Pourriez-vous analyser ce rapport HijackThis ?

OliverTwist · le 4 février 2007

Bonjour à toi qui lis ces lignes !

Premier post sur ce forum....ça à l'air sympa comme tout !!

J'ai hérité, pour mon plus grand bonheur, de virus qui se la jouent Tanguy....impossible de les virer !! Je sollicite donc l'aide de personnes qui s'y connaissent. Après un petit tour d'horizon j'ai édité un rapport HijackThis qui semble être le commencement du début de la fin....

Merci d'avance et bonne lecture !

Logfile of HijackThis v1.99.1

Scan saved at 14:26:28, on 2007-02-04

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Softwin\BitDefender9\bdoesrv.exe

C:\Program Files\Softwin\BitDefender9\bdnagent.exe

C:\program files\softwin\bitdefender9\bdswitch.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

C:\Program Files\LowRateVoip\LowRateVoip.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender9\vsserv.exe

c:\program files\softwin\bitdefender9\bdmcon.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

C:\Program Files\Softwin\BitDefender9\bdnews.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\OLIVER~1\LOCALS~1\Temp\~DP4AD.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"

O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "c:\program files\softwin\bitdefender9\bdnagent.exe"

O4 - HKLM\..\Run: [bDSwitchAgent] "c:\program files\softwin\bitdefender9\bdswitch.exe"

O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=Q306&bd=presario&pf=laptop

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: winrvc32 - C:\WINDOWS\SYSTEM32\winrvc32.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

À bientôt,

OliverTwist

Malekal_morte · le 4 février 2007

Bonsoir,

Télécharge Combofix sUBs : combofix.exe

et sauvegarde le sur ton bureau et pas ailleurs!

Clic sur le menu Démarrer puis executer et copie/colle ceci :

"%userprofile%\Bureau\combofix.exe" /v winrvc32

puis clic sur OK.

Il va te poser une question, réponds yes (touche y) puis attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Copie/colle un nouveau rapport HiJackThis avec.

OliverTwist · le 4 février 2007

Salut Malekal,

Merci de ta réponse vraiment rapide...

Voici les rapports Combofix et HijackThis

"OliverTwist" - 07-02-04 14:48:02 Service Pack 2

ComboFix 07.02.04 - Running from: "C:\Documents and Settings\OliverTwist\Bureau"

Command switches used :: /v winrvc32

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\winrvc32.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe

C:\Program Files\INSTALL.LOG

((((((((((((((((((((((((((((((( Files Created from 2007-01-04 to 2007-02-04 ))))))))))))))))))))))))))))))))))

2007-02-04 00:06 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise

2007-02-03 23:37 <REP> d-------- C:\VundoFix Backups

2007-02-03 23:13 <REP> d-------- C:\WINDOWS\pss

2007-02-03 23:00 <REP> d-------- C:\Program Files\ToniArts

2007-02-03 16:41 36,689 --a------ C:\WINDOWS\BricoPackUninst.cmd

2007-02-03 16:39 2,165 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2007-02-03 16:38 <REP> d-------- C:\WINDOWS\BricoPacks

2007-02-02 18:27 <REP> d-------- C:\Program Files\Microsoft ActiveSync

2007-02-02 13:40 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared

2007-02-02 01:44 <REP> d-------- C:\Program Files\MagicISO

2007-02-01 13:45 <REP> d-------- C:\DOCUME~1\OLIVER~1\Application Data\Lavasoft

2007-02-01 13:30 <REP> d-------- C:\Program Files\PowerISO

2007-02-01 12:56 <REP> d-------- C:\Program Files\Lavasoft

2007-02-01 12:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google Updater

2007-01-31 23:17 29 --a------ C:\WINDOWS\temp.bat

2007-01-31 23:13 <REP> d-------- C:\WINDOWS\SxsCaPendDel

2007-01-31 15:21 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2007-01-31 15:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Help

