Erreurs après éradication de spywares
Résolu
Virtumonde
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Salut, j'ai plusieurs messages d'errreurs qui se font reliés à l'éradication presque complète de Virtumonde, j'ai essayer avec CCcleaner de corriger les erreurs, mais ils ne les trouvent pas. Voilà le genre de message que je reçois à chaque fois que j'ouvre un programme:
L'application ou la DLL C:\WINDOWS\system32\yapipije.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.
J'ai plusieurs erreurs comme ça et il y en a environ 20 lorsque je démarres mon ordinateur. J'utilisais Spy-Bot au départ pour éradiquer Virtumonde, mais sa na pas prit beaucoup de temps avant que le programme ne soit plus capable de rien scanner (J'crois que Virtumonde ou un autre truc affilié l'a détruit), j'ai ensuite utiliser SUPERAntiSpyware et c'est là que j'ai eut les erreurs.
Voici mon rapport Hijackthis, peut-être que je peux régler mon problème en fixant certaines lignes :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:07, on 2008-12-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Documents and Settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1689296B-A7F2-45EC-A5F9-D4537D36F628} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9ae2f81d-5609-4dc0-910b-213e0c966fdc} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E427262E-9EEE-4018-A94F-EC4F03687628} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F3B65192-4C96-4BED-8D4A-B5BE17A9B8CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin9.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: c:\windows\system32\kufoluru.dll C:\WINDOWS\system32\yapipije.dll c:\windows\system32\lehebofi.dll
O20 - Winlogon Notify: byXRhgfg - byXRhgfg.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
L'application ou la DLL C:\WINDOWS\system32\yapipije.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.
J'ai plusieurs erreurs comme ça et il y en a environ 20 lorsque je démarres mon ordinateur. J'utilisais Spy-Bot au départ pour éradiquer Virtumonde, mais sa na pas prit beaucoup de temps avant que le programme ne soit plus capable de rien scanner (J'crois que Virtumonde ou un autre truc affilié l'a détruit), j'ai ensuite utiliser SUPERAntiSpyware et c'est là que j'ai eut les erreurs.
Voici mon rapport Hijackthis, peut-être que je peux régler mon problème en fixant certaines lignes :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:07, on 2008-12-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Documents and Settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1689296B-A7F2-45EC-A5F9-D4537D36F628} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9ae2f81d-5609-4dc0-910b-213e0c966fdc} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E427262E-9EEE-4018-A94F-EC4F03687628} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F3B65192-4C96-4BED-8D4A-B5BE17A9B8CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin9.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: c:\windows\system32\kufoluru.dll C:\WINDOWS\system32\yapipije.dll c:\windows\system32\lehebofi.dll
O20 - Winlogon Notify: byXRhgfg - byXRhgfg.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:
- Erreurs après éradication de spywares
- Redémarrer pour réparer les erreurs de lecteur ✓ - Forum Windows 8 / 8.1
- Une erreur s’est produite une erreur s’est produite et il est impossible de charger la page. ✓ - Forum Instagram
- Une erreur de communication est détectée dans le module de sécurité ✓ - Forum TNT / Satellite / Réception
- Décodeur Fransat bloqué - Forum TNT / Satellite / Réception
- Une erreur est survenue lors de la création de la page. veuillez vous assurer de respecter les règles relatives aux pages. - Forum Facebook
3 réponses
slt,
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
répare windows
https://www.pcastuces.com/pratique/windows/xp/default.htm
puis
remets un rapport hijakchits et dis si encore des soucis
https://www.pcastuces.com/pratique/windows/xp/default.htm
puis
remets un rapport hijakchits et dis si encore des soucis
ComboFix 08-12-12.05 - Sylvie 2008-12-13 15:23:49.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2559.1951 [GMT -5:00]
Lancé depuis: c:\documents and settings\Sylvie\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Sylvie\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Sylvie\Application Data\inst.exe
c:\documents and settings\Sylvie\Bureauvirii
c:\windows\IE4 Error Log.txt
c:\windows\system32\92B2286FC5.dll
c:\windows\system32\aaKlonpo.ini
c:\windows\system32\CbbHkUvw.ini
c:\windows\system32\enemukav.ini
c:\windows\system32\ezegayoz.ini
c:\windows\system32\iludeyep.ini
c:\windows\system32\iradutud.ini
c:\windows\system32\libeay32_0.9.6l.dll
c:\windows\system32\omorazel.ini
c:\windows\system32\udekukev.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-13 au 2008-12-13 ))))))))))))))))))))))))))))))))))))
.
