Virus inquiétants, que dois je faire
Résolu
mauricette93
Messages postés
114
Date d'inscription
Statut
Membre
Dernière intervention
-
moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention -
moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
j'ai été sur un site peu recommandé, site de sexe pour être précise, je n'ai pas d'anti virus et là, c'est la catastrophe
mon fond d'écran a changé, il me signale en gros "your system is infected"
une application security essential 2010 a fait sont apparition en me scannant mon pc et en trouvant des trojans , mais il faut une clé d'activation pour les supprimer ... le tout est en anglais
impossible d'ouvrir le gestionnaire des taches
impossible de faire une restauration système "the file is infected"
je ne sais pas du tout quoi faire, et je panique un peu
merci pour vos réponses rapides
à bientot
j'ai été sur un site peu recommandé, site de sexe pour être précise, je n'ai pas d'anti virus et là, c'est la catastrophe
mon fond d'écran a changé, il me signale en gros "your system is infected"
une application security essential 2010 a fait sont apparition en me scannant mon pc et en trouvant des trojans , mais il faut une clé d'activation pour les supprimer ... le tout est en anglais
impossible d'ouvrir le gestionnaire des taches
impossible de faire une restauration système "the file is infected"
je ne sais pas du tout quoi faire, et je panique un peu
merci pour vos réponses rapides
à bientot
A voir également:
- Virus inquiétants, que dois je faire
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Altruistic virus ✓ - Forum Antivirus
80 réponses
c:\windows\system32\BnYmmZO5So.dll
Le fichier a déjà été analysé:
MD5: 9aebd8eaed5813fbb37e04634b4b8dab
First received: 2010.02.15 01:35:02 UTC
Date 2010.02.19 00:11:00 UTC [<1D]
Résultats 10/41
Permalink: analisis/5c0bee0e7b0aabb1344e6453f4671279e4c028143fa6c466a3a50a1ec30993bb-1266538260
-----------------------------------------------------------------
c:\windows\system32\drivers\yiwdy.sys
0 bytes size received / Se ha recibido un archivo vacio
-----------------------------------------------------------------
c:\documents and settings\NetworkService\Application Data\cqfyto.dat
Fichier cqfyto.dat reçu le 2010.02.19 12:21:00 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/41 (0%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.02.19 -
AhnLab-V3 5.0.0.2 2010.02.19 -
AntiVir 8.2.1.170 2010.02.19 -
Antiy-AVL 2.0.3.7 2010.02.19 -
Authentium 5.2.0.5 2010.02.19 -
Avast 4.8.1351.0 2010.02.19 -
AVG 9.0.0.730 2010.02.19 -
BitDefender 7.2 2010.02.19 -
CAT-QuickHeal 10.00 2010.02.19 -
ClamAV 0.96.0.0-git 2010.02.19 -
Comodo 3990 2010.02.19 -
DrWeb 5.0.1.12222 2010.02.19 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7313 2010.02.19 -
F-Prot 4.5.1.85 2010.02.18 -
F-Secure 9.0.15370.0 2010.02.19 -
Fortinet 4.0.14.0 2010.02.18 -
GData 19 2010.02.19 -
Ikarus T3.1.1.80.0 2010.02.19 -
Jiangmin 13.0.900 2010.02.19 -
K7AntiVirus 7.10.977 2010.02.18 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5896 2010.02.18 -
McAfee+Artemis 5896 2010.02.18 -
McAfee-GW-Edition 6.8.5 2010.02.19 -
Microsoft 1.5406 2010.02.18 -
NOD32 4879 2010.02.19 -
Norman 6.04.08 2010.02.19 -
nProtect 2009.1.8.0 2010.02.19 -
Panda 10.0.2.2 2010.02.19 -
PCTools 7.0.3.5 2010.02.19 -
Prevx 3.0 2010.02.19 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.19 -
