Infection XP security tool (eh oui !) Au secours ! :) RESOLU

[jm26]

OK !

Mais je préfère ne pas le faire car ça a l"air super dangereux comme programme !

le guide de combofix précise bien qu'il faut le faire sous la surveillance de quelqu"un s'y connaissant. comme tu es moins present sur le forum depuis une heure (cequi est normal, chacun à savie, ce n'est pas du tout un reproche ), j'ai peur de le faire et qu'il n'y ait plus personne pour m'aider en cas de gros souci.

 

Je laisse tomber pour aujourd'hui et j'essaierai de reprendre les étapes tranquillement demai, en espérant que ça marche !

 

En tout cas, merci quand même d'avoir essayé et de t'être donné tant de mal !

 

A+

[jm26]

Bonjour,

Me revoilà deux jours après. Malgré tous les efforts d'Apollo de dimanche (mais c'est vrai que je n'ai pas osé lancer combofix seul en soiree) XP security tool est tjrs sur mon ordi. Les fenetres alarmistes de ce virus sont toujours à l'écran.

 

Quelqu'un peut-il venir à mon aide...?

 

J'ai relancé ce matin RSIT... et seul le rapport log s'affiche !

Info.txt est invisible (même dans la barre des taches) !

 

Voici donc seulement le rapport log:

 

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by JM at 2010-03-23 09:18:28

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 126 GB (42%) free of 300 GB

Total RAM: 2046 MB (65% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:18:31, on 23/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\JM.JMD\Bureau\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\trend micro\JM.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=1070113

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=fr

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: syspck32.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/frame...geUploader5.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171977923831

O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} (Snapfish Activia2) - http://www3.snapfish.fr/SnapfishActivia2.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFna...acComposant.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: BitDefender Serveur Arrakis (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Service Google Update (gupdate1c9e7b46125121e) (gupdate1c9e7b46125121e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)

O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

 

--

End of file - 13510 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\Recherche de virus de McAfee.com - Mon ordinateur (JMD-JM).job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-02-18 321312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-25 251504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-21 764912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-25 522224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]

CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-11-17 98304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-18 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-18 79648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-25 251504]

{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll [2009-10-20 128832]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-20 282624]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-08 7630848]

"ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-06-10 81920]

"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]

"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]

"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-10-09 202544]

"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 172544]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]

"BDAgent"=C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe [2010-01-20 1120704]

"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe [2009-10-19 71152]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []

"Regedit32"=C:\WINDOWS\system32\regedit.exe []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-10-09 202544]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-15 68856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [2007-10-11 31232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

c:\dell\E-Center\EULALauncher.exe [2006-11-17 18944]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

 

C:\Documents and Settings\JM.JMD\Menu Démarrer\Programmes\Démarrage

syspck32.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97626388-e70c-11de-a5e9-0019d12a16fd}]

shell\AutoRun\command - "F:\WD SmartWare.exe" autoplay=true

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86c2e91-dafb-11dd-a39f-0019d12a16fd}]

shell\AutoRun\command - F:\WDSetup.exe

 

 

======List of files/folders created in the last 1 months======

 

2010-03-22 16:54:58 ----N---- C:\WINDOWS\system32\browserchoice.exe

2010-03-21 16:58:55 ----D---- C:\Documents and Settings\All Users\Application Data\Sun

2010-03-21 16:58:41 ----A---- C:\WINDOWS\system32\javaws.exe

2010-03-21 16:58:41 ----A---- C:\WINDOWS\system32\javaw.exe

2010-03-21 16:58:41 ----A---- C:\WINDOWS\system32\java.exe

2010-03-21 16:07:13 ----D---- C:\HJT

2010-03-21 11:13:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-03-21 11:06:04 ----D---- C:\Documents and Settings\JM.JMD\Application Data\Malwarebytes

2010-03-21 11:05:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-03-21 09:29:01 ----D---- C:\_OTM

2010-03-21 08:56:29 ----D---- C:\rsit

2010-03-21 08:56:29 ----D---- C:\Program Files\trend micro

2010-03-11 11:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$

2010-03-08 10:23:38 ----A---- C:\bdlog.txt

2010-03-08 10:09:43 ----D---- C:\Documents and Settings\JM.JMD\Application Data\BitDefender

2010-03-08 10:09:43 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender

2010-03-08 09:55:11 ----D---- C:\WINDOWS\SxsCaPendDel

2010-02-24 12:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

 

======List of files/folders modified in the last 1 months======

 

