Virus très envahissant...
Forum Sécurité - Virus : Virus très envahissant...
Bien par ou commencer...
Je suis contaminer depuis un moment par plusieurs choses :
Tout d'abord, j'ai enclenché une petite cochonnerie nommée "a.bat" qui m'a causé des soucis (Le non démmarage de mes antivirus et firewall, le blocage de plusieurs processus système ect...) et j'ai fais un gros nétoyage avec Hijackthis, spybot, ADaware ect...
J'ai repassé plusieurs fois après redémarrage des scans onlines comme Bitdefender.....
Il ne me trouvait plus d'infection....
Puis des fenêtres intempestives s'ouvraient dans Firefox et IE se déclenchait tout seul avec des onglets qui se multipliaient encore à l'infini.....
J'ai déjà suivit pas loin de 20 méthodes différentes mais il y'a toujours ces cochonneries dans les registres et ailleurs et quand je les vires avec Spybot ou autre, ils réapparaissent... Si je les effacent dans les registre (Current verssion\Run) il réapparaissent, quand je les modifient, ils réapparaissent...
Pareil, les fichiers DLL dans "systrem32" aux noms complètement extravagants, je les changent en fichiers ".txt" et ils reviennent sous un autre nom aussi loufoque... Si je les fixent avec Hijackthis, ils réaparaissent au scan suivant......
Je vous post nue copie du log hijackthis si celà peut vous aider ou vous mettre sur la voix... Merci d'avance à toutes les braves âmes qui prendront un peu de temps pour sauver mon PC et mon cas désespéré......
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08:09, on 18/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Recreg\HiJackThis.exe
O2 - BHO: (no name) - {4f1aa0d3-9302-4f9f-bc57-9181114dedea} - C:\WINDOWS\system32\holusifo.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\regmech.exe /H
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\zerajifu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 6781 bytes
Je peux assurer que les lignes suivantes (tout les system32 aux noms étranges) sont des soucis :
O2 - BHO: (no name) - {4f1aa0d3-9302-4f9f-bc57-9181114dedea} - C:\WINDOWS\system32\holusifo.dll
O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a
O20 - AppInit_DLLs: C:\WINDOWS\system32\zerajifu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
Et le nom dans les registres qui reviens souvent est : bekezojaru.....
Si quelqu'un peut m'aider s'il vous plait?.... MERCI! =)
Bonjour,
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
Tentative d'essais avec Combofix mais le soucis, c'est qu'il plante...
Je suis A LA LETTRE les indications mais lorsque je fais glisser l'icone de restoration Windows + SP2 sur l'icone Combofix, une fenêtre de commande (MS Dos je pense) sur fond bleue s'ouvre et plante...
EDIT : J'ai effectuer un arrêt au démarrage (Executer => MSconfig) des deux processus ce qui semble avoir réglé un soucis ou deux...
Message édité par Voodoobear le 18-01-2009 à 17:37:02
C'est pas grave, n'installe pas la console de récup.
Répondre à Angeldark
Voici la réponse de Combofix à une tentative de démarrage :
"C.bat n'est pas reconnu en tant que commande interne ou externe, un programme executable ou un fichier de commandes"
Répondre à Voodoobear
Bizarre.
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Voilà le rapport et après redémarrage (qu'il fallait faire en mode sans echec ou non?) il à planté à plusieurs reprises, impossible de le redémarrer en mode sans echec ou normale... J'ai donc fais un redémarrage en "derniers bon paramètres connus"...
Ci join, le rapport :
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1668
Windows 5.1.2600 Service Pack 3
2009-01-20 00:34:48
mbam-log-2009-01-20 (00-34-41).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 109362
Temps écoulé: 54 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 20
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\zerajifu.dll (Trojan.Vundo.H) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f1aa0d3-9302-4f9f-bc57-9181114dedea} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4f1aa0d3-9302-4f9f-bc57-9181114dedea} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4f1aa0d3-9302-4f9f-bc57-9181114dedea} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bekezojaru (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm5fd7c57e (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\DRam prosessor (Trojan.Agent) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zerajifu.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\zerajifu.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zerajifu.dll -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\holusifo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\zerajifu.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Voodoobear\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Voodoobear\Bureau\backups\backup-20090118-165432-719.dll (Trojan.Vundo.H) -> No action taken.
C:\Recreg\backups\backup-20090116-155746-584.dll (Trojan.Vundo) -> No action taken.
C:\Recreg\backups\backup-20090117-213442-234.dll (Trojan.Vundo.H) -> No action taken.
C:\Recreg\backups\backup-20090117-213442-588.dll (Trojan.Vundo) -> No action taken.
C:\Recreg\backups\backup-20090117-213612-555.dll (Trojan.Vundo.H) -> No action taken.
C:\Recreg\backups\backup-20090118-110508-378.dll (Trojan.Vundo.H) -> No action taken.
C:\Recreg\backups\backup-20090118-113231-315.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP10\A0003950.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP10\A0004107.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP10\A0004111.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP10\A0004112.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP11\A0004131.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP11\A0004134.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\pstsqt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\subapade.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tamawopi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wavemile.dll (Trojan.Vundo) -> No action taken.
Merci BEAUCOUP de l'aide et du temps fournis, j'en suis TRES reconaissant!!!
Répondre à Voodoobear
Tu as bien supprimé les infections avec MBAM ?
Répondre à Angeldark
Voici ce que j'ai précisément fait :
Redémarré Windows XP (en mode sans echec)
Démarré MBAM
Analyse complète (En mode sans echec)
Enregistrement du log
Tout supprimer
MBAM à redémarré, impossible de passer l'écran de chargement Windows jusqu'à ce que je fasses "dernière bonne configuration"
Et là, il à redémarré...
Est-ce bon?
Répondre à Voodoobear
Reposte un rapport Hijackthis.
Refais quand même un scan en attendant ma prochaine réponse.
Répondre à Angeldark
Voici le dernier raport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07, on 2009-01-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Voodoobear\Bureau\HiJackThis.exe
O2 - BHO: (no name) - {4f1aa0d3-9302-4f9f-bc57-9181114dedea} - C:\WINDOWS\system32\holusifo.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\zerajifu.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 6459 bytes
Merci de l'aide, je refais une analyse avec MBAM dans l'aprème...
EDIT :
Voici le rapport après un nouveau scan de MBAM et un succès (sans redémarrer) de suppression :
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1668
Windows 5.1.2600 Service Pack 3
2009-01-20 15:18:45
mbam-log-2009-01-20 (15-18-41).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 109678
Temps écoulé: 54 minute(s), 1 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f1aa0d3-9302-4f9f-bc57-9181114dedea} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4f1aa0d3-9302-4f9f-bc57-9181114dedea} (Trojan.Vundo.H) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bekezojaru (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm5fd7c57e (Trojan.Vundo.H) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP15\A0007115.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP15\A0007117.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP15\A0007119.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP15\A0007123.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP15\A0007124.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP15\A0007125.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP15\A0007126.dll (Trojan.Vundo) -> No action taken.
Message édité par Voodoobear le 20-01-2009 à 15:33:22
Répondre à Voodoobear
Tu supprimes bien les infections ? oO
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
Oui je les suprimes mais quel que soit l'outil de supression que j'utilise, apparemment, les cochoneries reviennent toujours!!
Je refais un scan demain et le post au pire juste pour voir...
Répondre à Voodoobear
Fais combofix 
Répondre à Angeldark
J'en relance un et j'édite pour donner le rapport =).
Répondre à Voodoobear
IMPOSSIBLE de démarrer ComboFix depuis mon bureau donc, je l'ai passé en Mode sans echec et là, ça a fonctionné, voici le rapport :
ComboFix 09-01-21.01 - Voodoobear 2009-01-21 23:40:18.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.365 [GMT 1:00]
Lancé depuis: c:\documents and settings\Voodoobear\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090121-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\cqugpg.dll
c:\windows\system32\eOpsCfhk.ini
c:\windows\system32\gedekuye.dll
c:\windows\system32\muvetuvo.dll
c:\windows\system32\titobigi.dll
c:\windows\system32\zerajifu.dll
c:\windows\system32\zilosuzu.dll
c:\windows\Tasks\czfxnepq.job
----- BITS: Il y a peut-être des sites infectés -----
hxxp://77.74.48.105
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-21 au 2009-01-21 ))))))))))))))))))))))))))))))))))))
.