Sunbelt 5686 2010.02.19 -
Symantec 20091.2.0.41 2010.02.19 -
TheHacker 6.5.1.5.201 2010.02.19 -
TrendMicro 9.120.0.1004 2010.02.19 -
VBA32 3.12.12.2 2010.02.18 -
ViRobot 2010.2.19.2194 2010.02.19 -
VirusBuster 5.0.27.0 2010.02.19 -
Information additionnelle
File size: 16 bytes
MD5...: c3d7db570c66140f4ead6be8929c852f
SHA1..: ee59af118bd08d7c0eca9b7ce6c2b54d40ee0fbc
SHA256: d10ac0d6c29792f4f9ab44db5edc88c001c1a92f3c00df6e932e6bda34f2ced0
ssdeep: 3:IuTvbh:IuTDh
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
-----------------------------------------------------------------
c:\windows\system32\50CD937434.sys
Fichier 50CD937434.sys reçu le 2010.02.19 12:24:16 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/41 (0%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.02.19 -
AhnLab-V3 5.0.0.2 2010.02.19 -
AntiVir 8.2.1.170 2010.02.19 -
Antiy-AVL 2.0.3.7 2010.02.19 -
Authentium 5.2.0.5 2010.02.19 -
Avast 4.8.1351.0 2010.02.19 -
AVG 9.0.0.730 2010.02.19 -
BitDefender 7.2 2010.02.19 -
CAT-QuickHeal 10.00 2010.02.19 -
ClamAV 0.96.0.0-git 2010.02.19 -
Comodo 3990 2010.02.19 -
DrWeb 5.0.1.12222 2010.02.19 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7313 2010.02.19 -
F-Prot 4.5.1.85 2010.02.19 -
F-Secure 9.0.15370.0 2010.02.19 -
Fortinet 4.0.14.0 2010.02.18 -
GData 19 2010.02.19 -
Ikarus T3.1.1.80.0 2010.02.19 -
Jiangmin 13.0.900 2010.02.19 -
K7AntiVirus 7.10.977 2010.02.18 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5896 2010.02.18 -
McAfee+Artemis 5896 2010.02.18 -
McAfee-GW-Edition 6.8.5 2010.02.19 -
Microsoft 1.5406 2010.02.18 -
NOD32 4879 2010.02.19 -
Norman 6.04.08 2010.02.19 -
nProtect 2009.1.8.0 2010.02.19 -
Panda 10.0.2.2 2010.02.19 -
PCTools 7.0.3.5 2010.02.19 -
Prevx 3.0 2010.02.19 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.19 -
Sunbelt 5686 2010.02.19 -
Symantec 20091.2.0.41 2010.02.19 -
TheHacker 6.5.1.5.201 2010.02.19 -
TrendMicro 9.120.0.1004 2010.02.19 -
VBA32 3.12.12.2 2010.02.18 -
ViRobot 2010.2.19.2194 2010.02.19 -
VirusBuster 5.0.27.0 2010.02.19 -
Information additionnelle
File size: 56 bytes
MD5...: e66b9979fe159e8e3cec4d6ea36ff6c9
SHA1..: 3d8b1ef4985377b402c72c74f357b02cd14700ba
SHA256: 1929b5a02b7f6b1348c75cb0b4a9fc8b1fab93aa9daa079be77758c5413f9a63
ssdeep: 3:/ls6z3P/tOnFn:GYXun
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: MS Flight Simulator Aircraft Performance Info (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
(ça à l'air compliqué tout ça ^^ )
Le fichier a déjà été analysé:
MD5: 9aebd8eaed5813fbb37e04634b4b8dab
First received: 2010.02.15 01:35:02 UTC
Date 2010.02.19 00:11:00 UTC [<1D]
Résultats 10/41
Permalink: analisis/5c0bee0e7b0aabb1344e6453f4671279e4c028143fa6c466a3a50a1ec30993bb-1266538260
-----------------------------------------------------------------
c:\windows\system32\drivers\yiwdy.sys
0 bytes size received / Se ha recibido un archivo vacio
-----------------------------------------------------------------
c:\documents and settings\NetworkService\Application Data\cqfyto.dat
Fichier cqfyto.dat reçu le 2010.02.19 12:21:00 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/41 (0%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.02.19 -
AhnLab-V3 5.0.0.2 2010.02.19 -
AntiVir 8.2.1.170 2010.02.19 -
Antiy-AVL 2.0.3.7 2010.02.19 -
Authentium 5.2.0.5 2010.02.19 -
Avast 4.8.1351.0 2010.02.19 -
AVG 9.0.0.730 2010.02.19 -
