Possible_virut-3 que faire?
troy75
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour à tous,
Mon ordinateur est infécté et je n'ai rien réussi à trouver sur le net me permettant de résoudre ce problème. Le virus est détecté par Trend Micro sous le nom Possible_virut-3 et il semble impossible à nettoyer. Il infecte visiblement tous les fichiers .exe de mon ordinateur, dont notamment les fichiers système. Je ne saurais dire quelle sont les effets et la gravité de cette infection. Je ne suis pas hyper calé mais lorsque je suis vérolé je parviens en général à m'en sortir grâce aux recherches sur le net et les remèdes indiqués. Je vous remercie d'avance pour votre aide. Je vous met ci-dessous le log de HiJackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:49, on 23/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\WOYD.TMP
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\BITDEFENDER\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Corel\Suite8\Programs\DAD8.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\calc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\BOUFFARD\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.fr"); (C:\Documents and Settings\BOUFFARD\Application Data\Mozilla\Profiles\default\eveo6f4b.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\BOUFFARD\Application Data\Mozilla\Profiles\default\eveo6f4b.slt\prefs.js)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [lphccl2j0e561] C:\WINDOWS\system32\lphccl2j0e561.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE" --force_start_minimized
O4 - HKCU\..\Run: [WindowsAPI32] c:\nnpbxo.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel DAD 8 (gestionnaire des applications du bureau).LNK = D:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2bc66f54-93a8-11d3-beb6-00105aa9b6ae} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: ulhzme - C:\WINDOWS\SYSTEM32\ulhzme.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Mon ordinateur est infécté et je n'ai rien réussi à trouver sur le net me permettant de résoudre ce problème. Le virus est détecté par Trend Micro sous le nom Possible_virut-3 et il semble impossible à nettoyer. Il infecte visiblement tous les fichiers .exe de mon ordinateur, dont notamment les fichiers système. Je ne saurais dire quelle sont les effets et la gravité de cette infection. Je ne suis pas hyper calé mais lorsque je suis vérolé je parviens en général à m'en sortir grâce aux recherches sur le net et les remèdes indiqués. Je vous remercie d'avance pour votre aide. Je vous met ci-dessous le log de HiJackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:49, on 23/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\WOYD.TMP
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\BITDEFENDER\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Corel\Suite8\Programs\DAD8.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\calc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\BOUFFARD\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.fr"); (C:\Documents and Settings\BOUFFARD\Application Data\Mozilla\Profiles\default\eveo6f4b.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\BOUFFARD\Application Data\Mozilla\Profiles\default\eveo6f4b.slt\prefs.js)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [lphccl2j0e561] C:\WINDOWS\system32\lphccl2j0e561.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE" --force_start_minimized
O4 - HKCU\..\Run: [WindowsAPI32] c:\nnpbxo.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel DAD 8 (gestionnaire des applications du bureau).LNK = D:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2bc66f54-93a8-11d3-beb6-00105aa9b6ae} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: ulhzme - C:\WINDOWS\SYSTEM32\ulhzme.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
A voir également:
- Possible_virut-3 que faire?
- Ai suite 3 - Télécharger - Optimisation
- Picasa 3 - Télécharger - Albums photo
- Photorecit 3 - Télécharger - Visionnage & Diaporama
- Zelda 3 - Accueil - Guide jeu vidéo
- Samsung kies galaxy tab 3 ✓ - Forum Mobile
51 réponses
oui colle le rapport trend micro
pour virer bitdefender:
http://www.bitdefender.fr/KB333-fr--Desinstaller-BitDefender.html
pour virer bitdefender:
http://www.bitdefender.fr/KB333-fr--Desinstaller-BitDefender.html
restaure ton ordi avant le problème:
http://www.infoprat.net/astuces/windows2k_xp/astuces/divers_004.php
_________________
sinon tape le message d'erreur dans la recherche de google et tu aura plus d'infos
http://www.infoprat.net/astuces/windows2k_xp/astuces/divers_004.php
_________________
sinon tape le message d'erreur dans la recherche de google et tu aura plus d'infos
tu as une connexion wifi? ou ethernet ou usb?
___________________
repare windows :
https://www.pcastuces.com/pratique/windows/xp/default.htm
__________________
fait un scan en ligne avec un des suivants: et colle le rapport)
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
kaspersky en ligne :
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
______________________
___________________
repare windows :
https://www.pcastuces.com/pratique/windows/xp/default.htm
__________________
fait un scan en ligne avec un des suivants: et colle le rapport)
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
kaspersky en ligne :
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
______________________
pour réparer la connection internet essayer ces solutions:
1/
# Cliquez sur le bouton Démarrer.
# Cliquez sur l'option de menu Paramètres.
# Cliquez sur l'option Panneau de configuration.
# Après l'ouverture du Panneau de configuration, faites un double clic sur l'icône Connexions réseau. Si votre Panneau de configuration est paramétré pour un affichage en catégories, faites un double clic sur Connexions réseau et Internet puis cliquez sur Connexions réseau tout en bas.
# Vous verrez alors une liste de toutes les connexions réseau disponibles. Repérez la connexion vers votre adaptateur Sans Fil ou Réseau local et faites un clic droit dessus.
# Cliquez simplement sur l'option de menu Réparer.
______________
2/
Vous n'arrivez plus a vous connecter avec votre wifi. Si vous allez dans les outils administration sur la page "services" pour activer "configuration automatique sans fil" vous avez l'erreur 1068.
Si c'est votre cas et que vous vous etes arraché les cheveux, voici la solution:
Vous devez aller dans la base de registre avec regedit ou autre.
1. Demarrer > executer > Tapez : "regedit" en ok
2. Allez sur HKEY Local Machine > system > CurrentControlSet > Services > Ndisuio
Dans cette clé il y a une entrée nommée "START", double cliquez dessus. Cette entrée doit être 3 pour que le protocole NDIS E/S demarre correctement.
Un virus comme "bagle / Beagle" change cette entrée et la met sur 4 (disable) et cause le probleme que vous avez.
Reboutez ensuite votre PC et tout devrait rentrer dans l'ordre.
1/
# Cliquez sur le bouton Démarrer.
# Cliquez sur l'option de menu Paramètres.
# Cliquez sur l'option Panneau de configuration.
# Après l'ouverture du Panneau de configuration, faites un double clic sur l'icône Connexions réseau. Si votre Panneau de configuration est paramétré pour un affichage en catégories, faites un double clic sur Connexions réseau et Internet puis cliquez sur Connexions réseau tout en bas.
# Vous verrez alors une liste de toutes les connexions réseau disponibles. Repérez la connexion vers votre adaptateur Sans Fil ou Réseau local et faites un clic droit dessus.
# Cliquez simplement sur l'option de menu Réparer.
______________
2/
Vous n'arrivez plus a vous connecter avec votre wifi. Si vous allez dans les outils administration sur la page "services" pour activer "configuration automatique sans fil" vous avez l'erreur 1068.
Si c'est votre cas et que vous vous etes arraché les cheveux, voici la solution:
Vous devez aller dans la base de registre avec regedit ou autre.
1. Demarrer > executer > Tapez : "regedit" en ok
2. Allez sur HKEY Local Machine > system > CurrentControlSet > Services > Ndisuio
Dans cette clé il y a une entrée nommée "START", double cliquez dessus. Cette entrée doit être 3 pour que le protocole NDIS E/S demarre correctement.
Un virus comme "bagle / Beagle" change cette entrée et la met sur 4 (disable) et cause le probleme que vous avez.
Reboutez ensuite votre PC et tout devrait rentrer dans l'ordre.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
si tu formate tu n'auras plus de souci mais il faut penser a sauvegarder tes pilotes , dossiers ...... messagerie...