2008-12-12 18:49 . 2008-12-12 18:49 <REP> d-------- c:\windows\Application Data
2008-12-12 16:08 . 2008-12-12 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-12 16:07 . 2008-12-12 16:07 <REP> d-------- c:\program files\SUPERAntiSpyware
2008-12-12 16:07 . 2008-12-12 16:07 <REP> d-------- c:\documents and settings\Sylvie\Application Data\SUPERAntiSpyware.com
2008-12-10 11:40 . 2008-12-13 14:42 959 --a------ C:\rollback.ini
2008-12-10 11:26 . 2008-12-10 11:26 <REP> d-------- c:\documents and settings\Sylvie\Application Data\MailFrontier
2008-12-10 11:19 . 2008-12-13 15:32 4,924,448 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-10 11:19 . 2008-12-13 15:29 66,980 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-10 10:39 . 2008-12-10 13:27 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2008-12-10 10:39 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe
2008-12-10 10:39 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
2008-12-10 10:39 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
2008-12-10 10:39 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
2008-12-10 10:39 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
2008-12-10 10:39 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2008-12-10 10:39 . 2008-12-10 19:46 4,212 ---h----- c:\windows\system32\zllictbl.dat
2008-12-10 10:38 . 2008-12-12 18:33 <REP> d-------- c:\windows\system32\ZoneLabs
2008-12-10 10:38 . 2008-12-10 10:38 <REP> d-------- c:\program files\Zone Labs
2008-12-10 10:38 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll
2008-12-10 10:38 . 2008-12-13 15:30 358,382 --a------ c:\windows\system32\vsconfig.xml
2008-12-10 10:37 . 2008-12-13 15:17 <REP> d-------- c:\windows\Internet Logs
2008-12-10 10:20 . 2008-12-10 10:20 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-08 18:28 . 2008-12-08 18:28 <REP> d-------- C:\VundoFix Backups
2008-12-08 11:08 . 2008-12-08 11:30 <REP> d-------- c:\program files\GCFScape
2008-12-06 10:39 . 2008-12-06 14:52 <REP> d-------- c:\program files\Mozilla Thunderbird
2008-12-06 10:39 . 2008-12-06 10:39 <REP> d-------- c:\documents and settings\Sylvie\Application Data\Thunderbird
2008-11-28 19:52 . 2008-11-28 19:52 <REP> d-------- c:\program files\Intel
2008-11-28 19:52 . 2008-05-01 16:35 53,248 --a------ c:\windows\system32\CSVer.dll
2008-11-28 19:51 . 2008-11-28 19:51 <REP> d-------- C:\Intel
2008-11-28 19:46 . 2008-11-28 20:37 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-23 20:50 . 2008-11-23 20:50 <REP> d-------- c:\program files\Trend Micro
2008-11-22 13:15 . 2008-12-06 20:06 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-22 13:15 . 2008-11-22 13:15 1,409 --a------ c:\windows\QTFont.for
2008-11-19 20:48 . 2008-10-03 12:12 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-19 20:48 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-19 20:48 . 2007-03-08 00:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-19 20:48 . 2008-08-26 03:11 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-19 20:48 . 2008-08-26 03:11 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-19 20:48 . 2008-08-26 03:11 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-19 20:48 . 2008-08-26 03:11 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-19 20:48 . 2008-08-26 03:11 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-19 20:48 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 20:28 --------- d-----w c:\documents and settings\Sylvie\Application Data\Free Download Manager
2008-12-13 18:52 --------- d-----w c:\program files\Steam
2008-12-12 21:07 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-12 05:38 --------- d-----w c:\documents and settings\Sylvie\Application Data\OpenOffice.org2
2008-12-12 05:37 --------- d-----w c:\program files\Cheat Engine
2008-12-10 15:20 --------- d-----w c:\program files\Java
2008-12-10 02:50 --------- d-----w c:\program files\mIRC
2008-12-08 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-07 01:05 --------- d-----w c:\program files\FlashGet
2008-12-07 01:00 --------- d-----w c:\program files\IGZones
2008-12-07 01:00 --------- d-----w c:\program files\Free Download Manager
2008-12-07 00:51 --------- d-----w c:\program files\Paint Shop Pro 6
2008-12-02 19:35 --------- d-----w c:\program files\PartyGaming
