A voir également:
- Virus alert
- Comment supprimer fausse alerte virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Alerte virus google - Accueil - Virus
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
3 réponses
slt,
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
ok tu en as pas mal....
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
___________________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
_____________________
remets un rapport hijackthis et dis tes soucis actuels
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
___________________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
_____________________
remets un rapport hijackthis et dis tes soucis actuels
ComboFix 08-09-20.05 - cedric 2008-09-22 14:07:37.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.579 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\cedric\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\.protected
C:\Documents and Settings\cedric\Bureaublackbird.jpg
C:\Documents and Settings\cedric\BureauEditorFKWP1.5.exe
C:\Documents and Settings\cedric\BureauEditorFKWP2.0.exe
C:\Documents and Settings\cedric\Bureaufilemanagerclient.exe
C:\Documents and Settings\cedric\Bureaufkwp1.5.exe
C:\Documents and Settings\cedric\Bureaufkwp2.0.exe
C:\Documents and Settings\cedric\Bureaufwebd.exe
C:\Documents and Settings\cedric\BureauFWebdEditor.exe
C:\Documents and Settings\cedric\BureauTrojan.Win32.BlackBird.exe
C:\Documents and Settings\cedric\Bureauvirii
C:\Documents and Settings\cedric\Bureauvirii\Trojan-Downloader.Win32.Agent.bl.exe
C:\Documents and Settings\cedric\Bureauvirii\Trojan-Downloader.Win32.Agent.p.exe
C:\Documents and Settings\cedric\Bureauvirii\Trojan-Downloader.Win32.Agent.r.exe
C:\Documents and Settings\cedric\Bureauvirii\Trojan-Downloader.Win32.Agent.t.exe
C:\Documents and Settings\cedric\Bureauvirii\Trojan-Downloader.Win32.Agent.v.exe
C:\Documents and Settings\cedric\Favoris\Error Cleaner.url
C:\Documents and Settings\cedric\Favoris\Privacy Protector.url
C:\Documents and Settings\cedric\Favoris\Spyware&Malware Protection.url
C:\Documents and Settings\cedric\Menu D‚marrer\Programmes\D‚marrage\.protected
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Dynamic Toolbar
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\home.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\logo_pb.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\parent_off.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\parent_on.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\pbbefrv2tb0200.cfg
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\popup_off.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\popup_on.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\search.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\services.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin1.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin2.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin3.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin4.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin5.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\store.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\style.css
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\support.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\ticker.xml
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\MicroAV
C:\Program Files\PC-Cleaner
C:\Program Files\PCHealthCenter
C:\WINDOWS\.protected
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\ewvd.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\1.ico
C:\WINDOWS\system32\2.ico
C:\WINDOWS\system32\BHQtAcdd.ini
C:\WINDOWS\system32\BHQtAcdd.ini2
C:\WINDOWS\system32\ddcAtQHB.dll
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\setup.ini
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\vmgspntbgbw.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\wr.txt
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-22 au 2008-09-22 ))))))))))))))))))))))))))))))))))))
.
2008-09-22 12:22 . 2008-09-22 12:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 12:22 . 2008-09-22 12:22 <REP> d-------- C:\Documents and Settings\cedric\Application Data\Malwarebytes
2008-09-22 12:22 . 2008-09-22 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-22 12:22 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-22 12:22 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-22 11:51 . 2008-09-22 11:51 <REP> d-------- C:\Program Files\Trend Micro
2008-09-22 11:19 . 2008-09-22 11:19 <REP> d-------- C:\Documents and Settings\cedric\Application Data\Windows Search
2008-09-22 11:14 . 2008-09-22 11:14 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-09-22 11:13 . 2008-09-22 11:13 <REP> d-------- C:\Documents and Settings\cedric\Application Data\Windows Desktop Search
2008-09-22 11:10 . 2008-09-22 11:10 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