ça fonctionne. est-ce parce qu'il était trop long que mon message précédent ne s'est pas affiché? j'y postais le rapport trend micro
autre détail dont je viens de m'apercevoir. mon ordinateur me dit accès refusé lorsque j'essaye d'ouvrire un fichier .txt ou .log en double cliquant dessus
j'ai lançé usbfix et je ne peux ouvrir le rapport qu'avec word. je le colle ici (en espérant que le message s'affiche). merci encore de m'éclairer de vos lumières
-------------- UsbFix V2.395 ---------------
* User : BOUFFARD - BOUFFARD-2748E7
* Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 15:53:32 le 23/10/2008
* Windows Xp - Internet Explorer 7.0.5730.11
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\qwj1.tmp
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\gzk2.tmp
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\TEMP\BN4.TMP
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\WScript.exe
C:\DOCUME~1\BOUFFARD\LOCALS~1\Temp\6.tmp\b2e.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
G: - Lecteur fixe
H: - Lecteur fixe
I: - Lecteur fixe
M: - Lecteur fixe
N: - Lecteur fixe
S: - Lecteur fixe
T: - Lecteur fixe
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Smapp REG_SZ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
AS00_Netgear REG_SZ C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
LogitechVideoRepair REG_SZ C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray REG_SZ C:\Program Files\Logitech\Video\LogiTray.exe
AdaptecDirectCD REG_SZ "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
pccguide.exe REG_SZ "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
KernelFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -k
lphccl2j0e561 REG_SZ C:\WINDOWS\system32\lphccl2j0e561.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Mozilla Quick Launch REG_SZ "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
BitTorrent REG_SZ "C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE" --force_start_minimized
WindowsAPI32 REG_SZ c:\nnpbxo.exe
--------------- [ Registre / Mountpoint2 ] ----------------
-> Recherche négative.
--------------- [ Nettoyage des disques ] ----------------
--------------- ! Fin du rapport ! ----------------
j'ai lançé usbfix et je ne peux ouvrir le rapport qu'avec word. je le colle ici (en espérant que le message s'affiche). merci encore de m'éclairer de vos lumières
-------------- UsbFix V2.395 ---------------
* User : BOUFFARD - BOUFFARD-2748E7
* Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 15:53:32 le 23/10/2008
* Windows Xp - Internet Explorer 7.0.5730.11
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\qwj1.tmp
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\gzk2.tmp
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\TEMP\BN4.TMP
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\WScript.exe
C:\DOCUME~1\BOUFFARD\LOCALS~1\Temp\6.tmp\b2e.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
G: - Lecteur fixe
H: - Lecteur fixe
I: - Lecteur fixe
M: - Lecteur fixe
N: - Lecteur fixe
S: - Lecteur fixe
T: - Lecteur fixe
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Smapp REG_SZ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
AS00_Netgear REG_SZ C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
LogitechVideoRepair REG_SZ C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray REG_SZ C:\Program Files\Logitech\Video\LogiTray.exe
AdaptecDirectCD REG_SZ "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
pccguide.exe REG_SZ "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
KernelFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -k
lphccl2j0e561 REG_SZ C:\WINDOWS\system32\lphccl2j0e561.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Mozilla Quick Launch REG_SZ "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
BitTorrent REG_SZ "C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE" --force_start_minimized
WindowsAPI32 REG_SZ c:\nnpbxo.exe
--------------- [ Registre / Mountpoint2 ] ----------------
-> Recherche négative.
--------------- [ Nettoyage des disques ] ----------------
--------------- ! Fin du rapport ! ----------------
pour Bitdefender, je ne comprend pas il ne fonctionne pas, n'a jamais fonctionné et quand je clique sur uninstall il me dit qu'il ne peux pas le désinstaller
je viens déjà de faire le scan Malwarebytes. pour les fichiers infectés trouvés, il me propose de faire "remove selected". je le fais?
voici le rapport:
Malwarebytes' Anti-Malware 1.29
Database version: 1276
Windows 5.1.2600 Service Pack 2
23/10/2008 17:05:31
mbam-log-2008-10-23 (17-04-57).txt
Scan type: Quick Scan
Objects scanned: 52521
Time elapsed: 6 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\ulhzme.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\blphccl2j0e561.scr (Trojan.FakeAlert) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ulhzme (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati1orxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati1orxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati1orxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati1orxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphccl2j0e561 (Trojan.FakeAlert) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\ulhzme.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\ulhzme32.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\drivers\ati1orxx.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\Temp\BN2.tmp (Rootkit.Agent) -> No action taken.
C:\WINDOWS\Temp\BN4.tmp (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> No action taken.
C:\WINDOWS\system32\blphccl2j0e561.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\lphccl2j0e561.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt5.tmp.vbs (Trojan.FakeAlert) -> No action taken.
je vais maintenant faire un scan en ligne comme tu me le proposes
je viens déjà de faire le scan Malwarebytes. pour les fichiers infectés trouvés, il me propose de faire "remove selected". je le fais?
voici le rapport:
Malwarebytes' Anti-Malware 1.29
Database version: 1276
Windows 5.1.2600 Service Pack 2
23/10/2008 17:05:31
mbam-log-2008-10-23 (17-04-57).txt
Scan type: Quick Scan
Objects scanned: 52521
Time elapsed: 6 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\ulhzme.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\blphccl2j0e561.scr (Trojan.FakeAlert) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ulhzme (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati1orxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati1orxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati1orxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati1orxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphccl2j0e561 (Trojan.FakeAlert) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\ulhzme.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\ulhzme32.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\drivers\ati1orxx.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\Temp\BN2.tmp (Rootkit.Agent) -> No action taken.
C:\WINDOWS\Temp\BN4.tmp (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> No action taken.
C:\WINDOWS\system32\blphccl2j0e561.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\lphccl2j0e561.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt5.tmp.vbs (Trojan.FakeAlert) -> No action taken.
je vais maintenant faire un scan en ligne comme tu me le proposes
ok il m'a donc fallu refaire le scan avec Malwarebytes. j'ai tout viré et voici le log:
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ulhzme (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati1orxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati1orxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati1orxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati1orxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphccl2j0e561 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\ulhzme.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\ulhzme32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\drivers\ati1orxx.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\BN2.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphccl2j0e561.scr (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\lphccl2j0e561.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phccl2j0e561.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt10.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt5.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Par ailleurs, mon ordi bloque lorsque je fais un scan en ligne comme bittdefender et panda. je vais rééssayer ou sinon je vais en faire un avec trend
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ulhzme (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati1orxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati1orxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati1orxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati1orxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphccl2j0e561 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\ulhzme.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\ulhzme32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\drivers\ati1orxx.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\BN2.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphccl2j0e561.scr (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\lphccl2j0e561.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phccl2j0e561.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt10.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt5.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Par ailleurs, mon ordi bloque lorsque je fais un scan en ligne comme bittdefender et panda. je vais rééssayer ou sinon je vais en faire un avec trend
voici le rapport de Combofix:
ComboFix 08-10-23.01 - BOUFFARD 2008-10-23 19:15:25.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.605 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\BOUFFARD\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
[i] ADS - svchost.exe: deleted 36864 bytes in 1 streams. [/i]
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\BOUFFARD\Application Data\inst.exe
C:\Documents and Settings\BOUFFARD\Local Settings\Temporary Internet Files\fbk.sts
C:\WINDOWS\system32\actxprxyo.exe
C:\WINDOWS\system32\blphccl2j0e561.scr
C:\WINDOWS\system32\jimjsidw.dll
C:\WINDOWS\system32\kmgfeg.dll
C:\WINDOWS\system32\lphccl2j0e561.exe
C:\WINDOWS\system32\phccl2j0e561.bmp
C:\WINDOWS\system32\plsail.dll
C:\WINDOWS\system32\ulhzme.dll
C:\WINDOWS\system32\xxqmhwrm.dll
C:\WINDOWS\winhelp.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_icf
-------\Legacy_msupdate
-------\Legacy_remoteregistryaudiosrv
-------\Legacy_RESTORE
-------\Service_ICF
-------\Service_remoteregistryaudiosrv
-------\Service_restore
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
.