BitDefender 7.2 2010.02.19 -
CAT-QuickHeal 10.00 2010.02.19 -
ClamAV 0.96.0.0-git 2010.02.19 -
Comodo 3990 2010.02.19 -
DrWeb 5.0.1.12222 2010.02.19 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7313 2010.02.19 -
F-Prot 4.5.1.85 2010.02.18 -
F-Secure 9.0.15370.0 2010.02.19 -
Fortinet 4.0.14.0 2010.02.18 -
GData 19 2010.02.19 -
Ikarus T3.1.1.80.0 2010.02.19 -
Jiangmin 13.0.900 2010.02.19 -
K7AntiVirus 7.10.977 2010.02.18 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5896 2010.02.18 -
McAfee+Artemis 5896 2010.02.18 -
McAfee-GW-Edition 6.8.5 2010.02.19 -
Microsoft 1.5406 2010.02.18 -
NOD32 4879 2010.02.19 -
Norman 6.04.08 2010.02.19 -
nProtect 2009.1.8.0 2010.02.19 -
Panda 10.0.2.2 2010.02.19 -
PCTools 7.0.3.5 2010.02.19 -
Prevx 3.0 2010.02.19 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.19 -
Sunbelt 5686 2010.02.19 -
Symantec 20091.2.0.41 2010.02.19 -
TheHacker 6.5.1.5.201 2010.02.19 -
TrendMicro 9.120.0.1004 2010.02.19 -
VBA32 3.12.12.2 2010.02.18 -
ViRobot 2010.2.19.2194 2010.02.19 -
VirusBuster 5.0.27.0 2010.02.19 -
Information additionnelle
File size: 16 bytes
MD5...: c3d7db570c66140f4ead6be8929c852f
SHA1..: ee59af118bd08d7c0eca9b7ce6c2b54d40ee0fbc
SHA256: d10ac0d6c29792f4f9ab44db5edc88c001c1a92f3c00df6e932e6bda34f2ced0
ssdeep: 3:IuTvbh:IuTDh
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
-----------------------------------------------------------------
c:\windows\system32\50CD937434.sys
Fichier 50CD937434.sys reçu le 2010.02.19 12:24:16 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/41 (0%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.02.19 -
AhnLab-V3 5.0.0.2 2010.02.19 -
AntiVir 8.2.1.170 2010.02.19 -
Antiy-AVL 2.0.3.7 2010.02.19 -
Authentium 5.2.0.5 2010.02.19 -
Avast 4.8.1351.0 2010.02.19 -
AVG 9.0.0.730 2010.02.19 -
BitDefender 7.2 2010.02.19 -
CAT-QuickHeal 10.00 2010.02.19 -
ClamAV 0.96.0.0-git 2010.02.19 -
Comodo 3990 2010.02.19 -
DrWeb 5.0.1.12222 2010.02.19 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7313 2010.02.19 -
F-Prot 4.5.1.85 2010.02.19 -
F-Secure 9.0.15370.0 2010.02.19 -
Fortinet 4.0.14.0 2010.02.18 -
GData 19 2010.02.19 -
Ikarus T3.1.1.80.0 2010.02.19 -
Jiangmin 13.0.900 2010.02.19 -
K7AntiVirus 7.10.977 2010.02.18 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5896 2010.02.18 -
McAfee+Artemis 5896 2010.02.18 -
McAfee-GW-Edition 6.8.5 2010.02.19 -
Microsoft 1.5406 2010.02.18 -
NOD32 4879 2010.02.19 -
Norman 6.04.08 2010.02.19 -
nProtect 2009.1.8.0 2010.02.19 -
Panda 10.0.2.2 2010.02.19 -
PCTools 7.0.3.5 2010.02.19 -
Prevx 3.0 2010.02.19 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.19 -
Sunbelt 5686 2010.02.19 -
Symantec 20091.2.0.41 2010.02.19 -
TheHacker 6.5.1.5.201 2010.02.19 -
TrendMicro 9.120.0.1004 2010.02.19 -
VBA32 3.12.12.2 2010.02.18 -
ViRobot 2010.2.19.2194 2010.02.19 -
VirusBuster 5.0.27.0 2010.02.19 -
Information additionnelle
File size: 56 bytes
MD5...: e66b9979fe159e8e3cec4d6ea36ff6c9
SHA1..: 3d8b1ef4985377b402c72c74f357b02cd14700ba
SHA256: 1929b5a02b7f6b1348c75cb0b4a9fc8b1fab93aa9daa079be77758c5413f9a63
ssdeep: 3:/ls6z3P/tOnFn:GYXun
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: MS Flight Simulator Aircraft Performance Info (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
(ça à l'air compliqué tout ça ^^ )
ça à l'air compliqué tout ça ^^
c'est douloureux au départ...apres ca va !
