Aller au contenu

jm26

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    86

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par jm26

  1. jm26
    et voilà, le rapport OTM après redemarrage: All processes killed Error: Unable to interpret <Go> in the current context! ========== FILES ========== File/Folder C:\Documents and Settings\JM.JMD\Menu Démarrer\Programmes\Démarrage\syspck32.exe not found. ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: JM ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: JM.JMD ->Temp folder emptied: 3163902 bytes ->Temporary Internet Files folder emptied: 28837929 bytes ->Java cache emptied: 2025 bytes ->FireFox cache emptied: 18116503 bytes ->Flash cache emptied: 2675 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32835 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32835 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 664 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 455680 bytes Total Files Cleaned = 48,00 mb OTM by OldTimer - Version 3.1.10.1 log created on 03232010_173823 Files moved on Reboot... File C:\Documents and Settings\JM.JMD\Local Settings\Temp\fla4C.tmp not found! File C:\Documents and Settings\JM.JMD\Local Settings\Temp\fla6A.tmp not found! File C:\Documents and Settings\JM.JMD\Local Settings\Temp\~DF1755.tmp not found! File C:\Documents and Settings\JM.JMD\Local Settings\Temp\~DFB69C.tmp not found! File C:\Documents and Settings\JM.JMD\Local Settings\Temp\~DFD1A6.tmp not found! C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\ZMTV8VUB\ban_728x90[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\ZMTV8VUB\hp[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\ZMTV8VUB\povh[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\ZMTV8VUB\st[1] moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\ZMTV8VUB\st[2] moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\ZMTV8VUB\st[3] moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\SS4RLVSV\iframe[4].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\SS4RLVSV\imgCA9DS59O.htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\SS4RLVSV\st[1] moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\SS4RLVSV\st[2] moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\SS4RLVSV\st[3] moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\SS4RLVSV\st[4] moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\ND5HAA97\adsCAI7J1B2.htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\ND5HAA97\iframe[4].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\ND5HAA97\iframe[5].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\ND5HAA97\st[1] moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\ND5HAA97\st[2] moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\ND5HAA97\st[3] moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\ND5HAA97\st[4] moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\ND5HAA97\st[5] moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\KSUP2XEX\md[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\KSUP2XEX\st[1] moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\KSUP2XEX\welcome[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\DEH7PLGM\rectangle_300x250[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\741WOOFJ\iframe[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\3HLUBZYB\ads[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\3HLUBZYB\hp[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\3HLUBZYB\iframe[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\3HLUBZYB\iframe[2].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\3HLUBZYB\iframe[3].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\3HLUBZYB\imgCAW9G4YO.htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\3HLUBZYB\img[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\3HLUBZYB\st[1] moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\3HLUBZYB\st[2] moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\17RYJ7R8\ban_728x90[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\17RYJ7R8\iframe[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\17RYJ7R8\iframe[2].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\17RYJ7R8\iframe[3].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\17RYJ7R8\iframe[4].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\17RYJ7R8\iframe[5].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\17RYJ7R8\img[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\17RYJ7R8\md[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\17RYJ7R8\povh[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\17RYJ7R8\rectangle_300x250[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\17RYJ7R8\Woodland-and-Warrior__W0QQ_armrsZ1[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File C:\WINDOWS\temp\tmp000026c4\tmp00000000 not found! Registry entries deleted on Reboot...