2009-01-21 23:30 . 2009-01-21 23:30 <REP> d-------- C:\ComboFix.exe
2009-01-21 21:50 . 2009-01-21 21:50 <REP> d-------- C:\Bibitte
2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- c:\program files\Smallvideosoft
2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- C:\Mp3 Output
2009-01-21 13:58 . 2007-03-01 04:18 4,762,112 --a------ c:\windows\system32\NCMedia.dll
2009-01-21 13:58 . 2007-02-25 15:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
2009-01-21 10:45 . 2009-01-21 10:45 2,724 ---hs---- c:\windows\system32\nominenu.dll
2009-01-21 10:45 . 2009-01-21 10:45 2,724 ---hs---- c:\windows\system32\miyowepa.dll
2009-01-21 10:45 . 2009-01-21 10:45 2,724 ---hs---- c:\windows\system32\herugife.dll
2009-01-20 10:44 . 2009-01-20 10:44 2,724 ---hs---- c:\windows\system32\gubebusi.dll
2009-01-20 00:35 . 2009-01-20 00:35 61,440 --a------ c:\windows\system32\drivers\sjsnq.sys
2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Malwarebytes
2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-19 23:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-19 23:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-19 22:44 . 2009-01-19 22:44 2,724 ---hs---- c:\windows\system32\fuzuwigi.dll
2009-01-19 10:44 . 2009-01-19 10:44 2,724 ---hs---- c:\windows\system32\finobefe.dll
2009-01-19 10:44 . 2009-01-19 10:44 2,724 ---hs---- c:\windows\system32\bavawapa.dll
2009-01-19 08:19 . 2009-01-19 08:19 <REP> d-------- c:\program files\AC3Filter
2009-01-19 08:19 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2009-01-18 22:44 . 2009-01-18 22:44 2,724 ---hs---- c:\windows\system32\wavowibi.dll
2009-01-18 22:44 . 2009-01-18 22:44 2,724 ---hs---- c:\windows\system32\tunesega.dll
2009-01-18 22:44 . 2009-01-18 22:44 2,724 ---hs---- c:\windows\system32\jisaleyu.dll
2009-01-18 16:27 . 2009-01-18 16:27 <REP> d-------- C:\VundoFix Backups
2009-01-18 01:27 . 2009-01-18 16:08 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-17 23:07 . 2009-01-18 00:20 264 --a------ c:\windows\wininit.ini
2009-01-17 21:37 . 2009-01-17 21:47 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-17 21:37 . 2009-01-18 16:22 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-15 14:11 . 2009-01-15 14:11 2,724 ---hs---- c:\windows\system32\vorosuka.dll
2009-01-15 14:11 . 2009-01-15 14:11 2,724 ---hs---- c:\windows\system32\haditapo.dll
2009-01-15 14:11 . 2009-01-15 14:11 2,724 ---hs---- c:\windows\system32\bozilajo.dll
2009-01-14 14:29 . 2009-01-21 21:49 <REP> d-------- C:\Recreg
2009-01-14 13:38 . 2009-01-14 13:38 <REP> d-------- c:\program files\CCleaner
2009-01-13 16:03 . 2009-01-17 10:44 <REP> d-------- c:\windows\BDOSCAN8
2009-01-11 20:02 . 2009-01-11 20:11 <REP> d-------- c:\program files\Random Software
2009-01-11 11:04 . 2009-01-11 11:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-01-11 11:03 . 2009-01-11 11:03 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
2009-01-09 10:29 . 2009-01-09 10:29 172 ---h----- c:\windows\formacd.id
2009-01-09 09:02 . 2009-01-09 09:02 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\DigitalPersona
2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\program files\Webteh
2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\BSplayer Pro
2009-01-08 15:55 . 2009-01-08 16:02 <REP> d-------- C:\xampp
2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\windows\DPDrv
2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\program files\DigitalPersona
2009-01-07 18:19 . 2009-01-07 18:19 <REP> d-------- c:\program files\Guitar Pro 5
2009-01-06 12:33 . 2009-01-06 12:33 <REP> d-------- c:\windows\Sun
2009-01-06 10:15 . 2009-01-06 10:15 <REP> d-------- c:\documents and settings\Voodoobear\Incomplete
2009-01-06 10:12 . 2009-01-19 14:22 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\LimeWire
2009-01-06 09:54 . 2009-01-13 11:49 <REP> d-------- c:\program files\LimeWire
2009-01-06 09:37 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliPoint
2009-01-06 09:36 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliType Pro
2009-01-05 22:00 . 2009-01-05 22:01 <REP> d-------- c:\program files\Fichiers communs\Merge Modules
2009-01-05 19:52 . 2009-01-05 19:52 <REP> d-------- c:\program files\Microsoft SQL Server
2009-01-05 19:46 . 2009-01-07 19:19 <REP> d-------- c:\documents and settings\Voodoobear\dwhelper
2009-01-05 19:40 . 2009-01-05 19:40 <REP> d-------- c:\program files\Microsoft.NET
2009-01-05 19:38 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Visual Studio 8
2009-01-05 19:37 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Web Designer Tools
2009-01-05 19:37 . 2009-01-06 10:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-05 19:36 . 2009-01-05 19:36 <REP> dr-h----- C:\MSOCache
2009-01-05 19:33 . 2009-01-05 19:33 <REP> d-------- c:\program files\Microsoft SDKs
2009-01-05 19:18 . 2009-01-05 19:26 <REP> d-------- c:\windows\system32\XPSViewer
2009-01-05 19:17 . 2009-01-05 19:17 <REP> d-------- c:\program files\MSBuild
2009-01-05 19:16 . 2009-01-05 19:16 <REP> d-------- c:\program files\Reference Assemblies
2009-01-05 19:14 . 2009-01-05 19:14 212 --a------ c:\windows\system32\spupdsvc.inf
2009-01-05 19:06 . 2009-01-06 09:06 <REP> d-------- c:\windows\SxsCaPendDel
2009-01-05 15:18 . 2009-01-05 15:18 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\AdobeUM
2009-01-05 10:44 . 2009-01-05 10:48 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Dev-Cpp
2009-01-05 10:31 . 2009-01-05 10:31 <REP> d-------- c:\program files\Microsoft
2009-01-05 10:11 . 2009-01-21 23:48 <REP> d-------- c:\documents and settings\Voodoobear\Tracing
2009-01-05 10:05 . 2009-01-05 10:05 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-01-05 09:39 . 2009-01-05 10:47 <REP> d-------- C:\Dev-Cpp
2009-01-04 21:40 . 2009-01-04 21:43 2,330,880 --a------ c:\windows\system32\TUKernel.exe
2009-01-04 21:21 . 2009-01-21 21:18 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Azureus
2009-01-04 21:21 . 2009-01-04 21:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
2009-01-04 21:20 . 2009-01-04 21:20 <REP> d-------- c:\program files\Vuze
2009-01-04 21:12 . 2009-01-04 21:12 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\InstallShield
2009-01-04 20:48 . 2009-01-04 21:32 <REP> d-------- c:\program files\TuneUp Utilities 2008
2009-01-04 20:48 . 2009-01-04 20:48 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-04 20:48 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2009-01-04 19:30 . 2009-01-21 23:36 9,662,496 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-04 19:30 . 2009-01-21 23:36 113,936 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-04 19:23 . 2009-01-04 19:23 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-01-04 19:23 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
2009-01-04 19:23 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
2009-01-04 19:23 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
2009-01-04 19:23 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
2009-01-04 19:23 . 2009-01-04 19:26 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-01-04 19:22 . 2009-01-04 19:22 <REP> d-------- c:\program files\Zone Labs
2009-01-04 19:21 . 2009-01-21 23:45 358,382 --a------ c:\windows\system32\vsconfig.xml
2009-01-04 19:20 . 2009-01-21 23:49 <REP> d-------- c:\windows\Internet Logs
2009-01-04 19:11 . 2009-01-04 19:11 <REP> d-------- c:\documents and settings\Voodoobear\Contacts
2009-01-04 19:10 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-04 19:09 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-04 19:08 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-04 19:08 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-04 19:08 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-04 19:08 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-04 19:07 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-04 19:07 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-01-04 19:06 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-01-04 19:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-04 19:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-04 18:24 . 2009-01-04 18:24 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-01-03 21:24 . 2009-01-03 21:24 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Media Player Classic
2009-01-03 20:20 . 2009-01-03 20:20 <REP> d-------- c:\program files\SAGEM Wi-Fi USB 802.11g
2009-01-03 20:20 . 2005-06-17 10:27 16,292 --a------ c:\windows\system32\PCANDIS5.SYS
2009-01-03 20:19 . 2009-01-03 20:19 <REP> d-------- c:\program files\SAGEM
2009-01-03 20:19 . 2005-06-17 10:27 379,456 --a------ c:\windows\system32\drivers\WlanUIG.sys