2008-12-02 00:38 --------- d-----w c:\documents and settings\Sylvie\Application Data\BitTorrent
2008-11-29 05:23 --------- d-----w c:\program files\MathType
2008-11-29 01:40 --------- d-----w c:\program files\Fichiers communs\ATI Technologies
2008-11-29 01:40 --------- d-----w c:\program files\ATI Technologies
2008-11-23 19:42 --------- d-----w c:\documents and settings\Sylvie\Application Data\Image Zone Express
2008-11-23 16:35 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-22 01:24 --------- d-----w c:\program files\DivX
2008-11-12 04:25 --------- d-----w c:\documents and settings\All Users\Application Data\Vso
2008-11-11 23:36 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
2008-11-11 23:32 --------- d-----w c:\documents and settings\Sylvie\Application Data\Dr. DivX 2.0 OSS
2008-11-09 22:29 --------- d-----w c:\documents and settings\Sylvie\Application Data\Vso
2008-11-09 22:27 --------- d-----w c:\program files\vso
2008-11-09 16:17 47,360 -c--a-w c:\documents and settings\Sylvie\Application Data\pcouffin.sys
2008-11-09 16:17 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-08 23:36 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-08 21:13 --------- d-----w c:\program files\DVD Shrink
2008-11-06 00:44 --------- d-----w c:\program files\ARAR
2008-11-04 04:11 --------- d-----w c:\documents and settings\Sylvie\Application Data\Nexon
2008-11-03 22:05 --------- d-----w c:\program files\ISIS Draw 2.3
2008-11-01 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Protexis
2008-10-24 21:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-24 21:05 --------- d-----w c:\documents and settings\Sylvie\Application Data\WeGame
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 20:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-17 20:25 --------- d-----w c:\program files\Microsoft Reader
2008-10-16 23:59 --------- d-----w c:\program files\AutoHotkey
2008-10-15 00:37 --------- d-----w c:\program files\Microsoft Games
2008-10-14 02:24 --------- d-----w c:\program files\KompoZer
2008-10-14 02:24 --------- d-----w c:\documents and settings\Sylvie\Application Data\KompoZer
2008-10-11 21:18 81,920 -c--a-w c:\documents and settings\Sylvie\Application Data\ezpinst.exe
2005-12-16 22:33 54 -c--a-w c:\program files\delir.gio
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-02 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-16 185896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-22 282624]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 c:\windows\LOGI_MWX.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.msrt24"= msrt24.acm
"VIDC.JPEG"= jpegCode.dll
"VIDC.MJPG"= jpegCode.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\yapipije.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KERClink.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\KERClink.lnk
backup=c:\windows\pss\KERClink.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Sylvie^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Sylvie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2006-07-22 20:03 282624 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-08 10:54 1410296 c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\lpkillwithm4\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\half-life\\hl.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\JVTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\half-life 2\\hl2.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Abyss Web Server\\abyssws.exe"=
"c:\\Program Files\\Maple 7\\BIN.WNT\\mserver.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\source 2007 dedicated server\\srcds.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-14 111184]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-14 20560]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MarxDev1.sys [2005-12-17 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MarxDev2.sys [2005-12-17 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MarxDev3.sys [2005-12-17 8864]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 CEDRIVER53;CEDRIVER53;\??\c:\program files\Cheat Engine\dbk32.sys [2007-11-03 25984]
S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2008-03-19 1391040]
S4 aecport;aecport;\??\c:\windows\system32\drivers\asubehci.sys []
.