  2. jm26
    pardon: la suite du raaport toolcleaner (après suppression) ! Restauration annulée ! --------------------------------- --> Suppression: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé ! C:\Documents and Settings\JM.JMD\Bureau\HijackThis.lnk: supprimé ! C:\Documents and Settings\JM.JMD\Bureau\OTM.exe: supprimé ! C:\Documents and Settings\JM.JMD\Mes documents\TELECHARGEMENTS\contre xp security tool\OTM.exe: supprimé ! C:\Documents and Settings\JM.JMD\Mes documents\TELECHARGEMENTS\contre xp security tool\HijackThis.exe: supprimé ! C:\HJT\HJTInstall.exe: supprimé ! C:\Program Files\trend micro\HijackThis.exe: supprimé ! C:\Program Files\trend micro\HijackThis\HijackThis.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\Documents and Settings\JM.JMD\Bureau\Rsit.exe: supprimé ! C:\Documents and Settings\JM.JMD\Mes documents\TELECHARGEMENTS\contre xp security tool\Rsit.exe: supprimé ! C:\Program Files\trend micro\hijackthis.log: supprimé ! C:\Program Files\trend micro\HijackThis\hijackthis.log: supprimé ! C:\_OTM: supprimé ! C:\Rsit: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé ! C:\Program Files\trend micro\HijackThis: supprimé !
  3. jm26
    Alors, voilà la suite... J'ai fait (dans l'ordre) ATF Cleaner, desactivation et reactivation systeme, Tools cleaner dont voici le rapport: [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\Combofix.txt: trouvé ! C:\_OTM: trouvé ! C:\Rsit: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\JM.JMD\Bureau\HijackThis.lnk: trouvé ! C:\Documents and Settings\JM.JMD\Bureau\OTM.exe: trouvé ! C:\Documents and Settings\JM.JMD\Bureau\Rsit.exe: trouvé ! C:\Documents and Settings\JM.JMD\Mes documents\TELECHARGEMENTS\contre xp security tool\OTM.exe: trouvé ! C:\Documents and Settings\JM.JMD\Mes documents\TELECHARGEMENTS\contre xp security tool\HijackThis.exe: trouvé ! C:\Documents and Settings\JM.JMD\Mes documents\TELECHARGEMENTS\contre xp security tool\Rsit.exe: trouvé ! C:\HJT\HJTInstall.exe: trouvé ! C:\Program Files\trend micro\HijackThis.exe: trouvé ! C:\Program Files\trend micro\hijackthis.log: trouvé ! C:\Program Files\trend micro\HijackThis: trouvé ! C:\Program Files\trend micro\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\trend micro\HijackThis\hijackthis.log: trouvé ! je passe à OTM... A+
  4. jm26
    oublie le post precedent !! Voilà le rapport MBAM (je l'ai trouvé !): Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3902 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23/03/2010 14:53:59 mbam-log-2010-03-23 (14-53-59).txt Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|) Eléments examinés: 355247 Temps écoulé: 1 hour(s), 55 minute(s), 37 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe" /START "firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe" /START "iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe" /START "firefox.exe -safe-mode") Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\_OTM\MovedFiles\03212010_092901\c_windows\system32\wuaucldt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\JM.JMD\Menu Démarrer\Programmes\Démarrage\syspck32.exe (Trojan.Downloader) -> Delete on reboot.
  5. jm26
    Bon, MBAM a terminé son analyse. Il m'a demandé de redemarrer, ce que j'ai fait. et je pensais que le rapport d'analyse allait reapparaitre... mais en fait, non. Donc, je peux pas faire le copier/coller (a moins que le rapport soit présent qqpart...?) sur le forum ! (sorry, sorry, le gros boulet !) Je sais qu'il a détecté encore des elements infectés. Bitdefender a d'ailleurs supprimé "Trojan-dropper.kobcka.FV" qui se trouvait dans: _OTM\MovedFiles\03212010\c_windows\system32\wuaucldt.exe A la fin de l'analyse de MBAM, j'avais également noté sur papier ce message "Impossible de supprimer certains elements. Tous les elements qui n'ont pas pu être supprimés ont été ajoutés à la liste des "suppressions de redémarrage". j'ai été voir dans le dossier C:\Documents and Settings\JM.JMD\Menu Démarrer\Programmes\Démarrage ou j'aurais du trouver un syspck32.exe (j'avais noté ça aussi !) mais le dossier demarrage en question est vide. Alors, soit je peux retrouver le rapport de MBAM quelque part et je te le copie/colle... Soit je recommence l'analyse sans oublier cette fois de poster le rapport avant de rallumer l'ordi ? Vraiment désolé !! A+
  6. jm26
    oups, j'avais pas vu ton dernier message ! T'inquiète, vaque tranquillement à tes occupations, c'est normal !! Là, le gros est fait , le pc semble fonctioner tout à fait normalement ! A+
  7. jm26
    combofix bien désinstallé. : J'ai lancé nouvelle analyse complète MBAM comme tu me l'as conseillé ds ton avant dernier post. Ca risque de prendre du temps: 3h17 la dernière fois... A+
  8. jm26
    J'ai fait ça: Désinstalle ComboFix de la manière suivante: Clique sur Démarrer > Exécuter et copie/colle le texte en gras ci-dessous dans la zone de saisie Ouvrir puis cliquer sur OK ComboFix /Uninstall et j'ai la même fenêter que tout à l'heure qui s'est affichée: "attention, combofix a détecté que bitdefender et MacAffee étaient actifs. veuillez les desactiver avant de cliquer sur OK" ??? Combofix s'est relancée ou c'est normal que cette fenetre s'affiche ? je précise que je n'ai bien sûr pas encore cliquer sur OK...