2008-09-22 11:10 . 2008-09-22 11:10 <REP> d-------- C:\Program Files\Windows Desktop Search
2008-09-22 11:09 . 2008-09-22 11:09 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-22 11:08 . 2008-03-07 19:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-09-22 11:08 . 2008-03-07 19:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-09-22 11:08 . 2008-03-07 19:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-09-19 09:32 . 2008-09-19 09:32 <REP> d-------- C:\Documents and Settings\cedric\Application Data\skypePM
2008-09-19 09:32 . 2008-09-19 09:32 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-19 09:29 . 2008-09-19 09:34 <REP> d-------- C:\Documents and Settings\cedric\Application Data\Skype
2008-09-19 09:28 . 2008-09-19 09:28 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-09-17 08:13 . 2008-09-17 08:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-09-17 08:08 . 2008-09-17 08:08 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-09-17 08:08 . 2008-09-22 10:35 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-09-17 08:00 . 2008-09-17 08:00 <REP> d-------- C:\Documents and Settings\cedric\Application Data\BitDefender
2008-09-17 07:59 . 2008-09-17 07:59 <REP> d-------- C:\Program Files\BitDefender
2008-09-17 07:59 . 2008-09-17 08:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-09-17 07:40 . 2008-09-22 15:05 972,168 ---hs---- C:\WINDOWS\system32\jprrxteb.ini
2008-09-17 07:40 . 2008-09-17 07:40 104,064 --a------ C:\WINDOWS\system32\betxrrpj.dll
2008-09-17 07:37 . 2008-09-17 07:37 136,832 --a------ C:\WINDOWS\system32\vuatcbin.dll
2008-09-17 07:37 . 2008-09-17 07:37 136,832 --a------ C:\WINDOWS\system32\hublnr.dll
2008-09-16 18:24 . 2008-09-17 08:00 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-08-25 10:48 . 2008-08-25 10:48 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-25 10:48 . 2008-08-25 10:48 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-25 10:44 . 2008-08-25 10:48 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-25 10:28 . 2008-08-25 10:28 <REP> d-------- C:\WINDOWS\EHome
2008-08-24 11:47 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 13:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-09-18 12:48 228,672 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
2008-09-18 12:48 108,864 ----a-w C:\WINDOWS\system32\drivers\bdfm.sys
2008-09-18 12:48 102,208 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-09-16 08:49 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-16 08:38 --------- d-----w C:\Documents and Settings\cedric\Application Data\MegauploadToolbar
2008-09-09 10:59 --------- d-----w C:\Program Files\eMule
2008-08-19 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-19 08:43 --------- d-----w C:\Documents and Settings\cedric\Application Data\Megaupload
2008-08-19 08:43 --------- d-----w C:\Documents and Settings\cedric\Application Data\EmailNotifier
2008-08-19 08:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Megaupload
2008-08-19 08:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-08-10 16:58 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-10 16:58 --------- d-----w C:\Program Files\ASUS
2008-07-24 08:03 --------- d-----w C:\Program Files\Java
2007-11-12 11:47 22,328 ----a-w C:\Documents and Settings\cedric\Application Data\PnkBstrK.sys
2003-08-16 19:56 579,584 --sha-r C:\WINDOWS\system32\cd.exe
2008-04-08 18:27 91,039 --sha-w C:\WINDOWS\system32\qBcegfhk.ini2
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{261283f2-abd0-46e9-a95f-0479502ac616}]
2008-09-17 07:37 136832 --a------ C:\WINDOWS\system32\hublnr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-09-07 58488]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 192512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 86016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-19 185632]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"542a7a86"="C:\WINDOWS\system32\betxrrpj.dll" [2008-09-17 104064]
"BitDefender Security Center"="C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe" [2008-09-19 409600]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-09-19 716800]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-09-18 69632]
"SiSPower"="SiSPower.dll" [2005-01-04 C:\WINDOWS\system32\SiSPower.dll]
"nwiz"="nwiz.exe" [2006-08-11 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MioSync.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MioSync.lnk
backup=C:\WINDOWS\pss\MioSync.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-07-31 09:17 1836544 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\apps\\skype\\Phone\\Skype.exe"=
R2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-09-18 102208]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 Droppix Service;Droppix Service;C:\Program Files\Fichiers communs\Droppix\DxService.exe [2007-05-18 94208]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{1530CA4C-149B-4801-8DD4-5CD093B45D63} - C:\WINDOWS\vmgspntbgbw.dll
