demande aide

[jacques69]

Bonjour,

Nouveau membre depuis peu ,je vous demande gracieusement votre aide.

En effet voulant désinfecter le pc d'un ami ;le rapport hijackthis ne me montre à priori peu d'information quand à l'infection alors que le rapport combofix(analyser avec zeb help process)

me donne une infection en c:\windows\system32\tmp.reg et un processus inconnu:

c:\windows\system32\BDUpdateV1.xml

Pourriez vous me dire par quel malware son pc est il infecté et s'il vous plait la procédure à suivre pour la désinfection?

Je vous en remercie par avance et je vous joins les rappots:

rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:37:40, on 26/04/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\rmctrl.exe

C:\PROGRA~1\MESSAG~1\StartMessager.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\WINDOWS\system32\LVComsX.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Wanadoo\GestionnaireInternet.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\Program Files\Wanadoo\Watch.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe

C:\Documents and Settings\Administrateur\Bureau\HijackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe

O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe

O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0EAA9BD4-3352-444C-AB4F-FF7B9F384E0D}: NameServer = 81.253.149.1 80.10.246.3

O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 7456 bytes

puis le logcombofix:

ComboFix 09-04-25.A3 - Administrateur 26/04/2009 9:21.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.210 [GMT 2:00]

Lancé depuis: c:\documents and settings\Administrateur\Bureau\combofix.exe

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)

FW: BitDefender Firewall *disabled*

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\404Fix.exe

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\rnaph.dll

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-26 au 2009-4-26 ))))))))))))))))))))))))))))))))))))

.

 

2009-04-25 15:47 . 2009-04-26 06:41 121 ----a-w c:\windows\bdagent.INI

2009-04-25 15:41 . 2009-04-25 15:41 -------- d-----w c:\program files\Power IE

2009-04-24 19:49 . 2009-04-24 19:49 568 ----a-w c:\windows\system32\BDUpdateV1.xml

2009-04-24 18:52 . 2009-04-24 18:52 137 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat

2009-04-24 18:52 . 2009-04-24 18:53 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\ApplicationHistory

2009-04-24 18:01 . 2009-04-24 18:01 850 ----a-w c:\windows\system32\ProductTweaks.xml

2009-04-24 18:01 . 2009-04-24 18:01 385 ----a-w c:\windows\system32\user_gensett.xml

2009-04-24 17:56 . 2008-08-14 16:54 102208 ----a-w c:\windows\system32\drivers\bdfndisf.sys.bak

2009-04-24 17:56 . 2008-08-12 16:40 228672 ----a-w c:\windows\system32\drivers\bdfsfltr.sys.bak

2009-04-24 17:56 . 2008-08-12 16:40 108864 ----a-w c:\windows\system32\drivers\bdfm.sys.bak

2009-04-24 17:56 . 2008-07-02 11:07 82568 ----a-w c:\windows\system32\drivers\BDVEDISK.sys.bak

2009-04-24 17:29 . 2009-04-24 17:29 -------- d-----w c:\windows\system32\logs

2009-04-24 17:28 . 2009-04-24 17:29 -------- d-----w c:\program files\BitDefender

2009-04-24 17:26 . 2009-04-24 17:26 -------- d-----w c:\windows\system32\URTTEMP

2009-04-24 17:24 . 2009-04-24 17:29 -------- d-----w c:\program files\Fichiers communs\BitDefender

2009-04-18 07:39 . 2009-04-18 08:34 13030 ----a-w C:\PDOXUSRS.NET

2009-04-18 07:39 . 1999-11-12 03:11 183808 ----a-w c:\windows\system32\BDEADMIN.CPL

2009-04-18 07:39 . 1999-01-20 03:01 210032 ----a-w c:\windows\system32\DBCLIENT.DLL

2009-04-18 07:39 . 2009-04-18 07:39 -------- d-----w c:\program files\Fichiers communs\Borland Shared

2009-04-18 06:53 . 2009-04-25 23:18 -------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 3

2009-04-15 15:49 . 2005-07-26 04:29 60416 -c----w c:\windows\system32\dllcache\colbact.dll

2009-04-15 15:49 . 2009-03-06 14:00 286720 -c----w c:\windows\system32\dllcache\pdh.dll

2009-04-15 15:49 . 2009-02-09 10:03 740352 -c----w c:\windows\system32\dllcache\ntdll.dll

2009-04-15 15:49 . 2009-02-09 10:03 686080 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-04-15 15:49 . 2009-02-09 10:03 473088 -c----w c:\windows\system32\dllcache\fastprox.dll

2009-04-15 15:49 . 2009-02-09 09:53 111104 -c----w c:\windows\system32\dllcache\services.exe

2009-04-15 15:49 . 2009-02-06 09:54 35328 -c----w c:\windows\system32\dllcache\sc.exe

2009-04-15 15:49 . 2009-02-06 09:41 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-15 15:49 . 2008-12-16 12:49 351232 -c----w c:\windows\system32\dllcache\winhttp.dll

2009-04-15 15:48 . 2009-03-27 07:10 1193414 -c----w c:\windows\system32\dllcache\sysmain.sdb

2009-04-15 15:48 . 2008-04-21 21:27 219136 -c----w c:\windows\system32\dllcache\wordpad.exe

2009-04-14 20:14 . 2009-04-14 20:14 -------- d-----w c:\windows\system32\KB905474

2009-04-14 20:14 . 2009-03-10 20:26 1438080 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe

2009-04-14 20:14 . 2009-03-10 20:18 454024 ----a-w c:\windows\system32\KB905474\wgasetup.exe