2009-01-03 20:19 . 2005-07-04 16:25 163,840 --a------ c:\windows\UninstWiFi.exe
2009-01-03 20:19 . 2005-06-17 10:26 114,688 --a------ c:\windows\system32\WLANUTL.dll
2009-01-03 20:19 . 2005-06-17 10:26 61,440 --a------ c:\windows\system32\W32N50.dll
2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a------ c:\windows\system32\irftp.exe
2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a--c--- c:\windows\system32\dllcache\irftp.exe
2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a------ c:\windows\system32\irmon.dll
2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a--c--- c:\windows\system32\dllcache\irmon.dll
2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a------ c:\windows\system32\wshirda.dll
2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-01-03 11:58 . 2009-01-04 20:48 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-03 11:57 . 2009-01-03 11:57 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\TuneUp Software
2009-01-03 11:41 . 2009-01-17 23:07 <REP> d-------- c:\program files\Sleepy
2009-01-02 21:51 . 2009-01-02 21:50 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-02 21:51 . 2009-01-02 21:50 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-02 21:50 . 2009-01-02 21:50 <REP> d-------- c:\program files\Java
2009-01-02 21:50 . 2009-01-02 21:52 <REP> d-------- c:\program files\EasyPHP 2.0b1
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 13:19 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-11 10:07 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-05 09:09 --------- d-----w c:\program files\Windows Live
2009-01-05 08:20 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-04 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-01-03 19:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-04-14 02:34 28,858,803 --sh--r c:\windows\system32\windir.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 913408]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2009-01-03 741376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G,c:\windows\system32\zerajifu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NETGEAR WPN111 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WPN111 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Scheduler.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pinnacle Scheduler.lnk
backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-06-28 23:01 2512128 c:\windows\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 05:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a--c--- 2001-12-26 13:12 472576 c:\windows\mHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-27 111184]
R3 dpK0Bx01;Pilote supérieur de lecteur d'empreintes digitales;c:\windows\system32\drivers\dpK0Bx01.sys [2004-08-04 32640]
R3 UsbdpFP;Pilote de classe Lecteur d'empreintes digitales;c:\windows\system32\drivers\UsbdpFP.sys [2004-08-04 34560]
R3 WB528MS;Winbond PCI Memory Stick PRO Storage (MSPRO) Device Driver;c:\windows\system32\drivers\wb528ms.sys [2008-09-27 38400]
R3 WB528SD;Winbond PCI Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\WB528SD.sys [2008-09-27 35712]
R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2009-01-03 379456]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-04 20560]
S3 AMDMSRIO;AMDMSRIO;\??\f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys --> f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys [?]
S3 ATICDSDr;ATICDSDr;\??\f:\install\bin\atiicdxx.sys --> f:\install\bin\atiicdxx.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-10-06 17149]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - PCANDIS5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2009-01-21 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{4f1aa0d3-9302-4f9f-bc57-9181114dedea} - c:\windows\system32\holusifo.dll
HKLM-Run-bekezojaru - c:\windows\system32\regikiho.dll
HKLM-Run-CPM5fd7c57e - c:\windows\system32\rizizozu.dll
MSConfigStartUp-bekezojaru - c:\windows\system32\regikiho.dll
MSConfigStartUp-CPM5fd7c57e - c:\windows\system32\rizizozu.dll
.
------- Examen supplémentaire -------
.
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Voodoobear\Application Data\Mozilla\Firefox\Profiles\41a3xjcs.default\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 23:50:06
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b5,f7,05,cc,5f,
6d,d6,ab,e2,63,26,f1,3f,c8,ff,68,8b,93,e2,ad,93,45,f4,42,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9d,6e,ea,72,50,
aa,d8,7f,6a,9c,d6,61,af,45,84,18,3a,1e,55,dc,e6,ab,49,aa,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e5,ee,d5,bf,55,
1f,67,7e,ff,7c,85,e0,43,d4,0e,fe,ab,c0,1f,5d,c7,0c,c0,92,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,97,60,b8,42,70,
b3,ec,e7,86,8c,21,01,be,91,eb,e7,d8,b5,b1,5a,b0,a6,68,0a,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,3f,50,4e,29,f9,
43,bb,a5,f5,1d,4d,73,a8,13,5c,05,e7,3c,4e,76,c2,9c,dc,3f,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,12,4c,2f,13,60,
f9,07,86,df,20,58,62,78,6b,cf,c8,6f,1d,fa,bc,93,70,79,0f,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,03,39,1d,67,7b,
a7,17,8f,fb,a7,78,e6,12,2f,9a,ea,c7,68,08,ed,fe,98,57,93,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,89,c5,64,99,
15,87,53,01,3a,48,fc,e8,04,4a,f1,57,0e,a8,22,14,d2,ab,ba,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1e,3e,30,6a,ed,
67,5b,15,f6,0f,4e,58,98,5b,89,c9,26,29,d7,23,55,3a,82,85,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e2,76,af,80,6d,
04,86,21,3d,ce,ea,26,2d,45,aa,78,d1,49,cc,16,28,09,89,83,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ad,ef,fc,f2,39,
ec,bb,26,2a,b7,cc,b5,b9,7f,41,e7,cd,f0,dc,9f,bb,ce,c6,8b,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2d,44,33,fa,03,
fd,4d,c5,6c,43,2d,1e,aa,22,2f,9c,ad,35,bd,da,ac,c9,57,4c,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="789DC0252CE3703BA7588FC03F90689669B341F395E5ED51BFC8A86DB31B7A901450CA8DA0B5B7B04079D710D9A39E756ED8624C9774D856C35EF587E21604D2DCE3744C78ABACD89B464960FE6C31BA420D673E851AE736E02A9B2564FE148C91BF2BB6D405B12583FD4628EA530CC9DA8A477FDB072A65DBFD45DD106E80E1E26D706587E1808CB783C52290A26B8826AB118AC7CE015A6DCEB68F7162EF7CF69ADB361C4BA4076A5D554B150BE26203EFE1A1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DFE6508E9C5C6F450DF8C6C7711B1769110C769D568FB8E869254E7D2BEC97EDEFA8B17C48287BEF6E78080B605D53C173F37F1B92002EEC3C862B9B43A90329A0FB8A74F88DC7A3F96D66FE236B8585EDFB0C407C8B440B5BD996124E05E34BAFACBC01BC4A2AD414894C37DBE3462BD8B06114F48875115E9B2526405DDA8F8B286B93E945EED559028DB8DA84285519169592CF40D035E774BD43EECDAC3D1DE10BE534B35661AB45E691D74038478747374B81F80CAD0C66485FE5248D2875D72D1F5B073D6F2AB6CF03C96BA33D56AA10C9307BCB1706B645378623DB11EBD1CC6C9FE06130526E8CCFBF6D2F7D0DDD321605FC35407AB93027D41F153DFC45F46F36582813A044EACF3F05450146ECD044854BA669E04212A6783C5BE59E973CE9D871E1E415BFD103F5571CC8F6D395D7680692A88A41C369333B88D5B5C712F737B34778CF5BA4C7B687C907561A1269A77BD7AD9EFFA6661CEF26EFB79D70D29CCC3B1D0CF2B8DCBE06FD5BD84F7AFE6BB48C3697D18CE3548BB2213D78AE173F9ED04099B5B4FD66C64E62447101A95C73E88D31AAE5779050480BE3F4F790C777DB8F4BF3AE547A91C25264AA2DDDF87F75DF7C3E23C1ADFDBF3DF2CCEF4B02BD92F14549C74CB2D790508E54C45065DF26BFBAE388B86A679F91CCE1AC7227013DBAE28B775177F848E50A28D6FCD1D50EF47C2972A351BB6A55C8C22BCA796DBC5CDBBA7B75E1B6ADDCA40C9CE7B91533D051B50509D72911CCC7EBDEF8A5F8B873F446CDB5E727A2206304AA95DF4E5B7278613093DD8AB19606F26D117829DCF16ABE9D9D567A9A1D51ABB9B417A1658608974B494EA4B694AE0FA289F2C2F642890E57885538D3351582D13FCC7132CA95BEE06A7BB5AEF05073F89F979041A8F430E57B501E244D27815D2E5F2B1D5BEE7DE077E4F67A24D4BD7E401FE84DCAA49EEE6AF310AD479BE4972D88BEC0AA0CE8690A722A20D244811FA1043B9AC1BDC7EEEC39887F7AAA009DA3592601212E10C54B22062CBCE50965E0B41521BC76A1307C35E81D60A48F24D5FFACB4A9BAB76D5B4"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(992)
c:\windows\DPPWDFLT.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\DigitalPersona\Bin\DpHost.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\snmp.exe
c:\program files\DigitalPersona\Bin\DPFUSMgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-21 23:52:57 - La machine a redémarré [Voodoobear]
ComboFix-quarantined-files.txt 2009-01-21 22:52:53
Avant-CF: 5,892,304,896 octets libres
Après-CF: 5,396,135,936 octets libres
Current=4 Default=4 Failed=1 LastKnownGood=2 Sets=1,2,3,4
363 --- E O F --- 2009-01-06 09:20:44
REMARQUE : Spybot n'arrête pas de s'exciter avec des changements registres liés, je pense, aux différents explorateur Internet installés sur ma machine avec des liens du genre
http://go.microsoft.com/fwlink/?Linkld=54896
Est-ce normale ou au moins bon signe?