BHO-{7F4B3F23-B720-4E7C-8903-96D249123C7E} - C:\WINDOWS\system32\khfgecBq.dll
BHO-{DA175B76-8982-484B-9E01-DA038B99A13E} - C:\WINDOWS\system32\ddcAtQHB.dll
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKLM-Run-\YUR78.exe - C:\Windows\system32\YUR78.exe
HKLM-Run-\YUR79.exe - C:\Windows\system32\YUR79.exe
HKLM-Run-\YUR7A.exe - C:\Windows\system32\YUR7A.exe
HKLM-Run-\YUR7B.exe - C:\Windows\system32\YUR7B.exe
HKLM-Run-ANTIVIRUS - C:\Program Files\MicroAV\MicroAV.exe
HKLM-Run-\YUR7C.exe - C:\Windows\system32\YUR7C.exe
HKLM-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKLM-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
HKLM-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
HKLM-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
HKLM-Run-\YUR71.exe - C:\Windows\system32\YUR71.exe
HKLM-Run-\YUR73.exe - C:\Windows\system32\YUR73.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\cedric\Application Data\Mozilla\Firefox\Profiles\1dg1c1g6.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://be.msn.com/default.aspx/?lang=fr-be
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 15:05:41
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\betxrrpj.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\searchindexer.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-09-22 15:15:06 - La machine a redémarré [cedric]
ComboFix-quarantined-files.txt 2008-09-22 13:14:56
Avant-CF: 29,675,511,808 octets libres
Après-CF: 29,778,534,400 octets libres
366 --- E O F --- 2008-09-11 14:08:18
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.579 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\cedric\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\.protected
C:\Documents and Settings\cedric\Bureaublackbird.jpg
C:\Documents and Settings\cedric\BureauEditorFKWP1.5.exe
C:\Documents and Settings\cedric\BureauEditorFKWP2.0.exe
C:\Documents and Settings\cedric\Bureaufilemanagerclient.exe
C:\Documents and Settings\cedric\Bureaufkwp1.5.exe
C:\Documents and Settings\cedric\Bureaufkwp2.0.exe
C:\Documents and Settings\cedric\Bureaufwebd.exe
C:\Documents and Settings\cedric\BureauFWebdEditor.exe
C:\Documents and Settings\cedric\BureauTrojan.Win32.BlackBird.exe
C:\Documents and Settings\cedric\Bureauvirii
C:\Documents and Settings\cedric\Bureauvirii\Trojan-Downloader.Win32.Agent.bl.exe
C:\Documents and Settings\cedric\Bureauvirii\Trojan-Downloader.Win32.Agent.p.exe
C:\Documents and Settings\cedric\Bureauvirii\Trojan-Downloader.Win32.Agent.r.exe
C:\Documents and Settings\cedric\Bureauvirii\Trojan-Downloader.Win32.Agent.t.exe
C:\Documents and Settings\cedric\Bureauvirii\Trojan-Downloader.Win32.Agent.v.exe
C:\Documents and Settings\cedric\Favoris\Error Cleaner.url
C:\Documents and Settings\cedric\Favoris\Privacy Protector.url
C:\Documents and Settings\cedric\Favoris\Spyware&Malware Protection.url
C:\Documents and Settings\cedric\Menu D‚marrer\Programmes\D‚marrage\.protected
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Dynamic Toolbar
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\home.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\logo_pb.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\parent_off.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\parent_on.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\pbbefrv2tb0200.cfg
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\popup_off.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\popup_on.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\search.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\services.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin1.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin2.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin3.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin4.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\skin5.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\store.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\style.css
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\support.bmp
C:\Program Files\Dynamic Toolbar\PBBEFRV2\Cache\ticker.xml
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\MicroAV
C:\Program Files\PC-Cleaner
C:\Program Files\PCHealthCenter
C:\WINDOWS\.protected
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\ewvd.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\1.ico
C:\WINDOWS\system32\2.ico
C:\WINDOWS\system32\BHQtAcdd.ini
C:\WINDOWS\system32\BHQtAcdd.ini2
C:\WINDOWS\system32\ddcAtQHB.dll
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\setup.ini
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\vmgspntbgbw.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\wr.txt
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-22 au 2008-09-22 ))))))))))))))))))))))))))))))))))))
.