  9. jm26
    j'ai fais le fix checked avec les éléments que tu m'as désignés. Toutes les vérifs de sécurité sont faites ainsi que les mises à jour. le firewall gratos que tu proposes ne risque pas de rentrer en conflit aavec Bitdefender ? Sinon, voici le nouveau log hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:07:57, on 23/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\trend micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=1070113 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=fr R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: syspck32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/frame...geUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171977923831 O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} (Snapfish Activia2) - http://www3.snapfish.fr/SnapfishActivia2.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFna...acComposant.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: BitDefender Serveur Arrakis (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1c9e7b46125121e) (gupdate1c9e7b46125121e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing) O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing) O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- End of file - 12016 bytes
  10. jm26
    rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:26:05, on 23/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\WINDOWS\stsystra.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=1070113 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=fr R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: syspck32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/frame...geUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171977923831 O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} (Snapfish Activia2) - http://www3.snapfish.fr/SnapfishActivia2.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFna...acComposant.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: BitDefender Serveur Arrakis (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1c9e7b46125121e) (gupdate1c9e7b46125121e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing) O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing) O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- End of file - 12665 bytes
  11. jm26
    Ouf ! Merci Apollo ! De toute façon, je n'aurais pas lancé Combofix seul ! Je ne suis pas du tout kamikaze en informatique ! Non, Bitdefender, je viens de l'acheter ! Y'a pas 15 jours !! Efficace, hein !!? Je lance Hijackthis. A+
  12. jm26
    Les fenetres XP security Tool ont toutes disparu !! Yeaah !! le rapport combofix (maintenant, j'ai reactivé mon antivirus) ComboFix 10-03-22.03 - JM 23/03/2010 10:39:28.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1540 [GMT 1:00] Lancé depuis: c:\documents and settings\JM.JMD\Bureau\panpan.exe AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: BitDefender Pare-feu *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\JM.JMD\Local Settings\Application Data\ave.exe c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd c:\program files\INSTALL.LOG c:\windows\AUTOLNCH.REG c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd F:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-23 au 2010-03-23 )))))))))))))))))))))))))))))))))))) . 2010-03-22 15:54 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-03-21 15:07 . 2010-03-21 15:07 -------- d-----w- C:\HJT 2010-03-21 13:37 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2010-03-21 13:37 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys 2010-03-21 10:13 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-21 10:13 . 2010-03-21 10:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-21 10:13 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-21 10:06 . 2010-03-21 10:06 -------- d-----w- c:\documents and settings\JM.JMD\Application Data\Malwarebytes 2010-03-21 10:05 . 2010-03-21 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-21 08:29 . 2010-03-21 08:29 -------- d-----w- C:\_OTM 2010-03-21 07:56 . 2010-03-23 08:18 -------- d-----w- c:\program files\trend micro 2010-03-21 07:56 . 