2008-10-23 17:13 . 2008-10-23 18:30 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-10-23 15:32 . 2008-10-23 15:56 <REP> d-------- C:\Program Files\UsbFix
2008-10-22 18:20 . 2008-10-22 18:20 <REP> d-------- C:\WINDOWS\report
2008-10-22 18:20 . 2008-10-22 18:19 20,543,349 --a------ C:\WINDOWS\LPT$VPN.611
2008-10-22 18:19 . 2008-10-22 18:19 <REP> d-------- C:\WINDOWS\AU_Backup
2008-10-22 18:19 . 2008-10-22 18:19 1,968,443 --a------ C:\WINDOWS\tsc.ptn
2008-10-22 18:19 . 2008-10-22 18:19 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-10-22 18:19 . 2008-10-22 18:19 357,445 --a------ C:\WINDOWS\TSC.exe
2008-10-22 18:19 . 2008-10-22 18:19 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-10-22 18:19 . 2008-10-22 18:19 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-10-22 18:19 . 2008-10-22 18:47 823 --a------ C:\WINDOWS\tsc.ini
2008-10-22 18:18 . 2008-10-22 18:19 20,543,349 --a------ C:\WINDOWS\VPTNFILE.611
2008-10-22 18:16 . 2008-10-22 18:19 <REP> d-------- C:\WINDOWS\AU_Temp
2008-10-22 18:16 . 2008-10-22 18:16 <REP> d-------- C:\WINDOWS\AU_Log
2008-10-22 18:16 . 2008-10-22 18:16 170 --a------ C:\WINDOWS\GetServer.ini
2008-10-22 18:15 . 2008-10-22 18:15 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-10-22 18:15 . 2008-10-22 18:15 294,912 --a------ C:\WINDOWS\PATCH.EXE
2008-10-22 18:15 . 2008-10-22 18:15 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-10-22 18:07 . 2008-10-22 18:08 <REP> d-------- C:\Kaspersky
2008-10-22 18:06 . 2008-10-22 18:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-22 15:08 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-22 15:07 . 2008-10-22 15:07 <REP> d-------- C:\Program Files\Panda Security
2008-10-22 14:58 . 2008-10-23 19:25 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-10-22 13:20 . 2008-10-22 13:20 18 --a------ C:\WINDOWS\system32\10.tmp
2008-10-22 12:06 . 2008-10-22 12:06 <REP> d-------- C:\Documents and Settings\BOUFFARD\Application Data\Malwarebytes
2008-10-22 12:05 . 2008-10-22 12:06 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 12:05 . 2008-10-22 12:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 12:05 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 12:05 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 11:38 . 2008-10-22 11:38 10,240 --a------ C:\WINDOWS\system32\ppgdfoss.exe
2008-10-22 11:24 . 2008-10-22 11:24 7,478,208 --a------ C:\windows-kb890830-v2.3.exe
2008-10-22 10:36 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-10-22 10:18 . 2008-10-22 10:18 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-10-22 09:41 . 2008-10-22 21:58 3,894 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-22 09:25 . 2008-10-10 08:58 93,696 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-22 09:25 . 2008-10-10 08:58 93,696 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-22 09:24 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-22 09:24 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-22 09:24 . 2008-09-08 23:38 99,328 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-22 09:24 . 2008-10-01 15:51 98,304 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-22 09:24 . 2008-05-18 21:40 93,696 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-22 09:24 . 2008-08-18 12:19 93,184 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-22 09:24 . 2003-06-05 21:13 61,440 --a------ C:\WINDOWS\system32\Process.exe
2008-10-22 09:24 . 2004-07-31 18:50 59,392 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-22 09:24 . 2007-10-04 00:36 37,376 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-21 19:06 . 2008-10-21 19:06 4,154 --a------ C:\WINDOWS\system32\2E.tmp
2008-10-21 19:06 . 2008-10-21 19:06 48 --a------ C:\WINDOWS\system32\2D.tmp
2008-10-21 17:59 . 2008-10-21 17:59 <REP> d-------- C:\fixwareout
2008-10-21 17:38 . 2008-10-21 17:38 145 --a------ C:\WINDOWS\system32\winver.bat
2008-10-21 17:37 . 2008-10-21 17:37 20,480 --ahs---- C:\WINDOWS\system32\1031u.dll
2008-10-21 17:37 . 2008-10-21 17:37 17,408 --ahs---- C:\WINDOWS\system32\6to4svcs.dll
2008-10-21 17:37 . 2008-10-21 17:37 8,988 --ahs---- C:\WINDOWS\system32\adptife.sys
2008-10-21 17:37 . 2008-10-23 19:02 0 --a------ C:\WINDOWS\system32\alrsvcb.sys
2008-10-21 17:36 . 2008-10-23 19:24 32,768 --a------ C:\WINDOWS\system32\drivers\ati1orxx.sys
2008-10-21 17:36 . 2008-10-21 17:37 314 --a-s---- C:\WINDOWS\system32\1140206528.dat
2008-10-21 17:36 . 2008-10-23 15:43 0 --a------ C:\WINDOWS\system32\drivers\ed2ec25a.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 14:44 --------- d-----w C:\Program Files\eMule
2008-10-20 08:58 --------- d-----w C:\Documents and Settings\BOUFFARD\Application Data\Canon
2008-09-13 08:55 --------- d-----w C:\Documents and Settings\BOUFFARD\Application Data\Azureus
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-07-15 16:06 47,360 ----a-w C:\Documents and Settings\BOUFFARD\Application Data\pcouffin.sys
2007-02-19 18:10 36,392 ----a-w C:\Documents and Settings\BOUFFARD\Application Data\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
2004-08-19 16:10 22528 5bfe571b27b4472f80329745017edc7a C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-14 04:34 22528 086d225e900bc2b86a7bd8d2bbb6e5f2 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\svchost.exe
2008-10-23 19:24 22528 486adb741b37cf4b51db10ab73873293 C:\WINDOWS\system32\svchost.exe
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-05 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\drivers\tcpip.sys
2007-06-13 15:22 1045504 947918d81781e74aaff3e42cc9ef48b6 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1045504 5885bdfd1e8f6fe45176ba86272ce11d C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 16:09 1044480 1508402ca7d59b9ad0dade2bab0ad469 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-19 16:09 1044480 bab5d042688c9bc98ced2b887545ffa4 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 04:34 1046016 8fc5d27758b0be7c07fca1d462a67807 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\explorer.exe
2007-06-13 15:22 1045504 d01d389608d9c88ba9515434ccfcc04d C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-19 16:09 23552 529c194e494f824af6e85121ed1a8c05 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 04:33 23552 6c575c6b887bf059dc1ec1ddf727474d C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ctfmon.exe
2004-08-19 16:09 23552 ddf9eaa86762657d0b3303b4a82ee138 C:\WINDOWS\system32\ctfmon.exe
2005-06-11 02:17 66048 a025c964fe3456f9bb170ec5cb52c563 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-19 16:10 66048 735a6a334e46d142ed48e694f3f09ace C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-19 16:10 66048 c4124e22a405238fafa11f3e188674ea C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-14 04:34 66048 90911df39dc7302270be249666b7bd8c C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\spoolsv.exe
2005-06-11 01:53 66048 f755e60940c6969e17c98e55dacfdb52 C:\WINDOWS\system32\spoolsv.exe
2004-08-19 16:10 33280 39061be0939706d2d2757dc34cb74a6d C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-14 04:34 34816 b72f12f4f226af68bc2ec26351b301d2 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\userinit.exe
2004-08-19 16:10 33280 e99c65de896d40c054d24d8fb6c5c6c6 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 23552]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Mozilla Quick Launch"="C:\Program Files\Netscape\Netscape\Netscp.exe" [2003-06-24 568096]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 106496]
"AS00_Netgear"="C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe" [2003-05-16 397312]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 196608]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 73728]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-08-01 692224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-23 290816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2005-11-17 909377]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-19 185632]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 81920]
"lphccl2j0e561"="C:\WINDOWS\system32\lphccl2j0e561.exe" [2008-10-23 212992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-06-28 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 23552]
C:\Documents and Settings\BOUFFARD\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-21 121856]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-21 121856]
Corel DAD 8 (gestionnaire des applications du bureau).LNK - D:\Corel\Suite8\Programs\DAD8.EXE [2006-06-21 210944]
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2006-06-21 139776]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"aux"= ctwdm32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1orxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\BitLord\\BitLord.exe"=
"C:1\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:@xpsp2res.dll,-22004
R0 ati1orxx;ati1orxx;C:\WINDOWS\system32\Drivers\ati1orxx.sys [2008-10-23 32768]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 16194]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792]
R3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311nd5.sys [2003-03-17 307904]
S1 ed2ec25a;ed2ec25a;C:\WINDOWS\system32\drivers\ed2ec25a.sys [2008-10-23 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-BitTorrent - C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE
HKCU-Run-WindowsAPI32 - c:\nnpbxo.exe
HKU-Default-Run-brastk - C:\WINDOWS\system32\brastk.exe
Notify-ulhzme - ulhzme.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\BOUFFARD\Application Data\Mozilla\Firefox\Profiles\[u]0[/u]8wnohwy.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
.