2008-09-22 12:22 . 2008-09-22 12:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 12:22 . 2008-09-22 12:22 <REP> d-------- C:\Documents and Settings\cedric\Application Data\Malwarebytes
2008-09-22 12:22 . 2008-09-22 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-22 12:22 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-22 12:22 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-22 11:51 . 2008-09-22 11:51 <REP> d-------- C:\Program Files\Trend Micro
2008-09-22 11:19 . 2008-09-22 11:19 <REP> d-------- C:\Documents and Settings\cedric\Application Data\Windows Search
2008-09-22 11:14 . 2008-09-22 11:14 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-09-22 11:13 . 2008-09-22 11:13 <REP> d-------- C:\Documents and Settings\cedric\Application Data\Windows Desktop Search
2008-09-22 11:10 . 2008-09-22 11:10 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
2008-09-22 11:10 . 2008-09-22 11:10 <REP> d-------- C:\Program Files\Windows Desktop Search
2008-09-22 11:09 . 2008-09-22 11:09 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-22 11:08 . 2008-03-07 19:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-09-22 11:08 . 2008-03-07 19:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-09-22 11:08 . 2008-03-07 19:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-09-19 09:32 . 2008-09-19 09:32 <REP> d-------- C:\Documents and Settings\cedric\Application Data\skypePM
2008-09-19 09:32 . 2008-09-19 09:32 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-19 09:29 . 2008-09-19 09:34 <REP> d-------- C:\Documents and Settings\cedric\Application Data\Skype
2008-09-19 09:28 . 2008-09-19 09:28 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-09-17 08:13 . 2008-09-17 08:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-09-17 08:08 . 2008-09-17 08:08 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-09-17 08:08 . 2008-09-22 10:35 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-09-17 08:00 . 2008-09-17 08:00 <REP> d-------- C:\Documents and Settings\cedric\Application Data\BitDefender
2008-09-17 07:59 . 2008-09-17 07:59 <REP> d-------- C:\Program Files\BitDefender
2008-09-17 07:59 . 2008-09-17 08:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-09-17 07:40 . 2008-09-22 15:05 972,168 ---hs---- C:\WINDOWS\system32\jprrxteb.ini
2008-09-17 07:40 . 2008-09-17 07:40 104,064 --a------ C:\WINDOWS\system32\betxrrpj.dll
2008-09-17 07:37 . 2008-09-17 07:37 136,832 --a------ C:\WINDOWS\system32\vuatcbin.dll
2008-09-17 07:37 . 2008-09-17 07:37 136,832 --a------ C:\WINDOWS\system32\hublnr.dll
2008-09-16 18:24 . 2008-09-17 08:00 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-08-25 10:48 . 2008-08-25 10:48 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-25 10:48 . 2008-08-25 10:48 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-25 10:44 . 2008-08-25 10:48 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-25 10:28 . 2008-08-25 10:28 <REP> d-------- C:\WINDOWS\EHome
2008-08-24 11:47 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 13:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-09-18 12:48 228,672 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
2008-09-18 12:48 108,864 ----a-w C:\WINDOWS\system32\drivers\bdfm.sys
2008-09-18 12:48 102,208 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-09-16 08:49 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-16 08:38 --------- d-----w C:\Documents and Settings\cedric\Application Data\MegauploadToolbar
2008-09-09 10:59 --------- d-----w C:\Program Files\eMule
2008-08-19 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-19 08:43 --------- d-----w C:\Documents and Settings\cedric\Application Data\Megaupload
2008-08-19 08:43 --------- d-----w C:\Documents and Settings\cedric\Application Data\EmailNotifier
2008-08-19 08:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Megaupload
2008-08-19 08:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-08-10 16:58 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-10 16:58 --------- d-----w C:\Program Files\ASUS
2008-07-24 08:03 --------- d-----w C:\Program Files\Java
2007-11-12 11:47 22,328 ----a-w C:\Documents and Settings\cedric\Application Data\PnkBstrK.sys
2003-08-16 19:56 579,584 --sha-r C:\WINDOWS\system32\cd.exe
2008-04-08 18:27 91,039 --sha-w C:\WINDOWS\system32\qBcegfhk.ini2
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{261283f2-abd0-46e9-a95f-0479502ac616}]
2008-09-17 07:37 136832 --a------ C:\WINDOWS\system32\hublnr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-09-07 58488]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 192512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 86016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-19 185632]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"542a7a86"="C:\WINDOWS\system32\betxrrpj.dll" [2008-09-17 104064]