2010-03-21 07:56 -------- d-----w- C:\rsit 2010-03-20 18:20 . 2010-03-20 18:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2010-03-20 18:20 . 2010-03-20 18:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache 2010-03-18 22:03 . 2010-03-18 22:03 4 ----a-w- c:\windows\system32\aspdict-en.dat 2010-03-18 22:03 . 2010-03-18 22:03 16 ----a-w- c:\windows\system32\asdict.dat 2010-03-11 06:09 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-03-08 09:09 . 2010-03-08 09:13 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender 2010-03-08 09:09 . 2010-03-08 09:09 -------- d-----w- c:\documents and settings\JM.JMD\Application Data\BitDefender 2010-03-08 08:55 . 2010-03-08 08:57 -------- d-----w- c:\windows\SxsCaPendDel 2010-03-01 14:19 . 2010-03-01 14:19 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-21 16:14 . 2007-01-13 19:52 -------- d-----w- c:\program files\Java 2010-03-21 15:59 . 2010-03-21 15:59 61440 ----a-w- c:\documents and settings\JM.JMD\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-60861d1e-n\decora-sse.dll 2010-03-21 15:59 . 2010-03-21 15:59 503808 ----a-w- c:\documents and settings\JM.JMD\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54459339-n\msvcp71.dll 2010-03-21 15:59 . 2010-03-21 15:59 499712 ----a-w- c:\documents and settings\JM.JMD\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54459339-n\jmc.dll 2010-03-21 15:59 . 2010-03-21 15:59 348160 ----a-w- c:\documents and settings\JM.JMD\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54459339-n\msvcr71.dll 2010-03-21 15:59 . 2010-03-21 15:59 12800 ----a-w- c:\documents and settings\JM.JMD\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-60861d1e-n\decora-d3d.dll 2010-03-21 15:58 . 2007-01-13 19:52 -------- d-----w- c:\program files\Fichiers communs\Java 2010-03-21 15:48 . 2007-01-18 20:16 -------- d-----w- c:\program files\Fichiers communs\Adobe 2010-03-20 17:53 . 2010-03-20 17:53 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jasltw.dat 2010-03-19 16:49 . 2010-03-19 16:49 8 ----a-w- c:\documents and settings\LocalService\Application Data\jasltw.dat 2010-03-18 12:56 . 2007-02-02 20:51 -------- d-----w- c:\program files\eMule 2010-03-08 09:23 . 2009-12-07 17:49 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys 2010-03-08 09:23 . 2009-12-07 17:46 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys 2010-03-08 09:09 . 2008-03-09 17:21 -------- d-----w- c:\program files\BitDefender 2010-03-08 09:09 . 2008-03-09 17:17 -------- d-----w- c:\program files\Fichiers communs\BitDefender 2010-03-08 08:54 . 2007-01-17 19:15 81984 ----a-w- c:\windows\system32\bdod.bin 2010-03-01 06:36 . 2005-09-01 05:53 587998 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-01 06:36 . 2005-09-01 05:53 111524 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-18 16:24 . 2010-02-12 13:26 -------- d-----w- c:\program files\CDBurnerXP 2010-02-18 16:24 . 2010-02-18 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited 2010-02-17 15:26 . 2007-08-23 05:41 -------- d-----w- c:\documents and settings\JM.JMD\Application Data\dvdcss 2010-02-13 14:51 . 2007-01-13 19:58 -------- d-----w- c:\program files\Corel 2010-02-13 14:51 . 2007-01-13 19:58 -------- d-----w- c:\program files\Fichiers communs\Corel 2010-02-13 14:48 . 2007-01-23 17:10 8348 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-02-13 14:48 . 2007-01-19 14:11 -------- d-----w- c:\documents and settings\JM.JMD\Application Data\Corel 2010-02-13 14:45 . 2007-01-23 17:10 88 --sh--r- c:\windows\system32\424FC76198.sys 2010-02-12 13:26 . 2010-02-12 13:26 -------- d-----w- c:\documents and settings\JM.JMD\Application Data\Canneverbe Limited 2010-01-29 07:22 . 2007-02-19 11:53 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-31 16:50 . 2008-09-21 16:49 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-01-05 09:17 . 2009-01-05 09:17 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2007-06-07 13:25 . 2007-02-20 06:41 88 --sh--r- c:\windows\system32\C5C853F8AD.