PS : Je m'y connait pas mal en informatique mais loin d'être un expert cependant.....
Est ce que le Rundll32.exe qui lance les merdes de ces lignes au démarrage de windows ne peuvent pas être supprimés? :
O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a
Car même en les décochants dans le MSconfig, il se réactivent et se recochent automatiquement au redémarrage.....
Merci ENCORE pour l'aide fournie!!!!
Message édité par Voodoobear le 22-01-2009 à 00:45:10
Répondre à Voodoobear
Re,
Re,
On va s'en charger 
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" (les guillemets sont importantes).
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.
* le nom de la partition peut changer
Répondre à Angeldark
Alors :
"CFScript.txt" glissé sur ComboFix.exe
Tout c'est bien déroullé et voici le raport :
ComboFix 09-01-21.01 - Voodoobear 2009-01-22 17:22:53.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.282 [GMT 1:00]
Lancé depuis: c:\documents and settings\Voodoobear\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Voodoobear\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090122-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
c:\windows\system32\bavawapa.dll
c:\windows\system32\bozilajo.dll
c:\windows\system32\finobefe.dll
c:\windows\system32\fuzuwigi.dll
c:\windows\system32\gubebusi.dll
c:\windows\system32\haditapo.dll
c:\windows\system32\herugife.dll
c:\windows\system32\jisaleyu.dll
c:\windows\system32\miyowepa.dll
c:\windows\system32\nominenu.dll
c:\windows\system32\tunesega.dll
c:\windows\system32\vorosuka.dll
c:\windows\system32\wavowibi.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bavawapa.dll
c:\windows\system32\bozilajo.dll
c:\windows\system32\finobefe.dll
c:\windows\system32\fuzuwigi.dll
c:\windows\system32\gubebusi.dll
c:\windows\system32\haditapo.dll
c:\windows\system32\herugife.dll
c:\windows\system32\jisaleyu.dll
c:\windows\system32\miyowepa.dll
c:\windows\system32\nominenu.dll
c:\windows\system32\tunesega.dll
c:\windows\system32\vorosuka.dll
c:\windows\system32\wavowibi.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-22 au 2009-01-22 ))))))))))))))))))))))))))))))))))))
.
2009-01-21 23:58 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-21 23:30 . 2009-01-21 23:30 <REP> d-------- C:\ComboFix.exe
2009-01-21 21:50 . 2009-01-21 21:50 <REP> d-------- C:\Bibitte
2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- c:\program files\Smallvideosoft
2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- C:\Mp3 Output
2009-01-21 13:58 . 2007-03-01 04:18 4,762,112 --a------ c:\windows\system32\NCMedia.dll
2009-01-21 13:58 . 2007-02-25 15:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
2009-01-20 00:35 . 2009-01-20 00:35 61,440 --a------ c:\windows\system32\drivers\sjsnq.sys
2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Malwarebytes
2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-19 23:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-19 23:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-19 08:19 . 2009-01-19 08:19 <REP> d-------- c:\program files\AC3Filter
2009-01-19 08:19 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2009-01-18 16:27 . 2009-01-18 16:27 <REP> d-------- C:\VundoFix Backups
2009-01-18 01:27 . 2009-01-18 16:08 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-17 23:07 . 2009-01-18 00:20 264 --a------ c:\windows\wininit.ini
2009-01-17 21:37 . 2009-01-17 21:47 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-17 21:37 . 2009-01-22 00:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-14 14:29 . 2009-01-22 09:23 <REP> d-------- C:\Recreg
2009-01-14 13:38 . 2009-01-14 13:38 <REP> d-------- c:\program files\CCleaner
2009-01-13 16:03 . 2009-01-17 10:44 <REP> d-------- c:\windows\BDOSCAN8
2009-01-11 20:02 . 2009-01-11 20:11 <REP> d-------- c:\program files\Random Software
2009-01-11 11:04 . 2009-01-11 11:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-01-11 11:03 . 2009-01-11 11:03 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
2009-01-09 10:29 . 2009-01-09 10:29 172 ---h----- c:\windows\formacd.id
2009-01-09 09:02 . 2009-01-09 09:02 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\DigitalPersona
2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\program files\Webteh
2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\BSplayer Pro
2009-01-08 15:55 . 2009-01-08 16:02 <REP> d-------- C:\xampp
2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\windows\DPDrv
2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\program files\DigitalPersona
2009-01-07 18:19 . 2009-01-07 18:19 <REP> d-------- c:\program files\Guitar Pro 5
2009-01-06 12:33 . 2009-01-06 12:33 <REP> d-------- c:\windows\Sun
2009-01-06 10:15 . 2009-01-06 10:15 <REP> d-------- c:\documents and settings\Voodoobear\Incomplete
2009-01-06 10:12 . 2009-01-22 13:28 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\LimeWire
2009-01-06 09:54 . 2009-01-13 11:49 <REP> d-------- c:\program files\LimeWire
2009-01-06 09:37 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliPoint
2009-01-06 09:36 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliType Pro
2009-01-05 22:00 . 2009-01-05 22:01 <REP> d-------- c:\program files\Fichiers communs\Merge Modules
2009-01-05 19:52 . 2009-01-05 19:52 <REP> d-------- c:\program files\Microsoft SQL Server
2009-01-05 19:46 . 2009-01-07 19:19 <REP> d-------- c:\documents and settings\Voodoobear\dwhelper
2009-01-05 19:40 . 2009-01-05 19:40 <REP> d-------- c:\program files\Microsoft.NET
2009-01-05 19:38 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Visual Studio 8
2009-01-05 19:37 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Web Designer Tools
2009-01-05 19:37 . 2009-01-06 10:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-05 19:36 . 2009-01-05 19:36 <REP> dr-h----- C:\MSOCache
2009-01-05 19:33 . 2009-01-05 19:33 <REP> d-------- c:\program files\Microsoft SDKs
2009-01-05 19:18 . 2009-01-05 19:26 <REP> d-------- c:\windows\system32\XPSViewer
2009-01-05 19:17 . 2009-01-05 19:17 <REP> d-------- c:\program files\MSBuild
2009-01-05 19:16 . 2009-01-05 19:16 <REP> d-------- c:\program files\Reference Assemblies
2009-01-05 19:14 . 2009-01-05 19:14 212 --a------ c:\windows\system32\spupdsvc.inf
2009-01-05 19:06 . 2009-01-06 09:06 <REP> d-------- c:\windows\SxsCaPendDel
2009-01-05 15:18 . 2009-01-05 15:18 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\AdobeUM
2009-01-05 10:44 . 2009-01-05 10:48 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Dev-Cpp
2009-01-05 10:31 . 2009-01-05 10:31 <REP> d-------- c:\program files\Microsoft
2009-01-05 10:11 . 2009-01-22 17:30 <REP> d-------- c:\documents and settings\Voodoobear\Tracing
2009-01-05 10:05 . 2009-01-05 10:05 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-01-05 09:39 . 2009-01-05 10:47 <REP> d-------- C:\Dev-Cpp
2009-01-04 21:40 . 2009-01-22 17:00 2,331,008 --a------ c:\windows\system32\TUKernel.exe
2009-01-04 21:21 . 2009-01-21 21:18 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Azureus
2009-01-04 21:21 . 2009-01-04 21:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
2009-01-04 21:20 . 2009-01-04 21:20 <REP> d-------- c:\program files\Vuze
2009-01-04 21:12 . 2009-01-04 21:12 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\InstallShield
2009-01-04 20:48 . 2009-01-22 16:33 <REP> d-------- c:\program files\TuneUp Utilities 2008
2009-01-04 20:48 . 2009-01-04 20:48 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-04 19:30 . 2009-01-22 17:31 10,080,288 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-04 19:30 . 2009-01-22 17:26 122,288 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-04 19:23 . 2009-01-04 19:23 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-01-04 19:23 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
2009-01-04 19:23 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
2009-01-04 19:23 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
2009-01-04 19:23 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
2009-01-04 19:23 . 2009-01-04 19:26 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-01-04 19:22 . 2009-01-04 19:22 <REP> d-------- c:\program files\Zone Labs
2009-01-04 19:21 . 2009-01-22 17:28 358,382 --a------ c:\windows\system32\vsconfig.xml
2009-01-04 19:20 . 2009-01-22 17:16 <REP> d-------- c:\windows\Internet Logs
2009-01-04 19:11 . 2009-01-04 19:11 <REP> d-------- c:\documents and settings\Voodoobear\Contacts
2009-01-04 19:10 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-04 19:09 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-04 19:08 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-04 19:08 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-04 19:08 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-04 19:08 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-04 19:07 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-04 19:07 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-01-04 19:06 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-01-04 19:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-04 19:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-04 18:24 . 2009-01-04 18:24 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-01-03 21:24 . 2009-01-03 21:24 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Media Player Classic
2009-01-03 20:20 . 2009-01-03 20:20 <REP> d-------- c:\program files\SAGEM Wi-Fi USB 802.11g
2009-01-03 20:20 . 2005-06-17 10:27 16,292 --a------ c:\windows\system32\PCANDIS5.SYS
2009-01-03 20:19 . 2009-01-03 20:19 <REP> d-------- c:\program files\SAGEM
2009-01-03 20:19 . 2005-06-17 10:27 379,456 --a------ c:\windows\system32\drivers\WlanUIG.sys
2009-01-03 20:19 . 2005-07-04 16:25 163,840 --a------ c:\windows\UninstWiFi.exe
2009-01-03 20:19 . 2005-06-17 10:26 114,688 --a------ c:\windows\system32\WLANUTL.dll
2009-01-03 20:19 . 2005-06-17 10:26 61,440 --a------ c:\windows\system32\W32N50.dll
2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a------ c:\windows\system32\irftp.exe
2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a--c--- c:\windows\system32\dllcache\irftp.exe
2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a------ c:\windows\system32\irmon.dll
2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a--c--- c:\windows\system32\dllcache\irmon.dll
2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a------ c:\windows\system32\wshirda.dll
2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-01-03 11:57 . 2009-01-03 11:57 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\TuneUp Software
2009-01-03 11:41 . 2009-01-17 23:07 <REP> d-------- c:\program files\Sleepy
2009-01-02 21:51 . 2009-01-02 21:50 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-02 21:51 . 2009-01-02 21:50 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-02 21:50 . 2009-01-02 21:50 <REP> d-------- c:\program files\Java
2009-01-02 21:50 . 2009-01-02 21:52 <REP> d-------- c:\program files\EasyPHP 2.0b1
2009-01-02 21:50 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-01-02 21:49 . 2009-01-02 21:49 <REP> d-------- c:\program files\wxGlade
2009-01-02 21:49 . 2009-01-05 18:16 <REP> d-------- c:\program files\Unlocker
2009-01-02 21:49 . 2009-01-02 21:49 <REP> d-------- c:\program files\K-Lite Codec Pack
2009-01-02 21:49 . 2009-01-20 00:34 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Desktopicon
2009-01-02 21:49 . 2008-09-19 22:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2009-01-02 21:49 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-01-02 21:49 . 2006-11-01 14:52 765,952 --a------ c:\windows\system32\xvidcore.dll
2009-01-02 21:49 . 2008-10-28 23:35 684,032 --a------ c:\windows\system32\divx.dll
2009-01-02 21:49 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2009-01-02 21:49 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-01-02 21:49 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2009-01-02 21:49 . 2008-09-25 09:03 81,920 --a------ c:\windows\system32\dpl100.dll
2009-01-02 21:49 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 13:19 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-11 10:07 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-05 09:09 --------- d-----w c:\program files\Windows Live
2009-01-05 08:20 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-04 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-01-03 19:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-04-14 02:34 28,858,803 --sh--r c:\windows\system32\windir.exe
.
((((((((((((((((((((((((((((( snapshot@2009-01-21_23.51.51.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 02:34:20 33,792 -c--a-w c:\windows\system32\dllcache\rundll32.exe
- 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 13:12:24 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2009-01-09 16:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
- 2009-01-05 18:19:55 71,394 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-22 16:26:54 71,060 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-05 18:19:55 84,964 ----a-w c:\windows\system32\perfc00C.dat
+ 2009-01-22 16:26:54 84,526 ----a-w c:\windows\system32\perfc00C.dat
- 2009-01-05 18:19:55 441,458 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-22 16:26:54 441,124 ----a-w c:\windows\system32\perfh009.dat
- 2009-01-05 18:19:55 510,980 ----a-w c:\windows\system32\perfh00C.dat
+ 2009-01-22 16:26:55 510,324 ----a-w c:\windows\system32\perfh00C.dat
- 2007-11-30 04:39:30 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
- 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 13:12:24 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2009-01-22 16:28:18 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1f0.dat
+ 2009-01-22 16:28:17 16,384 ----atw c:\windows\temp\Perflib_Perfdata_574.dat
+ 2009-01-22 16:28:20 16,384 ----atw c:\windows\temp\Perflib_Perfdata_628.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 913408]
"bekezojaru"="c:\windows\system32\regikiho.dll" [BU]
"CPM5fd7c57e"="c:\windows\system32\rizizozu.dll" [BU]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2009-01-03 741376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NETGEAR WPN111 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WPN111 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Scheduler.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pinnacle Scheduler.lnk
backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bekezojaru]
c:\windows\system32\regikiho.dll [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM5fd7c57e]
c:\windows\system32\rizizozu.dll [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-06-28 23:01 2512128 c:\windows\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 05:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a--c--- 2001-12-26 13:12 472576 c:\windows\mHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-27 111184]
R3 dpK0Bx01;Pilote supérieur de lecteur d'empreintes digitales;c:\windows\system32\drivers\dpK0Bx01.sys [2004-08-04 32640]
R3 UsbdpFP;Pilote de classe Lecteur d'empreintes digitales;c:\windows\system32\drivers\UsbdpFP.sys [2004-08-04 34560]
R3 WB528MS;Winbond PCI Memory Stick PRO Storage (MSPRO) Device Driver;c:\windows\system32\drivers\wb528ms.sys [2008-09-27 38400]
R3 WB528SD;Winbond PCI Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\WB528SD.sys [2008-09-27 35712]
R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2009-01-03 379456]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-04 20560]
S3 AMDMSRIO;AMDMSRIO;\??\f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys --> f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys [?]
S3 ATICDSDr;ATICDSDr;\??\f:\install\bin\atiicdxx.sys --> f:\install\bin\atiicdxx.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-10-06 17149]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
.
Contenu du dossier 'Tâches planifiées'
2009-01-22 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
.
------- Examen supplémentaire -------
.