"BitDefender Security Center"="C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe" [2008-09-19 409600]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-09-19 716800]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-09-18 69632]
"SiSPower"="SiSPower.dll" [2005-01-04 C:\WINDOWS\system32\SiSPower.dll]
"nwiz"="nwiz.exe" [2006-08-11 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MioSync.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MioSync.lnk
backup=C:\WINDOWS\pss\MioSync.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-07-31 09:17 1836544 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\apps\\skype\\Phone\\Skype.exe"=
R2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-09-18 102208]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 Droppix Service;Droppix Service;C:\Program Files\Fichiers communs\Droppix\DxService.exe [2007-05-18 94208]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{1530CA4C-149B-4801-8DD4-5CD093B45D63} - C:\WINDOWS\vmgspntbgbw.dll
BHO-{7F4B3F23-B720-4E7C-8903-96D249123C7E} - C:\WINDOWS\system32\khfgecBq.dll
BHO-{DA175B76-8982-484B-9E01-DA038B99A13E} - C:\WINDOWS\system32\ddcAtQHB.dll
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKLM-Run-\YUR78.exe - C:\Windows\system32\YUR78.exe
HKLM-Run-\YUR79.exe - C:\Windows\system32\YUR79.exe
HKLM-Run-\YUR7A.exe - C:\Windows\system32\YUR7A.exe
HKLM-Run-\YUR7B.exe - C:\Windows\system32\YUR7B.exe
HKLM-Run-ANTIVIRUS - C:\Program Files\MicroAV\MicroAV.exe
HKLM-Run-\YUR7C.exe - C:\Windows\system32\YUR7C.exe
HKLM-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKLM-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
HKLM-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
HKLM-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
HKLM-Run-\YUR71.exe - C:\Windows\system32\YUR71.exe
HKLM-Run-\YUR73.exe - C:\Windows\system32\YUR73.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\cedric\Application Data\Mozilla\Firefox\Profiles\1dg1c1g6.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://be.msn.com/default.aspx/?lang=fr-be
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 15:05:41
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\betxrrpj.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\searchindexer.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-09-22 15:15:06 - La machine a redémarré [cedric]
ComboFix-quarantined-files.txt 2008-09-22 13:14:56
Avant-CF: 29,675,511,808 octets libres
Après-CF: 29,778,534,400 octets libres
366 --- E O F --- 2008-09-11 14:08:18
le rapport malwarebyte?
analyse ces ficheirs sur virus total et colle les rapports: https://www.virustotal.com/gui/
C:\WINDOWS\system32\jprrxteb.ini
C:\WINDOWS\system32\betxrrpj.dll
C:\WINDOWS\system32\vuatcbin.dll
C:\WINDOWS\system32\hublnr.dll
analyse ces ficheirs sur virus total et colle les rapports: https://www.virustotal.com/gui/
C:\WINDOWS\system32\jprrxteb.ini
C:\WINDOWS\system32\betxrrpj.dll
C:\WINDOWS\system32\vuatcbin.dll
C:\WINDOWS\system32\hublnr.dll
Scan saved at 11:52: VIRUS ALERT!, on 22/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: QXK Olive - {1530CA4C-149B-4801-8DD4-5CD093B45D63} - C:\WINDOWS\vmgspntbgbw.dll
O2 - BHO: {616ca205-9740-f59a-9e64-0dba2f382162} - {261283f2-abd0-46e9-a95f-0479502ac616} - C:\WINDOWS\system32\hublnr.dll
O2 - BHO: (no name) - {5BDD48D1-86BC-4216-80F2-51141B8F9D28} - C:\WINDOWS\system32\ddcAtQHB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7F4B3F23-B720-4E7C-8903-96D249123C7E} - C:\WINDOWS\system32\khfgecBq.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)
O3 - Toolbar: (no name) - {E22B6A50-4AE1-42CC-90F7-6CB1086D3A2D} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\YUR78.exe] C:\Windows\system32\YUR78.exe
O4 - HKLM\..\Run: [\YUR79.exe] C:\Windows\system32\YUR79.exe
O4 - HKLM\..\Run: [\YUR7A.exe] C:\Windows\system32\YUR7A.exe
O4 - HKLM\..\Run: [\YUR7B.exe] C:\Windows\system32\YUR7B.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKLM\..\Run: [\YUR7C.exe] C:\Windows\system32\YUR7C.exe
O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKLM\..\Run: [\YUR71.exe] C:\Windows\system32\YUR71.exe
O4 - HKLM\..\Run: [\YUR73.exe] C:\Windows\system32\YUR73.exe
O4 - HKLM\..\Run: [542a7a86] rundll32.exe "C:\WINDOWS\system32\betxrrpj.dll",b
O4 - HKLM\..\Run: [BitDefender Security Center] "C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe" /init
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: .protected (User 'SYSTEM')
O4 - .DEFAULT Startup: .protected (User 'Default user')
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL hublnr.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm