BTPL

J'ai essayé de réinstaller Malwarebytes en mode sans echec avec prise en charge réseau, ça s'est bien passé, il a même réussit à faire la mise a jour, mais quand je lance le scan, le logiciel se ferme au bout de 3 secondes... je n'ai pasm oyen de mettre de rapport... Pour Hijackthis, le logiciel se ferme aussi avant la fin de la recherche... Et après le "plantage" logiciel, l'icone change et je ne peux plus lancer le logiciel (cf message évoqué précedemment)... J'ai remarqué que dans la liste des programmes installés, j'en ai un qui s'appelle antivirus 2010, qui est à priori le logiciel qui me pose ces problèmes, et quand j'essaie de le désinstaller, j'ai le message: "Une erreur s'est produite lors de la tentative de suppession de Antivirus 2010. vous n'avez pas accès à \\globalroot\systemroot\system32\userinit.exe . Vous pouvez spécifier le nouveau programme de désinstallation ci dessous. et j'ai un champ de saisie ou il est indiqué "Ligne de commande pour le programme de désinstallation" avec un bouton parcourir Bon pas sur que ce soit d'une quelconque utilité mais je préfère donner tous les éléments... J'attend donc des conseils désormais, je ne vois vraiment plus que faire...

En regardant les autres problèmes du même genre sur ce site, j'ai trouvé les 4 liens auxquels tu fais allusion je pense. Il y en a un qui detecte un truc en plus, mais sans rien changer sur le PC, l'antivirus et les programmes antispyware restent inactifs. Services Stopped: Processes terminated by Rkill or while it was running: C:\WINDOWS\system32\imapi.exe C:\Documents and Settings\HP_Administrateur\Bureau\rkill.scr Rkill completed on 29/09/2010 at 17:02:55 Je viens d'installer antivir en me disant que ce serait peut être mieux que avast qui semble désactivé. L'installation est ok à priori mais impossible de lancer une recherche de virus, c'est comme si ça ne faiait rien lorsque je clique sur le bouton...

Je viens de t'envoyer à l'sintant le MP comme tu me l'as demandé avec le fichier analysé précédemment. J'ai suivi tes indications et le rkill renommé en eXplorer.exe que tu m'a fait téléchargé ne detecte rien à priori... Voici le rapport de celui-ci: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as HP_Administrateur on 29/09/2010 at 16:07:40. Services Stopped: Processes terminated by Rkill or while it was running: C:\Documents and Settings\HP_Administrateur\Bureau\eXplorer.exe Rkill completed on 29/09/2010 at 16:07:48. J'ai continué ta procédure, par contre je n'ai pas compris ton message: •Si aucun des outils téléchargés depuis les quatre liens ci-dessus ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum. Il n'y a pas de lien autre que celui que j'ai essayé ou alors je ne vois pas ou ils sont... J'ai donc essayé de lancer Malwarebytes directement du répertoire, sans le lancer via le raccourci sur le bureau, et même message qu'auparavant: "Windows ne parvient pas à accéder au périphérique, au chemin d'accès ou au fichier spécifié. Vous ne disposez peut-ëtre pas des autorisations appropriées pour avoir accès à l'élément." J'attend de tes nouvelles avant de faire quoi que ce soit, j'espère que tu vas pouvoir m'aider. Merci de ta patience en tout cas

Une précision sur mon problème : lorsque l'ordinateur m'a mis le message "Your system is infected", on m'a proposé de télécharger ce qui semble être un faux antivirus. Autre comportement étrange: Avast, qui marchait correctement avant mon problème, m'indique qu'il est désactivé. Après redémarrage du PC, malwarebytes, spybot sont inutilisables. Sur le bureau, à la place de l'icone on a désormais une icone en forme de fenêtre avec une barre bleue. En cliquant dessus, on a le message suivant : "Windows ne parvient pas à accéder au périphérique, au chemin d'accès ou au fichier spécifié. Vous ne disposez peut-ëtre pas des autorisations appropriées pour avoir accès à l'élément." Est-ce que l'analyse que je viens de faire donne des éléments supplémentaires? Pouvez-vous m'aider, je n'ose plus aller sur aucun site à part celui-ci pour attendre votre réponse.

