Salut, voilà ce que j'ai réussit à faire.
Pour virustotal, je n'ai pas réussit à trouver les 2 fichiers.
Pour Toolbar-S&D, voici le rapport:
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz )
BIOS : Default System BIOS
USER : Marcel ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Activated)
Firewall : Bitdefender Firewall 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total:372 Go (Free:149 Go)
D:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 17/01/2009|16:07 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\AskSBar\bar
Supprime! - C:\Program Files\AskSBar\SrchAstt
Supprime! - C:\DOCUME~1\Marcel\APPLIC~1\Dealio\dinstallhelper.C711EE352E414BC09E46039FBDCE450C.dll
Supprime! - C:\Program Files\AskSBar
Supprime! - C:\DOCUME~1\Marcel\APPLIC~1\Dealio
Supprime! - C:\Program Files\P2P_Torrent
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(Marcel) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://fr.msn.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Marcel\Application Data\uTorrent\Grand Theft Auto 4 GTA 4 keygen FIXED Play Online PC.torrent
C:\DOCUME~1\Marcel\Application Data\uTorrent\GTA 4 - Grand Theft Auto 4 - Crack Activation (Bugs Fixed).torrent
C:\DOCUME~1\Marcel\Application Data\uTorrent\GTA IV 4 no DVD Crack.torrent
C:\DOCUME~1\Marcel\Application Data\uTorrent\GTA IV Crack NoCD working.exe.torrent
C:\DOCUME~1\Marcel\Application Data\uTorrent\GTA IV Reloaded Crack Only-Razor1911.torrent
C:\DOCUME~1\Marcel\Application Data\uTorrent\PES 2009 [CRACK].torrent
C:\DOCUME~1\Marcel\Application Data\uTorrent\Pro Evolution Soccer 2009 CRACK ONLY-RELOADED.torrent
C:\DOCUME~1\Marcel\Application Data\uTorrent\Pro Evolution Soccer 2009 CRACK.torrent
C:\DOCUME~1\Marcel\Application Data\uTorrent\WinRAR 2008 + crack.rar.torrent
C:\DOCUME~1\Marcel\Application Data\uTorrent\[NTi]_Star_Wars_Empire_At_War_KEYGEN_REPACK-SUSPECTS.torrent
C:\DOCUME~1\Marcel\Bureau\GTA IV\GTA_IV_Final_Crack_by_Fox
C:\DOCUME~1\Marcel\Bureau\GTA IV\GTA_IV_Final_Crack_by_Fox.rar
C:\DOCUME~1\Marcel\Bureau\GTA IV\GTA_IV_Final_Crack_by_Fox\Crack gta 4 by Fox.txt
C:\DOCUME~1\Marcel\Bureau\GTA IV\GTA_IV_Final_Crack_by_Fox\LaunchGTAIV.exe
C:\DOCUME~1\Marcel\Bureau\GTA IV\GTA_IV_Final_Crack_by_Fox\paul.dll
C:\DOCUME~1\Marcel\Mes documents\Assassin's Creed\crack
C:\DOCUME~1\Marcel\Mes documents\Assassin's Creed\crack\AssassinsCreed_Dx10.exe
C:\DOCUME~1\Marcel\Mes documents\Assassin's Creed\crack\AssassinsCreed_Dx9.exe
1 - "C:\ToolBar SD\TB_1.txt" - 17/01/2009|16:08 - Option : [2]
-----------\\ Fin du rapport a 16:08:40,32
Ensuite pour HijackThis, j'ai suivit tes instructions mais je n'ai pus trouver que la case...
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
...a coché, les autres étant absentes.
Pour les 2 références, je n'ai rien compris.^^
La manipulation avec ComboFix, voila le rapport:
ComboFix 09-01-13.04 - Marcel 2009-01-17 16:25:59.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2030.1577 [GMT 1:00]
Lancé depuis: c:\documents and settings\Marcel\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Marcel\Bureau\CFscript.txt
AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated)
FW: Bitdefender Firewall *disabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\InfoSat.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-17 au 2009-01-17 ))))))))))))))))))))))))))))))))))))
.