.
------- Associations de fichier -------
.
txtfile=%Systemroot%\system32\notepad.exe "%1"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 19:26:37
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\WINDOWS\system32\phccl2j0e561.bmp 937782 bytes
C:\WINDOWS\system32\lphccl2j0e561.exe 212992 bytes executable
C:\WINDOWS\system32\svchost.exe:ext.exe 25088 bytes executable
C:\WINDOWS\system32\blphccl2j0e561.scr 114688 bytes executable
Scan terminé avec succès
Fichiers cachés: 4
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\msi.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Temp\BN2.tmp
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Temp\dna4.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-10-23 19:34:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-23 17:34:20
Avant-CF: 10 921 930 752 octets libres
Après-CF: 11,293,069,312 octets libres
266 --- E O F --- 2008-10-15 22:46:19
ComboFix 08-10-23.01 - BOUFFARD 2008-10-23 19:15:25.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.605 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\BOUFFARD\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
[i] ADS - svchost.exe: deleted 36864 bytes in 1 streams. [/i]
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\BOUFFARD\Application Data\inst.exe
C:\Documents and Settings\BOUFFARD\Local Settings\Temporary Internet Files\fbk.sts
C:\WINDOWS\system32\actxprxyo.exe
C:\WINDOWS\system32\blphccl2j0e561.scr
C:\WINDOWS\system32\jimjsidw.dll
C:\WINDOWS\system32\kmgfeg.dll
C:\WINDOWS\system32\lphccl2j0e561.exe
C:\WINDOWS\system32\phccl2j0e561.bmp
C:\WINDOWS\system32\plsail.dll
C:\WINDOWS\system32\ulhzme.dll
C:\WINDOWS\system32\xxqmhwrm.dll
C:\WINDOWS\winhelp.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_icf
-------\Legacy_msupdate
-------\Legacy_remoteregistryaudiosrv
-------\Legacy_RESTORE
-------\Service_ICF
-------\Service_remoteregistryaudiosrv
-------\Service_restore
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
.
2008-10-23 17:13 . 2008-10-23 18:30 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-10-23 15:32 . 2008-10-23 15:56 <REP> d-------- C:\Program Files\UsbFix
2008-10-22 18:20 . 2008-10-22 18:20 <REP> d-------- C:\WINDOWS\report
2008-10-22 18:20 . 2008-10-22 18:19 20,543,349 --a------ C:\WINDOWS\LPT$VPN.611
2008-10-22 18:19 . 2008-10-22 18:19 <REP> d-------- C:\WINDOWS\AU_Backup
2008-10-22 18:19 . 2008-10-22 18:19 1,968,443 --a------ C:\WINDOWS\tsc.ptn
2008-10-22 18:19 . 2008-10-22 18:19 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-10-22 18:19 . 2008-10-22 18:19 357,445 --a------ C:\WINDOWS\TSC.exe
2008-10-22 18:19 . 2008-10-22 18:19 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-10-22 18:19 . 2008-10-22 18:19 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-10-22 18:19 . 2008-10-22 18:47 823 --a------ C:\WINDOWS\tsc.ini
2008-10-22 18:18 . 2008-10-22 18:19 20,543,349 --a------ C:\WINDOWS\VPTNFILE.611
2008-10-22 18:16 . 2008-10-22 18:19 <REP> d-------- C:\WINDOWS\AU_Temp
2008-10-22 18:16 . 2008-10-22 18:16 <REP> d-------- C:\WINDOWS\AU_Log
2008-10-22 18:16 . 2008-10-22 18:16 170 --a------ C:\WINDOWS\GetServer.ini
2008-10-22 18:15 . 2008-10-22 18:15 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-10-22 18:15 . 2008-10-22 18:15 294,912 --a------ C:\WINDOWS\PATCH.EXE
2008-10-22 18:15 . 2008-10-22 18:15 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-10-22 18:07 . 2008-10-22 18:08 <REP> d-------- C:\Kaspersky
2008-10-22 18:06 . 2008-10-22 18:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-22 15:08 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-22 15:07 . 2008-10-22 15:07 <REP> d-------- C:\Program Files\Panda Security
2008-10-22 14:58 . 2008-10-23 19:25 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-10-22 13:20 . 2008-10-22 13:20 18 --a------ C:\WINDOWS\system32\10.tmp
2008-10-22 12:06 . 2008-10-22 12:06 <REP> d-------- C:\Documents and Settings\BOUFFARD\Application Data\Malwarebytes
2008-10-22 12:05 . 2008-10-22 12:06 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 12:05 . 2008-10-22 12:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 12:05 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 12:05 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 11:38 . 2008-10-22 11:38 10,240 --a------ C:\WINDOWS\system32\ppgdfoss.exe
2008-10-22 11:24 . 2008-10-22 11:24 7,478,208 --a------ C:\windows-kb890830-v2.3.exe
2008-10-22 10:36 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-10-22 10:18 . 2008-10-22 10:18 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-10-22 09:41 . 2008-10-22 21:58 3,894 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-22 09:25 . 2008-10-10 08:58 93,696 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-22 09:25 . 2008-10-10 08:58 93,696 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-22 09:24 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-22 09:24 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-22 09:24 . 2008-09-08 23:38 99,328 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-22 09:24 . 2008-10-01 15:51 98,304 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-22 09:24 . 2008-05-18 21:40 93,696 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-22 09:24 . 2008-08-18 12:19 93,184 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-22 09:24 . 2003-06-05 21:13 61,440 --a------ C:\WINDOWS\system32\Process.exe
2008-10-22 09:24 . 2004-07-31 18:50 59,392 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-22 09:24 . 2007-10-04 00:36 37,376 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-21 19:06 . 2008-10-21 19:06 4,154 --a------ C:\WINDOWS\system32\2E.tmp
2008-10-21 19:06 . 2008-10-21 19:06 48 --a------ C:\WINDOWS\system32\2D.tmp
2008-10-21 17:59 . 2008-10-21 17:59 <REP> d-------- C:\fixwareout
2008-10-21 17:38 . 2008-10-21 17:38 145 --a------ C:\WINDOWS\system32\winver.bat
2008-10-21 17:37 . 2008-10-21 17:37 20,480 --ahs---- C:\WINDOWS\system32\1031u.dll
2008-10-21 17:37 . 2008-10-21 17:37 17,408 --ahs---- C:\WINDOWS\system32\6to4svcs.dll
2008-10-21 17:37 . 2008-10-21 17:37 8,988 --ahs---- C:\WINDOWS\system32\adptife.sys
2008-10-21 17:37 . 2008-10-23 19:02 0 --a------ C:\WINDOWS\system32\alrsvcb.sys
2008-10-21 17:36 . 2008-10-23 19:24 32,768 --a------ C:\WINDOWS\system32\drivers\ati1orxx.sys
2008-10-21 17:36 . 2008-10-21 17:37 314 --a-s---- C:\WINDOWS\system32\1140206528.dat
2008-10-21 17:36 . 2008-10-23 15:43 0 --a------ C:\WINDOWS\system32\drivers\ed2ec25a.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 14:44 --------- d-----w C:\Program Files\eMule
2008-10-20 08:58 --------- d-----w C:\Documents and Settings\BOUFFARD\Application Data\Canon
2008-09-13 08:55 --------- d-----w C:\Documents and Settings\BOUFFARD\Application Data\Azureus
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-07-15 16:06 47,360 ----a-w C:\Documents and Settings\BOUFFARD\Application Data\pcouffin.sys
2007-02-19 18:10 36,392 ----a-w C:\Documents and Settings\BOUFFARD\Application Data\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
2004-08-19 16:10 22528 5bfe571b27b4472f80329745017edc7a C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-14 04:34 22528 086d225e900bc2b86a7bd8d2bbb6e5f2 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\svchost.exe
2008-10-23 19:24 22528 486adb741b37cf4b51db10ab73873293 C:\WINDOWS\system32\svchost.exe
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-05 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\drivers\tcpip.sys
2007-06-13 15:22 1045504 947918d81781e74aaff3e42cc9ef48b6 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1045504 5885bdfd1e8f6fe45176ba86272ce11d C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 16:09 1044480 1508402ca7d59b9ad0dade2bab0ad469 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-19 16:09 1044480 bab5d042688c9bc98ced2b887545ffa4 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 04:34 1046016 8fc5d27758b0be7c07fca1d462a67807 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\explorer.exe
2007-06-13 15:22 1045504 d01d389608d9c88ba9515434ccfcc04d C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-19 16:09 23552 529c194e494f824af6e85121ed1a8c05 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 04:33 23552 6c575c6b887bf059dc1ec1ddf727474d C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ctfmon.exe
