Erreurs après éradication de spywares

Résolu
Virtumonde -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Salut, j'ai plusieurs messages d'errreurs qui se font reliés à l'éradication presque complète de Virtumonde, j'ai essayer avec CCcleaner de corriger les erreurs, mais ils ne les trouvent pas. Voilà le genre de message que je reçois à chaque fois que j'ouvre un programme:

L'application ou la DLL C:\WINDOWS\system32\yapipije.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.

J'ai plusieurs erreurs comme ça et il y en a environ 20 lorsque je démarres mon ordinateur. J'utilisais Spy-Bot au départ pour éradiquer Virtumonde, mais sa na pas prit beaucoup de temps avant que le programme ne soit plus capable de rien scanner (J'crois que Virtumonde ou un autre truc affilié l'a détruit), j'ai ensuite utiliser SUPERAntiSpyware et c'est là que j'ai eut les erreurs.

Voici mon rapport Hijackthis, peut-être que je peux régler mon problème en fixant certaines lignes :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:07, on 2008-12-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Documents and Settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1689296B-A7F2-45EC-A5F9-D4537D36F628} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9ae2f81d-5609-4dc0-910b-213e0c966fdc} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E427262E-9EEE-4018-A94F-EC4F03687628} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F3B65192-4C96-4BED-8D4A-B5BE17A9B8CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin9.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: c:\windows\system32\kufoluru.dll C:\WINDOWS\system32\yapipije.dll c:\windows\system32\lehebofi.dll
O20 - Winlogon Notify: byXRhgfg - byXRhgfg.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10749 bytes
Configuration: Windows XP
Firefox 3.0.4

3 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
    1. Virtumonde
       
      Sa prit du temps, je faisais mes devoirs, je ne croyias pas être répondu aussi vite

      ComboFix 08-12-12.05 - Sylvie 2008-12-13 15:23:49.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2559.1951 [GMT -5:00]
      Lancé depuis: c:\documents and settings\Sylvie\Bureau\ComboFix.exe
      Commutateurs utilisés :: c:\documents and settings\Sylvie\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
      * Un nouveau point de restauration a été créé
      * Resident AV is active

      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\Sylvie\Application Data\inst.exe
      c:\documents and settings\Sylvie\Bureauvirii
      c:\windows\IE4 Error Log.txt
      c:\windows\system32\92B2286FC5.dll
      c:\windows\system32\aaKlonpo.ini
      c:\windows\system32\CbbHkUvw.ini
      c:\windows\system32\enemukav.ini
      c:\windows\system32\ezegayoz.ini
      c:\windows\system32\iludeyep.ini
      c:\windows\system32\iradutud.ini
      c:\windows\system32\libeay32_0.9.6l.dll
      c:\windows\system32\omorazel.ini
      c:\windows\system32\udekukev.ini

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_NPF


      ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-13 au 2008-12-13 ))))))))))))))))))))))))))))))))))))
      .

