINDOWS\privacy_danger\images\danger.jpg
      C:\WINDOWS\privacy_danger\images\down.gif
      C:\WINDOWS\privacy_danger\images\spacer.gif
      C:\WINDOWS\privacy_danger\index.htm
      C:\WINDOWS\system32\1.ico
      C:\WINDOWS\system32\2.ico
      C:\WINDOWS\system32\BHQtAcdd.ini
      C:\WINDOWS\system32\BHQtAcdd.ini2
      C:\WINDOWS\system32\ddcAtQHB.dll
      C:\WINDOWS\system32\drivers\etc\.protected
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\setup.ini
      C:\WINDOWS\system32akttzn.exe
      C:\WINDOWS\system32anticipator.dll
      C:\WINDOWS\system32awtoolb.dll
      C:\WINDOWS\system32bdn.com
      C:\WINDOWS\system32bsva-egihsg52.exe
      C:\WINDOWS\system32dpcproxy.exe
      C:\WINDOWS\system32emesx.dll
      C:\WINDOWS\system32h@tkeysh@@k.dll
      C:\WINDOWS\system32hoproxy.dll
      C:\WINDOWS\system32hxiwlgpm.dat
      C:\WINDOWS\system32hxiwlgpm.exe
      C:\WINDOWS\system32medup012.dll
      C:\WINDOWS\system32medup020.dll
      C:\WINDOWS\system32msgp.exe
      C:\WINDOWS\system32msnbho.dll
      C:\WINDOWS\system32mssecu.exe
      C:\WINDOWS\system32msvchost.exe
      C:\WINDOWS\system32mtr2.exe
      C:\WINDOWS\system32mwin32.exe
      C:\WINDOWS\system32netode.exe
      C:\WINDOWS\system32newsd32.exe
      C:\WINDOWS\system32ps1.exe
      C:\WINDOWS\system32psof1.exe
      C:\WINDOWS\system32psoft1.exe
      C:\WINDOWS\system32regc64.dll
      C:\WINDOWS\system32regm64.dll
      C:\WINDOWS\system32Rundl1.exe
      C:\WINDOWS\system32smp
      C:\WINDOWS\system32smp\msrc.exe
      C:\WINDOWS\system32sncntr.exe
      C:\WINDOWS\system32ssurf022.dll
      C:\WINDOWS\system32ssvchost.com
      C:\WINDOWS\system32ssvchost.exe
      C:\WINDOWS\system32sysreq.exe
      C:\WINDOWS\system32taack.dat
      C:\WINDOWS\system32taack.exe
      C:\WINDOWS\system32temp#01.exe
      C:\WINDOWS\system32thun.dll
      C:\WINDOWS\system32thun32.dll
      C:\WINDOWS\system32VBIEWER.OCX
      C:\WINDOWS\system32vbsys2.dll
      C:\WINDOWS\system32vcatchpi.dll
      C:\WINDOWS\system32winlogonpc.exe
      C:\WINDOWS\system32winsystem.exe
      C:\WINDOWS\system32WINWGPX.EXE
      C:\WINDOWS\userconfig9x.dll
      C:\WINDOWS\vmgspntbgbw.dll
      C:\WINDOWS\winsystem.exe
      C:\WINDOWS\wr.txt
      C:\WINDOWS\zip1.tmp
      C:\WINDOWS\zip2.tmp
      C:\WINDOWS\zip3.tmp
      C:\WINDOWS\zipped.tmp

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-22 au 2008-09-22 ))))))))))))))))))))))))))))))))))))
      .