(sourire)
Gen qui est toujours dans le coin va nous préparer assurément un scritp pour celui là
C:\windows\system32\BnYmmZO5So.dll
ensuite on installera un antivirus pour vérifier tout ca....
c'est douloureux au départ...apres ca va !
(sourire)
Gen qui est toujours dans le coin va nous préparer assurément un scritp pour celui là
C:\windows\system32\BnYmmZO5So.dll
ensuite on installera un antivirus pour vérifier tout ca....
j'ai installé Avast hier
et puis, j'ai l'impression qu'il y a un autre problème ... quand je lance winamp, et que je clique sur une musique, message d'erreur : "le pilote directsound est incorrect, veuillez installer les pilotes adéquats ou sélectionnez un autre périph' - code erreur : 8878000A"
=/
c'est peut-être lié avec le virus ...
enfin, chaque chose en son temps !
et puis, j'ai l'impression qu'il y a un autre problème ... quand je lance winamp, et que je clique sur une musique, message d'erreur : "le pilote directsound est incorrect, veuillez installer les pilotes adéquats ou sélectionnez un autre périph' - code erreur : 8878000A"
=/
c'est peut-être lié avec le virus ...
enfin, chaque chose en son temps !
J'ai installé Avast
je n'avais oublié le postulat de départ et j'aurai préféré que tu installes antivir...on y reviendra
vas également voir ici
panneau de configuration
systeme
gestion des périphériques
si il y a des ? ou ! jaunes
je n'avais oublié le postulat de départ et j'aurai préféré que tu installes antivir...on y reviendra
vas également voir ici
panneau de configuration
systeme
gestion des périphériques
si il y a des ? ou ! jaunes
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
execute ceci et remets le rapport
http://sd-1.archive-host.com/membres/up/829108531491024/Just_This_File.exe
http://sd-1.archive-host.com/membres/up/829108531491024/Just_This_File.exe
RAS dans le gestionnaire des périph
rapport :
File :
Quarantined & Deleted !! : C:\windows\system32\BnYmmZO5So.dll
rapport :
File :
Quarantined & Deleted !! : C:\windows\system32\BnYmmZO5So.dll
bien moment de grace est parti a la sieste , je l'avance :
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur "all"
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur "all"
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
voilà chef :
http://www.cijoint.fr/cjlink.php?file=cj201002/cijfvkdLjT.txt
http://www.cijoint.fr/cjlink.php?file=cj201002/cijLeVCxkI.txt
http://www.cijoint.fr/cjlink.php?file=cj201002/cijfvkdLjT.txt
http://www.cijoint.fr/cjlink.php?file=cj201002/cijLeVCxkI.txt
▶ Télécharge Zeb-Restoreet enregistre ce fichier sur le bureau.