Contenu du dossier 'Tâches planifiées'
2008-12-13 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-02 18:38]
2008-12-08 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-01-29 08:46]
2008-03-13 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-01-29 08:46]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{1689296B-A7F2-45EC-A5F9-D4537D36F628} - (no file)
BHO-{9ae2f81d-5609-4dc0-910b-213e0c966fdc} - (no file)
BHO-{E427262E-9EEE-4018-A94F-EC4F03687628} - (no file)
BHO-{F3B65192-4C96-4BED-8D4A-B5BE17A9B8CA} - (no file)
HKLM-Run-CmUsbSound - cmcnfgu.cpl
Notify-byXRhgfg - byXRhgfg.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://drivers1.free.fr/telecharger.php?id=2&version=
c:\windows\Downloaded Program Files\HardwareDetection.inf
FF - ProfilePath - c:\documents and settings\Sylvie\Application Data\Mozilla\Firefox\Profiles\8xob0rfu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.trafficswarm.com/cgi-bin/swarm.cgi?811239
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 15:30:51
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(188)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Fichiers communs\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Heure de fin: 2008-12-13 15:36:16 - La machine a redémarré [Sylvie]
ComboFix-quarantined-files.txt 2008-12-13 20:36:09
Avant-CF: 23,821,172,736 octets libres
Après-CF: 23,790,628,864 octets libres
337 --- E O F --- 2008-11-21 00:01:27
ComboFix 08-12-12.05 - Sylvie 2008-12-13 15:23:49.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2559.1951 [GMT -5:00]
Lancé depuis: c:\documents and settings\Sylvie\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Sylvie\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Sylvie\Application Data\inst.exe
c:\documents and settings\Sylvie\Bureauvirii
c:\windows\IE4 Error Log.txt
c:\windows\system32\92B2286FC5.dll
c:\windows\system32\aaKlonpo.ini
c:\windows\system32\CbbHkUvw.ini
c:\windows\system32\enemukav.ini
c:\windows\system32\ezegayoz.ini
c:\windows\system32\iludeyep.ini
c:\windows\system32\iradutud.ini
c:\windows\system32\libeay32_0.9.6l.dll
c:\windows\system32\omorazel.ini
c:\windows\system32\udekukev.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-13 au 2008-12-13 ))))))))))))))))))))))))))))))))))))
.
2008-12-12 18:49 . 2008-12-12 18:49 <REP> d-------- c:\windows\Application Data
2008-12-12 16:08 . 2008-12-12 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-12 16:07 . 2008-12-12 16:07 <REP> d-------- c:\program files\SUPERAntiSpyware
2008-12-12 16:07 . 2008-12-12 16:07 <REP> d-------- c:\documents and settings\Sylvie\Application Data\SUPERAntiSpyware.com
2008-12-10 11:40 . 2008-12-13 14:42 959 --a------ C:\rollback.ini
2008-12-10 11:26 . 2008-12-10 11:26 <REP> d-------- c:\documents and settings\Sylvie\Application Data\MailFrontier
2008-12-10 11:19 . 2008-12-13 15:32 4,924,448 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-10 11:19 . 2008-12-13 15:29 66,980 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-10 10:39 . 2008-12-10 13:27 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2008-12-10 10:39 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe
2008-12-10 10:39 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
2008-12-10 10:39 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
2008-12-10 10:39 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
2008-12-10 10:39 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
2008-12-10 10:39 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2008-12-10 10:39 . 2008-12-10 19:46 4,212 ---h----- c:\windows\system32\zllictbl.dat
2008-12-10 10:38 . 2008-12-12 18:33 <REP> d-------- c:\windows\system32\ZoneLabs
2008-12-10 10:38 . 2008-12-10 10:38 <REP> d-------- c:\program files\Zone Labs
2008-12-10 10:38 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll
2008-12-10 10:38 . 2008-12-13 15:30 358,382 --a------ c:\windows\system32\vsconfig.xml
2008-12-10 10:37 . 2008-12-13 15:17 <REP> d-------- c:\windows\Internet Logs
2008-12-10 10:20 . 2008-12-10 10:20 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-08 18:28 . 2008-12-08 18:28 <REP> d-------- C:\VundoFix Backups
2008-12-08 11:08 . 2008-12-08 11:30 <REP> d-------- c:\program files\GCFScape
2008-12-06 10:39 . 2008-12-06 14:52 <REP> d-------- c:\program files\Mozilla Thunderbird
2008-12-06 10:39 . 2008-12-06 10:39 <REP> d-------- c:\documents and settings\Sylvie\Application Data\Thunderbird
2008-11-28 19:52 . 2008-11-28 19:52 <REP> d-------- c:\program files\Intel
2008-11-28 19:52 . 2008-05-01 16:35 53,248 --a------ c:\windows\system32\CSVer.dll
2008-11-28 19:51 . 2008-11-28 19:51 <REP> d-------- C:\Intel
2008-11-28 19:46 . 2008-11-28 20:37 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-23 20:50 . 2008-11-23 20:50 <REP> d-------- c:\program files\Trend Micro
2008-11-22 13:15 . 2008-12-06 20:06 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-22 13:15 . 2008-11-22 13:15 1,409 --a------ c:\windows\QTFont.for
2008-11-19 20:48 . 2008-10-03 12:12 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-19 20:48 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-19 20:48 . 2007-03-08 00:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-19 20:48 . 2008-08-26 03:11 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-19 20:48 . 2008-08-26 03:11 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-19 20:48 . 2008-08-26 03:11 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-19 20:48 . 2008-08-26 03:11 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-19 20:48 . 2008-08-26 03:11 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-19 20:48 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 20:28 --------- d-----w c:\documents and settings\Sylvie\Application Data\Free Download Manager
2008-12-13 18:52 --------- d-----w c:\program files\Steam
2008-12-12 21:07 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-12 05:38 --------- d-----w c:\documents and settings\Sylvie\Application Data\OpenOffice.org2
2008-12-12 05:37 --------- d-----w c:\program files\Cheat Engine
2008-12-10 15:20 --------- d-----w c:\program files\Java
2008-12-10 02:50 --------- d-----w c:\program files\mIRC
2008-12-08 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-07 01:05 --------- d-----w c:\program files\FlashGet
2008-12-07 01:00 --------- d-----w c:\program files\IGZones
2008-12-07 01:00 --------- d-----w c:\program files\Free Download Manager
2008-12-07 00:51 --------- d-----w c:\program files\Paint Shop Pro 6
2008-12-02 19:35 --------- d-----w c:\program files\PartyGaming
2008-12-02 00:38 --------- d-----w c:\documents and settings\Sylvie\Application Data\BitTorrent
2008-11-29 05:23 --------- d-----w c:\program files\MathType
2008-11-29 01:40 --------- d-----w c:\program files\Fichiers communs\ATI Technologies
2008-11-29 01:40 --------- d-----w c:\program files\ATI Technologies
2008-11-23 19:42 --------- d-----w c:\documents and settings\Sylvie\Application Data\Image Zone Express
2008-11-23 16:35 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-22 01:24 --------- d-----w c:\program files\DivX
2008-11-12 04:25 --------- d-----w c:\documents and settings\All Users\Application Data\Vso
2008-11-11 23:36 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
2008-11-11 23:32 --------- d-----w c:\documents and settings\Sylvie\Application Data\Dr. DivX 2.0 OSS
2008-11-09 22:29 --------- d-----w c:\documents and settings\Sylvie\Application Data\Vso
2008-11-09 22:27 --------- d-----w c:\program files\vso
2008-11-09 16:17 47,360 -c--a-w c:\documents and settings\Sylvie\Application Data\pcouffin.sys
2008-11-09 16:17 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-08 23:36 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-08 21:13 --------- d-----w c:\program files\DVD Shrink
2008-11-06 00:44 --------- d-----w c:\program files\ARAR
2008-11-04 04:11 --------- d-----w c:\documents and settings\Sylvie\Application Data\Nexon
2008-11-03 22:05 --------- d-----w c:\program files\ISIS Draw 2.3
2008-11-01 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Protexis
2008-10-24 21:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-24 21:05 --------- d-----w c:\documents and settings\Sylvie\Application Data\WeGame