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 202544] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-08 7630848] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 202544] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624] "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-01-20 1120704] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\JM.JMD\Menu D‚marrer\Programmes\D‚marrage\ syspck32.exe [2008-4-14 29184] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2007-10-11 06:45 31232 ----a-w- c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2005-10-05 03:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-10-09 17:57 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2006-11-17 11:45 18944 ----a-w- c:\dell\E-Center\EULALauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2005-09-29 14:01 67584 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2006-07-06 07:15 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [31/05/2007 13:51 9088] R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [22/09/2009 08:22 83208] R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [31/05/2007 13:51 336896] R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [14/07/2006 02:01 13824] R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [04/09/2009 15:22 98304] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 09:58 20480] R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [14/07/2006 02:02 13696] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [07/12/2009 18:46 153448] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [19/10/2009 16:04 110984] S2 gupdate1c9e7b46125121e;Service Google Update (gupdate1c9e7b46125121e);c:\program files\Google\Update\GoogleUpdate.exe [07/06/2009 22:10 133104] S2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [25/09/1998 09:55 52800] S3 Arrakis3;BitDefender Serveur Arrakis;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19/10/2009 16:06 183880] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/12/2009 12:00 11520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contenu du dossier 'Tâches planifiées' 2010-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42] 2010-03-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-05 21:09] 2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 21:09] 2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 21:09] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://desktop.google.com/uninstall-feedback.html?hl=fr uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - hxxp://www3.snapfish.fr/SnapfishActivia2.cab DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} - hxxp://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab FF - ProfilePath - c:\documents and settings\JM.JMD\Application Data\Mozilla\Firefox\Profiles\jtfqp52a.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-23 10:48 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(1936) c:\windows\system32\msls31.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe c:\windows\system32\CTsvcCDA.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\ehome\mcrdsvc.exe c:\windows\stsystra.exe c:\windows\system32\dllhost.exe . ************************************************************************** . Heure de fin: 2010-03-23 10:54:42 - La machine a redémarré ComboFix-quarantined-files.txt 2010-03-23 09:54 Avant-CF: 135 003 975 680 octets libres Après-CF: 134 874 791 936 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect - - End Of File - - 6360FC86A04610EF2406E6E0BD932D22
  13. jm26
    D'ac !
  14. jm26
    Je reponds depuis mon 2eme ordi de secours... J'ai lancé combofix (désactivé bien sûr les protections de mon Bitdefender au préalable) mais il me signale que j'ai encore un scann actif en temps reel! McAfee Virus Scan. Il me dit de le désactiver avant de poursuivre puis d'appuyer sur OK. Or, impossible de localiser Mc Affee sur mon ordi (je savais même pas que je l'avais. Il devait être installé à l'origine). IL n'est pas dans "programmes" et pas non plus ds "Ajouter ou supprimer des programmes"...
  15. jm26
    OK, sorry ! j'avais mal compris ! Je pensais qu'il fallait reprendre la procédure de dimanche ! j'installe combofix et lance la procédure ! Merci et à + !
  16. jm26
    Sur les conseils d'Apollo, en MP, je reprends les différentes étapes conseillées dimanche. je post les différents rapports au fur et à mesure (si ça peut aider les nombreuses autres victimes de ce virus...) , des fois que l'un des experts du site y détecte un gros probleme ! voici donc le rapport OTM All processes killed Error: Unable to interpret <Go> in the current context! ========== FILES ========== File/Folder c:\windows\system32\wuaucldt.exe not found. File/Folder C:\Log.txt not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: JM ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: JM.JMD ->Temp folder emptied: 2257130 bytes ->Temporary Internet Files folder emptied: 8807702 bytes ->Java cache emptied: 130084 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 1729 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 18444 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 3162721684 bytes Total Files Cleaned = 3 027,00 mb OTM by OldTimer - Version 3.1.10.1 log created on 03232010_092618 Files moved on Reboot... File C:\Documents and Settings\JM.JMD\Local Settings\Temp\fla63.tmp not found! C:\Documents and Settings\JM.JMD\Local Settings\Temp\~DF46B2.tmp moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\J6U27ZW4\iframe[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\J6U27ZW4\infection-xp-security-tool-eh-oui-au-secours-t175005[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\G8X2ZNFR\hp[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\G8X2ZNFR\imgCAPFNJSR.htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\G8X2ZNFR\rectangle_300x250[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\7UCHUYDQ\imgCA3BPTUM.htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\7UCHUYDQ\povh[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\404BZ4N7\ads[8].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\404BZ4N7\ban_728x90[1].htm moved successfully. C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot...
  17. jm26
    Bonjour, Me revoilà deux jours après. Malgré tous les efforts d'Apollo de dimanche (mais c'est vrai que je n'ai pas osé lancer combofix seul en soiree) XP security tool est tjrs sur mon ordi. Les fenetres alarmistes de ce virus sont toujours à l'écran. Quelqu'un peut-il venir à mon aide...? J'ai relancé ce matin RSIT... et seul le rapport log s'affiche ! Info.txt est invisible (même dans la barre des taches) ! Voici donc seulement le rapport log: Logfile of random's system information tool 1.06 (written by random/random) Run by JM at 2010-03-23 09:18:28 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 126 GB (42%) free of 300 GB Total RAM: 2046 MB (65% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:18:31, on 23/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\WINDOWS\stsystra.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\JM.JMD\Bureau\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\trend micro\JM.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=1070113 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=fr R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: syspck32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/frame...geUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171977923831 O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} (Snapfish Activia2) - http://www3.snapfish.fr/SnapfishActivia2.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFna...acComposant.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: BitDefender Serveur Arrakis (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1c9e7b46125121e) (gupdate1c9e7b46125121e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing) O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing) O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- End of file - 13510 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\Recherche de virus de McAfee.com - Mon ordinateur (JMD-JM).job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-02-18 321312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-25 251504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-21 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-25 522224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-11-17 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-18 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-18 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-25 251504] {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll [2009-10-20 128832] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-20 282624] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-08 7630848] "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-06-10 81920] "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184] "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940] "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-10-09 202544] "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 172544] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624] "BDAgent"=C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe [2010-01-20 1120704] "BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe [2009-10-19 71152] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] "Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [] "Regedit32"=C:\WINDOWS\system32\regedit.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-10-09 202544] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-15 68856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [2007-10-11 31232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] c:\dell\E-Center\EULALauncher.exe [2006-11-17 18944] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE C:\Documents and Settings\JM.JMD\Menu Démarrer\Programmes\Démarrage syspck32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97626388-e70c-11de-a5e9-0019d12a16fd}] shell\AutoRun\command - "F:\WD SmartWare.exe" autoplay=true [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86c2e91-dafb-11dd-a39f-0019d12a16fd}] shell\AutoRun\command - F:\WDSetup.exe ======List of files/folders created in the last 1 months====== 2010-03-22 16:54:58 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-03-21 16:58:55 ----D---- C:\Documents and Settings\All Users\Application Data\Sun 2010-03-21 16:58:41 ----A---- C:\WINDOWS\system32\javaws.exe 2010-03-21 16:58:41 ----A---- C:\WINDOWS\system32\javaw.exe 2010-03-21 16:58:41 ----A---- C:\WINDOWS\system32\java.exe 2010-03-21 16:07:13 ----D---- C:\HJT 2010-03-21 11:13:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-03-21 11:06:04 ----D---- C:\Documents and Settings\JM.JMD\Application Data\Malwarebytes 2010-03-21 11:05:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-03-21 09:29:01 ----D---- C:\_OTM 2010-03-21 08:56:29 ----D---- C:\rsit 2010-03-21 08:56:29 ----D---- C:\Program Files\trend micro 2010-03-11 11:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-03-08 10:23:38 ----A---- C:\bdlog.txt 2010-03-08 10:09:43 ----D---- C:\Documents and Settings\JM.JMD\Application Data\BitDefender 2010-03-08 10:09:43 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender 2010-03-08 09:55:11 ----D---- C:\WINDOWS\SxsCaPendDel 2010-02-24 12:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$ ======List of files/folders modified in the last 1 months====== 2010-03-23 09:08:20 ----SD---- C:\WINDOWS\Tasks 2010-03-23 09:03:05 ----D---- C:\WINDOWS\Prefetch 2010-03-23 08:38:36 ----D---- C:\WINDOWS\system32 2010-03-23 08:38:35 ----D---- C:\WINDOWS\Temp 2010-03-23 07:08:10 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-23 07:07:56 ----D---- C:\WINDOWS\Registration 2010-03-23 07:06:26 ----D---- C:\WINDOWS 2010-03-22 20:21:59 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-22 20:21:19 ----A---- C:\WINDOWS\bdagent.INI 2010-03-22 16:56:27 ----HD---- C:\WINDOWS\inf 2010-03-21 19:54:29 ----D---- C:\WINDOWS\system32\dllcache 2010-03-21 19:54:24 ----D---- C:\WINDOWS\system32\drivers 2010-03-21 19:49:56 ----RD---- C:\Program Files 2010-03-21 19:45:15 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-03-21 17:14:56 ----D---- C:\Program Files\Java 2010-03-21 17:03:01 ----SHD---- C:\WINDOWS\Installer 2010-03-21 17:03:01 ----D---- C:\Config.Msi 2010-03-21 16:58:53 ----D---- C:\Program Files\Fichiers communs\Java 2010-03-21 16:50:52 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2010-03-21 16:48:53 ----D---- C:\Program Files\Fichiers communs\Adobe 2010-03-21 16:48:24 ----D---- C:\Program Files\Adobe 2010-03-21 15:47:59 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$ 2010-03-20 18:53:15 ----D---- C:\Program Files\Internet Explorer 2010-03-20 14:36:50 ----A---- C:\WINDOWS\hppsapp.INI 2010-03-19 15:44:01 ----SHD---- C:\System Volume Information 2010-03-18 23:02:54 ----D---- C:\Program Files\Mozilla Firefox 2010-03-18 13:56:43 ----D---- C:\Program Files\eMule 2010-03-15 20:18:53 ----A---- C:\WINDOWS\QTW.INI 2010-03-15 16:51:36 ----D---- C:\WINDOWS\Debug 2010-03-11 11:27:51 ----D---- C:\Program Files\Movie Maker 2010-03-11 11:27:26 ----HD---- C:\WINDOWS\$hf_mig$ 2010-03-09 08:03:43 ----D---- C:\WINDOWS\WinSxS 2010-03-08 10:09:43 ----D---- C:\Program Files\Fichiers communs\BitDefender 2010-03-08 10:09:43 ----D---- C:\Program Files\BitDefender 2010-03-02 14:23:00 ----D---- C:\WINDOWS\Minidump 2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe 2010-03-01 15:19:47 ----D---- C:\WINDOWS\system32\config 2010-03-01 15:19:24 ----D---- C:\WINDOWS\system32\wbem 2010-03-01 07:39:27 ----A---- C:\WINDOWS\ModemLog_SAGEM USB-Serial.txt 2010-02-24 12:02:37 ----D---- C:\WINDOWS\ie8updates ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys [] R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628] R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-08-16 80640] R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys [] R2 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2002-05-23 336896] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628] R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752] R2 hnmwrlspkt;HomeNet Manager Wireless Protocol; C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-14 13824] R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096] R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-10-15 11136] R2 wsppkt;Wireless Security