▶-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
▶-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe
▶- Coche la case devant : sites de confiance
▶- Ne coche aucune autre case
▶-Clique sur Restaurer
▶-Redémarre ton PC
ensuite :
▶ clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [combofix] C:\ComboFix [2010/02/19 12:45:45 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix [2010/02/19 12:45:45 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\BnYmmZO5So.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\BnYmmZO5So.dll File not found
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=-
"ISUSScheduler"=-
"iTunesHelper"=-
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride"=1
"FirewallOverride"=1
:Files
C:\WINDOWS\System32\drivers\yiwdy.sys
C:\Documents and Settings\NetworkService\Application Data\cqfyto.dat
C:\Documents and Settings\Francis\Application Data\VMNTOOLBAR
C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
▶-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
▶-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe
▶- Coche la case devant : sites de confiance
▶- Ne coche aucune autre case
▶-Clique sur Restaurer
▶-Redémarre ton PC
ensuite :
▶ clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [combofix] C:\ComboFix [2010/02/19 12:45:45 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix [2010/02/19 12:45:45 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\BnYmmZO5So.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\BnYmmZO5So.dll File not found
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=-
"ISUSScheduler"=-
"iTunesHelper"=-
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride"=1
"FirewallOverride"=1
:Files
C:\WINDOWS\System32\drivers\yiwdy.sys
C:\Documents and Settings\NetworkService\Application Data\cqfyto.dat
C:\Documents and Settings\Francis\Application Data\VMNTOOLBAR
C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
Désolée pour le retard ...
pendant plusieurs heures je n'avais plus le net, pourtant j'avais touché à rien, les restaurations ne faisaient rien, bref, j'ai lancé un combofix, option 1, et ça été réparé ...
voici donc le rapport :
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix not found.
File C:\ComboFix not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\combofix not found.
File C:\ComboFix not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028\ deleted successfully.
Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {3334504D-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\mp43dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3334504D-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3334504D-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3334504D-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3334504D-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|1 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|1 /E : value set successfully!
========== FILES ==========
File move failed. C:\WINDOWS\System32\drivers\yiwdy.sys scheduled to be moved on reboot.
C:\Documents and Settings\NetworkService\Application Data\cqfyto.dat moved successfully.
C:\Documents and Settings\Francis\Application Data\VMNTOOLBAR\NewCfg folder moved successfully.
C:\Documents and Settings\Francis\Application Data\VMNTOOLBAR\downfile folder moved successfully.
C:\Documents and Settings\Francis\Application Data\VMNTOOLBAR\0 folder moved successfully.
C:\Documents and Settings\Francis\Application Data\VMNTOOLBAR folder moved successfully.
C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR\NewCfg folder moved successfully.
C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3286966 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Francis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 11325 bytes
->FireFox cache emptied: 38068426 bytes
User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 4435807 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
User: Mauricette
->Temp folder emptied: 45904 bytes
->Temporary Internet Files folder emptied: 13895755 bytes
->Java cache emptied: 9064448 bytes
->FireFox cache emptied: 33297821 bytes
->Opera cache emptied: 37803517 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 275560 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2464585 bytes
RecycleBin emptied: 371 bytes
Total Files Cleaned = 136,00 mb
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
OTL by OldTimer - Version 3.1.30.1 log created on 02192010_230916
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\yiwdy.sys scheduled to be moved on reboot.
Registry entries deleted on Reboot...
pendant plusieurs heures je n'avais plus le net, pourtant j'avais touché à rien, les restaurations ne faisaient rien, bref, j'ai lancé un combofix, option 1, et ça été réparé ...
voici donc le rapport :
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix not found.
File C:\ComboFix not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\combofix not found.
File C:\ComboFix not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028\ deleted successfully.
Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {3334504D-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\mp43dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3334504D-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3334504D-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3334504D-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3334504D-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|1 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|1 /E : value set successfully!
========== FILES ==========
File move failed. C:\WINDOWS\System32\drivers\yiwdy.sys scheduled to be moved on reboot.
C:\Documents and Settings\NetworkService\Application Data\cqfyto.dat moved successfully.
C:\Documents and Settings\Francis\Application Data\VMNTOOLBAR\NewCfg folder moved successfully.