2004-08-19 16:09 23552 ddf9eaa86762657d0b3303b4a82ee138 C:\WINDOWS\system32\ctfmon.exe
2005-06-11 02:17 66048 a025c964fe3456f9bb170ec5cb52c563 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-19 16:10 66048 735a6a334e46d142ed48e694f3f09ace C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-19 16:10 66048 c4124e22a405238fafa11f3e188674ea C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-14 04:34 66048 90911df39dc7302270be249666b7bd8c C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\spoolsv.exe
2005-06-11 01:53 66048 f755e60940c6969e17c98e55dacfdb52 C:\WINDOWS\system32\spoolsv.exe
2004-08-19 16:10 33280 39061be0939706d2d2757dc34cb74a6d C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-14 04:34 34816 b72f12f4f226af68bc2ec26351b301d2 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\userinit.exe
2004-08-19 16:10 33280 e99c65de896d40c054d24d8fb6c5c6c6 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 23552]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Mozilla Quick Launch"="C:\Program Files\Netscape\Netscape\Netscp.exe" [2003-06-24 568096]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 106496]
"AS00_Netgear"="C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe" [2003-05-16 397312]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 196608]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 73728]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-08-01 692224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-23 290816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2005-11-17 909377]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-19 185632]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 81920]
"lphccl2j0e561"="C:\WINDOWS\system32\lphccl2j0e561.exe" [2008-10-23 212992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-06-28 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 23552]
C:\Documents and Settings\BOUFFARD\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-21 121856]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-21 121856]
Corel DAD 8 (gestionnaire des applications du bureau).LNK - D:\Corel\Suite8\Programs\DAD8.EXE [2006-06-21 210944]
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2006-06-21 139776]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"aux"= ctwdm32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1orxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\BitLord\\BitLord.exe"=
"C:1\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:@xpsp2res.dll,-22004
R0 ati1orxx;ati1orxx;C:\WINDOWS\system32\Drivers\ati1orxx.sys [2008-10-23 32768]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 16194]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792]
R3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311nd5.sys [2003-03-17 307904]
S1 ed2ec25a;ed2ec25a;C:\WINDOWS\system32\drivers\ed2ec25a.sys [2008-10-23 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-BitTorrent - C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE
HKCU-Run-WindowsAPI32 - c:\nnpbxo.exe
HKU-Default-Run-brastk - C:\WINDOWS\system32\brastk.exe
Notify-ulhzme - ulhzme.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\BOUFFARD\Application Data\Mozilla\Firefox\Profiles\[u]0[/u]8wnohwy.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
.
.
------- Associations de fichier -------
.
txtfile=%Systemroot%\system32\notepad.exe "%1"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 19:26:37
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\WINDOWS\system32\phccl2j0e561.bmp 937782 bytes
C:\WINDOWS\system32\lphccl2j0e561.exe 212992 bytes executable
C:\WINDOWS\system32\svchost.exe:ext.exe 25088 bytes executable
C:\WINDOWS\system32\blphccl2j0e561.scr 114688 bytes executable
Scan terminé avec succès
Fichiers cachés: 4
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\msi.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Temp\BN2.tmp
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Temp\dna4.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-10-23 19:34:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-23 17:34:20
Avant-CF: 10 921 930 752 octets libres
Après-CF: 11,293,069,312 octets libres
266 --- E O F --- 2008-10-15 22:46:19
ok je laisse d'abord se terminer le scan en ligne sur kaspersky en cours (je t'écris d'un autre ordi), puis je te referais un rapport hijackthis
bon le scan a encore fait planter mon ordi...
voici le rapport HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:32, on 23/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\BN3.TMP
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\BITDEFENDER\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\LPHCCL2J0E561.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Corel\Suite8\Programs\DAD8.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\BOUFFARD\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.fr"); (C:\Documents and Settings\BOUFFARD\Application Data\Mozilla\Profiles\default\eveo6f4b.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\BOUFFARD\Application Data\Mozilla\Profiles\default\eveo6f4b.slt\prefs.js)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphccl2j0e561] C:\WINDOWS\system32\lphccl2j0e561.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel DAD 8 (gestionnaire des applications du bureau).LNK = D:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2bc66f54-93a8-11d3-beb6-00105aa9b6ae} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: ulhzme - C:\WINDOWS\SYSTEM32\ulhzme.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
voici le rapport HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:32, on 23/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\BN3.TMP
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\BITDEFENDER\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\LPHCCL2J0E561.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Corel\Suite8\Programs\DAD8.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\BOUFFARD\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.fr"); (C:\Documents and Settings\BOUFFARD\Application Data\Mozilla\Profiles\default\eveo6f4b.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\BOUFFARD\Application Data\Mozilla\Profiles\default\eveo6f4b.slt\prefs.js)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphccl2j0e561] C:\WINDOWS\system32\lphccl2j0e561.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel DAD 8 (gestionnaire des applications du bureau).LNK = D:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2bc66f54-93a8-11d3-beb6-00105aa9b6ae} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: ulhzme - C:\WINDOWS\SYSTEM32\ulhzme.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
c'est fait pour Combofix. par contre au démarrage il ne m'a pas proposé les choix 1 et 2 que tu évoques. voici le rapport:
ComboFix 08-10-23.01 - BOUFFARD 2008-10-24 10:53:01.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.505 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\BOUFFARD\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\BOUFFARD\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
FILE ::
C:\WINDOWS\system32\alrsvcb.sys
C:\WINDOWS\system32\blphccl2j0e561.scr 11
C:\WINDOWS\system32\Drivers\ati1orxx.sys
C:\WINDOWS\system32\drivers\ed2ec25a.sys
C:\WINDOWS\system32\lphccl2j0e561.exe
C:\WINDOWS\system32\phccl2j0e561.bmp
C:\WINDOWS\system32\svchost.exe:ext.exe
C:\WINDOWS\Temp\BN2.tmp
C:\WINDOWS\Temp\dna4.tmp
.
[i] ADS - svchost.exe: deleted 36864 bytes in 1 streams. [/i]
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\alrsvcb.sys
C:\WINDOWS\system32\blphccl2j0e561.scr
C:\WINDOWS\system32\Drivers\ati1orxx.sys
C:\WINDOWS\system32\drivers\ed2ec25a.sys
C:\WINDOWS\system32\lphccl2j0e561.exe
C:\WINDOWS\system32\ulhzme.dll
C:\WINDOWS\system32\ulhzme32.dll
C:\WINDOWS\Temp\BN2.tmp
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ICF
-------\Service_ICF
-------\Service_restore
-------\Legacy_ati1orxx
-------\Service_ati1orxx
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-24 au 2008-10-24 ))))))))))))))))))))))))))))))))))))
.