2010-03-23 09:08:20 ----SD---- C:\WINDOWS\Tasks

2010-03-23 09:03:05 ----D---- C:\WINDOWS\Prefetch

2010-03-23 08:38:36 ----D---- C:\WINDOWS\system32

2010-03-23 08:38:35 ----D---- C:\WINDOWS\Temp

2010-03-23 07:08:10 ----D---- C:\WINDOWS\system32\CatRoot2

2010-03-23 07:07:56 ----D---- C:\WINDOWS\Registration

2010-03-23 07:06:26 ----D---- C:\WINDOWS

2010-03-22 20:21:59 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-03-22 20:21:19 ----A---- C:\WINDOWS\bdagent.INI

2010-03-22 16:56:27 ----HD---- C:\WINDOWS\inf

2010-03-21 19:54:29 ----D---- C:\WINDOWS\system32\dllcache

2010-03-21 19:54:24 ----D---- C:\WINDOWS\system32\drivers

2010-03-21 19:49:56 ----RD---- C:\Program Files

2010-03-21 19:45:15 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-03-21 17:14:56 ----D---- C:\Program Files\Java

2010-03-21 17:03:01 ----SHD---- C:\WINDOWS\Installer

2010-03-21 17:03:01 ----D---- C:\Config.Msi

2010-03-21 16:58:53 ----D---- C:\Program Files\Fichiers communs\Java

2010-03-21 16:50:52 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2010-03-21 16:48:53 ----D---- C:\Program Files\Fichiers communs\Adobe

2010-03-21 16:48:24 ----D---- C:\Program Files\Adobe

2010-03-21 15:47:59 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$

2010-03-20 18:53:15 ----D---- C:\Program Files\Internet Explorer

2010-03-20 14:36:50 ----A---- C:\WINDOWS\hppsapp.INI

2010-03-19 15:44:01 ----SHD---- C:\System Volume Information

2010-03-18 23:02:54 ----D---- C:\Program Files\Mozilla Firefox

2010-03-18 13:56:43 ----D---- C:\Program Files\eMule

2010-03-15 20:18:53 ----A---- C:\WINDOWS\QTW.INI

2010-03-15 16:51:36 ----D---- C:\WINDOWS\Debug

2010-03-11 11:27:51 ----D---- C:\Program Files\Movie Maker

2010-03-11 11:27:26 ----HD---- C:\WINDOWS\$hf_mig$

2010-03-09 08:03:43 ----D---- C:\WINDOWS\WinSxS

2010-03-08 10:09:43 ----D---- C:\Program Files\Fichiers communs\BitDefender

2010-03-08 10:09:43 ----D---- C:\Program Files\BitDefender

2010-03-02 14:23:00 ----D---- C:\WINDOWS\Minidump

2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe

2010-03-01 15:19:47 ----D---- C:\WINDOWS\system32\config

2010-03-01 15:19:24 ----D---- C:\WINDOWS\system32\wbem

2010-03-01 07:39:27 ----A---- C:\WINDOWS\ModemLog_SAGEM USB-Serial.txt

2010-02-24 12:02:37 ----D---- C:\WINDOWS\ie8updates

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]

R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-08-16 80640]

R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys []

R2 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2002-05-23 336896]

R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]

R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]

R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]

R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]

R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]

R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]

R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]

R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]

R2 hnmwrlspkt;HomeNet Manager Wireless Protocol; C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-14 13824]

R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]

R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-10-15 11136]

R2 wsppkt;Wireless Security Protocol; C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-07-14 13696]

R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]

R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2010-03-08 153448]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-10-19 110984]

R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys []

R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-08 3958272]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-20 1156648]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S2 HPFECP13;HPFECP13; C:\WINDOWS\System32\drivers\HPFECP13.SYS [1998-09-25 52800]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []

S3 E100B;Pilote de carte Intel ® PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]

S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []

S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []

S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys []

S3 ser2pl;SAGEM USB-Serial; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]

S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]

S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]

S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]

S4 atapi;Contrôleur de disque dur IDE/ESDI standard; C:\WINDOWS\system32\DRIVERS\atapi.sys [2008-04-13 96512]

S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]

S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]

S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [2007-10-11 51712]

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]

R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]

R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [2010-01-11 308552]

R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]

R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-11-12 71096]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-08 155715]

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-10-09 202544]

R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe [2010-03-08 1612616]

R2 WDDMService;WD SmartWare Drive Manager; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-09-04 98304]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S2 gupdate1c9e7b46125121e;Service Google Update (gupdate1c9e7b46125121e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-07 133104]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-07 183280]

S3 Arrakis3;BitDefender Serveur Arrakis; C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]

S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-05 1838592]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe []

S3 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe []

S3 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe []

S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe []

S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe []

S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[jm26]

Sur les conseils d'Apollo, en MP, je reprends les différentes étapes conseillées dimanche.

je post les différents rapports au fur et à mesure (si ça peut aider les nombreuses autres victimes de ce virus...)