      2008-09-22 12:22 . 2008-09-22 12:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-09-22 12:22 . 2008-09-22 12:22 <REP> d-------- C:\Documents and Settings\cedric\Application Data\Malwarebytes
      2008-09-22 12:22 . 2008-09-22 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-09-22 12:22 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      2008-09-22 12:22 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-09-22 11:51 . 2008-09-22 11:51 <REP> d-------- C:\Program Files\Trend Micro
      2008-09-22 11:19 . 2008-09-22 11:19 <REP> d-------- C:\Documents and Settings\cedric\Application Data\Windows Search
      2008-09-22 11:14 . 2008-09-22 11:14 <REP> d-------- C:\Program Files\Microsoft Silverlight
      2008-09-22 11:13 . 2008-09-22 11:13 <REP> d-------- C:\Documents and Settings\cedric\Application Data\Windows Desktop Search
      2008-09-22 11:10 . 2008-09-22 11:10 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
      2008-09-22 11:10 . 2008-09-22 11:10 <REP> d-------- C:\Program Files\Windows Desktop Search
      2008-09-22 11:09 . 2008-09-22 11:09 1,374 --a------ C:\WINDOWS\imsins.BAK
      2008-09-22 11:08 . 2008-03-07 19:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
      2008-09-22 11:08 . 2008-03-07 19:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
      2008-09-22 11:08 . 2008-03-07 19:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
      2008-09-19 09:32 . 2008-09-19 09:32 <REP> d-------- C:\Documents and Settings\cedric\Application Data\skypePM
      2008-09-19 09:32 . 2008-09-19 09:32 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
      2008-09-19 09:29 . 2008-09-19 09:34 <REP> d-------- C:\Documents and Settings\cedric\Application Data\Skype
      2008-09-19 09:28 . 2008-09-19 09:28 <REP> d-------- C:\Program Files\Fichiers communs\Skype
      2008-09-17 08:13 . 2008-09-17 08:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
      2008-09-17 08:08 . 2008-09-17 08:08 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
      2008-09-17 08:08 . 2008-09-22 10:35 385 --a------ C:\WINDOWS\system32\user_gensett.xml
      2008-09-17 08:00 . 2008-09-17 08:00 <REP> d-------- C:\Documents and Settings\cedric\Application Data\BitDefender
      2008-09-17 07:59 . 2008-09-17 07:59 <REP> d-------- C:\Program Files\BitDefender
      2008-09-17 07:59 . 2008-09-17 08:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
      2008-09-17 07:40 . 2008-09-22 15:05 972,168 ---hs---- C:\WINDOWS\system32\jprrxteb.ini
      2008-09-17 07:40 . 2008-09-17 07:40 104,064 --a------ C:\WINDOWS\system32\betxrrpj.dll
      2008-09-17 07:37 . 2008-09-17 07:37 136,832 --a------ C:\WINDOWS\system32\vuatcbin.dll
      2008-09-17 07:37 . 2008-09-17 07:37 136,832 --a------ C:\WINDOWS\system32\hublnr.dll
      2008-09-16 18:24 . 2008-09-17 08:00 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
      2008-08-25 10:48 . 2008-08-25 10:48 <REP> d-------- C:\WINDOWS\system32\fr
      2008-08-25 10:48 . 2008-08-25 10:48 <REP> d-------- C:\WINDOWS\l2schemas
      2008-08-25 10:44 . 2008-08-25 10:48 <REP> d-------- C:\WINDOWS\ServicePackFiles
      2008-08-25 10:28 . 2008-08-25 10:28 <REP> d-------- C:\WINDOWS\EHome
      2008-08-24 11:47 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-09-19 13:00 --------- d-----w C:\Program Files\Norton Security Scan
      2008-09-18 12:48 228,672 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
      2008-09-18 12:48 108,864 ----a-w C:\WINDOWS\system32\drivers\bdfm.sys
      2008-09-18 12:48 102,208 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
      2008-09-16 08:49 --------- d-----w C:\Program Files\Windows Live Safety Center
      2008-09-16 08:38 --------- d-----w C:\Documents and Settings\cedric\Application Data\MegauploadToolbar
      2008-09-09 10:59 --------- d-----w C:\Program Files\eMule
      2008-08-19 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-08-19 08:43 --------- d-----w C:\Documents and Settings\cedric\Application Data\Megaupload
      2008-08-19 08:43 --------- d-----w C:\Documents and Settings\cedric\Application Data\EmailNotifier
      2008-08-19 08:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Megaupload
      2008-08-19 08:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\EmailNotifier
      2008-08-10 16:58 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
      2008-08-10 16:58 --------- d-----w C:\Program Files\ASUS
      2008-07-24 08:03 --------- d-----w C:\Program Files\Java
      2007-11-12 11:47 22,328 ----a-w C:\Documents and Settings\cedric\Application Data\PnkBstrK.sys
      2003-08-16 19:56 579,584 --sha-r C:\WINDOWS\system32\cd.exe
      2008-04-08 18:27 91,039 --sha-w C:\WINDOWS\system32\qBcegfhk.ini2
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{261283f2-abd0-46e9-a95f-0479502ac616}]
      2008-09-17 07:37 136832 --a------ C:\WINDOWS\system32\hublnr.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
      "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
      "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 127118]
      "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-09-07 58488]
      "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
      "Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 192512]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 86016]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-19 185632]
      "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
      "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
      "542a7a86"="C:\WINDOWS\system32\betxrrpj.dll" [2008-09-17 104064]
      "BitDefender Security Center"="C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe" [2008-09-19 409600]
      "BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-09-19 716800]
      "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-09-18 69632]
      "SiSPower"="SiSPower.dll" [2005-01-04 C:\WINDOWS\system32\SiSPower.dll]
      "nwiz"="nwiz.exe" [2006-08-11 C:\WINDOWS\system32\nwiz.exe]
      "SoundMan"="SOUNDMAN.EXE" [2005-06-20 C:\WINDOWS\SOUNDMAN.EXE]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
      "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
      backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MioSync.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MioSync.lnk
      backup=C:\WINDOWS\pss\MioSync.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
      --a------ 2007-07-31 09:17 1836544 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
      "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
      "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
      "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
      "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
      "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\apps\\skype\\Phone\\Skype.exe"=