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Voodoobear\Application Data\Mozilla\Firefox\Profiles\41a3xjcs.default\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 17:31:10
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b5,f7,05,cc,5f,
6d,d6,ab,e2,63,26,f1,3f,c8,ff,68,8b,93,e2,ad,93,45,f4,42,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9d,6e,ea,72,50,
aa,d8,7f,6a,9c,d6,61,af,45,84,18,3a,1e,55,dc,e6,ab,49,aa,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e5,ee,d5,bf,55,
1f,67,7e,ff,7c,85,e0,43,d4,0e,fe,ab,c0,1f,5d,c7,0c,c0,92,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,97,60,b8,42,70,
b3,ec,e7,86,8c,21,01,be,91,eb,e7,d8,b5,b1,5a,b0,a6,68,0a,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,3f,50,4e,29,f9,
43,bb,a5,f5,1d,4d,73,a8,13,5c,05,e7,3c,4e,76,c2,9c,dc,3f,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,12,4c,2f,13,60,
f9,07,86,df,20,58,62,78,6b,cf,c8,6f,1d,fa,bc,93,70,79,0f,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,03,39,1d,67,7b,
a7,17,8f,fb,a7,78,e6,12,2f,9a,ea,c7,68,08,ed,fe,98,57,93,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,89,c5,64,99,
15,87,53,01,3a,48,fc,e8,04,4a,f1,57,0e,a8,22,14,d2,ab,ba,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1e,3e,30,6a,ed,
67,5b,15,f6,0f,4e,58,98,5b,89,c9,26,29,d7,23,55,3a,82,85,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e2,76,af,80,6d,
04,86,21,3d,ce,ea,26,2d,45,aa,78,d1,49,cc,16,28,09,89,83,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ad,ef,fc,f2,39,
ec,bb,26,2a,b7,cc,b5,b9,7f,41,e7,cd,f0,dc,9f,bb,ce,c6,8b,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2d,44,33,fa,03,
fd,4d,c5,6c,43,2d,1e,aa,22,2f,9c,ad,35,bd,da,ac,c9,57,4c,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="789DC0252CE3703BA7588FC03F90689669B341F395E5ED51BFC8A86DB31B7A901450CA8DA0B5B7B04079D710D9A39E756ED8624C9774D856C35EF587E21604D2DCE3744C78ABACD89B464960FE6C31BA420D673E851AE736E02A9B2564FE148C91BF2BB6D405B12583FD4628EA530CC9DA8A477FDB072A65DBFD45DD106E80E1E26D706587E1808CB783C52290A26B8826AB118AC7CE015A6DCEB68F7162EF7CF69ADB361C4BA4076A5D554B150BE26203EFE1A1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DFE6508E9C5C6F450DF8C6C7711B1769110C769D568FB8E869254E7D2BEC97EDEFA8B17C48287BEF6E78080B605D53C173F37F1B92002EEC3C862B9B43A90329A0FB8A74F88DC7A3F96D66FE236B8585EDFB0C407C8B440B5BD996124E05E34BAFACBC01BC4A2AD414894C37DBE3462BD8B06114F48875115E9B2526405DDA8F8B286B93E945EED559028DB8DA84285519169592CF40D035E774BD43EECDAC3D1DE10BE534B35661AB45E691D74038478747374B81F80CAD0C66485FE5248D2875D72D1F5B073D6F2AB6CF03C96BA33D56AA10C9307BCB1706B645378623DB11EBD1CC6C9FE06130526E8CCFBF6D2F7D0DDD321605FC35407AB93027D41F153DFC45F46F36582813A044EACF3F05450146ECD044854BA669E04212A6783C5BE59E973CE9D871E1E415BFD103F5571CC8F6D395D7680692A88A41C369333B88D5B5C712F737B34778CF5BA4C7B687C907561A1269A77BD7AD9EFFA6661CEF26EFB79D70D29CCC3B1D0CF2B8DCBE06FD5BD84F7AFE6BB48C3697D18CE3548BB2213D78AE173F9ED04099B5B4FD66C64E62447101A95C73E88D31AAE5779050480BE3F4F790C777DB8F4BF3AE547A91C25264AA2DDDF87F75DF7C3E23C1ADFDBF3DF2CCEF4B02BD92F14549C74CB2D790508E54C45065DF26BFBAE388B86A679F91CCE1AC7227013DBAE28B775177F848E50A28D6FCD1D50EF47C2972A351BB6A55C8C22BCA796DBC5CDBBA7B75E1B6ADDCA40C9CE7B91533D051B50509D72911CCC7EBDEF8A5F8B873F446CDB5E727A2206304AA95DF4E5B7278613093DD8AB19606F26D117829DCF16ABE9D9D567A9A1D51ABB9B417A1658608974B494EA4B694AE0FA289F2C2F642890E57885538D3351582D13FCC7132CA95BEE06A7BB5AEF05073F89F979041A8F430E57B501E244D27815D2E5F2B1D5BEE7DE077E4F67A24D4BD7E401FE84DCAA49EEE6AF310AD479BE4972D88BEC0AA0CE8690A722A20D244811FA1043B9AC1BDC7EEEC39887F7AAA009DA3592601212E10C54B22062CBCE50965E0B41521BC76A1307C35E81D60A48F24D5FFACB4A9BAB76D5B4"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(992)
c:\windows\DPPWDFLT.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\DigitalPersona\Bin\DpHost.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\snmp.exe
c:\program files\DigitalPersona\Bin\DPFUSMgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-22 17:34:01 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-22 16:33:58
Avant-CF: 7 630 147 584 octets libres
Après-CF: 7,614,115,840 octets libres
Current=4 Default=4 Failed=1 LastKnownGood=2 Sets=1,2,3,4
397 --- E O F --- 2009-01-06 09:20:44
Ensuite, Raport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:48, on 22/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Voodoobear\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2581702031
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 6162 bytes
Dernier détail, j'ai réussis pour la première fois à fixer les lignes :
O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a
Et après un scan, elle ne éaparaissent plus!!! Merveilleux!!!
Mais il y'a je pense encore un hic...
J'ai BIEN peur que le Rundll32.exe les relancent aau démarrage....
Que faire, que faire....?
PS : Après redémarrage : les deux lignes sont de nouveau là, plusieurs modifications on été faites dans mes configurations (réinitialisés) et certains éléments ne fonctionnent plus sous Firefox (Un TRES grand nombre d'images ne s'affichent plus, des cases à cocher ect....)
Message édité par Voodoobear le 23-01-2009 à 16:50:51
Répondre à Voodoobear
Ne fixe pas des lignes sans mon accord 
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Répondre à Angeldark
En principe, tout est fait correctement. (Et promis je ne fix plus rien sans permission )
Voici le rapport :
Avira AntiVir Personal
Date de création du fichier de rapport : vendredi 23 janvier 2009 20:26
La recherche porte sur 1272260 souches de virus.
Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme : Windows XP
Version de Windows 
Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur :AKSHAYA
Informations de version :
BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00
AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 14/01/2009 19:22:40
ANTIVIR2.VDF : 7.1.1.172 958464 Bytes 23/01/2009 19:22:51
ANTIVIR3.VDF : 7.1.1.173 2048 Bytes 23/01/2009 19:22:51
Version du moteur: 8.2.0.60
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.32 340347 Bytes 23/01/2009 19:23:10
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.5 393588 Bytes 23/01/2009 19:23:07
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 23/01/2009 19:23:05
AEHEUR.DLL : 8.1.0.86 1552759 Bytes 23/01/2009 19:23:03
AEHELP.DLL : 8.1.2.0 119159 Bytes 23/01/2009 19:22:55
AEGEN.DLL : 8.1.1.10 323957 Bytes 23/01/2009 19:22:54
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 23/01/2009 19:22:52
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43
Configuration pour la recherche actuelle :
Nom de la tâche..................: Contrôle intégral du système
Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:, D:, E:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: arrêt
Fichier mode de recherche........: Sélection de fichiers intelligente
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen
Début de la recherche : vendredi 23 janvier 2009 20:26
La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wlcomm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WLANUTL.exe' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TeaTimer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DPAgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'point32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'type32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'zlclient.exe' - '0' module(s) sont contrôlés
Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SOUNDMAN.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'atiptaxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DPFUSMgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'snmp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'slserv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DpHost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'aawservice.exe' - '1' module(s) sont contrôlés
Processus de recherche 'vsmon.exe' - '0' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'43' processus ont été contrôlés avec '43' modules
La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'E:\'
[INFO] Aucun virus trouvé !
La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '53' fichiers).
La recherche sur les fichiers sélectionnés commence :
Recherche débutant dans 'C:\'
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\Bibitte\catchme.cfexe
[RESULTAT] Contient le cheval de Troie TR/Murdak.A.36
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49ee1a77.qua' !
C:\ComboFix.exe\catchme.cfexe
[RESULTAT] Contient le cheval de Troie TR/Murdak.A.36
[AVERTISSEMENT] Fichier ignoré.
C:\Documents and Settings\Voodoobear\Bureau\ComboFix.exe
[0] Type d'archive: RAR SFX (self extracting)
--> 32788R22FWJFW\catchme.cfexe
[RESULTAT] Contient le cheval de Troie TR/Murdak.A.36
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49e71b43.qua' !