2008-10-23 23:00 . 2008-10-23 22:58 20,590,965 --a------ C:\WINDOWS\LPT$VPN.613
2008-10-23 22:59 . 2008-10-23 22:59 <REP> d-------- C:\WINDOWS\AU_Temp
2008-10-23 22:58 . 2008-10-23 22:58 20,590,965 --a------ C:\WINDOWS\VPTNFILE.613
2008-10-23 19:44 . 2008-10-23 19:44 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-10-23 17:13 . 2008-10-23 22:55 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-10-23 15:32 . 2008-10-23 15:56 <REP> d-------- C:\Program Files\UsbFix
2008-10-22 18:20 . 2008-10-23 23:00 <REP> d-------- C:\WINDOWS\report
2008-10-22 18:19 . 2008-10-23 22:58 <REP> d-------- C:\WINDOWS\AU_Backup
2008-10-22 18:19 . 2008-10-22 18:19 1,968,443 --a------ C:\WINDOWS\tsc.ptn
2008-10-22 18:19 . 2008-10-23 22:59 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-10-22 18:19 . 2008-10-22 18:19 357,445 --a------ C:\WINDOWS\TSC.exe
2008-10-22 18:19 . 2008-10-23 22:59 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-10-22 18:19 . 2008-10-22 18:19 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-10-22 18:19 . 2008-10-23 23:02 823 --a------ C:\WINDOWS\tsc.ini
2008-10-22 18:16 . 2008-10-22 18:16 <REP> d-------- C:\WINDOWS\AU_Log
2008-10-22 18:16 . 2008-10-23 22:59 170 --a------ C:\WINDOWS\GetServer.ini
2008-10-22 18:15 . 2008-10-22 18:15 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-10-22 18:15 . 2008-10-22 18:15 294,912 --a------ C:\WINDOWS\PATCH.EXE
2008-10-22 18:15 . 2008-10-22 18:15 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-10-22 18:07 . 2008-10-22 18:08 <REP> d-------- C:\Kaspersky
2008-10-22 18:06 . 2008-10-22 18:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-22 15:08 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-22 15:07 . 2008-10-22 15:07 <REP> d-------- C:\Program Files\Panda Security
2008-10-22 14:58 . 2008-10-24 11:03 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-10-22 13:20 . 2008-10-22 13:20 18 --a------ C:\WINDOWS\system32\10.tmp
2008-10-22 12:06 . 2008-10-22 12:06 <REP> d-------- C:\Documents and Settings\BOUFFARD\Application Data\Malwarebytes
2008-10-22 12:05 . 2008-10-22 12:06 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 12:05 . 2008-10-22 12:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 12:05 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 12:05 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 11:38 . 2008-10-22 11:38 10,240 --a------ C:\WINDOWS\system32\ppgdfoss.exe
2008-10-22 11:24 . 2008-10-22 11:24 7,478,208 --a------ C:\windows-kb890830-v2.3.exe
2008-10-22 10:36 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-10-22 10:18 . 2008-10-22 10:18 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-10-22 09:41 . 2008-10-22 21:58 3,894 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-22 09:25 . 2008-10-10 08:58 93,696 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-22 09:25 . 2008-10-10 08:58 93,696 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-22 09:24 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-22 09:24 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-22 09:24 . 2008-09-08 23:38 99,328 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-22 09:24 . 2008-10-01 15:51 98,304 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-22 09:24 . 2008-05-18 21:40 93,696 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-22 09:24 . 2008-08-18 12:19 93,184 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-22 09:24 . 2003-06-05 21:13 61,440 --a------ C:\WINDOWS\system32\Process.exe
2008-10-22 09:24 . 2004-07-31 18:50 59,392 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-22 09:24 . 2007-10-04 00:36 37,376 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-21 19:06 . 2008-10-21 19:06 4,154 --a------ C:\WINDOWS\system32\2E.tmp
2008-10-21 19:06 . 2008-10-21 19:06 48 --a------ C:\WINDOWS\system32\2D.tmp
2008-10-21 17:59 . 2008-10-21 17:59 <REP> d-------- C:\fixwareout
2008-10-21 17:38 . 2008-10-21 17:38 145 --a------ C:\WINDOWS\system32\winver.bat
2008-10-21 17:37 . 2008-10-21 17:37 20,480 --ahs---- C:\WINDOWS\system32\1031u.dll
2008-10-21 17:37 . 2008-10-21 17:37 17,408 --ahs---- C:\WINDOWS\system32\6to4svcs.dll
2008-10-21 17:37 . 2008-10-21 17:37 8,988 --ahs---- C:\WINDOWS\system32\adptife.sys
2008-10-21 17:36 . 2008-10-21 17:37 314 --a-s---- C:\WINDOWS\system32\1140206528.dat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 14:44 --------- d-----w C:\Program Files\eMule
2008-10-20 08:58 --------- d-----w C:\Documents and Settings\BOUFFARD\Application Data\Canon
2008-09-13 08:55 --------- d-----w C:\Documents and Settings\BOUFFARD\Application Data\Azureus
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-07-15 16:06 47,360 ----a-w C:\Documents and Settings\BOUFFARD\Application Data\pcouffin.sys
2007-02-19 18:10 36,392 ----a-w C:\Documents and Settings\BOUFFARD\Application Data\GDIPFONTCACHEV1.DAT
2003-03-17 18:27 307,904 ----a-w C:\WINDOWS\inf\wg311nd5.sys
.
------- Sigcheck -------
2004-08-19 16:10 22528 5bfe571b27b4472f80329745017edc7a C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-14 04:34 22528 086d225e900bc2b86a7bd8d2bbb6e5f2 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\svchost.exe
2008-10-24 08:56 22528 486adb741b37cf4b51db10ab73873293 C:\WINDOWS\system32\svchost.exe
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-05 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\drivers\tcpip.sys
2007-06-13 15:22 1045504 947918d81781e74aaff3e42cc9ef48b6 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1045504 5885bdfd1e8f6fe45176ba86272ce11d C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 16:09 1044480 1508402ca7d59b9ad0dade2bab0ad469 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-19 16:09 1044480 bab5d042688c9bc98ced2b887545ffa4 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 04:34 1046016 8fc5d27758b0be7c07fca1d462a67807 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\explorer.exe
2007-06-13 15:22 1045504 d01d389608d9c88ba9515434ccfcc04d C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-19 16:09 21504 51cd161aca59a5dda53418c4bc3ce79e C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-14 04:34 21504 6ac7b3d55d242037e9462b5dfeeac674 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\lsass.exe
2004-08-19 16:09 21504 78762fde010c0777d8c13993610df7ea C:\WINDOWS\system32\lsass.exe
2004-08-19 16:09 23552 529c194e494f824af6e85121ed1a8c05 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 04:33 23552 6c575c6b887bf059dc1ec1ddf727474d C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ctfmon.exe
2004-08-19 16:09 23552 ddf9eaa86762657d0b3303b4a82ee138 C:\WINDOWS\system32\ctfmon.exe
2005-06-11 02:17 66048 a025c964fe3456f9bb170ec5cb52c563 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-19 16:10 66048 735a6a334e46d142ed48e694f3f09ace C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-19 16:10 66048 c4124e22a405238fafa11f3e188674ea C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-14 04:34 66048 90911df39dc7302270be249666b7bd8c C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\spoolsv.exe
2005-06-11 01:53 66048 f755e60940c6969e17c98e55dacfdb52 C:\WINDOWS\system32\spoolsv.exe
2004-08-19 16:10 33280 39061be0939706d2d2757dc34cb74a6d C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-14 04:34 34816 b72f12f4f226af68bc2ec26351b301d2 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\userinit.exe
2004-08-19 16:10 33280 e99c65de896d40c054d24d8fb6c5c6c6 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-23_19.33.40.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-23 17:24:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-24 09:02:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-10-23 17:24:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-10-24 09:02:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-10-23 17:24:02 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-24 09:02:16 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 23552]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Mozilla Quick Launch"="C:\Program Files\Netscape\Netscape\Netscp.exe" [2003-06-24 568096]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 106496]
"AS00_Netgear"="C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe" [2003-05-16 397312]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 196608]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 73728]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-08-01 692224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-23 290816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2005-11-17 909377]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-19 185632]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-06-28 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 23552]
C:\Documents and Settings\BOUFFARD\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-21 121856]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-21 121856]
Corel DAD 8 (gestionnaire des applications du bureau).LNK - D:\Corel\Suite8\Programs\DAD8.EXE [2006-06-21 210944]
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2006-06-21 139776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"aux"= ctwdm32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\BitLord\\BitLord.exe"=
"C:1\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:@xpsp2res.dll,-22004
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 16194]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792]
R3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311nd5.sys [2003-03-17 307904]
S1 ed2ec25a;ed2ec25a;C:\WINDOWS\system32\drivers\ed2ec25a.sys [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-lphccl2j0e561 - C:\WINDOWS\system32\lphccl2j0e561.exe
SafeBoot-ati1orxx.sys
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 11:05:04
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2008-10-24 11:13:51 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-24 09:13:01
ComboFix2.txt 2008-10-23 17:34:38
Avant-CF: 11 162 222 592 octets libres
Après-CF: 11,226,771,456 octets libres
253 --- E O F --- 2008-10-15 22:46:19
ComboFix 08-10-23.01 - BOUFFARD 2008-10-24 10:53:01.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.505 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\BOUFFARD\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\BOUFFARD\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
FILE ::
C:\WINDOWS\system32\alrsvcb.sys
C:\WINDOWS\system32\blphccl2j0e561.scr 11
C:\WINDOWS\system32\Drivers\ati1orxx.sys
C:\WINDOWS\system32\drivers\ed2ec25a.sys
C:\WINDOWS\system32\lphccl2j0e561.exe
C:\WINDOWS\system32\phccl2j0e561.bmp
C:\WINDOWS\system32\svchost.exe:ext.exe
C:\WINDOWS\Temp\BN2.tmp
C:\WINDOWS\Temp\dna4.tmp
.