      2008-12-12 18:49 . 2008-12-12 18:49 <REP> d-------- c:\windows\Application Data
      2008-12-12 16:08 . 2008-12-12 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
      2008-12-12 16:07 . 2008-12-12 16:07 <REP> d-------- c:\program files\SUPERAntiSpyware
      2008-12-12 16:07 . 2008-12-12 16:07 <REP> d-------- c:\documents and settings\Sylvie\Application Data\SUPERAntiSpyware.com
      2008-12-10 11:40 . 2008-12-13 14:42 959 --a------ C:\rollback.ini
      2008-12-10 11:26 . 2008-12-10 11:26 <REP> d-------- c:\documents and settings\Sylvie\Application Data\MailFrontier
      2008-12-10 11:19 . 2008-12-13 15:32 4,924,448 --ahs---- c:\windows\system32\drivers\fidbox.dat
      2008-12-10 11:19 . 2008-12-13 15:29 66,980 --ahs---- c:\windows\system32\drivers\fidbox.idx
      2008-12-10 10:39 . 2008-12-10 13:27 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
      2008-12-10 10:39 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe
      2008-12-10 10:39 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
      2008-12-10 10:39 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
      2008-12-10 10:39 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
      2008-12-10 10:39 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
      2008-12-10 10:39 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll
      2008-12-10 10:39 . 2008-12-10 19:46 4,212 ---h----- c:\windows\system32\zllictbl.dat
      2008-12-10 10:38 . 2008-12-12 18:33 <REP> d-------- c:\windows\system32\ZoneLabs
      2008-12-10 10:38 . 2008-12-10 10:38 <REP> d-------- c:\program files\Zone Labs
      2008-12-10 10:38 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll
      2008-12-10 10:38 . 2008-12-13 15:30 358,382 --a------ c:\windows\system32\vsconfig.xml
      2008-12-10 10:37 . 2008-12-13 15:17 <REP> d-------- c:\windows\Internet Logs
      2008-12-10 10:20 . 2008-12-10 10:20 410,984 --a------ c:\windows\system32\deploytk.dll
      2008-12-08 18:28 . 2008-12-08 18:28 <REP> d-------- C:\VundoFix Backups
      2008-12-08 11:08 . 2008-12-08 11:30 <REP> d-------- c:\program files\GCFScape
      2008-12-06 10:39 . 2008-12-06 14:52 <REP> d-------- c:\program files\Mozilla Thunderbird
      2008-12-06 10:39 . 2008-12-06 10:39 <REP> d-------- c:\documents and settings\Sylvie\Application Data\Thunderbird
      2008-11-28 19:52 . 2008-11-28 19:52 <REP> d-------- c:\program files\Intel
      2008-11-28 19:52 . 2008-05-01 16:35 53,248 --a------ c:\windows\system32\CSVer.dll
      2008-11-28 19:51 . 2008-11-28 19:51 <REP> d-------- C:\Intel
      2008-11-28 19:46 . 2008-11-28 20:37 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
      2008-11-23 20:50 . 2008-11-23 20:50 <REP> d-------- c:\program files\Trend Micro
      2008-11-22 13:15 . 2008-12-06 20:06 54,156 --ah----- c:\windows\QTFont.qfn
      2008-11-22 13:15 . 2008-11-22 13:15 1,409 --a------ c:\windows\QTFont.for
      2008-11-19 20:48 . 2008-10-03 12:12 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
      2008-11-19 20:48 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
      2008-11-19 20:48 . 2007-03-08 00:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
      2008-11-19 20:48 . 2008-08-26 03:11 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
      2008-11-19 20:48 . 2008-08-26 03:11 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
      2008-11-19 20:48 . 2008-08-26 03:11 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
      2008-11-19 20:48 . 2008-08-26 03:11 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
      2008-11-19 20:48 . 2008-08-26 03:11 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
      2008-11-19 20:48 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-12-13 20:28 --------- d-----w c:\documents and settings\Sylvie\Application Data\Free Download Manager
      2008-12-13 18:52 --------- d-----w c:\program files\Steam
      2008-12-12 21:07 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
      2008-12-12 05:38 --------- d-----w c:\documents and settings\Sylvie\Application Data\OpenOffice.org2
      2008-12-12 05:37 --------- d-----w c:\program files\Cheat Engine
      2008-12-10 15:20 --------- d-----w c:\program files\Java
      2008-12-10 02:50 --------- d-----w c:\program files\mIRC
      2008-12-08 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2008-12-07 01:05 --------- d-----w c:\program files\FlashGet
      2008-12-07 01:00 --------- d-----w c:\program files\IGZones
      2008-12-07 01:00 --------- d-----w c:\program files\Free Download Manager
      2008-12-07 00:51 --------- d-----w c:\program files\Paint Shop Pro 6
      2008-12-02 19:35 --------- d-----w c:\program files\PartyGaming
      2008-12-02 00:38 --------- d-----w c:\documents and settings\Sylvie\Application Data\BitTorrent
      2008-11-29 05:23 --------- d-----w c:\program files\MathType
      2008-11-29 01:40 --------- d-----w c:\program files\Fichiers communs\ATI Technologies
      2008-11-29 01:40 --------- d-----w c:\program files\ATI Technologies
      2008-11-23 19:42 --------- d-----w c:\documents and settings\Sylvie\Application Data\Image Zone Express
      2008-11-23 16:35 --------- d-----w c:\program files\Spybot - Search & Destroy
      2008-11-22 01:24 --------- d-----w c:\program files\DivX
      2008-11-12 04:25 --------- d-----w c:\documents and settings\All Users\Application Data\Vso
      2008-11-11 23:36 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
      2008-11-11 23:32 --------- d-----w c:\documents and settings\Sylvie\Application Data\Dr. DivX 2.0 OSS
      2008-11-09 22:29 --------- d-----w c:\documents and settings\Sylvie\Application Data\Vso
      2008-11-09 22:27 --------- d-----w c:\program files\vso
      2008-11-09 16:17 47,360 -c--a-w c:\documents and settings\Sylvie\Application Data\pcouffin.sys
      2008-11-09 16:17 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
      2008-11-08 23:36 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
      2008-11-08 21:13 --------- d-----w c:\program files\DVD Shrink
      2008-11-06 00:44 --------- d-----w c:\program files\ARAR
      2008-11-04 04:11 --------- d-----w c:\documents and settings\Sylvie\Application Data\Nexon
      2008-11-03 22:05 --------- d-----w c:\program files\ISIS Draw 2.3
      2008-11-01 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Protexis
      2008-10-24 21:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
      2008-10-24 21:05 --------- d-----w c:\documents and settings\Sylvie\Application Data\WeGame
      2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
      2008-10-17 20:25 --------- d--h--w c:\program files\InstallShield Installation Information
      2008-10-17 20:25 --------- d-----w c:\program files\Microsoft Reader
      2008-10-16 23:59 --------- d-----w c:\program files\AutoHotkey
      2008-10-15 00:37 --------- d-----w c:\program files\Microsoft Games
      2008-10-14 02:24 --------- d-----w c:\program files\KompoZer
      2008-10-14 02:24 --------- d-----w c:\documents and settings\Sylvie\Application Data\KompoZer
      2008-10-11 21:18 81,920 -c--a-w c:\documents and settings\Sylvie\Application Data\ezpinst.exe
      2005-12-16 22:33 54 -c--a-w c:\program files\delir.gio
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 68856]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
      "Google Update"="c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-02 133104]
      "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
      "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-16 185896]
      "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-22 282624]
      "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
      "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 c:\windows\LOGI_MWX.EXE]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoChangeAnimation"= 0 (0x0)
      "NoStrCmpLogical"= 0 (0x0)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "MemCheckBoxInRunDlg"= 0 (0x0)
      "NoStrCmpLogical"= 0 (0x0)