2009-04-14 20:14 . 2009-02-09 16:51 15450 ----a-w c:\windows\system32\KB905474\wga_eula.txt

2009-04-10 10:13 . 2009-04-10 10:13 -------- d-----w c:\program files\POB-Technology

2009-03-28 08:04 . 2007-10-12 14:14 1374232 ----a-w c:\windows\system32\D3DCompiler_36.dll

2009-03-28 08:03 . 2005-05-26 14:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll

2009-03-28 08:03 . 2009-03-28 08:03 -------- d-----w c:\windows\Logs

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-26 07:19 . 2008-12-20 20:34 -------- d-----w c:\program files\Wanadoo

2009-04-25 23:21 . 2008-10-11 06:16 81984 ----a-w c:\windows\system32\bdod.bin

2009-04-25 11:36 . 2009-02-17 11:57 -------- d-----w c:\documents and settings\Administrateur\Application Data\dvdcss

2009-04-24 18:50 . 2004-10-31 12:00 86126 ----a-w c:\windows\system32\perfc00C.dat

2009-04-24 18:50 . 2004-10-31 12:00 513040 ----a-w c:\windows\system32\perfh00C.dat

2009-04-24 17:54 . 2008-04-23 16:34 192512 ----a-w c:\windows\system32\txmlutil.dll

2009-04-24 17:54 . 2008-08-12 16:40 242184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys

2009-04-24 17:54 . 2008-08-14 16:54 104328 ----a-w c:\windows\system32\drivers\bdfndisf.sys

2009-04-24 17:54 . 2008-08-12 16:40 111112 ----a-w c:\windows\system32\drivers\bdfm.sys

2009-04-24 17:54 . 2008-07-02 11:07 82696 ----a-w c:\windows\system32\drivers\BDVEDISK.sys

2009-04-21 04:54 . 2007-11-25 10:45 -------- d-----w c:\documents and settings\Administrateur\Application Data\AdobeUM

2009-04-15 18:21 . 2008-09-24 19:47 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-06 13:32 . 2008-09-24 19:47 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 13:32 . 2008-09-24 19:47 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-05 12:25 . 2009-02-13 09:59 -------- d-----w c:\documents and settings\Administrateur\Application Data\vlc

2009-03-28 08:05 . 2009-03-28 08:05 -------- d-----w c:\documents and settings\Administrateur\Application Data\LiveCAD2

2009-03-28 07:31 . 2007-04-04 10:33 -------- d-----w c:\program files\Google

2009-03-06 14:00 . 2004-10-31 12:00 286720 ----a-w c:\windows\system32\pdh.dll

2009-02-20 08:31 . 2004-10-31 12:00 663552 ----a-w c:\windows\system32\wininet.dll

2009-02-20 08:31 . 2004-10-31 12:00 81920 ----a-w c:\windows\system32\ieencode.dll

2009-02-09 14:17 . 2004-10-31 12:00 1846400 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:43 . 2004-10-31 12:00 2188160 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:42 . 2004-10-29 19:11 2065024 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 10:03 . 2004-10-31 12:00 740352 ----a-w c:\windows\system32\ntdll.dll

2009-02-09 10:03 . 2004-10-31 12:00 735232 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:03 . 2004-10-31 12:00 686080 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:03 . 2004-10-31 12:00 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 09:53 . 2004-10-31 12:00 111104 ----a-w c:\windows\system32\services.exe

2009-02-06 09:54 . 2004-10-31 12:00 35328 ----a-w c:\windows\system32\sc.exe

2009-02-03 20:10 . 2004-10-31 12:00 55808 ----a-w c:\windows\system32\secur32.dll

2008-12-21 16:50 . 2006-11-21 20:47 44304 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2008-03-08 13:14 . 2008-03-07 19:09 131176 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2007-12-10 17:39 . 2007-12-10 17:39 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat

.

 

------- Sigcheck -------

 

[-] 2008-04-14 02:33 297984 710BC85A8C22626EE094439E3EA0D38C c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\termsrv.dll

[-] 2004-10-31 12:00 215552 A77219A971029DC2FB683E8513713803 c:\windows\system32\termsrv.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WOOKIT"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 339968]

"RemoteControl"="c:\windows\system32\rmctrl.exe" [2000-10-15 32768]

"MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-04-04 32768]

"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]

"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]

"BDMCon"="c:\program files\Softwin\BitDefender10\bdmcon.exe" [2008-10-11 290816]

"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-24 778240]

"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]

"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-24 69632]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

 

R2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2006-03-02 63555]

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2004-05-21 163328]

S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2009-04-24 82696]

S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2009-04-24 111112]

S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-04-24 104328]

S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2006-05-04 114616]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea5955c4-8fa8-11db-9555-0013d31dc524}]

\Shell\AutoRun\command - G:\LaunchU3.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-04-26 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 20:18]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

Notify-WgaLogon - (no file)

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.orange.fr/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

TCP: {0EAA9BD4-3352-444C-AB4F-FF7B9F384E0D} = 81.253.149.1 80.10.246.3

FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\dwupe9ub.default\

FF - component: c:\program files\Mozilla Firefox 3.1 Beta 3\components\FFComm.dll

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-26 09:24

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1100)

c:\windows\system32\Ati2evxx.dll

.

Heure de fin: 2009-04-26 9:26

ComboFix-quarantined-files.txt 2009-04-26 07:26

 

Avant-CF: 28 460 503 040 octets libres

Après-CF: 28 466 233 344 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

 

201 --- E O F --- 2009-04-25 23:20

MERCI d'avance