[RESOLU] Imposible de supprimer TR/Vundo.Gen message alerte de antivir - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 




Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : [RESOLU] Imposible de supprimer TR/Vundo.Gen message alerte de antivir
 
Profil : IDNaute
Plus d'informations

Bonjour,

J'ai Avira antivir comme Anti virus, et au démarrage de mon PC, j'ai un message d'alerte trojan TR/Vundo.Gen
J'ai essayé divers solutions sans succes.
J'ai beaucoup de problème pour faire fonctionner mon PC, notamment pour lancer Windows, je suis obligé d'utiliser le gestionnaire de tache et lancer une nouvelle tache 'Explorer'.Je n'ose pas désactiver antivir guard.

Si quelqu'un pouvait m'aider à résoudre ce problème.

Lesteph77


Message édité par Lesteph77 le 11-07-2008 à 14:06:14
Liens sponsorisés


Inscrivez-vous ou connectez-vous pour masquer ceci.

Profil : Helper
Plus d'informations

Bonjour,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur "Do a system scan and save a logfile".
  • Poste ici[ le rapport généré.


Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

Aide : Comment utiliser HijackThis.


---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité/Prévention
Profil : IDNaute
Plus d'informations

Bonjour,

Merci pour l'aide. Désolé hier j'étais de sortie (Moto). Voici le rapport. Par contre je ne sais pas si c'est lié, mis je impossible de démarrer IE ou FireFox. Donc je le fais via mon iMac.

Par avance merci
Lesteph77

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19: VIRUS ALERT!, on 07/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.macbidouille.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.setec.fr:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.tpi.setec.fr;192.168.4.*;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3F498E0D-E504-42CB-AE2C-A9F0B5417EDC} - (no file)
O2 - BHO: (no name) - {41B93EB1-608A-465B-A1F0-EA1DFEC3E247} - C:\WINDOWS\system32\geBQKdBt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1EA62C-66E3-4F78-83E8-2965CA32DB99} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B489343F-A8F3-439A-B535-6AD8DE16B431} - C:\WINDOWS\system32\geBuRKay.dll (file missing)
O2 - BHO: (no name) - {C3AF4B1A-08FD-4F74-A088-1E4603E2CAE9} - (no file)
O2 - BHO: (no name) - {E3164983-84CE-4C60-A9FA-845DE3DB0C31} - C:\WINDOWS\system32\jkkjhijj.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {A60C6234-48AB-4295-B542-24F8679FA15C} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [68d70034] rundll32.exe "C:\WINDOWS\system32\ichqsnew.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE R�SEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la s�lection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la s�lection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens s�lectionn�s en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens s�lectionn�s en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://web.tpi.setec.fr
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/d [...] csxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 8156430453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contr�leur de DownloadManager) - http://dlm.tools.akamai.com/dlmana [...] .2.1.6.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tpi.setec.fr
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = tpi.setec.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = tpi.setec.fr
O20 - Winlogon Notify: geBQKdBt - C:\WINDOWS\SYSTEM32\geBQKdBt.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
O23 - Service: Assistant Retrospect (Retrospect Helper) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe

--
End of file - 15959 bytes

Profil : Helper
Plus d'informations

Ne t'inquiète pas, rien ne presse, on a tous une vie en dehors.
Très agréables les ballades en moto, j'espère qu'il faisait beau :p

Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.


Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.


---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité/Prévention
Profil : IDNaute
Plus d'informations

Super la balade, pas de pluie, mais beaucoup de vent.
Sinon je n'arrive pas à arrêter AntiVir :(

Pour le reste j'ai charger ComboFix, je fais le scan dès que j'ai réussis à arrêter AntiVir et je te passe ça dès que c'est fini.
A+

Profil : Helper
Plus d'informations

Clique droit sur l'icône d'AntiVir dans la zone de notification (systray) à côté de la barre des tâches, décoche "AntiVir Guard enable"


---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité/Prévention
Profil : IDNaute
Plus d'informations

Voici le rapport de ComboFix :
ComboFix 08-07-05.1 - BUREAU 2008-07-07 16:52:26.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2633 [GMT 2:00]
Endroit: F:\ComboFix.exe
* CrÈation d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE R…CUP…RATION N'EST PAS INSTALL…E SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\BUREAU\Local Settings\Application Data\beebcfzcxz.dat
C:\Documents and Settings\BUREAU\Local Settings\Application Data\beebcfzcxz_nav.dat
C:\Documents and Settings\BUREAU\Local Settings\Application Data\beebcfzcxz_navps.dat
C:\Documents and Settings\BUREAU\Local Settings\Temporary Internet Files\cpal.err
C:\Documents and Settings\BUREAU\Local Settings\Temporary Internet Files\plot.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\gfetqaxsxqs.dll
C:\WINDOWS\system32\aKlmnnpo.ini
C:\WINDOWS\system32\aKlmnnpo.ini2
C:\WINDOWS\system32\baulcmmp.ini
C:\WINDOWS\system32\byXRjjHY.dll
C:\WINDOWS\system32\geBQKdBt.dll
C:\WINDOWS\system32\ihutjtgg.ini
C:\WINDOWS\system32\iifdayaa.dll
C:\WINDOWS\system32\jjihjkkj.ini
C:\WINDOWS\system32\jjihjkkj.ini2
C:\WINDOWS\system32\jkkjhijj.dll
C:\WINDOWS\system32\khfDuSjI.dll
C:\WINDOWS\system32\trsbtyyr.ini
C:\WINDOWS\system32\wensqhci.ini
C:\WINDOWS\system32\yaKRuBeg.ini
C:\WINDOWS\system32\yaKRuBeg.ini2
C:\WINDOWS\system32\ymnxncjh.ini
C:\WINDOWS\system32\zlib.dll