[i] ADS - svchost.exe: deleted 36864 bytes in 1 streams. [/i]
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\alrsvcb.sys
C:\WINDOWS\system32\blphccl2j0e561.scr
C:\WINDOWS\system32\Drivers\ati1orxx.sys
C:\WINDOWS\system32\drivers\ed2ec25a.sys
C:\WINDOWS\system32\lphccl2j0e561.exe
C:\WINDOWS\system32\ulhzme.dll
C:\WINDOWS\system32\ulhzme32.dll
C:\WINDOWS\Temp\BN2.tmp
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ICF
-------\Service_ICF
-------\Service_restore
-------\Legacy_ati1orxx
-------\Service_ati1orxx
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-24 au 2008-10-24 ))))))))))))))))))))))))))))))))))))
.
2008-10-23 23:00 . 2008-10-23 22:58 20,590,965 --a------ C:\WINDOWS\LPT$VPN.613
2008-10-23 22:59 . 2008-10-23 22:59 <REP> d-------- C:\WINDOWS\AU_Temp
2008-10-23 22:58 . 2008-10-23 22:58 20,590,965 --a------ C:\WINDOWS\VPTNFILE.613
2008-10-23 19:44 . 2008-10-23 19:44 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-10-23 17:13 . 2008-10-23 22:55 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-10-23 15:32 . 2008-10-23 15:56 <REP> d-------- C:\Program Files\UsbFix
2008-10-22 18:20 . 2008-10-23 23:00 <REP> d-------- C:\WINDOWS\report
2008-10-22 18:19 . 2008-10-23 22:58 <REP> d-------- C:\WINDOWS\AU_Backup
2008-10-22 18:19 . 2008-10-22 18:19 1,968,443 --a------ C:\WINDOWS\tsc.ptn
2008-10-22 18:19 . 2008-10-23 22:59 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-10-22 18:19 . 2008-10-22 18:19 357,445 --a------ C:\WINDOWS\TSC.exe
2008-10-22 18:19 . 2008-10-23 22:59 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-10-22 18:19 . 2008-10-22 18:19 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-10-22 18:19 . 2008-10-23 23:02 823 --a------ C:\WINDOWS\tsc.ini
2008-10-22 18:16 . 2008-10-22 18:16 <REP> d-------- C:\WINDOWS\AU_Log
2008-10-22 18:16 . 2008-10-23 22:59 170 --a------ C:\WINDOWS\GetServer.ini
2008-10-22 18:15 . 2008-10-22 18:15 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-10-22 18:15 . 2008-10-22 18:15 294,912 --a------ C:\WINDOWS\PATCH.EXE
2008-10-22 18:15 . 2008-10-22 18:15 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-10-22 18:07 . 2008-10-22 18:08 <REP> d-------- C:\Kaspersky
2008-10-22 18:06 . 2008-10-22 18:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-22 15:08 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-22 15:07 . 2008-10-22 15:07 <REP> d-------- C:\Program Files\Panda Security
2008-10-22 14:58 . 2008-10-24 11:03 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-10-22 13:20 . 2008-10-22 13:20 18 --a------ C:\WINDOWS\system32\10.tmp
2008-10-22 12:06 . 2008-10-22 12:06 <REP> d-------- C:\Documents and Settings\BOUFFARD\Application Data\Malwarebytes
2008-10-22 12:05 . 2008-10-22 12:06 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 12:05 . 2008-10-22 12:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 12:05 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 12:05 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 11:38 . 2008-10-22 11:38 10,240 --a------ C:\WINDOWS\system32\ppgdfoss.exe
2008-10-22 11:24 . 2008-10-22 11:24 7,478,208 --a------ C:\windows-kb890830-v2.3.exe
2008-10-22 10:36 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-10-22 10:18 . 2008-10-22 10:18 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-10-22 09:41 . 2008-10-22 21:58 3,894 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-22 09:25 . 2008-10-10 08:58 93,696 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-22 09:25 . 2008-10-10 08:58 93,696 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-22 09:24 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-22 09:24 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-22 09:24 . 2008-09-08 23:38 99,328 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-22 09:24 . 2008-10-01 15:51 98,304 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-22 09:24 . 2008-05-18 21:40 93,696 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-22 09:24 . 2008-08-18 12:19 93,184 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-22 09:24 . 2003-06-05 21:13 61,440 --a------ C:\WINDOWS\system32\Process.exe
2008-10-22 09:24 . 2004-07-31 18:50 59,392 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-22 09:24 . 2007-10-04 00:36 37,376 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-21 19:06 . 2008-10-21 19:06 4,154 --a------ C:\WINDOWS\system32\2E.tmp
2008-10-21 19:06 . 2008-10-21 19:06 48 --a------ C:\WINDOWS\system32\2D.tmp
2008-10-21 17:59 . 2008-10-21 17:59 <REP> d-------- C:\fixwareout
2008-10-21 17:38 . 2008-10-21 17:38 145 --a------ C:\WINDOWS\system32\winver.bat
2008-10-21 17:37 . 2008-10-21 17:37 20,480 --ahs---- C:\WINDOWS\system32\1031u.dll
2008-10-21 17:37 . 2008-10-21 17:37 17,408 --ahs---- C:\WINDOWS\system32\6to4svcs.dll
2008-10-21 17:37 . 2008-10-21 17:37 8,988 --ahs---- C:\WINDOWS\system32\adptife.sys
2008-10-21 17:36 . 2008-10-21 17:37 314 --a-s---- C:\WINDOWS\system32\1140206528.dat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 14:44 --------- d-----w C:\Program Files\eMule
2008-10-20 08:58 --------- d-----w C:\Documents and Settings\BOUFFARD\Application Data\Canon
2008-09-13 08:55 --------- d-----w C:\Documents and Settings\BOUFFARD\Application Data\Azureus
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-07-15 16:06 47,360 ----a-w C:\Documents and Settings\BOUFFARD\Application Data\pcouffin.sys
2007-02-19 18:10 36,392 ----a-w C:\Documents and Settings\BOUFFARD\Application Data\GDIPFONTCACHEV1.DAT
2003-03-17 18:27 307,904 ----a-w C:\WINDOWS\inf\wg311nd5.sys
.