2007-01-30 15:12 <REP> d-------- C:\DOCUME~1\OLIVER~1\Application Data\Opera

2007-01-30 00:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\FLEXnet

2007-01-29 23:28 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared

2007-01-29 23:28 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe Systems

2007-01-29 12:34 <REP> d-------- C:\Program Files\LowRateVoip

2007-01-24 13:02 <REP> d-------- C:\Program Files\Common Files

2007-01-24 01:50 <REP> d---s---- C:\DOCUME~1\LOCALS~1\Temporary Internet Files

2007-01-24 01:50 <REP> d---s---- C:\DOCUME~1\LOCALS~1\Historique

2007-01-20 20:18 <REP> d-------- C:\DOCUME~1\OLIVER~1\Application Data\Google

2007-01-20 02:11 31,644 --a------ C:\WINDOWS\system32\drivers\scdemu.sys

2007-01-19 20:16 <REP> d-------- C:\DOCUME~1\OLIVER~1\Application Data\LowRateVoip

2007-01-16 18:42 <REP> d-------- C:\Program Files\Namtuk

2007-01-16 11:22 <REP> d-------- C:\Program Files\Windows Media Connect 2

2007-01-16 11:20 <REP> d-------- C:\WINDOWS\system32\LogFiles

2007-01-16 11:20 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-01-16 11:19 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage

2007-01-13 02:47 <REP> d-------- C:\Program Files\Dial-Messenger

2007-01-12 17:25 <REP> d-------- C:\Program Files\Fichiers communs\Skype

2007-01-12 17:25 <REP> d-------- C:\DOCUME~1\OLIVER~1\Application Data\Skype

2007-01-12 17:25 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Skype

2007-01-12 17:24 <REP> d-------- C:\Program Files\Skype

2007-01-08 20:26 <REP> d-------- C:\Program Files\IZArc

2007-01-04 10:01 <REP> d---s---- C:\DOCUME~1\OLIVER~1\UserData

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-02-04 14:48 -------- d-------- C:\Documents and Settings\OliverTwist\Application Data\skype

2007-02-04 12:46 -------- d-------- C:\Program Files\mozilla firefox

2007-02-03 23:30 -------- d-------- C:\Documents and Settings\OliverTwist\Application Data\utorrent

2007-02-03 23:29 -------- d-------- C:\Documents and Settings\OliverTwist\Application Data\vso

2007-02-03 23:08 -------- d-------- C:\Program Files\chronometre

2007-02-03 23:07 -------- d--h----- C:\Program Files\installshield installation information

2007-02-03 23:07 -------- d-------- C:\Program Files\google

2007-02-03 22:23 -------- d-------- C:\Documents and Settings\OliverTwist\Application Data\adobe

2007-02-03 16:41 219648 --a------ C:\WINDOWS\system32\uxtheme.dll

2007-02-02 14:29 -------- d-------- C:\Program Files\microsoft works

2007-02-02 13:35 -------- d-------- C:\Program Files\Fichiers communs\adobe

2007-02-01 14:29 -------- d---s---- C:\Documents and Settings\OliverTwist\Application Data\microsoft

2007-02-01 13:45 -------- d-------- C:\Documents and Settings\OliverTwist\Application Data\lavasoft

2007-01-30 15:12 -------- d-------- C:\Documents and Settings\OliverTwist\Application Data\opera

2007-01-29 13:01 -------- d-------- C:\Documents and Settings\OliverTwist\Application Data\lowratevoip

2007-01-26 20:07 -------- d-------- C:\Documents and Settings\OliverTwist\Application Data\copytodvd

2007-01-26 17:40 -------- d-------- C:\Program Files\quicktime

2007-01-26 17:38 -------- d-------- C:\Program Files\apple software update

2007-01-20 20:18 -------- d-------- C:\Documents and Settings\OliverTwist\Application Data\google

2007-01-16 18:22 -------- d-------- C:\Program Files\windows nt

2006-12-29 19:43 -------- d-------- C:\Program Files\vso

2006-12-16 16:52 -------- d-------- C:\Documents and Settings\OliverTwist\Application Data\muvee technologies

2006-12-16 16:46 -------- d-------- C:\Documents and Settings\OliverTwist\Application Data\sonic

2006-12-15 20:39 -------- d-------- C:\Documents and Settings\OliverTwist\Application Data\adobeum

2006-12-15 19:25 -------- d-------- C:\Documents and Settings\OliverTwist\Application Data\cyberlink