C:\Qoobox\Quarantine\C\WINDOWS\system32\gedekuye.dll.vir
[RESULTAT] Contient le cheval de Troie TR/PSW.OnlineGames.umpc
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49de211b.qua' !
C:\Qoobox\Quarantine\C\WINDOWS\system32\muvetuvo.dll.vir
[RESULTAT] Contient le cheval de Troie TR/Monder.anyg
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49f0212b.qua' !
C:\Qoobox\Quarantine\C\WINDOWS\system32\titobigi.dll.vir
[RESULTAT] Contient le cheval de Troie TR/Monder.anyg
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49ee211f.qua' !
C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP22\A0011644.exe
[0] Type d'archive: RAR SFX (self extracting)
--> 32788R22FWJFW\catchme.cfexe
[RESULTAT] Contient le cheval de Troie TR/Murdak.A.36
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49aa2179.qua' !
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S1SP8JUH\pldr8[1].htm
[RESULTAT] Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Crypted)
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49de2610.qua' !
C:\WINDOWS\system32\drivers\sptd.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
Recherche débutant dans 'D:\'
D:\RECYCLER\S-1-5-21-1482476501-746137067-839522115-1004\Dd16\Mogwai - Mogwai remix.mp3
[RESULTAT] Contient le modèle de détection de l'exploit EXP/ASF.GetCodec.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49e127d1.qua' !
Recherche débutant dans 'E:\' <Voodoobear>
Fin de la recherche : vendredi 23 janvier 2009 21:34
Temps nécessaire: 1:08:04 Heure(s)
La recherche a été effectuée intégralement
9075 Les répertoires ont été contrôlés
270651 Des fichiers ont été contrôlés
9 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
8 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
270640 Fichiers non infectés
1687 Les archives ont été contrôlées
3 Avertissements
8 Consignes
Répondre à Voodoobear
Reposte un rapport Hijackthis.
Répondre à Angeldark
Voilà voilà =) :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:13, on 24/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Voodoobear\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2581702031
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 7668 bytes
Répondre à Voodoobear
Bizarre, tu as bien fixer les lignes ?
Refais un scan Combofix
Répondre à Angeldark
Hop là, un rport tout frais... :
ComboFix 09-01-21.04 - Voodoobear 2009-01-25 23:52:34.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.284 [GMT 1:00]
Running from: c:\documents and settings\Voodoobear\Bureau\ComboFix.exe.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bikojoki.dll.tmp
c:\windows\system32\lezaromo.dll.tmp
c:\windows\system32\navavaze.dll.tmp
c:\windows\system32\sadezaji.dll.tmp
.
((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 )))))))))))))))))))))))))))))))
.
2009-01-23 20:19 . 2009-01-23 20:19 <REP> d-------- c:\program files\Avira
2009-01-23 20:19 . 2009-01-23 20:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-23 17:17 . 2009-01-23 17:17 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-23 16:01 . 2009-01-23 16:18 <REP> d-------- c:\program files\Google
2009-01-23 13:56 . 2009-01-23 13:56 <REP> d-------- c:\program files\Bonjour
2009-01-23 13:42 . 2009-01-23 13:42 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2009-01-21 23:58 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-21 21:50 . 2009-01-23 20:27 <REP> d-------- C:\Bibitte
2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- c:\program files\Smallvideosoft
2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- C:\Mp3 Output
2009-01-21 13:58 . 2007-03-01 04:18 4,762,112 --a------ c:\windows\system32\NCMedia.dll
2009-01-21 13:58 . 2007-02-25 15:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
2009-01-20 00:35 . 2009-01-20 00:35 61,440 --a------ c:\windows\system32\drivers\sjsnq.sys
2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Malwarebytes
2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-19 23:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-19 23:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-19 08:19 . 2009-01-19 08:19 <REP> d-------- c:\program files\AC3Filter
2009-01-19 08:19 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2009-01-18 16:27 . 2009-01-18 16:27 <REP> d-------- C:\VundoFix Backups
2009-01-18 01:27 . 2009-01-18 16:08 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-17 23:07 . 2009-01-18 00:20 264 --a------ c:\windows\wininit.ini
2009-01-17 21:37 . 2009-01-17 21:47 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-17 21:37 . 2009-01-22 00:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-14 14:29 . 2009-01-25 23:50 <REP> d-------- C:\Recreg
2009-01-14 13:38 . 2009-01-14 13:38 <REP> d-------- c:\program files\CCleaner
2009-01-13 16:03 . 2009-01-17 10:44 <REP> d-------- c:\windows\BDOSCAN8
2009-01-11 20:02 . 2009-01-11 20:11 <REP> d-------- c:\program files\Random Software
2009-01-11 11:04 . 2009-01-11 11:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-01-11 11:03 . 2009-01-11 11:03 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
2009-01-09 10:29 . 2009-01-09 10:29 172 ---h----- c:\windows\formacd.id
2009-01-09 09:02 . 2009-01-09 09:02 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\DigitalPersona
2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\program files\Webteh
2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\BSplayer Pro
2009-01-08 15:55 . 2009-01-08 16:02 <REP> d-------- C:\xampp
2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\windows\DPDrv
2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\program files\DigitalPersona
2009-01-07 18:19 . 2009-01-07 18:19 <REP> d-------- c:\program files\Guitar Pro 5
2009-01-06 12:33 . 2009-01-06 12:33 <REP> d-------- c:\windows\Sun
2009-01-06 10:15 . 2009-01-06 10:15 <REP> d-------- c:\documents and settings\Voodoobear\Incomplete
2009-01-06 10:12 . 2009-01-23 11:22 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\LimeWire
2009-01-06 09:54 . 2009-01-13 11:49 <REP> d-------- c:\program files\LimeWire
2009-01-06 09:37 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliPoint
2009-01-06 09:36 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliType Pro
2009-01-05 22:00 . 2009-01-05 22:01 <REP> d-------- c:\program files\Fichiers communs\Merge Modules
2009-01-05 19:52 . 2009-01-05 19:52 <REP> d-------- c:\program files\Microsoft SQL Server
2009-01-05 19:46 . 2009-01-07 19:19 <REP> d-------- c:\documents and settings\Voodoobear\dwhelper
2009-01-05 19:40 . 2009-01-05 19:40 <REP> d-------- c:\program files\Microsoft.NET
2009-01-05 19:38 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Visual Studio 8
2009-01-05 19:37 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Web Designer Tools
2009-01-05 19:37 . 2009-01-06 10:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-05 19:36 . 2009-01-05 19:36 <REP> dr-h----- C:\MSOCache
2009-01-05 19:33 . 2009-01-05 19:33 <REP> d-------- c:\program files\Microsoft SDKs
2009-01-05 19:18 . 2009-01-05 19:26 <REP> d-------- c:\windows\system32\XPSViewer
2009-01-05 19:17 . 2009-01-05 19:17 <REP> d-------- c:\program files\MSBuild
2009-01-05 19:16 . 2009-01-05 19:16 <REP> d-------- c:\program files\Reference Assemblies
2009-01-05 19:14 . 2009-01-05 19:14 212 --a------ c:\windows\system32\spupdsvc.inf
2009-01-05 19:06 . 2009-01-06 09:06 <REP> d-------- c:\windows\SxsCaPendDel
2009-01-05 15:18 . 2009-01-05 15:18 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\AdobeUM
2009-01-05 10:44 . 2009-01-05 10:48 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Dev-Cpp
2009-01-05 10:31 . 2009-01-05 10:31 <REP> d-------- c:\program files\Microsoft
2009-01-05 10:11 . 2009-01-26 00:00 <REP> d-------- c:\documents and settings\Voodoobear\Tracing
2009-01-05 10:05 . 2009-01-05 10:05 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-01-05 09:39 . 2009-01-05 10:47 <REP> d-------- C:\Dev-Cpp
2009-01-04 21:40 . 2009-01-22 17:00 2,331,008 --a------ c:\windows\system32\TUKernel.exe
2009-01-04 21:21 . 2009-01-25 19:15 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Azureus
2009-01-04 21:21 . 2009-01-04 21:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
2009-01-04 21:20 . 2009-01-04 21:20 <REP> d-------- c:\program files\Vuze
2009-01-04 21:12 . 2009-01-04 21:12 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\InstallShield
2009-01-04 20:48 . 2009-01-22 16:33 <REP> d-------- c:\program files\TuneUp Utilities 2008
2009-01-04 20:48 . 2009-01-04 20:48 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-04 19:30 . 2009-01-26 00:01 12,259,360 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-04 19:30 . 2009-01-25 23:57 147,824 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-04 19:23 . 2009-01-04 19:23 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-01-04 19:23 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
2009-01-04 19:23 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
2009-01-04 19:23 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
2009-01-04 19:23 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