------- Sigcheck -------
2004-08-19 16:10 22528 5bfe571b27b4472f80329745017edc7a C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-14 04:34 22528 086d225e900bc2b86a7bd8d2bbb6e5f2 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\svchost.exe
2008-10-24 08:56 22528 486adb741b37cf4b51db10ab73873293 C:\WINDOWS\system32\svchost.exe
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-05 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\drivers\tcpip.sys
2007-06-13 15:22 1045504 947918d81781e74aaff3e42cc9ef48b6 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1045504 5885bdfd1e8f6fe45176ba86272ce11d C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 16:09 1044480 1508402ca7d59b9ad0dade2bab0ad469 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-19 16:09 1044480 bab5d042688c9bc98ced2b887545ffa4 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 04:34 1046016 8fc5d27758b0be7c07fca1d462a67807 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\explorer.exe
2007-06-13 15:22 1045504 d01d389608d9c88ba9515434ccfcc04d C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-19 16:09 21504 51cd161aca59a5dda53418c4bc3ce79e C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-14 04:34 21504 6ac7b3d55d242037e9462b5dfeeac674 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\lsass.exe
2004-08-19 16:09 21504 78762fde010c0777d8c13993610df7ea C:\WINDOWS\system32\lsass.exe
2004-08-19 16:09 23552 529c194e494f824af6e85121ed1a8c05 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 04:33 23552 6c575c6b887bf059dc1ec1ddf727474d C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ctfmon.exe
2004-08-19 16:09 23552 ddf9eaa86762657d0b3303b4a82ee138 C:\WINDOWS\system32\ctfmon.exe
2005-06-11 02:17 66048 a025c964fe3456f9bb170ec5cb52c563 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-19 16:10 66048 735a6a334e46d142ed48e694f3f09ace C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-19 16:10 66048 c4124e22a405238fafa11f3e188674ea C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-14 04:34 66048 90911df39dc7302270be249666b7bd8c C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\spoolsv.exe
2005-06-11 01:53 66048 f755e60940c6969e17c98e55dacfdb52 C:\WINDOWS\system32\spoolsv.exe
2004-08-19 16:10 33280 39061be0939706d2d2757dc34cb74a6d C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-14 04:34 34816 b72f12f4f226af68bc2ec26351b301d2 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\userinit.exe
2004-08-19 16:10 33280 e99c65de896d40c054d24d8fb6c5c6c6 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-23_19.33.40.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-23 17:24:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-24 09:02:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-10-23 17:24:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-10-24 09:02:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-10-23 17:24:02 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-24 09:02:16 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 23552]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Mozilla Quick Launch"="C:\Program Files\Netscape\Netscape\Netscp.exe" [2003-06-24 568096]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 106496]
"AS00_Netgear"="C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe" [2003-05-16 397312]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 196608]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 73728]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-08-01 692224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-23 290816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2005-11-17 909377]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-19 185632]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-06-28 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 23552]
C:\Documents and Settings\BOUFFARD\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-21 121856]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-21 121856]
Corel DAD 8 (gestionnaire des applications du bureau).LNK - D:\Corel\Suite8\Programs\DAD8.EXE [2006-06-21 210944]
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2006-06-21 139776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"aux"= ctwdm32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\BitLord\\BitLord.exe"=
"C:1\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:@xpsp2res.dll,-22004
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 16194]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792]
R3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311nd5.sys [2003-03-17 307904]
S1 ed2ec25a;ed2ec25a;C:\WINDOWS\system32\drivers\ed2ec25a.sys [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-lphccl2j0e561 - C:\WINDOWS\system32\lphccl2j0e561.exe
SafeBoot-ati1orxx.sys
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 11:05:04
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2008-10-24 11:13:51 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-24 09:13:01
ComboFix2.txt 2008-10-23 17:34:38
Avant-CF: 11 162 222 592 octets libres
Après-CF: 11,226,771,456 octets libres
253 --- E O F --- 2008-10-15 22:46:19
voici le rapport HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:02, on 24/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\PROGRAM FILES\FICHIERS COMMUNS\BITDEFENDER\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Corel\Suite8\Programs\DAD8.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\BOUFFARD\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.fr"); (C:\Documents and Settings\BOUFFARD\Application Data\Mozilla\Profiles\default\eveo6f4b.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\BOUFFARD\Application Data\Mozilla\Profiles\default\eveo6f4b.slt\prefs.js)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel DAD 8 (gestionnaire des applications du bureau).LNK = D:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2bc66f54-93a8-11d3-beb6-00105aa9b6ae} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:02, on 24/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\PROGRAM FILES\FICHIERS COMMUNS\BITDEFENDER\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Corel\Suite8\Programs\DAD8.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\BOUFFARD\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.fr"); (C:\Documents and Settings\BOUFFARD\Application Data\Mozilla\Profiles\default\eveo6f4b.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\BOUFFARD\Application Data\Mozilla\Profiles\default\eveo6f4b.slt\prefs.js)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel DAD 8 (gestionnaire des applications du bureau).LNK = D:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2bc66f54-93a8-11d3-beb6-00105aa9b6ae} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
pour le fichier que tu me demandes d'analyser, VirusTotal me renvoie encore le message: 0 bytes size received / Se ha recibido un archivo vacio
mon bitdefender est une version triall expirée et que je n'ai de toute façon jamais réussi à faire fonctionner. le problème étant que je ne suis jamais parvenu à le désinstaller
je vais rééssayer
je tente un scan trend micro que je te poste à la place?
je pense que j'ai encore des soucis car le scan en temp réel de trend trouve des fichiers infectés par Possible_virut-3
je vais rééssayer
je tente un scan trend micro que je te poste à la place?
je pense que j'ai encore des soucis car le scan en temp réel de trend trouve des fichiers infectés par Possible_virut-3
dsl je ne répond que maintenant j'ai l'impression que j'ai de plus en plus de problème. mon ordinateur ne veut pas démarrer normalement. là je suis en mode sans échec avec prise en charge réseau. lorsque j'essaye de le démarrer normalement il affiche au démarrage une fenetre bleue me disant que le systeme a été arêté par précaution avec tout un texte. y'a aussi notamment marqué DRIVER_IRQL_NOT_LESS_OR_EQUAL.
sinon avant cela j'avais essayé de desinstaller bitdefender avec un uninstaller trouvé sur le net et mon ordi avait redémarré automatiquement. je crois que c à partir de ce moment que ça a commencé à déconné
aussi, j'avais pu faire un scan avec trend micro, mais je n'arrive pas à accéder au journal des evenement pour te le poster, sans doute car je suis en mode sans échec (??)
sinon avant cela j'avais essayé de desinstaller bitdefender avec un uninstaller trouvé sur le net et mon ordi avait redémarré automatiquement. je crois que c à partir de ce moment que ça a commencé à déconné
aussi, j'avais pu faire un scan avec trend micro, mais je n'arrive pas à accéder au journal des evenement pour te le poster, sans doute car je suis en mode sans échec (??)
j'ai trouvé cette page: http://www.commentcamarche.net/faq/sujet 954 windows irql not less or equal ecran bleu
dois-je applique la procédure?:
Pour contourner ce problème, procéder comme suit :
1. Cliquer sur Démarrer, sur Panneau de configuration, puis double-cliquer sur Affichage.
2. Sous l'onglet Paramètres, cliquer sur Avancés, puis sur l'onglet Dépannage.
3. Déplacer le curseur Accélération matérielle sur Aucune, puis désactiver la case à cocher Activer la combinaison d'écriture.
4. Cliquez sur OK à deux reprises.
??
dois-je applique la procédure?:
Pour contourner ce problème, procéder comme suit :
1. Cliquer sur Démarrer, sur Panneau de configuration, puis double-cliquer sur Affichage.
2. Sous l'onglet Paramètres, cliquer sur Avancés, puis sur l'onglet Dépannage.
3. Déplacer le curseur Accélération matérielle sur Aucune, puis désactiver la case à cocher Activer la combinaison d'écriture.
4. Cliquez sur OK à deux reprises.
??