C:\Documents and Settings\Francis\Application Data\VMNTOOLBAR\downfile folder moved successfully.
C:\Documents and Settings\Francis\Application Data\VMNTOOLBAR\0 folder moved successfully.
C:\Documents and Settings\Francis\Application Data\VMNTOOLBAR folder moved successfully.
C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR\NewCfg folder moved successfully.
C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3286966 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Francis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 11325 bytes
->FireFox cache emptied: 38068426 bytes
User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 4435807 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
User: Mauricette
->Temp folder emptied: 45904 bytes
->Temporary Internet Files folder emptied: 13895755 bytes
->Java cache emptied: 9064448 bytes
->FireFox cache emptied: 33297821 bytes
->Opera cache emptied: 37803517 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 275560 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2464585 bytes
RecycleBin emptied: 371 bytes
Total Files Cleaned = 136,00 mb
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
OTL by OldTimer - Version 3.1.30.1 log created on 02192010_230916
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\yiwdy.sys scheduled to be moved on reboot.
Registry entries deleted on Reboot...
ah, j'oubliais, je peux aller dans ma session sans le mode sans echec, et la musique fonctionne parfaitement !
j'espère que c'est le bon rapport :
ComboFix 10-02-18.07 - Mauricette 19/02/2010 22:29:31.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.750 [GMT 1:00]
Lancé depuis: d:\install\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASPIMGR
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-19 au 2010-02-19 ))))))))))))))))))))))))))))))))))))
.
2010-02-19 20:07 . 2010-02-19 20:07 -------- d-----w- c:\documents and settings\Francis\Application Data\Malwarebytes
2010-02-19 20:07 . 2010-02-19 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2010-02-19 13:22 . 2010-02-19 13:22 -------- d-----w- C:\Just_This_File
2010-02-18 12:01 . 2010-02-19 21:25 -------- d-----w- c:\program files\trend micro
2010-02-18 12:01 . 2010-02-18 12:02 -------- d-----w- C:\rsit
2010-02-18 10:39 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 10:39 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 10:27 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-18 10:27 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-18 10:27 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-18 10:27 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-18 10:27 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-18 10:27 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-18 10:27 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-18 10:26 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-18 10:26 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-18 10:26 . 2010-02-18 10:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-18 10:26 . 2010-02-18 10:26 -------- d-----w- c:\program files\Alwil Software
2010-02-18 09:48 . 2010-02-18 09:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-02-18 09:48 . 2010-02-18 09:48 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-02-18 09:48 . 2010-02-18 09:48 -------- d-----w- c:\documents and settings\NetworkService\Mes documents
2010-02-18 00:24 . 2010-02-18 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-18 00:04 . 2010-02-18 00:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-18 00:04 . 2010-02-19 21:39 792064 ----a-w- c:\windows\system32\drivers\yiwdy.sys
2010-02-17 11:14 . 2010-02-17 11:14 -------- d-sh--w- c:\documents and settings\Francis\PrivacIE
2010-02-09 21:46 . 2010-02-09 21:46 -------- d-----w- c:\windows\PixArt
2010-02-09 21:46 . 2010-02-09 21:46 -------- d-----w- c:\program files\Fichiers communs\PCCamera
2010-02-09 21:46 . 2010-02-09 21:46 -------- d-----w- c:\program files\PC Camer@
2010-01-28 23:43 . 2010-01-28 23:43 -------- d-----w- c:\program files\iPod
2010-01-28 23:43 . 2010-01-28 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-28 23:40 . 2010-01-28 23:41 -------- d-----w- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 19:22 . 2007-06-17 08:41 -------- d-----w- c:\documents and settings\Francis\Application Data\OpenOffice.org2
2010-02-18 00:55 . 2010-02-18 00:55 16 ----a-w- c:\documents and settings\NetworkService\Application Data\cqfyto.dat
2010-02-13 10:02 . 2008-05-29 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-28 21:04 . 2001-08-24 12:00 84766 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-28 21:04 . 2001-08-24 12:00 510742 ----a-w- c:\windows\system32\perfh00C.dat
2009-01-03 13:42 . 2009-01-03 11:58 56 --sh--r- c:\windows\system32\50CD937434.sys
2009-01-03 13:42 . 2009-01-03 11:55 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"HostManager"="c:\program files\Fichiers communs\AOL\1165436260\ee\AOLSoftware.exe" [2006-11-17 50736]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-30 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Francis\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-7-14 393216]
c:\documents and settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-7-14 393216]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-31 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"d:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/03/2007 22:45 717296]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [02/11/2006 14:51 36048]
S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [13/03/2009 04:57 16640]
S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\PFC027.sys [24/02/2005 12:29 162176]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [03/07/2009 12:05 24320]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - yiwdy
.