, des fois que l'un des experts du site y détecte un gros probleme !

 

voici donc le rapport OTM

 

All processes killed

Error: Unable to interpret <Go> in the current context!

========== FILES ==========

File/Folder c:\windows\system32\wuaucldt.exe not found.

File/Folder C:\Log.txt not found.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: JM

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: JM.JMD

->Temp folder emptied: 2257130 bytes

->Temporary Internet Files folder emptied: 8807702 bytes

->Java cache emptied: 130084 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 1729 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 18444 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 3162721684 bytes

 

Total Files Cleaned = 3 027,00 mb

 

 

OTM by OldTimer - Version 3.1.10.1 log created on 03232010_092618

 

Files moved on Reboot...

File C:\Documents and Settings\JM.JMD\Local Settings\Temp\fla63.tmp not found!

C:\Documents and Settings\JM.JMD\Local Settings\Temp\~DF46B2.tmp moved successfully.

C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\J6U27ZW4\iframe[1].htm moved successfully.

C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\J6U27ZW4\infection-xp-security-tool-eh-oui-au-secours-t175005[1].htm moved successfully.

C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\G8X2ZNFR\hp[1].htm moved successfully.

C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\G8X2ZNFR\imgCAPFNJSR.htm moved successfully.

C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\G8X2ZNFR\rectangle_300x250[1].htm moved successfully.

C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\7UCHUYDQ\imgCA3BPTUM.htm moved successfully.

C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\7UCHUYDQ\povh[1].htm moved successfully.

C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\404BZ4N7\ads[8].htm moved successfully.

C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\Content.IE5\404BZ4N7\ban_728x90[1].htm moved successfully.

C:\Documents and Settings\JM.JMD\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

 

Registry entries deleted on Reboot...

[Apollo]

Re,

 

Je ne t'ai jamais dit de repasser OTM, cela ne va servir à rien.

 

Si tu veux être un jour être débarrassé de ton infection il va falloir me faire confiance; je t'ai dit d'utiliser ComboFix renommé, il faut le faire.

 

Je te redonne la procédure. Il n'y a rien à craindre tant que tu suis les instructions.

 

ComboFix ne doit pas être utilisé comme un outil de diagnostic, il ne doit être employé que sur demande expresse d'un conseiller formé à cet outil et sous son contrôle. Cet outil peut être dangereux!

 

Désactiver les protections (antivirus, firewall, antispyware).

 

Connecter les supports amovibles (clé usb et autres) avant de procéder.

 

TUTO Officiel

 

Fais un clic droit ICI

• Dans le menu qui se déroule, choisis "Enregistrer la cible du lien sous" (si tu utilises Firefox) et "Enregistrer la cible sous" (si tu utilises Internet Explorer)
  
• Une fenêtre va s'ouvrir: dans le champs Nom du fichier (en bas ), tape ceci panpan
  
• On va enregistrer ce fichier sur le Bureau: pour cela, sur le panneau de gauche, clique sur le Bureau.
   
  
• Clique enfin sur le bouton Enregistrer en bas de page à droite.
  
• Assure toi que tous les programmes sont fermés avant de lancer le fix!
  
• Fait un double clique sur panpan.
  
• Si la console de récupération n'est pas installée sur un XP, ComboFix va proposer de l'installer: Accepte!
  
• Clique sur Oui au message de Limitation de Garantie qui s'affiche.
  
• Il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sure: accepte!
  
• Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  
• Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
  

 

Si tu perds la connexion après le passage de ComboFix, voici comment la réparer ICI.

 

NB: Si malgré tout, tu ne parviens pas à réparer la connexion, lis ce sujet stp.

 

Si le message: "Tentative d'opération non autorisée sur une clé du Registre marquée pour suppression".

apparaissait, redémarrer le pc.

 

 

@++

[jm26]

OK, sorry ! j'avais mal compris ! Je pensais qu'il fallait reprendre la procédure de dimanche !

j'installe combofix et lance la procédure !

Merci et à + !

[jm26]

Je reponds depuis mon 2eme ordi de secours...

 

J'ai lancé combofix (désactivé bien sûr les protections de mon Bitdefender au préalable) mais il me signale que j'ai encore un scann actif en temps reel!

McAfee Virus Scan.

Il me dit de le désactiver avant de poursuivre puis d'appuyer sur OK.