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "MSACM.msrt24"= msrt24.acm
      "VIDC.JPEG"= jpegCode.dll
      "VIDC.MJPG"= jpegCode.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Notification Packages REG_MULTI_SZ scecli c:\windows\system32\yapipije.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
      backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KERClink.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\KERClink.lnk
      backup=c:\windows\pss\KERClink.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk
      backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
      backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
      backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^Sylvie^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
      path=c:\documents and settings\Sylvie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
      backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a--c--- 2006-07-22 20:03 282624 c:\program files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
      --a------ 2008-10-08 10:54 1410296 c:\program files\Steam\Steam.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UpdatesDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Valve\\Steam\\SteamApps\\lpkillwithm4\\counter-strike source\\hl2.exe"=
      "c:\\Program Files\\Steam\\Steam.exe"=
      "c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\half-life\\hl.exe"=
      "c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
      "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
      "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
      "c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
      "c:\\WINDOWS\\system32\\dplaysvr.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
      "c:\\Program Files\\JVTorrent\\btdownloadgui.exe"=
      "c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\half-life 2 deathmatch\\hl2.exe"=
      "c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\half-life 2\\hl2.exe"=
      "c:\\Program Files\\LimeWire\\LimeWire.exe"=
      "c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
      "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
      "c:\\BitTorrent\\bittorrent.exe"=
      "c:\\Program Files\\Abyss Web Server\\abyssws.exe"=
      "c:\\Program Files\\Maple 7\\BIN.WNT\\mserver.exe"=
      "c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\team fortress 2\\hl2.exe"=
      "c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\source sdk base\\hl2.exe"=
      "c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\source 2007 dedicated server\\srcds.exe"=
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=
      "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\MSN Messenger\\livecall.exe"=
      "c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
      "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
      "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-14 111184]
      R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
      R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-14 20560]
      R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MarxDev1.sys [2005-12-17 8864]
      R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MarxDev2.sys [2005-12-17 8864]
      R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MarxDev3.sys [2005-12-17 8864]
      R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
      S3 CEDRIVER53;CEDRIVER53;\??\c:\program files\Cheat Engine\dbk32.sys [2007-11-03 25984]
      S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2008-03-19 1391040]
      S4 aecport;aecport;\??\c:\windows\system32\drivers\asubehci.sys []
      .
      Contenu du dossier 'Tâches planifiées'