2006-12-10 15:05 73216 --a------ C:\WINDOWS\st6unst.exe

2006-12-10 15:05 249856 --------- C:\WINDOWS\setup1.exe

2006-12-09 22:50 34 --a------ C:\Documents and Settings\OliverTwist\Application Data\pcouffin.log

2006-12-09 22:49 81920 --a------ C:\Documents and Settings\OliverTwist\Application Data\ezpinst.exe

2006-12-09 22:49 7176 --a------ C:\Documents and Settings\OliverTwist\Application Data\pcouffin.cat

2006-12-09 22:49 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

2006-12-09 22:49 47360 --a------ C:\Documents and Settings\OliverTwist\Application Data\pcouffin.sys

2006-12-09 22:49 1144 --a------ C:\Documents and Settings\OliverTwist\Application Data\pcouffin.inf

2006-12-07 00:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll

2006-11-24 20:02 0 -rahs---- C:\MSDOS.SYS

2006-11-24 20:02 0 -rahs---- C:\IO.SYS

2006-11-08 00:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-11-04 14:14 1245696 --a--c--- C:\WINDOWS\system32\msxml4.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe"

"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"

"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"

"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"

"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""

"QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65,\

74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63,\

68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74,\

61,72,74,00

"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"

"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"

"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdmcon.exe\""

"BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""

"BDNewsAgent"="\"c:\\program files\\softwin\\bitdefender9\\bdnagent.exe\""

"BDSwitchAgent"="\"c:\\program files\\softwin\\bitdefender9\\bdswitch.exe\""

"EPSON Stylus CX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P26 \"EPSON Stylus CX3800 Series\" /O6 \"USB001\" /M \"Stylus CX3800\""

"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "

"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"

"Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""

@=""

"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Acrobat Speed Launcher.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Speed Launcher.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\WINDOWS\\Installer\\{AC76BA86-1033-F400-7760-000000000003}\\_SC_Acrobat.exe "

"item"="Adobe Acrobat Speed Launcher"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Synchronizer.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Acrobat Synchronizer.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Synchronizer.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Acrobat\\ADOBEC~1.EXE "

"item"="Adobe Acrobat Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Démarrage rapide de HP Photosmart Premier.lnk"

"backup"="C:\\WINDOWS\\pss\\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Hp\\DIGITA~1\\bin\\hpqthb08.exe -s"

"item"="Démarrage rapide de HP Photosmart Premier"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Lancement rapide d'Adobe Reader.lnk"

"backup"="C:\\WINDOWS\\pss\\Lancement rapide d'Adobe Reader.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Adobe\\ACROBA~3.0\\Reader\\READER~1.EXE "

"item"="Lancement rapide d'Adobe Reader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^OliverTwist^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]

"path"="C:\\Documents and Settings\\OliverTwist\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Gamma.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"

"location"="Startup"

"command"="C:\\PROGRA~1\\FICHIE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "

"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cld2000.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Cld2000"

"hkey"="HKCU"

"command"="C:\\Program Files\\Calendrier\\Cld2000.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HPWuSchd2"

"hkey"="HKLM"

"command"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"appinit_dlls"="sockspy.dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\

LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\

NetworkService REG_MULTI_SZ DnsCache\

DcomLaunch REG_MULTI_SZ DcomLaunchTermService\

rpcss REG_MULTI_SZ RpcSs\

imgsvc REG_MULTI_SZ StiSvc\

termsvcs REG_MULTI_SZ TermService\

Usnsvc REG_MULTI_SZ usnsvc\

WudfServiceGroup REG_MULTI_SZ WUDFSvc\

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???HY????????@???????@

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

********************************************************************

Completion time: 07-02-04 14:53:45

Maintenant celui de HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 14:57:51, on 2007-02-04

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Softwin\BitDefender9\vsserv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Softwin\BitDefender9\bdmcon.exe

C:\Program Files\Softwin\BitDefender9\bdoesrv.exe

C:\program files\softwin\bitdefender9\bdnagent.exe

C:\program files\softwin\bitdefender9\bdswitch.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

C:\WINDOWS\system32\NOTEPAD.EXE