Or, impossible de localiser Mc Affee sur mon ordi (je savais même pas que je l'avais. Il devait être installé à l'origine). IL n'est pas dans "programmes" et pas non plus ds "Ajouter ou supprimer des programmes"...

[Apollo]

Ce ne sont que des restes de Mc Afee, donc passe outre l'avertissement et poursuis la procédure avec ComboFix stp.

 

@++

[jm26]

D'ac !

[jm26]

Les fenetres XP security Tool ont toutes disparu !! Yeaah !!

 

le rapport combofix (maintenant, j'ai reactivé mon antivirus)

 

ComboFix 10-03-22.03 - JM 23/03/2010 10:39:28.1.2 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1540 [GMT 1:00]

Lancé depuis: c:\documents and settings\JM.JMD\Bureau\panpan.exe

AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: BitDefender Pare-feu *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\JM.JMD\Local Settings\Application Data\ave.exe

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\program files\INSTALL.LOG

c:\windows\AUTOLNCH.REG

c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd

F:\Autorun.inf

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-02-23 au 2010-03-23 ))))))))))))))))))))))))))))))))))))

.

 

2010-03-22 15:54 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-03-21 15:07 . 2010-03-21 15:07 -------- d-----w- C:\HJT

2010-03-21 13:37 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2010-03-21 13:37 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys

2010-03-21 10:13 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-21 10:13 . 2010-03-21 10:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-21 10:13 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-21 10:06 . 2010-03-21 10:06 -------- d-----w- c:\documents and settings\JM.JMD\Application Data\Malwarebytes

2010-03-21 10:05 . 2010-03-21 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-21 08:29 . 2010-03-21 08:29 -------- d-----w- C:\_OTM

2010-03-21 07:56 . 2010-03-23 08:18 -------- d-----w- c:\program files\trend micro

2010-03-21 07:56 . 2010-03-21 07:56 -------- d-----w- C:\rsit

2010-03-20 18:20 . 2010-03-20 18:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

2010-03-20 18:20 . 2010-03-20 18:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache

2010-03-18 22:03 . 2010-03-18 22:03 4 ----a-w- c:\windows\system32\aspdict-en.dat

2010-03-18 22:03 . 2010-03-18 22:03 16 ----a-w- c:\windows\system32\asdict.dat

2010-03-11 06:09 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-03-08 09:09 . 2010-03-08 09:13 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender

2010-03-08 09:09 . 2010-03-08 09:09 -------- d-----w- c:\documents and settings\JM.JMD\Application Data\BitDefender

2010-03-08 08:55 . 2010-03-08 08:57 -------- d-----w- c:\windows\SxsCaPendDel

2010-03-01 14:19 . 2010-03-01 14:19 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-21 16:14 . 2007-01-13 19:52 -------- d-----w- c:\program files\Java

2010-03-21 15:59 . 2010-03-21 15:59 61440 ----a-w- c:\documents and settings\JM.JMD\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-60861d1e-n\decora-sse.dll

2010-03-21 15:59 . 2010-03-21 15:59 503808 ----a-w- c:\documents and settings\JM.JMD\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54459339-n\msvcp71.dll

2010-03-21 15:59 . 2010-03-21 15:59 499712 ----a-w- c:\documents and settings\JM.JMD\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54459339-n\jmc.dll

2010-03-21 15:59 . 2010-03-21 15:59 348160 ----a-w- c:\documents and settings\JM.JMD\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54459339-n\msvcr71.dll

2010-03-21 15:59 . 2010-03-21 15:59 12800 ----a-w- c:\documents and settings\JM.JMD\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-60861d1e-n\decora-d3d.dll

2010-03-21 15:58 . 2007-01-13 19:52 -------- d-----w- c:\program files\Fichiers communs\Java

2010-03-21 15:48 . 2007-01-18 20:16 -------- d-----w- c:\program files\Fichiers communs\Adobe

2010-03-20 17:53 . 2010-03-20 17:53 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jasltw.dat

2010-03-19 16:49 . 2010-03-19 16:49 8 ----a-w- c:\documents and settings\LocalService\Application Data\jasltw.dat

2010-03-18 12:56 . 2007-02-02 20:51 -------- d-----w- c:\program files\eMule

2010-03-08 09:23 . 2009-12-07 17:49 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys

2010-03-08 09:23 . 2009-12-07 17:46 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys

2010-03-08 09:09 . 2008-03-09 17:21 -------- d-----w- c:\program files\BitDefender

2010-03-08 09:09 . 2008-03-09 17:17 -------- d-----w- c:\program files\Fichiers communs\BitDefender