      2008-12-13 c:\windows\Tasks\GoogleUpdateTaskUser.job
      - c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-02 18:38]

      2008-12-08 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
      - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-01-29 08:46]

      2008-03-13 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
      - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-01-29 08:46]
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      BHO-{1689296B-A7F2-45EC-A5F9-D4537D36F628} - (no file)
      BHO-{9ae2f81d-5609-4dc0-910b-213e0c966fdc} - (no file)
      BHO-{E427262E-9EEE-4018-A94F-EC4F03687628} - (no file)
      BHO-{F3B65192-4C96-4BED-8D4A-B5BE17A9B8CA} - (no file)
      HKLM-Run-CmUsbSound - cmcnfgu.cpl
      Notify-byXRhgfg - byXRhgfg.dll


      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.daemon-search.com/startpage
      uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
      mSearch Bar =
      uInternet Connection Wizard,ShellNext = iexplore
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
      IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
      IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
      IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
      IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

      O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://drivers1.free.fr/telecharger.php?id=2&version=
      c:\windows\Downloaded Program Files\HardwareDetection.inf
      FF - ProfilePath - c:\documents and settings\Sylvie\Application Data\Mozilla\Firefox\Profiles\8xob0rfu.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxp://www.trafficswarm.com/cgi-bin/swarm.cgi?811239
      FF - prefs.js: keyword.URL - about:neterror?e=query&u=
      FF - prefs.js: network.proxy.type - 1
      FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
      FF - plugin: c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
      FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
      FF - plugin: c:\program files\DivX\DivX Content Uploader\npUpload.dll
      FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
      FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
      FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
      FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
      FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-12-13 15:30:51
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(784)
      c:\windows\system32\Ati2evxx.dll

      - - - - - - - > 'explorer.exe'(188)
      c:\program files\Logitech\MouseWare\System\LgWndHk.dll
      c:\program files\Fichiers communs\Logitech\Scrolling\LgMsgHk.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\windows\system32\ati2evxx.exe
      c:\windows\system32\ati2evxx.exe
      c:\windows\system32\ZoneLabs\vsmon.exe
      c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
      c:\program files\Alwil Software\Avast4\aswUpdSv.exe
      c:\program files\Alwil Software\Avast4\ashServ.exe
      c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\windows\system32\drivers\KodakCCS.exe
      c:\windows\system32\HPZipm12.exe
      c:\program files\Analog Devices\SoundMAX\SMAgent.exe
      c:\windows\system32\wdfmgr.exe
      c:\program files\Alwil Software\Avast4\ashMaiSv.exe
      c:\program files\Alwil Software\Avast4\ashWebSv.exe
      c:\windows\system32\rundll32.exe
      c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
      c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      .
      **************************************************************************
      .
      Heure de fin: 2008-12-13 15:36:16 - La machine a redémarré [Sylvie]
      ComboFix-quarantined-files.txt 2008-12-13 20:36:09

      Avant-CF: 23,821,172,736 octets libres
      Après-CF: 23,790,628,864 octets libres

      337 --- E O F --- 2008-11-21 00:01:27
      0
      1. Virtumonde > Virtumonde
         
        Désoler, j'ai donné le mauvais log et j'ai tout essayer pour tenter de modifier mon message et rien n'y fait.