      R2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
      R3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 108864]
      R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-09-18 102208]
      S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
      S3 Droppix Service;Droppix Service;C:\Program Files\Fichiers communs\Droppix\DxService.exe [2007-05-18 94208]
      S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      bdx REG_MULTI_SZ scan

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
      .
      Contenu du dossier 'Tâches planifiées'
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      BHO-{1530CA4C-149B-4801-8DD4-5CD093B45D63} - C:\WINDOWS\vmgspntbgbw.dll
      BHO-{7F4B3F23-B720-4E7C-8903-96D249123C7E} - C:\WINDOWS\system32\khfgecBq.dll
      BHO-{DA175B76-8982-484B-9E01-DA038B99A13E} - C:\WINDOWS\system32\ddcAtQHB.dll
      WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
      HKLM-Run-\YUR78.exe - C:\Windows\system32\YUR78.exe
      HKLM-Run-\YUR79.exe - C:\Windows\system32\YUR79.exe
      HKLM-Run-\YUR7A.exe - C:\Windows\system32\YUR7A.exe
      HKLM-Run-\YUR7B.exe - C:\Windows\system32\YUR7B.exe
      HKLM-Run-ANTIVIRUS - C:\Program Files\MicroAV\MicroAV.exe
      HKLM-Run-\YUR7C.exe - C:\Windows\system32\YUR7C.exe
      HKLM-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
      HKLM-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
      HKLM-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
      HKLM-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
      HKLM-Run-\YUR71.exe - C:\Windows\system32\YUR71.exe
      HKLM-Run-\YUR73.exe - C:\Windows\system32\YUR73.exe


      .
      ------- Examen supplémentaire -------
      .
      FireFox -: Profile - C:\Documents and Settings\cedric\Application Data\Mozilla\Firefox\Profiles\1dg1c1g6.default\
      FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://be.msn.com/default.aspx/?lang=fr-be
      FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
      FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
      .

      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-09-22 15:05:41
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      PROCESSUS: C:\WINDOWS\explorer.exe
      -> C:\WINDOWS\system32\betxrrpj.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
      C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
      C:\APPS\HIDSERVICE\HidService.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\searchindexer.exe
      C:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\WINDOWS\system32\sistray.exe
      C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
      C:\WINDOWS\system32\imapi.exe
      .
      **************************************************************************
      .
      Heure de fin: 2008-09-22 15:15:06 - La machine a redémarré [cedric]
      ComboFix-quarantined-files.txt 2008-09-22 13:14:56

      Avant-CF: 29,675,511,808 octets libres
      Après-CF: 29,778,534,400 octets libres

      366 --- E O F --- 2008-09-11 14:08:18
      -1
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    le rapport malwarebyte?

    analyse ces ficheirs sur virus total et colle les rapports: https://www.virustotal.com/gui/

    C:\WINDOWS\system32\jprrxteb.ini
    C:\WINDOWS\system32\betxrrpj.dll
    C:\WINDOWS\system32\vuatcbin.dll
    C:\WINDOWS\system32\hublnr.dll
    -1