Contenu du dossier 'Tâches planifiées'
2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-02-19 c:\windows\Tasks\User_Feed_Synchronization-{1538C69E-3EF4-4529-B8BB-7CEF2139E886}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
2010-02-19 c:\windows\Tasks\User_Feed_Synchronization-{B1CE19BF-BB60-44C2-814E-390F7A1DECB8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Identités - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
TCP: {13E849BC-0575-4180-8D21-3DCAF5530B90} = 208.67.222.222,208.67.222.220
TCP: {4C83C226-F112-4D02-BFA4-3FBD6CE352A4} = 208.67.220.220,208.67.222.222
TCP: {4CE3EC84-02A0-45AD-AABC-8CA165FC2AAA} = 208.67.220.220,208.67.222.222
TCP: {9C14FC17-3DC5-4A73-9CBB-C415297BBC44} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\Mauricette\Application Data\Mozilla\Firefox\Profiles\wg4iutia.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 22:38
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spzv.sys >>UNKNOWN [0x86F8D938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf762ff28
\Driver\ACPI -> ACPI.sys @ 0xf7478cb8
\Driver\atapi -> atapi.sys @ 0xf7315b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
NDIS: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family -> SendCompleteHandler -> NDIS.sys @ 0xf721fbd4
PacketIndicateHandler -> NDIS.sys @ 0xf720da0d
SendHandler -> NDIS.sys @ 0xf7221b40
user & kernel MBR OK
copy of MBR has been found in sector 0x0DF8F900
malicious code @ sector 0x0DF8F903 !
PE file found in sector at 0x0DF8F919 !
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\yiwdy]
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3616)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\System32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-02-19 22:44:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-19 21:44
ComboFix2.txt 2010-02-19 10:23
Avant-CF: 4 754 866 176 octets libres
Après-CF: 4 739 604 480 octets libres
Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - DEC0EA7901F16F0363353FD64FD24F72
ComboFix 10-02-18.07 - Mauricette 19/02/2010 22:29:31.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.750 [GMT 1:00]
Lancé depuis: d:\install\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASPIMGR
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-19 au 2010-02-19 ))))))))))))))))))))))))))))))))))))
.