        ComboFix 08-12-12.05 - Sylvie 2008-12-13 15:23:49.1 - NTFSx86
        Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2559.1951 [GMT -5:00]
        Lancé depuis: c:\documents and settings\Sylvie\Bureau\ComboFix.exe
        Commutateurs utilisés :: c:\documents and settings\Sylvie\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
        * Un nouveau point de restauration a été créé
        * Resident AV is active

        .

        (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
        .

        c:\documents and settings\Sylvie\Application Data\inst.exe
        c:\documents and settings\Sylvie\Bureauvirii
        c:\windows\IE4 Error Log.txt
        c:\windows\system32\92B2286FC5.dll
        c:\windows\system32\aaKlonpo.ini
        c:\windows\system32\CbbHkUvw.ini
        c:\windows\system32\enemukav.ini
        c:\windows\system32\ezegayoz.ini
        c:\windows\system32\iludeyep.ini
        c:\windows\system32\iradutud.ini
        c:\windows\system32\libeay32_0.9.6l.dll
        c:\windows\system32\omorazel.ini
        c:\windows\system32\udekukev.ini

        .
        ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        -------\Legacy_NPF


        ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-13 au 2008-12-13 ))))))))))))))))))))))))))))))))))))
        .

        2008-12-12 18:49 . 2008-12-12 18:49 <REP> d-------- c:\windows\Application Data
        2008-12-12 16:08 . 2008-12-12 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
        2008-12-12 16:07 . 2008-12-12 16:07 <REP> d-------- c:\program files\SUPERAntiSpyware
        2008-12-12 16:07 . 2008-12-12 16:07 <REP> d-------- c:\documents and settings\Sylvie\Application Data\SUPERAntiSpyware.com
        2008-12-10 11:40 . 2008-12-13 14:42 959 --a------ C:\rollback.ini
        2008-12-10 11:26 . 2008-12-10 11:26 <REP> d-------- c:\documents and settings\Sylvie\Application Data\MailFrontier
        2008-12-10 11:19 . 2008-12-13 15:32 4,924,448 --ahs---- c:\windows\system32\drivers\fidbox.dat
        2008-12-10 11:19 . 2008-12-13 15:29 66,980 --ahs---- c:\windows\system32\drivers\fidbox.idx
        2008-12-10 10:39 . 2008-12-10 13:27 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
        2008-12-10 10:39 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe
        2008-12-10 10:39 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
        2008-12-10 10:39 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
        2008-12-10 10:39 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
        2008-12-10 10:39 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
        2008-12-10 10:39 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll
        2008-12-10 10:39 . 2008-12-10 19:46 4,212 ---h----- c:\windows\system32\zllictbl.dat
        2008-12-10 10:38 . 2008-12-12 18:33 <REP> d-------- c:\windows\system32\ZoneLabs
        2008-12-10 10:38 . 2008-12-10 10:38 <REP> d-------- c:\program files\Zone Labs
        2008-12-10 10:38 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll
        2008-12-10 10:38 . 2008-12-13 15:30 358,382 --a------ c:\windows\system32\vsconfig.xml
        2008-12-10 10:37 . 2008-12-13 15:17 <REP> d-------- c:\windows\Internet Logs
        2008-12-10 10:20 . 2008-12-10 10:20 410,984 --a------ c:\windows\system32\deploytk.dll
        2008-12-08 18:28 . 2008-12-08 18:28 <REP> d-------- C:\VundoFix Backups
        2008-12-08 11:08 . 2008-12-08 11:30 <REP> d-------- c:\program files\GCFScape
        2008-12-06 10:39 . 2008-12-06 14:52 <REP> d-------- c:\program files\Mozilla Thunderbird
        2008-12-06 10:39 . 2008-12-06 10:39 <REP> d-------- c:\documents and settings\Sylvie\Application Data\Thunderbird
        2008-11-28 19:52 . 2008-11-28 19:52 <REP> d-------- c:\program files\Intel
        2008-11-28 19:52 . 2008-05-01 16:35 53,248 --a------ c:\windows\system32\CSVer.dll
        2008-11-28 19:51 . 2008-11-28 19:51 <REP> d-------- C:\Intel
        2008-11-28 19:46 . 2008-11-28 20:37 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
        2008-11-23 20:50 . 2008-11-23 20:50 <REP> d-------- c:\program files\Trend Micro
        2008-11-22 13:15 . 2008-12-06 20:06 54,156 --ah----- c:\windows\QTFont.qfn
        2008-11-22 13:15 . 2008-11-22 13:15 1,409 --a------ c:\windows\QTFont.for
        2008-11-19 20:48 . 2008-10-03 12:12 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
        2008-11-19 20:48 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
        2008-11-19 20:48 . 2007-03-08 00:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
        2008-11-19 20:48 . 2008-08-26 03:11 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
        2008-11-19 20:48 . 2008-08-26 03:11 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
        2008-11-19 20:48 . 2008-08-26 03:11 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
        2008-11-19 20:48 . 2008-08-26 03:11 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
        2008-11-19 20:48 . 2008-08-26 03:11 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
        2008-11-19 20:48 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