2009-01-17 16:05 . 2009-01-17 16:08 <REP> d-------- C:\ToolBar SD
2009-01-16 13:25 . 2009-01-16 13:25 <REP> d-------- c:\program files\Trend Micro
2009-01-14 19:31 . 2009-01-14 19:31 <REP> d-------- c:\program files\Alwil Software
2009-01-13 18:04 . 2009-01-13 18:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-01-12 22:24 . 2009-01-12 22:24 <REP> d-------- c:\program files\XnView
2009-01-12 22:24 . 2009-01-12 22:49 <REP> d-------- c:\documents and settings\Marcel\Application Data\XnView
2009-01-12 22:18 . 2009-01-12 22:22 <REP> d-------- c:\documents and settings\Marcel\.gimp-2.6
2009-01-12 22:18 . 2009-01-12 22:18 <REP> d-------- c:\documents and settings\Marcel\.gegl-0.0
2009-01-12 22:07 . 2009-01-12 22:07 <REP> d-------- c:\documents and settings\Marcel\Application Data\EPSON
2009-01-09 13:49 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2009-01-09 13:49 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2009-01-09 13:49 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2009-01-09 13:49 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2009-01-09 13:49 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2009-01-09 13:49 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2009-01-09 13:49 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2009-01-09 13:49 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2009-01-07 16:07 . 2009-01-16 22:24 <REP> d-------- c:\windows\system32\CatRoot2
2008-12-29 13:13 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-12-29 13:13 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-12-29 13:13 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-12-29 13:13 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-12-29 13:13 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-12-29 13:13 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-12-29 13:13 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-12-29 12:32 . 2008-12-29 15:20 <REP> d-------- c:\program files\Rockstar Games
2008-12-28 13:29 . 2008-12-28 13:29 <REP> d-------- c:\program files\Fichiers communs\xing shared
2008-12-28 13:28 . 2008-12-28 13:28 <REP> d-------- c:\program files\Real
2008-12-28 11:17 . 2008-12-28 11:17 <REP> d-------- c:\program files\Nobilis
2008-12-22 18:11 . 2008-12-28 13:29 <REP> d-------- c:\program files\Fichiers communs\Real
2008-12-21 10:54 . 2008-12-22 18:09 <REP> d-------- c:\program files\WiFiConnector(2)
2008-12-19 17:34 . 2008-12-19 17:34 <REP> d-------- c:\windows\Logs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 15:27 81,984 ----a-w c:\windows\system32\bdod.bin
2009-01-17 15:07 --------- d-----w c:\documents and settings\Marcel\Application Data\uTorrent
2009-01-17 15:07 --------- d-----w c:\documents and settings\Marcel\Application Data\foobar2000
2009-01-17 12:11 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-17 12:11 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-17 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-12 15:29 --------- d-----w c:\documents and settings\Marcel\Application Data\LimeWire
2009-01-12 15:23 --------- d-----w c:\program files\eChanblard
2009-01-07 19:55 --------- d-----w c:\program files\Google
2009-01-03 21:34 --------- d-----w c:\documents and settings\jean-michel\Application Data\LimeWire
2009-01-01 19:51 --------- d-----w c:\documents and settings\Marcel\Application Data\Xfire
2009-01-01 19:50 --------- d-----w c:\program files\Xfire
2008-12-27 16:34 --------- d-----w c:\program files\Steam
2008-12-23 08:53 68,513 ----a-w c:\windows\system32\wcfsxzmsivtuak.dll-uninst.exe
2008-12-22 17:11 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-12-22 17:10 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-22 17:09 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-22 16:09 --------- d-----w c:\documents and settings\jean-michel\Application Data\Pro Cycling Manager 2008
2008-12-19 16:23 --------- d-----w c:\documents and settings\Marcel\Application Data\Thinstall
2008-12-11 20:37 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-06 10:43 --------- d-----w c:\documents and settings\All Users\Application Data\KONAMI
2008-12-05 20:48 472,576 ----a-w c:\windows\uninstall.exe