2010-02-19 20:07 . 2010-02-19 20:07 -------- d-----w- c:\documents and settings\Francis\Application Data\Malwarebytes
2010-02-19 20:07 . 2010-02-19 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2010-02-19 13:22 . 2010-02-19 13:22 -------- d-----w- C:\Just_This_File
2010-02-18 12:01 . 2010-02-19 21:25 -------- d-----w- c:\program files\trend micro
2010-02-18 12:01 . 2010-02-18 12:02 -------- d-----w- C:\rsit
2010-02-18 10:39 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 10:39 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 10:27 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-18 10:27 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-18 10:27 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-18 10:27 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-18 10:27 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-18 10:27 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-18 10:27 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-18 10:26 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-18 10:26 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-18 10:26 . 2010-02-18 10:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-18 10:26 . 2010-02-18 10:26 -------- d-----w- c:\program files\Alwil Software
2010-02-18 09:48 . 2010-02-18 09:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-02-18 09:48 . 2010-02-18 09:48 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-02-18 09:48 . 2010-02-18 09:48 -------- d-----w- c:\documents and settings\NetworkService\Mes documents
2010-02-18 00:24 . 2010-02-18 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-18 00:04 . 2010-02-18 00:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-18 00:04 . 2010-02-19 21:39 792064 ----a-w- c:\windows\system32\drivers\yiwdy.sys
2010-02-17 11:14 . 2010-02-17 11:14 -------- d-sh--w- c:\documents and settings\Francis\PrivacIE
2010-02-09 21:46 . 2010-02-09 21:46 -------- d-----w- c:\windows\PixArt
2010-02-09 21:46 . 2010-02-09 21:46 -------- d-----w- c:\program files\Fichiers communs\PCCamera
2010-02-09 21:46 . 2010-02-09 21:46 -------- d-----w- c:\program files\PC Camer@
2010-01-28 23:43 . 2010-01-28 23:43 -------- d-----w- c:\program files\iPod
2010-01-28 23:43 . 2010-01-28 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-28 23:40 . 2010-01-28 23:41 -------- d-----w- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 19:22 . 2007-06-17 08:41 -------- d-----w- c:\documents and settings\Francis\Application Data\OpenOffice.org2
2010-02-18 00:55 . 2010-02-18 00:55 16 ----a-w- c:\documents and settings\NetworkService\Application Data\cqfyto.dat
2010-02-13 10:02 . 2008-05-29 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-28 21:04 . 2001-08-24 12:00 84766 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-28 21:04 . 2001-08-24 12:00 510742 ----a-w- c:\windows\system32\perfh00C.dat
2009-01-03 13:42 . 2009-01-03 11:58 56 --sh--r- c:\windows\system32\50CD937434.sys
2009-01-03 13:42 . 2009-01-03 11:55 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"HostManager"="c:\program files\Fichiers communs\AOL\1165436260\ee\AOLSoftware.exe" [2006-11-17 50736]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-30 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Francis\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-7-14 393216]
c:\documents and settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-7-14 393216]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-31 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"d:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/03/2007 22:45 717296]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [02/11/2006 14:51 36048]
S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [13/03/2009 04:57 16640]
S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\PFC027.sys [24/02/2005 12:29 162176]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [03/07/2009 12:05 24320]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - yiwdy
.
Contenu du dossier 'Tâches planifiées'
2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-02-19 c:\windows\Tasks\User_Feed_Synchronization-{1538C69E-3EF4-4529-B8BB-7CEF2139E886}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
2010-02-19 c:\windows\Tasks\User_Feed_Synchronization-{B1CE19BF-BB60-44C2-814E-390F7A1DECB8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Identités - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
TCP: {13E849BC-0575-4180-8D21-3DCAF5530B90} = 208.67.222.222,208.67.222.220
TCP: {4C83C226-F112-4D02-BFA4-3FBD6CE352A4} = 208.67.220.220,208.67.222.222
TCP: {4CE3EC84-02A0-45AD-AABC-8CA165FC2AAA} = 208.67.220.220,208.67.222.222
TCP: {9C14FC17-3DC5-4A73-9CBB-C415297BBC44} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\Mauricette\Application Data\Mozilla\Firefox\Profiles\wg4iutia.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 22:38
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spzv.sys >>UNKNOWN [0x86F8D938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf762ff28
\Driver\ACPI -> ACPI.sys @ 0xf7478cb8
\Driver\atapi -> atapi.sys @ 0xf7315b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
NDIS: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family -> SendCompleteHandler -> NDIS.sys @ 0xf721fbd4
PacketIndicateHandler -> NDIS.sys @ 0xf720da0d
SendHandler -> NDIS.sys @ 0xf7221b40
user & kernel MBR OK
copy of MBR has been found in sector 0x0DF8F900
malicious code @ sector 0x0DF8F903 !
PE file found in sector at 0x0DF8F919 !
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\yiwdy]
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3616)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\System32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-02-19 22:44:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-19 21:44
ComboFix2.txt 2010-02-19 10:23
Avant-CF: 4 754 866 176 octets libres
Après-CF: 4 739 604 480 octets libres
Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - DEC0EA7901F16F0363353FD64FD24F72