        .
        (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-12-13 20:28 --------- d-----w c:\documents and settings\Sylvie\Application Data\Free Download Manager
        2008-12-13 18:52 --------- d-----w c:\program files\Steam
        2008-12-12 21:07 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
        2008-12-12 05:38 --------- d-----w c:\documents and settings\Sylvie\Application Data\OpenOffice.org2
        2008-12-12 05:37 --------- d-----w c:\program files\Cheat Engine
        2008-12-10 15:20 --------- d-----w c:\program files\Java
        2008-12-10 02:50 --------- d-----w c:\program files\mIRC
        2008-12-08 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
        2008-12-07 01:05 --------- d-----w c:\program files\FlashGet
        2008-12-07 01:00 --------- d-----w c:\program files\IGZones
        2008-12-07 01:00 --------- d-----w c:\program files\Free Download Manager
        2008-12-07 00:51 --------- d-----w c:\program files\Paint Shop Pro 6
        2008-12-02 19:35 --------- d-----w c:\program files\PartyGaming
        2008-12-02 00:38 --------- d-----w c:\documents and settings\Sylvie\Application Data\BitTorrent
        2008-11-29 05:23 --------- d-----w c:\program files\MathType
        2008-11-29 01:40 --------- d-----w c:\program files\Fichiers communs\ATI Technologies
        2008-11-29 01:40 --------- d-----w c:\program files\ATI Technologies
        2008-11-23 19:42 --------- d-----w c:\documents and settings\Sylvie\Application Data\Image Zone Express
        2008-11-23 16:35 --------- d-----w c:\program files\Spybot - Search & Destroy
        2008-11-22 01:24 --------- d-----w c:\program files\DivX
        2008-11-12 04:25 --------- d-----w c:\documents and settings\All Users\Application Data\Vso
        2008-11-11 23:36 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
        2008-11-11 23:32 --------- d-----w c:\documents and settings\Sylvie\Application Data\Dr. DivX 2.0 OSS
        2008-11-09 22:29 --------- d-----w c:\documents and settings\Sylvie\Application Data\Vso
        2008-11-09 22:27 --------- d-----w c:\program files\vso
        2008-11-09 16:17 47,360 -c--a-w c:\documents and settings\Sylvie\Application Data\pcouffin.sys
        2008-11-09 16:17 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
        2008-11-08 23:36 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
        2008-11-08 21:13 --------- d-----w c:\program files\DVD Shrink
        2008-11-06 00:44 --------- d-----w c:\program files\ARAR
        2008-11-04 04:11 --------- d-----w c:\documents and settings\Sylvie\Application Data\Nexon
        2008-11-03 22:05 --------- d-----w c:\program files\ISIS Draw 2.3
        2008-11-01 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Protexis
        2008-10-24 21:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
        2008-10-24 21:05 --------- d-----w c:\documents and settings\Sylvie\Application Data\WeGame
        2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
        2008-10-17 20:25 --------- d--h--w c:\program files\InstallShield Installation Information
        2008-10-17 20:25 --------- d-----w c:\program files\Microsoft Reader
        2008-10-16 23:59 --------- d-----w c:\program files\AutoHotkey
        2008-10-15 00:37 --------- d-----w c:\program files\Microsoft Games
        2008-10-14 02:24 --------- d-----w c:\program files\KompoZer
        2008-10-14 02:24 --------- d-----w c:\documents and settings\Sylvie\Application Data\KompoZer
        2008-10-11 21:18 81,920 -c--a-w c:\documents and settings\Sylvie\Application Data\ezpinst.exe
        2005-12-16 22:33 54 -c--a-w c:\program files\delir.gio
        .

        ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 68856]
        "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
        "Google Update"="c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-02 133104]
        "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
        "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
        "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
        "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
        "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
        "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-16 185896]
        "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
        "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-22 282624]
        "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
        "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 c:\windows\LOGI_MWX.EXE]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
        "NoChangeAnimation"= 0 (0x0)
        "NoStrCmpLogical"= 0 (0x0)

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
        "MemCheckBoxInRunDlg"= 0 (0x0)
        "NoStrCmpLogical"= 0 (0x0)

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
        "MSACM.msrt24"= msrt24.acm
        "VIDC.JPEG"= jpegCode.dll
        "VIDC.MJPG"= jpegCode.dll

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
        Notification Packages REG_MULTI_SZ scecli c:\windows\system32\yapipije.dll

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
        SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
        path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
        backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KERClink.lnk]
        path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\KERClink.lnk
        backup=c:\windows\pss\KERClink.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
        path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk
        backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
        path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
        backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
        path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
        backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^Sylvie^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
        path=c:\documents and settings\Sylvie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
        backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
        --a--c--- 2006-07-22 20:03 282624 c:\program files\QuickTime\qttask.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
        --a------ 2008-10-08 10:54 1410296 c:\program files\Steam\Steam.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\security center]
        "UpdatesDisableNotify"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
        "DisableMonitoring"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "c:\\Program Files\\Valve\\Steam\\SteamApps\\lpkillwithm4\\counter-strike source\\hl2.exe"=
        "c:\\Program Files\\Steam\\Steam.exe"=
        "c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\half-life\\hl.exe"=
        "c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
        "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
        "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
        "c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
        "c:\\WINDOWS\\system32\\dplaysvr.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
        "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
        "c:\\Program Files\\JVTorrent\\btdownloadgui.exe"=
        "c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\half-life 2 deathmatch\\hl2.exe"=
        "c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\half-life 2\\hl2.exe"=
        "c:\\Program Files\\LimeWire\\LimeWire.exe"=
        "c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
        "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
        "c:\\BitTorrent\\bittorrent.exe"=
        "c:\\Program Files\\Abyss Web Server\\abyssws.exe"=
        "c:\\Program Files\\Maple 7\\BIN.WNT\\mserver.exe"=
        "c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\team fortress 2\\hl2.exe"=
        "c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\source sdk base\\hl2.exe"=
        "c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\source 2007 dedicated server\\srcds.exe"=
        "c:\\Program Files\\Messenger\\msmsgs.exe"=
        "c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=
        "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
        "c:\\Program Files\\MSN Messenger\\livecall.exe"=
        "c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
        "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
        "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
        "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

        R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-14 111184]
        R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
        R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
        R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-14 20560]
        R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MarxDev1.sys [2005-12-17 8864]
        R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MarxDev2.sys [2005-12-17 8864]
        R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MarxDev3.sys [2005-12-17 8864]
        R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
        S3 CEDRIVER53;CEDRIVER53;\??\c:\program files\Cheat Engine\dbk32.sys [2007-11-03 25984]
        S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2008-03-19 1391040]
        S4 aecport;aecport;\??\c:\windows\system32\drivers\asubehci.sys []
        .
        Contenu du dossier 'Tâches planifiées'