2010-03-08 08:54 . 2007-01-17 19:15 81984 ----a-w- c:\windows\system32\bdod.bin

2010-03-01 06:36 . 2005-09-01 05:53 587998 ----a-w- c:\windows\system32\perfh00C.dat

2010-03-01 06:36 . 2005-09-01 05:53 111524 ----a-w- c:\windows\system32\perfc00C.dat

2010-02-18 16:24 . 2010-02-12 13:26 -------- d-----w- c:\program files\CDBurnerXP

2010-02-18 16:24 . 2010-02-18 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited

2010-02-17 15:26 . 2007-08-23 05:41 -------- d-----w- c:\documents and settings\JM.JMD\Application Data\dvdcss

2010-02-13 14:51 . 2007-01-13 19:58 -------- d-----w- c:\program files\Corel

2010-02-13 14:51 . 2007-01-13 19:58 -------- d-----w- c:\program files\Fichiers communs\Corel

2010-02-13 14:48 . 2007-01-23 17:10 8348 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-02-13 14:48 . 2007-01-19 14:11 -------- d-----w- c:\documents and settings\JM.JMD\Application Data\Corel

2010-02-13 14:45 . 2007-01-23 17:10 88 --sh--r- c:\windows\system32\424FC76198.sys

2010-02-12 13:26 . 2010-02-12 13:26 -------- d-----w- c:\documents and settings\JM.JMD\Application Data\Canneverbe Limited

2010-01-29 07:22 . 2007-02-19 11:53 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-12-31 16:50 . 2008-09-21 16:49 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-01-05 09:17 . 2009-01-05 09:17 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2007-06-07 13:25 . 2007-02-20 06:41 88 --sh--r- c:\windows\system32\C5C853F8AD.sys

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 202544]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-08 7630848]

"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 202544]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]

"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-01-20 1120704]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\JM.JMD\Menu D‚marrer\Programmes\D‚marrage\

syspck32.exe [2008-4-14 29184]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2007-10-11 06:45 31232 ----a-w- c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2005-10-05 03:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-10-09 17:57 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

2006-11-17 11:45 18944 ----a-w- c:\dell\E-Center\EULALauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-09-29 14:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2006-07-06 07:15 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

"10426:UDP"= 10426:UDP:SingleClick ICC

 

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [31/05/2007 13:51 9088]

R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [22/09/2009 08:22 83208]

R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [31/05/2007 13:51 336896]

R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [14/07/2006 02:01 13824]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [04/09/2009 15:22 98304]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 09:58 20480]

R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [14/07/2006 02:02 13696]

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [07/12/2009 18:46 153448]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [19/10/2009 16:04 110984]

S2 gupdate1c9e7b46125121e;Service Google Update (gupdate1c9e7b46125121e);c:\program files\Google\Update\GoogleUpdate.exe [07/06/2009 22:10 133104]

S2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [25/09/1998 09:55 52800]

S3 Arrakis3;BitDefender Serveur Arrakis;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19/10/2009 16:06 183880]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/12/2009 12:00 11520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

.

Contenu du dossier 'Tâches planifiées'

 

2010-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

 

2010-03-23 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-05 21:09]

 

2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 21:09]

 

2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 21:09]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://desktop.google.com/uninstall-feedback.html?hl=fr

uInternet Settings,ProxyOverride = localhost

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - hxxp://www3.snapfish.fr/SnapfishActivia2.cab

DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} - hxxp://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab

FF - ProfilePath - c:\documents and settings\JM.JMD\Application Data\Mozilla\Firefox\Profiles\jtfqp52a.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-23 10:48

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'explorer.exe'(1936)

c:\windows\system32\msls31.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe

c:\windows\system32\CTsvcCDA.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\stsystra.exe

c:\windows\system32\dllhost.exe

.

**************************************************************************

.

Heure de fin: 2010-03-23 10:54:42 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-03-23 09:54

 

Avant-CF: 135 003 975 680 octets libres

Après-CF: 134 874 791 936 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

 

- - End Of File - - 6360FC86A04610EF2406E6E0BD932D22

[Apollo]

Re,

 

Ben tiens, tu vois bien qu'il n'y avait pas de raison d'avoir la frousse.

 

Ce qu'on n'aime pas, ce sont les gens qui utilisent ComboFix à tort et à travers et surtout n'importe comment et sans qu'on leur ait demandé surtout!

 

De plus cela nous prive de pas mal de renseignements.

 

Ton Bit Defender c'est le gratuit ou tu as acheté le logiciel? Si c'est le gratuit je te proposerai de le remplacer par un plus performant.

 

Fais un nouveau log Hijackthis stp.

 

@++