.
((((((((((((((((((((((((((((( Fichiers crÇÇs 2008-06-07 to 2008-07-07 ))))))))))))))))))))))))))))))))))))
.

2008-07-07 17:00 . 2008-07-07 17:00 <REP> d-------- C:\TEMP\WPDNSE
2008-07-07 17:00 . 2008-07-07 17:00 53,248 --a------ C:\TEMP\catchme.dll
2008-07-07 12:10 . 2008-07-07 12:16 <REP> d-------- C:\Program Files\Spyware Doctor
2008-07-07 12:10 . 2008-07-07 12:10 <REP> d-------- C:\Documents and Settings\BUREAU\Application Data\PC Tools
2008-07-07 12:10 . 2008-07-07 12:36 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-07 12:10 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-07 12:10 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-07 12:10 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-07 12:10 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-05 22:35 . 2008-07-05 22:38 <REP> d-------- C:\WINDOWS\OvtCam
2008-07-05 20:41 . 2008-07-05 20:41 <REP> d-------- C:\Program Files\Trend Micro
2008-07-04 18:18 . 2008-07-04 18:18 <REP> d-------- C:\VundoFix Backups
2008-06-28 14:26 . 2008-06-28 14:27 <REP> d-------- C:\Program Files\RegCleaner
2008-06-28 14:13 . 2008-06-28 14:13 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-28 12:05 . 2008-06-28 12:21 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-28 12:05 . 2008-06-28 12:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-27 22:57 . 2008-06-27 22:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-27 22:46 . 2008-06-27 22:48 <REP> d-------- C:\Documents and Settings\BUREAU\Application Data\GetRightToGo
2008-06-19 17:29 . 2008-06-19 17:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-14 19:13 . 2008-06-14 19:13 <REP> d-------- C:\Program Files\EA GAMES
2008-06-12 21:51 . 2008-06-12 22:19 32 --a------ C:\config.cfg
2008-06-10 22:58 . 2008-06-10 22:58 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-06-10 22:53 . 2008-06-10 22:53 <REP> d-------- C:\Program Files\Fichiers communs\LogiShared
2008-06-10 22:52 . 2007-04-23 04:00 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-06-10 22:52 . 2007-04-23 04:00 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-06-10 22:52 . 2007-04-23 04:00 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-06-10 22:52 . 2007-04-23 04:00 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-06-10 22:51 . 2008-06-10 22:51 <REP> d-------- C:\Program Files\Logitech
2008-06-10 22:45 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 13:00 . 2008-06-08 15:49 <REP> d-------- C:\Documents and Settings\BUREAU\amsn
2008-06-07 12:59 . 2008-06-07 12:59 <REP> d-------- C:\Program Files\aMSN

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 13:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-07-07 07:26 --------- d-----w C:\Program Files\LogMeIn
2008-07-06 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-03 15:44 --------- d-----w C:\Program Files\AutoCAD 2008
2008-06-25 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Retrospect
2008-06-20 17:36 --------- d-----w C:\Program Files\Garmin
2008-06-18 10:41 --------- d-----w C:\Program Files\Java
2008-06-15 22:47 --------- d-----w C:\Program Files\adslTV
2008-06-15 19:49 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\vlc
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 20:34 --------- d-----w C:\Program Files\Google
2008-06-10 20:52 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-06-10 20:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-10 20:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-06-02 08:26 --------- d-----w C:\Program Files\Fichiers communs\Adobe AIR
2008-06-02 08:26 --------- d-----w C:\Program Files\Adobe Media Player
2008-06-01 13:28 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\PC Suite
2008-05-30 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-05-30 09:43 --------- d-----w C:\Program Files\Nokia
2008-05-30 09:43 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-05-30 09:43 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-05-30 09:42 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-05-30 07:33 --------- d-----w C:\Program Files\Apple Software Update
2008-05-30 01:51 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\Nokia Multimedia Player
2008-05-30 01:31 --------- d-----w C:\Program Files\iTunes
2008-05-30 01:31 --------- d-----w C:\Program Files\iPod
2008-05-30 01:30 --------- d-----w C:\Program Files\QuickTime
2008-05-29 23:10 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\Nokia
2008-05-29 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-05-29 19:50 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-27 21:08 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\GARMIN
2008-05-26 20:10 --------- d-----w C:\Program Files\HP
2008-05-23 08:29 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
2008-05-15 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-15 15:32 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\Autodesk
2008-05-15 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-05-15 11:52 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2008-05-15 11:52 --------- d-----w C:\Program Files\AutoCAD 2009
2008-05-15 11:42 --------- d-----w C:\Program Files\MSBuild
2008-05-15 11:40 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-15 11:38 --------- d-----w C:\Program Files\Autodesk
2008-05-15 10:24 --------- d-----w C:\Program Files\Broadcom
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2006-05-29 14:40 7,296,000 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2007-08-09 12:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 12:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2007-09-03 14:00 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat
2007-09-03 14:00 32,768 --sha-w C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
2007-09-03 14:00 16,384 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat
.