        2008-12-13 c:\windows\Tasks\GoogleUpdateTaskUser.job
        - c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-02 18:38]

        2008-12-08 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
        - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-01-29 08:46]

        2008-03-13 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
        - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-01-29 08:46]
        .
        - - - - ORPHELINS SUPPRIMES - - - -

        BHO-{1689296B-A7F2-45EC-A5F9-D4537D36F628} - (no file)
        BHO-{9ae2f81d-5609-4dc0-910b-213e0c966fdc} - (no file)
        BHO-{E427262E-9EEE-4018-A94F-EC4F03687628} - (no file)
        BHO-{F3B65192-4C96-4BED-8D4A-B5BE17A9B8CA} - (no file)
        HKLM-Run-CmUsbSound - cmcnfgu.cpl
        Notify-byXRhgfg - byXRhgfg.dll


        .
        ------- Examen supplémentaire -------
        .
        uStart Page = hxxp://www.daemon-search.com/startpage
        uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
        mSearch Bar =
        uInternet Connection Wizard,ShellNext = iexplore
        uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
        IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
        IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
        IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
        IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
        IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

        O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://drivers1.free.fr/telecharger.php?id=2&version=
        c:\windows\Downloaded Program Files\HardwareDetection.inf
        FF - ProfilePath - c:\documents and settings\Sylvie\Application Data\Mozilla\Firefox\Profiles\8xob0rfu.default\
        FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
        FF - prefs.js: browser.search.selectedEngine - Google
        FF - prefs.js: browser.startup.homepage - hxxp://www.trafficswarm.com/cgi-bin/swarm.cgi?811239
        FF - prefs.js: keyword.URL - about:neterror?e=query&u=
        FF - prefs.js: network.proxy.type - 1
        FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
        FF - plugin: c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
        FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
        FF - plugin: c:\program files\DivX\DivX Content Uploader\npUpload.dll
        FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
        FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
        FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
        FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
        FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
        FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
        FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
        .

        **************************************************************************

        catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-12-13 15:30:51
        Windows 5.1.2600 Service Pack 3 NTFS

        Recherche de processus cachés ...

        Recherche d'éléments en démarrage automatique cachés ...

        Recherche de fichiers cachés ...

        Scan terminé avec succès
        Fichiers cachés: 0

        **************************************************************************
        .
        --------------------- DLLs chargées dans les processus actifs ---------------------

        - - - - - - - > 'winlogon.exe'(784)
        c:\windows\system32\Ati2evxx.dll

        - - - - - - - > 'explorer.exe'(188)
        c:\program files\Logitech\MouseWare\System\LgWndHk.dll
        c:\program files\Fichiers communs\Logitech\Scrolling\LgMsgHk.dll
        .
        ------------------------ Autres processus actifs ------------------------
        .
        c:\windows\system32\ati2evxx.exe
        c:\windows\system32\ati2evxx.exe
        c:\windows\system32\ZoneLabs\vsmon.exe
        c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
        c:\program files\Alwil Software\Avast4\aswUpdSv.exe
        c:\program files\Alwil Software\Avast4\ashServ.exe
        c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
        c:\program files\Java\jre6\bin\jqs.exe
        c:\windows\system32\drivers\KodakCCS.exe
        c:\windows\system32\HPZipm12.exe
        c:\program files\Analog Devices\SoundMAX\SMAgent.exe
        c:\windows\system32\wdfmgr.exe
        c:\program files\Alwil Software\Avast4\ashMaiSv.exe
        c:\program files\Alwil Software\Avast4\ashWebSv.exe
        c:\windows\system32\rundll32.exe
        c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
        c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
        .
        **************************************************************************
        .
        Heure de fin: 2008-12-13 15:36:16 - La machine a redémarré [Sylvie]
        ComboFix-quarantined-files.txt 2008-12-13 20:36:09

        Avant-CF: 23,821,172,736 octets libres
        Après-CF: 23,790,628,864 octets libres

        337 --- E O F --- 2008-11-21 00:01:27
        0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    remets un rapport hijakchits
    0