Salut et merci pour ta réponse rapide. Voici le résultat de l'analyse du ficAhnLab-V3 2010.09.29.00 2010.09.28 - AntiVir 7.10.12.61 2010.09.28 - Antiy-AVL 2.0.3.7 2010.09.28 - Authentium 5.2.0.5 2010.09.28 - Avast 4.8.1351.0 2010.09.28 - Avast5 5.0.594.0 2010.09.28 - AVG 9.0.0.851 2010.09.28 - BitDefender 7.2 2010.09.28 Rootkit.KillAV.D CAT-QuickHeal 11.00 2010.09.28 - ClamAV 0.96.2.0-git 2010.09.28 - Comodo 6228 2010.09.28 - DrWeb 5.0.2.03300 2010.09.28 - Emsisoft 5.0.0.50 2010.09.28 - eSafe 7.0.17.0 2010.09.28 - eTrust-Vet 36.1.7881 2010.09.28 - F-Prot 4.6.2.117 2010.09.28 - F-Secure 9.0.15370.0 2010.09.28 - Fortinet 4.1.143.0 2010.09.28 - GData 21 2010.09.28 - Ikarus T3.1.1.90.0 2010.09.28 - Jiangmin 13.0.900 2010.09.28 - K7AntiVirus 9.63.2628 2010.09.28 - Kaspersky 7.0.0.125 2010.09.28 - McAfee 5.400.0.1158 2010.09.28 - McAfee-GW-Edition 2010.1C 2010.09.28 - Microsoft 1.6201 2010.09.28 - NOD32 5487 2010.09.28 - Norman 6.06.06 2010.09.28 - nProtect 2010-09-28.01 2010.09.28 - Panda 10.0.2.7 2010.09.28 - PCTools 7.0.3.5 2010.09.28 - Prevx 3.0 2010.09.28 - Rising 22.66.06.01 2010.09.27 - Sophos 4.58.0 2010.09.28 - Sunbelt 6941 2010.09.28 - SUPERAntiSpyware 4.40.0.1006 2010.09.28 - Symantec 20101.1.1.7 2010.09.28 - TheHacker 6.7.0.1.039 2010.09.28 - TrendMicro 9.120.0.1004 2010.09.28 - TrendMicro-HouseCall 9.120.0.1004 2010.09.28 - VBA32 3.12.14.1 2010.09.27 - ViRobot 2010.8.31.4017 2010.09.28 - VirusBuster 12.66.4.0 2010.09.28 - Additional informationShow all MD5 : dc993837129a691cfe842f04c87b91fb SHA1 : 0b19c916efedebdba696f83e6843ec1386797387 SHA256: 69213732adb04068b0c59ca9d10ea531ba1b91bb0423c17227ecbd75f2cdd22b ssdeep: 192:nQUGxkjCvNslHzr9oVn/ldX/A83sIv0ayBWfQKISF/q:nZWkjCvNhFA83ZcWfQJSB File size : 12800 bytes First seen: 2010-09-21 17:13:52 Last seen : 2010-09-28 20:55:19 TrID: Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x2060 timedatestamp....: 0x4C98D28B (Tue Sep 21 15:43:07 2010) machinetype......: 0x14c (I386) [[ 5 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x199E, 0x1A00, 6.40, 55fe9c4ab6f9ad78dc65dfad64065eac .rdata, 0x3000, 0x4A4, 0x600, 3.38, 234a48d81b489ebc852366e0cd9cb69a .data, 0x4000, 0x148, 0x200, 0.85, 9653c18eced56a5fa91d3067acb0ae6b INIT, 0x5000, 0x794, 0x800, 5.14, 7d259b967d56ed458be9591fb60b96e9 .reloc, 0x6000, 0x312, 0x400, 4.17, a8f3e46d6e8cef5d1234357081f62ed2 [[ 2 import(s) ]] ntoskrnl.exe: memcpy, ObOpenObjectByPointer, ExAllocatePool, ZwQueryInformationProcess, ZwOpenFile, ZwSetSecurityObject, ExFreePoolWithTag, ZwTerminateProcess, ObfDereferenceObject, IoFreeWorkItem, ZwCreateSection, ZwMapViewOfSection, RtlImageDirectoryEntryToData, RtlImageNtHeader, strcmp, ZwUnmapViewOfSection, KeInitializeApc, KeGetCurrentThread, KeInsertQueueApc, KeDelayExecutionThread, IoAllocateWorkItem, ObfReferenceObject, IoGetCurrentProcess, IoQueueWorkItem, RtlEqualUnicodeString, PsGetProcessImageFileName, memset, KeInitializeEvent, KeEnterCriticalRegion, ExAcquireFastMutexUnsafe, ExReleaseFastMutexUnsafe, KeLeaveCriticalRegion, RtlCompareUnicodeString, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, RtlInitializeGenericTableAvl, MmMapLockedPagesSpecifyCache, ExGetPreviousMode, ProbeForWrite, ProbeForRead, IofCompleteRequest, MmFlushImageSection, MmForceSectionClosed, CmUnRegisterCallback, IoDeleteDevice, IoCreateDevice, CmRegisterCallback, IofCallDriver, IoInvalidateDeviceRelations, swprintf, RtlInitUnicodeString, IoDetachDevice, PoStartNextPowerIrp, PoCallDriver, IoAttachDeviceToDeviceStackSafe, NtQuerySystemInformation, ZwQueryInformationFile, ObReferenceObjectByHandle, MmAllocatePagesForMdl, MmFreePagesFromMdl, MmMapViewOfSection, MmUnmapViewOfSection, IoAllocateMdl, MmUnmapLockedPages, IoFreeMdl, ZwClose, RtlInsertElementGenericTableAvl, _except_handler3 HAL.dll: ExReleaseFastMutex, ExAcquireFastMutex, KeGetCurrentIrql Symantec reputation:Suspicious.Insight VT Community 0 This file has never been reviewed by any VT Community member. Be the first one to comment hier : Sinon pour MalwareByte's Anti-Malware impossible de faire un scan, après l'installation le fichier se ferme dès lelancement du scan. Merci encore pour ton aide.

Bonjour, Je suis victime depuis la semaine dernière d'une infection affichant le message "Your System is infected" Après plusieurs tentatives de nettoyage restées vaines (Malwarebytes, spy bot avast), j'ai utilisé Combo fix, qui me donne le rapport suivant : $ComboFix 10-09-27.03 - HP_Administrateur 27/09/2010 23:08:47.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.617 [GMT 2:00] Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\ComboFix.exe FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\.wtav c:\documents and settings\HP_Administrateur\Application Data\avdrn.dat c:\documents and settings\HP_Administrateur\Bureau\Internet Explorer.lnk c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\ps2.bat c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_USERINIT -------\Legacy_USNJSVC -------\Service_userinit -------\Service_usnjsvc ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-27 au 2010-09-27 )))))))))))))))))))))))))))))))))))) . 2010-09-27 20:06 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-27 20:06 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-27 19:48 . 2010-09-27 20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-26 16:04 . 2010-09-26 16:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-09-25 17:58 . 2008-06-21 02:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys 2010-09-25 17:58 . 2008-10-31 05:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys 2010-09-25 17:57 . 2010-09-25 17:57 -------- d-----w- c:\program files\Sunbelt Software 2010-09-25 17:33 . 2010-09-25 17:33 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Threat Expert 2010-09-25 16:55 . 2010-09-25 16:55 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes 2010-09-25 16:55 . 2010-09-25 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-27 20:33 . 2010-06-24 12:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-09-27 20:24 . 2006-11-14 19:56 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-09-27 20:22 . 2006-11-14 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-09-26 10:03 . 2010-03-01 12:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp 2010-09-15 20:42 . 2007-04-13 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-09-09 07:07 . 2010-08-23 12:27 -------- d-----w- c:\program files\Microsoft Silverlight 2010-08-30 12:34 . 2010-09-25 16:27 1496064 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\8jza2ocw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-08-30 12:33 . 2010-09-25 16:27 43008 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\8jza2ocw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-08-30 12:33 . 2010-09-25 16:27 338944 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\8jza2ocw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-08-30 12:33 . 2010-09-25 16:27 346112 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\8jza2ocw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2006-09-18 19:14 . 2006-09-18 19:13 6103672 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe 2006-09-05 18:15 . 2006-09-05 18:13 27945976 ----a-w- c:\program files\avg71fwt_405a791.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ftutil2"="ftutil2.dll" [2004-06-07 106496] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656] "nwiz"="nwiz.exe" [2005-08-02 1519616] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-08-17 439872] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NETGEAR WPN111 Smart Wizard.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WPN111 Smart Wizard.lnk backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrateur^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk] path=c:\documents and settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage\Outil de détection de support Picture Motion Browser.lnk backup=c:\windows\pss\Outil de détection de support Picture Motion Browser.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08] 2005-06-02 06:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2007-01-19 10:55 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] 2006-03-30 14:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "Nikon Transfer Monitor"=c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "HP Software Update"=c:\program files\HP\HP Software Update\HPwuSchd2.exe "Reminder"="c:\windows\Creator\Remind_XP.exe" "SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_05\bin\jusched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2904:UDP"= 2904:UDP:Windows Media Format SDK (iexplore.exe) "2905:UDP"= 2905:UDP:Windows Media Format SDK (iexplore.exe) R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [25/09/2010 19:58 270888] R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21/06/2008 04:54 66600] R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 07:24 95528] R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 07:24 1365288] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2005 18:44 2799488] R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [10/08/2004 21:00 12800] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [25/09/2010 19:58 65576] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [22/11/2008 15:19 17149] S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [13/08/2009 23:19 362944] . Contenu du dossier 'Tâches planifiées' 2010-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13] 2010-09-27 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-06-24 19:36] 2010-09-27 c:\windows\Tasks\User_Feed_Synchronization-{EE30F400-75A5-4814-A5BB-E9D73FEDA609}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] 2010-09-27 c:\windows\Tasks\User_Feed_Synchronization-{FF13C710-6B72-439C-A227-5BD1374A7AF6}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] 2010-09-27 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-10-10 22:25] . . ------- Examen supplémentaire ------- . uInternet Connection Wizard,ShellNext = hxxp://www.cig.canon-europe.com/user/register.cig IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.0.1.cab FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\8jza2ocw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - www.google.fr FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MOMWA4&q= FF - component: c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\8jza2ocw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll FF - plugin: c:\program files\Picasa2\npPicasa3.dll . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Notify-WgaLogon - (no file) MSConfigStartUp-WOOKIT - c:\progra~1\Wanadoo\Shell.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-27 23:20 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fax] "ImagePath"="%systemroot%\system32\fxssvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc] "ImagePath"="system32\DRIVERS\fdc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FilterService] "ImagePath"="system32\DRIVERS\lvuvcflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr] "ImagePath"="system32\DRIVERS\fltMgr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk] "ImagePath"="system32\DRIVERS\ftdisk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ftsata2] "ImagePath"="system32\DRIVERS\ftsata2.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM] "ImagePath"="System32\Drivers\GEARAspiWDM.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc] "ImagePath"="system32\DRIVERS\msgpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc] "ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc] "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ] "ServiceDll"=" %SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP] "ImagePath"="System32\Drivers\HTTP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter] "ServiceDll"="%SystemRoot%\System32\w3ssl.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iaStor] "ImagePath"="system32\DRIVERS\iaStor.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT] "ImagePath"="\"c:\program files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi] "ImagePath"="system32\DRIVERS\imapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService] "ImagePath"="%systemroot%\system32\imapi.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService] "ImagePath"="system32\drivers\RtkHDAud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde] "ImagePath"="system32\DRIVERS\intelide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm] "ImagePath"="system32\DRIVERS\intelppm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw] "ImagePath"="system32\DRIVERS\Ip6Fw.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat] "ImagePath"="system32\DRIVERS\ipnat.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPod Service] "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec] "ImagePath"="system32\DRIVERS\ipsec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM] "ImagePath"="system32\DRIVERS\irenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp] "ImagePath"="system32\DRIVERS\isapnp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer] "ImagePath"="system32\drivers\kmixer.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVcKap] "ImagePath"="system32\DRIVERS\LVcKap.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVCOMSer] "ImagePath"="\"c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVMVDrv] "ImagePath"="system32\DRIVERS\LVMVDrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lvpopflt] "ImagePath"="system32\DRIVERS\lvpopflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVPr2Mon] "ImagePath"="system32\DRIVERS\LVPr2Mon.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVPrcSrv] "ImagePath"="\"c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVSrvLauncher] "ImagePath"="c:\program files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVUSBSta] "ImagePath"="system32\drivers\LVUSBSta.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVUVC] "ImagePath"="system32\DRIVERS\lvuvc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McrdSvc] "ImagePath"="c:\windows\ehome\mcrdsvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger] "ServiceDll"="%SystemRoot%\System32\msgsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MHN] "ServiceDll"="%SystemRoot%\System32\mhn.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MHNDRV] "ImagePath"="system32\DRIVERS\mhndrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc] "ImagePath"="c:\windows\system32\mnmsrvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPE] "ImagePath"="system32\DRIVERS\MPE.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV] "ImagePath"="system32\DRIVERS\mrxdav.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC] "ImagePath"="c:\windows\system32\msdtc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer] "ImagePath"="%systemroot%\system32\msiexec.exe /V" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC] "ImagePath"="system32\DRIVERS\NABTSFEC.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP] "ImagePath"="system32\DRIVERS\NdisIP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT] "ImagePath"="system32\DRIVERS\netbt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394] "ImagePath"="system32\DRIVERS\nic1394.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla] "ServiceDll"="%SystemRoot%\System32\mswsock.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc] "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv] "ImagePath"="system32\DRIVERS\nv4_mini.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc] "ImagePath"="%SystemRoot%\system32\nvsvc32.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS\nwlnkflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS\nwlnkfwd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odserv] "ImagePath"="\"c:\program files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394] "ImagePath"="system32\DRIVERS\ohci1394.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose] "ImagePath"="\"c:\program files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport] "ImagePath"="system32\DRIVERS\parport.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCANDIS5] "ImagePath"="\??\c:\windows\system32\PCANDIS5.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI] "ImagePath"="system32\DRIVERS\pci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde] "ImagePath"="system32\DRIVERS\pciide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pepifilter] "ImagePath"="system32\DRIVERS\lv302af.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PID_PEPI] "ImagePath"="system32\DRIVERS\LV302V32.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12] "ImagePath"="c:\windows\system32\HPZipm12.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ps2] "ImagePath"="system32\DRIVERS\PS2.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched] "ImagePath"="system32\DRIVERS\psched.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink] "ImagePath"="system32\DRIVERS\ptilink.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20] "ImagePath"="System32\Drivers\PxHelp20.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd] "ImagePath"="system32\DRIVERS\rasacd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti] "ImagePath"="system32\DRIVERS\raspti.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr] "ImagePath"="system32\DRIVERS\rdpdr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr] "ImagePath"="c:\windows\system32\sessmgr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook] "ImagePath"="system32\DRIVERS\redbook.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess] "ServiceDll"="%SystemRoot%\System32\mprdim.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\System32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP] "ImagePath"="%SystemRoot%\system32\rsvp.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTL8023xp] "ImagePath"="system32\DRIVERS\Rtlnicxp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139] "ImagePath"="system32\DRIVERS\RTL8139.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SbFw] "ImagePath"="system32\drivers\SbFw.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SBFWIMCL] "ImagePath"="system32\DRIVERS\sbfwim.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbhips] "ImagePath"="\SystemRoot\system32\drivers\sbhips.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SbPF.Launcher] "ImagePath"="\"c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr] "ImagePath"="%SystemRoot%\System32\SCardSvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule] "ServiceDll"="%SystemRoot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv] "ImagePath"="system32\DRIVERS\secdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon] "ServiceDll"="%SystemRoot%\System32\seclogon.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceLayer] "ImagePath"="\"c:\program files\PC Connectivity Solution\ServiceLayer.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP] "ImagePath"="system32\DRIVERS\SLIP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SPF4] "ImagePath"="\"c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter] "ImagePath"="system32\drivers\splitter.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\system32\spoolsv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr] "ImagePath"="system32\DRIVERS\sr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice] "ServiceDll"="%SystemRoot%\system32\srsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv] "ImagePath"="system32\DRIVERS\srv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\system32\wiaservc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip] "ImagePath"="system32\DRIVERS\StreamIP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi] "ImagePath"="system32\drivers\swmidi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv] "ImagePath"="c:\windows\system32\dllhost.exe /Processid:{E240A44A-EE25-4AA3-A4EB-0106CD6D8248}" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio] "ImagePath"="system32\drivers\sysaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog] "ImagePath"="%SystemRoot%\system32\smlogsvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip] "ImagePath"="system32\DRIVERS\tcpip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr] "ImagePath"="c:\windows\system32\tlntsvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\system32\trkwks.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update] "ImagePath"="system32\DRIVERS\update.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS] "ImagePath"="%SystemRoot%\System32\ups.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usb] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio] "ImagePath"="system32\drivers\usbaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci] "ImagePath"="system32\DRIVERS\usbohci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint] "ImagePath"="system32\DRIVERS\usbprint.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan] "ImagePath"="system32\DRIVERS\usbscan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci] "ImagePath"="system32\DRIVERS\usbuhci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde] "ImagePath"="system32\DRIVERS\viaide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS] "ImagePath"="%SystemRoot%\System32\vssvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp] "ImagePath"="system32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wceusbsh] "ImagePath"="system32\DRIVERS\wceusbsh.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud] "ImagePath"="system32\drivers\wdmaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wlancfg] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN] "ServiceDll"="c:\windows\system32\mspmsnsv.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi] "ServiceDll"="%SystemRoot%\System32\advapi32.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv] "ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc] "ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WpdUsb] "ImagePath"="System32\Drivers\wpdusb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WPN111] "ImagePath"="system32\DRIVERS\WPN111.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC] "ImagePath"="system32\DRIVERS\WSTCODEC.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv] "ServiceDll"="c:\windows\system32\wuauserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf] "ImagePath"="system32\DRIVERS\WudfPf.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd] "ImagePath"="system32\DRIVERS\wudfrd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC] "ServiceDll"="%SystemRoot%\System32\wzcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov] "ServiceDll"="%SystemRoot%\System32\xmlprov.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ZDPSp50] "ImagePath"="System32\Drivers\ZDPSp50.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{036A9B1D-994A-45F9-BF04-D9FB2AAB14A8}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{56F3221D-FCCF-4376-BD66-B839D62FCCDA}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{90BC335A-46D7-4637-9E43-3C27EEA962F0}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{A79020E2-944F-4EE1-BF8A-4E9AA31327EC}] . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3800) c:\windows\system32\nview.dll c:\windows\system32\NVWRSFR.DLL c:\windows\system32\nvwddi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\arservice.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\dllhost.exe c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\wscntfy.exe c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe c:\windows\ARPWRMSG.EXE c:\windows\eHome\ehmsas.exe c:\windows\RTHDCPL.EXE c:\windows\system32\rundll32.exe c:\program files\Microsoft ActiveSync\WCESCOMM.EXE . ************************************************************************** . Heure de fin: 2010-09-27 23:28:02 - La machine a redémarré ComboFix-quarantined-files.txt 2010-09-27 21:27 Avant-CF: 113 489 084 416 octets libres Après-CF: 117 692 588 032 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect - - End Of File - - 3DC53602D5B72D36E96CBF2596539E62 Rien ne semble avoir changé quelqu'un aurait il un conseil ? Merci par avance