------- Sigcheck -------

2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\svchost.exe
2004-08-05 12:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\svchost.exe
2004-08-05 12:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\dllcache\svchost.exe

2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ws2_32.dll
2004-08-05 12:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll
2004-08-05 12:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\dllcache\ws2_32.dll

2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\winlogon.exe
2004-08-05 12:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\winlogon.exe
2004-08-05 12:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\dllcache\winlogon.exe

2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ndis.sys
2004-08-05 12:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-05 12:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ip6fw.sys
2004-08-05 12:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-05 12:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\services.exe
2004-08-05 12:00 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\system32\services.exe
2004-08-05 12:00 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\system32\dllcache\services.exe

2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\lsass.exe
2004-08-05 12:00 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\system32\lsass.exe
2004-08-05 12:00 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\system32\dllcache\lsass.exe

2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ctfmon.exe
2004-08-05 12:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\ctfmon.exe
2004-08-05 12:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ÇlÇments vides & les ÇlÇments initiaux lÇgitimes ne sont pas listÇs

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-27 21:11 68856]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-28 19:05 8429568]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-11-07 05:20 122940]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 16:32 823296]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 16:30 974848]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"NDPS"="C:\WINDOWS\system32\dpmw32.exe" [2004-05-17 15:27 32859]
"iPrint Tray"="C:\WINDOWS\system32\iprntctl.exe" [2005-06-28 14:50 40960]
"ZENRC Tray Icon"="C:\WINDOWS\system32\zentray.exe" [2005-05-18 17:04 40960]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-17 15:16 185632]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 12:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-04-28 19:05 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-04-28 19:05 67584 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="NvMCTray.dll" [2007-04-28 19:05 81920 C:\WINDOWS\system32\nvmctray.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 11:37 28672 C:\WINDOWS\system32\nwtray.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2005-01-10 13:36 24576 C:\WINDOWS\system32\novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Novell\\GroupWise\\grpwise.exe"=
"C:\\Novell\\GroupWise\\notify.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 nipplpt2;Novell iCapture Lpt Redirector 2;C:\WINDOWS\system32\drivers\nipplpt.sys [2005-07-29 09:44]
R2 ASFIPmon;Broadcom ASF IP Monitor;C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2005-10-18 17:11]
R2 BcmSqlStartupSvc;Service de dÈmarrage SQL Server pour le Gestionnaire de contacts professionnels;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 10:46]
R2 BlankScr;HBDevice;C:\WINDOWS\system32\drivers\BlankScr.sys [2005-05-23 14:47]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2005-07-11 11:33]
R2 XTAgent;Novell XTier Agent Services;C:\WINDOWS\System32\Novell\XTAgent.exe [2005-01-10 13:36]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-03-27 15:02]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 05:29]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
S3 PD1030VID;Creative WebCam Pro;C:\WINDOWS\system32\DRIVERS\P1030Vid.sys [2002-05-21 02:00]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2e2fa45-ad40-11dc-8776-001641b550c0}]
\Shell\Auto\command - uayyektdm.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL uayyektdm.exe

.
Contenu du dossier 'Scheduled Tasks/TÉches planifiÇes'
"2008-07-03 14:15:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{3F498E0D-E504-42CB-AE2C-A9F0B5417EDC} - (no file)
BHO-{41B93EB1-608A-465B-A1F0-EA1DFEC3E247} - (no file)
BHO-{8E1EA62C-66E3-4F78-83E8-2965CA32DB99} - (no file)
BHO-{B489343F-A8F3-439A-B535-6AD8DE16B431} - C:\WINDOWS\system32\geBuRKay.dll
BHO-{C3AF4B1A-08FD-4F74-A088-1E4603E2CAE9} - (no file)
Toolbar-{A60C6234-48AB-4295-B542-24F8679FA15C} - (no file)
HKLM-Run-68d70034 - C:\WINDOWS\system32\ichqsnew.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 17:00:19
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachÇs ...

Balayage cachÇ autostart entries ...

Balayage des fichiers cachÇs ...

Scan terminÇ avec succäs
Les fichiers cachÇs: 0

**************************************************************************
.
--------------------- DLLs a chargÇ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\xmlparse.dll
-> C:\WINDOWS\system32\NWSHLXNT.dll
-> C:\WINDOWS\system32\NLS\FRANCAIS\NWSHLXNR.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Novell\ZENworks\WM.EXE
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-07 17:04:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-07 15:04:17

Pre-Run: 48,590,659,584 octets libres
Post-Run: 49,556,668,416 octets libres

315 --- E O F