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 20:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-17 20:25 --------- d-----w c:\program files\Microsoft Reader
2008-10-16 23:59 --------- d-----w c:\program files\AutoHotkey
2008-10-15 00:37 --------- d-----w c:\program files\Microsoft Games
2008-10-14 02:24 --------- d-----w c:\program files\KompoZer
2008-10-14 02:24 --------- d-----w c:\documents and settings\Sylvie\Application Data\KompoZer
2008-10-11 21:18 81,920 -c--a-w c:\documents and settings\Sylvie\Application Data\ezpinst.exe
2005-12-16 22:33 54 -c--a-w c:\program files\delir.gio
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-02 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-16 185896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-22 282624]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 c:\windows\LOGI_MWX.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.msrt24"= msrt24.acm
"VIDC.JPEG"= jpegCode.dll
"VIDC.MJPG"= jpegCode.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\yapipije.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KERClink.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\KERClink.lnk
backup=c:\windows\pss\KERClink.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Sylvie^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Sylvie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2006-07-22 20:03 282624 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-08 10:54 1410296 c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\lpkillwithm4\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\half-life\\hl.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\JVTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\half-life 2\\hl2.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Abyss Web Server\\abyssws.exe"=
"c:\\Program Files\\Maple 7\\BIN.WNT\\mserver.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stan44d@hotmail.com\\source 2007 dedicated server\\srcds.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-14 111184]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-14 20560]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MarxDev1.sys [2005-12-17 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MarxDev2.sys [2005-12-17 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MarxDev3.sys [2005-12-17 8864]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 CEDRIVER53;CEDRIVER53;\??\c:\program files\Cheat Engine\dbk32.sys [2007-11-03 25984]
S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2008-03-19 1391040]
S4 aecport;aecport;\??\c:\windows\system32\drivers\asubehci.sys []
.
Contenu du dossier 'Tâches planifiées'
2008-12-13 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-02 18:38]
2008-12-08 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-01-29 08:46]
2008-03-13 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-01-29 08:46]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{1689296B-A7F2-45EC-A5F9-D4537D36F628} - (no file)
BHO-{9ae2f81d-5609-4dc0-910b-213e0c966fdc} - (no file)
BHO-{E427262E-9EEE-4018-A94F-EC4F03687628} - (no file)
BHO-{F3B65192-4C96-4BED-8D4A-B5BE17A9B8CA} - (no file)
HKLM-Run-CmUsbSound - cmcnfgu.cpl
Notify-byXRhgfg - byXRhgfg.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://drivers1.free.fr/telecharger.php?id=2&version=
c:\windows\Downloaded Program Files\HardwareDetection.inf
FF - ProfilePath - c:\documents and settings\Sylvie\Application Data\Mozilla\Firefox\Profiles\8xob0rfu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.trafficswarm.com/cgi-bin/swarm.cgi?811239
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Sylvie\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 15:30:51
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(188)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Fichiers communs\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Heure de fin: 2008-12-13 15:36:16 - La machine a redémarré [Sylvie]
ComboFix-quarantined-files.txt 2008-12-13 20:36:09
Avant-CF: 23,821,172,736 octets libres
Après-CF: 23,790,628,864 octets libres
337 --- E O F --- 2008-11-21 00:01:27