Protocol; C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-07-14 13696] R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776] R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2010-03-08 153448] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-10-19 110984] R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys [] R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-08 3958272] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-20 1156648] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S2 HPFECP13;HPFECP13; C:\WINDOWS\System32\drivers\HPFECP13.SYS [1998-09-25 52800] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [] S3 E100B;Pilote de carte Intel ® PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [] S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys [] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys [] S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [] S3 ser2pl;SAGEM USB-Serial; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys [] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 atapi;Contrôleur de disque dur IDE/ESDI standard; C:\WINDOWS\system32\DRIVERS\atapi.sys [2008-04-13 96512] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504] S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [2007-10-11 51712] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568] R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376] R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [2010-01-11 308552] R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-11-12 71096] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-08 155715] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-10-09 202544] R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe [2010-03-08 1612616] R2 WDDMService;WD SmartWare Drive Manager; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-09-04 98304] R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 gupdate1c9e7b46125121e;Service Google Update (gupdate1c9e7b46125121e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-07 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-07 183280] S3 Arrakis3;BitDefender Serveur Arrakis; C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-05 1838592] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [] S3 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [] S3 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [] S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe [] S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
  18. jm26
    OK ! Mais je préfère ne pas le faire car ça a l"air super dangereux comme programme ! le guide de combofix précise bien qu'il faut le faire sous la surveillance de quelqu"un s'y connaissant. comme tu es moins present sur le forum depuis une heure (cequi est normal, chacun à savie, ce n'est pas du tout un reproche ), j'ai peur de le faire et qu'il n'y ait plus personne pour m'aider en cas de gros souci. Je laisse tomber pour aujourd'hui et j'essaierai de reprendre les étapes tranquillement demai, en espérant que ça marche ! En tout cas, merci quand même d'avoir essayé et de t'être donné tant de mal ! A+
  19. jm26
    ca ne va pas craindre de désactiver l'antivirus pendant que combofix controle ma machine...? Ou est-ce que je réactive l'antivirus dès que combofix a commencé son analyse...? (compliqué cette hisqtoire hein ?
  20. jm26
    d'ac !! A tout !
  21. jm26
    désolé de te bombarder de messages... Bon XP security tool est bien encore present car il me bombarde de fenetres d'alertes, me propose d'activer Xpsecurity tool etc. En attendant, je ne bouge pas car Kaspersky continue son scan de ma machine (il n'en est qu'à 1%...) voilou pour les dernires news. C'est un saloperie, ce virus quand meme ! A+
  22. jm26
    nos messages se sont croisés ! j'ai réactivé Bitdefender. Là, je suis tjrs sur la question "do you want block this attack" ? Je ne sais pas si je dois dire oui ou non car j'ai peur que ce soit le virus qui tente d'installer un nouveau truc... T'en doi quoi ? Après, je ferai combofix. A+
  23. jm26
    J'étais en train de relancer le scan de mon pc sur kaspersky (mon bitdefender est toujours desactivé) et j'ai un message d'alerte de XP security Tool qui s'estaffiché: "system Integrity Threat warning ! sensitive data may be sent over your Internet connedtion right now! details attack from: 9.75.171.62 port 12 attacket port: 8279 threat: Email-Worm.win.eyeveg.f do you want block this attack yes or no ? Je fais quoi ? C'est un leurre ou quoi ?
  24. jm26
    je suis en train de faire le scan kaspersky mais dès que j'ai desactivé mon antivirus, les mêmes messages d'alertes de Xp security Tool que ce matin sont reapparus !! le virus est encore là ! Et j'ao peur qu'il me rebloque encore tout ! Là, du coup, je laisse kaspersky scanner mais mon ordi n'a plus de protection antivirus ! je continue sans mon antrivirus ??
  25. jm26
    oui, oui, t'inquiètes, t'es super rapide !! En plus, je t'embete depuis ce matin avec mon probleme ! sans toi, je serais complètement bloqué ! Bon, je suis les consignes du chef ! A+ et grand merci encore !!
×
×
  • Créer...