2008-12-02 11:53 --------- d-----w c:\documents and settings\jean-michel\Application Data\Petroglyph
2008-11-30 20:12 --------- d-----w c:\documents and settings\Marcel\Application Data\Petroglyph
2008-11-30 18:51 --------- d-----w c:\program files\LucasArts
2008-11-26 16:38 --------- d-----w c:\documents and settings\Marcel\Application Data\dvdcss
2008-11-25 22:01 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-25 21:05 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-11-25 20:58 22,328 ----a-w c:\documents and settings\Marcel\Application Data\PnkBstrK.sys
2008-11-25 14:27 22,328 ----a-w c:\documents and settings\jean-michel\Application Data\PnkBstrK.sys
2008-11-23 11:46 --------- d-----w c:\documents and settings\Marcel\Application Data\Leadertech
2008-11-22 18:09 --------- d-----w c:\documents and settings\Marcel\Application Data\Capcom
2008-11-20 17:37 --------- d-----w c:\documents and settings\jean-michel\Application Data\Capcom
2008-11-18 16:51 --------- d-----w c:\documents and settings\jean-michel\Application Data\uTorrent
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-17 00:48 3,593,216 ----a-w c:\windows\system32\SETEF.tmp
2008-09-11 09:24 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091120080912\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-15_11.39.14.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-17 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-16 368640]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-12-28 185872]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu(tm)\\game.dat"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\eChanblard\\emule.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2008\\PCM.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2008\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Steam\\SteamApps\\valviel\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\valviel\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\valviel\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Documents and Settings\\Marcel\\Bureau\\JEUX\\pes2009.exe"=
"c:\\Documents and Settings\\jean-michel\\Bureau\\JEUX\\pes2009.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"29938:TCP"= 29938:TCP:emuleTCP
"45570:TCP"= 45570:TCP:emuleUDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2008-07-08 3468904]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-16 111184]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-09-09 86792]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-16 20560]
S4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - PNKBSTRB
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'
2009-01-17 c:\windows\Tasks\A9E03F2D91D7B00D.job
- c:\docume~1\marcel\applic~1\32axis\keep link does.exe []
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CAC283EF-04EA-4CE1-96D7-EFD0326FD59A} = 80.118.192.101,80.118.196.40
c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
FF - ProfilePath - c:\documents and settings\Marcel\Application Data\Mozilla\Firefox\Profiles\fwne3nd7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - uStart
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 16:27:23
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-448539723-1801674531-725345543-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-448539723-1801674531-725345543-1007\Software\SecuROM\License information*]
"datasecu"=hex:17,33,8e,97,7c,39,6e,37,82,0a,50,e0,93,c4,d0,cb,89,3b,93,8d,28,
58,58,9c,8f,6e,b1,6d,c5,c1,21,f5,2f,42,3a,ca,06,24,dc,91,21,67,5b,c2,d0,17,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Heure de fin: 2009-01-17 16:28:42
ComboFix-quarantined-files.txt 2009-01-17 15:28:40
ComboFix2.txt 2009-01-15 10:39:54
Avant-CF: 161 716 801 536 octets libres
Après-CF: 161,738,428,416 octets libres
222 --- E O F --- 2009-01-17 08:47:14
Puis voila le dernier rapport de Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:53:10, on 17/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAC283EF-04EA-4CE1-96D7-EFD0326FD59A}: NameServer = 80.118.192.101,80.118.196.40
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
End of file - 8314 bytes
En attente d'une réponse. A bientôt. Merci de votre aide.
Aavm erreur rpc