2009-01-04 19:23 . 2009-01-04 19:26 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-01-04 19:22 . 2009-01-04 19:22 <REP> d-------- c:\program files\Zone Labs
2009-01-04 19:21 . 2009-01-25 23:58 358,382 --a------ c:\windows\system32\vsconfig.xml
2009-01-04 19:20 . 2009-01-25 11:09 <REP> d-------- c:\windows\Internet Logs
2009-01-04 19:11 . 2009-01-04 19:11 <REP> d-------- c:\documents and settings\Voodoobear\Contacts
2009-01-04 19:10 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-04 19:09 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-04 19:08 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-04 19:08 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-04 19:08 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-04 19:08 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-04 19:07 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-04 19:07 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-01-04 19:06 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-01-04 19:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-04 19:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-04 18:24 . 2009-01-04 18:24 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-01-03 21:24 . 2009-01-03 21:24 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Media Player Classic
2009-01-03 20:20 . 2009-01-03 20:20 <REP> d-------- c:\program files\SAGEM Wi-Fi USB 802.11g
2009-01-03 20:20 . 2005-06-17 10:27 16,292 --a------ c:\windows\system32\PCANDIS5.SYS
2009-01-03 20:19 . 2009-01-03 20:19 <REP> d-------- c:\program files\SAGEM
2009-01-03 20:19 . 2005-06-17 10:27 379,456 --a------ c:\windows\system32\drivers\WlanUIG.sys
2009-01-03 20:19 . 2005-07-04 16:25 163,840 --a------ c:\windows\UninstWiFi.exe
2009-01-03 20:19 . 2005-06-17 10:26 114,688 --a------ c:\windows\system32\WLANUTL.dll
2009-01-03 20:19 . 2005-06-17 10:26 61,440 --a------ c:\windows\system32\W32N50.dll
2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a------ c:\windows\system32\irftp.exe
2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a--c--- c:\windows\system32\dllcache\irftp.exe
2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a------ c:\windows\system32\irmon.dll
2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a--c--- c:\windows\system32\dllcache\irmon.dll
2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a------ c:\windows\system32\wshirda.dll
2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-01-03 11:57 . 2009-01-03 11:57 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\TuneUp Software
2009-01-03 11:41 . 2009-01-17 23:07 <REP> d-------- c:\program files\Sleepy
2009-01-02 21:51 . 2009-01-02 21:50 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-02 21:51 . 2009-01-02 21:50 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-02 21:50 . 2009-01-02 21:50 <REP> d-------- c:\program files\Java
2009-01-02 21:50 . 2009-01-02 21:52 <REP> d-------- c:\program files\EasyPHP 2.0b1
2009-01-02 21:50 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-01-02 21:49 . 2009-01-02 21:49 <REP> d-------- c:\program files\wxGlade
2009-01-02 21:49 . 2009-01-05 18:16 <REP> d-------- c:\program files\Unlocker
2009-01-02 21:49 . 2009-01-02 21:49 <REP> d-------- c:\program files\K-Lite Codec Pack
2009-01-02 21:49 . 2009-01-20 00:34 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Desktopicon
2009-01-02 21:49 . 2008-09-19 22:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2009-01-02 21:49 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-01-02 21:49 . 2006-11-01 14:52 765,952 --a------ c:\windows\system32\xvidcore.dll
2009-01-02 21:49 . 2008-10-28 23:35 684,032 --a------ c:\windows\system32\divx.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 12:56 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-11 13:19 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-05 09:09 --------- d-----w c:\program files\Windows Live
2009-01-05 08:20 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-04 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-01-03 19:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-04-14 02:34 28,858,803 --sh--r c:\windows\system32\windir.exe
.
((((((((((((((((((((((((((((( snapshot@2009-01-21_23.51.51.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-23 18:39:56 262,144 ----a-w c:\windows\system32\config\systemprofile\NtUser.dat
+ 2008-04-14 02:34:20 33,792 -c--a-w c:\windows\system32\dllcache\rundll32.exe
- 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 13:12:24 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2006-02-28 11:41:34 61,440 ----a-w c:\windows\system32\dns-sd.exe
+ 2006-02-28 11:41:22 53,248 ----a-w c:\windows\system32\dnssd.dll
+ 2008-05-09 11:15:47 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-10-30 09:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2007-11-08 17:03:26 21,248 ----a-w c:\windows\system32\drivers\ssmdrv.sys
+ 2009-01-09 16:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2007-02-13 15:22:54 947,472 ----a-w c:\windows\system32\msjava.dll
- 2009-01-05 18:19:55 71,394 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-23 18:48:16 71,510 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-05 18:19:55 84,964 ----a-w c:\windows\system32\perfc00C.dat
+ 2009-01-23 18:48:16 85,112 ----a-w c:\windows\system32\perfc00C.dat
- 2009-01-05 18:19:55 441,458 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-23 18:48:16 441,766 ----a-w c:\windows\system32\perfh009.dat
- 2009-01-05 18:19:55 510,980 ----a-w c:\windows\system32\perfh00C.dat
+ 2009-01-23 18:48:17 511,358 ----a-w c:\windows\system32\perfh00C.dat
- 2007-11-30 04:39:30 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
- 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 13:12:24 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2009-01-25 22:58:56 16,384 ----atw c:\windows\temp\Perflib_Perfdata_74c.dat
+ 2009-01-25 22:58:56 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7d8.dat
+ 2006-06-05 13:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 13:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 13:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 14:47:40 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80.dll
+ 2006-06-05 14:47:48 1,080,320 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80u.dll
+ 2006-06-05 14:47:50 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80.dll
+ 2006-06-05 14:47:50 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80u.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 913408]
"bekezojaru"="c:\windows\system32\regikiho.dll" [BU]
"CPM5fd7c57e"="c:\windows\system32\rizizozu.dll" [BU]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2009-01-03 741376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NETGEAR WPN111 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WPN111 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Scheduler.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pinnacle Scheduler.lnk
backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bekezojaru]
c:\windows\system32\regikiho.dll [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM5fd7c57e]
c:\windows\system32\rizizozu.dll [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-06-28 23:01 2512128 c:\windows\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 05:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a--c--- 2001-12-26 13:12 472576 c:\windows\mHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R3 dpK0Bx01;Pilote supérieur de lecteur d'empreintes digitales;c:\windows\system32\drivers\dpK0Bx01.sys [2004-08-04 32640]
R3 UsbdpFP;Pilote de classe Lecteur d'empreintes digitales;c:\windows\system32\drivers\UsbdpFP.sys [2004-08-04 34560]
R3 WB528MS;Winbond PCI Memory Stick PRO Storage (MSPRO) Device Driver;c:\windows\system32\drivers\wb528ms.sys [2008-09-27 38400]
R3 WB528SD;Winbond PCI Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\WB528SD.sys [2008-09-27 35712]
R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2009-01-03 379456]
S3 AMDMSRIO;AMDMSRIO;\??\f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys --> f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys [?]
S3 ATICDSDr;ATICDSDr;\??\f:\install\bin\atiicdxx.sys --> f:\install\bin\atiicdxx.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-10-06 17149]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-01-25 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Voodoobear\Application Data\Mozilla\Firefox\Profiles\41a3xjcs.default\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 00:01:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b5,f7,05,cc,5f,
6d,d6,ab,e2,63,26,f1,3f,c8,ff,68,8b,93,e2,ad,93,45,f4,42,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9d,6e,ea,72,50,
aa,d8,7f,6a,9c,d6,61,af,45,84,18,3a,1e,55,dc,e6,ab,49,aa,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e5,ee,d5,bf,55,
1f,67,7e,ff,7c,85,e0,43,d4,0e,fe,ab,c0,1f,5d,c7,0c,c0,92,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,97,60,b8,42,70,
b3,ec,e7,86,8c,21,01,be,91,eb,e7,d8,b5,b1,5a,b0,a6,68,0a,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,3f,50,4e,29,f9,
43,bb,a5,f5,1d,4d,73,a8,13,5c,05,e7,3c,4e,76,c2,9c,dc,3f,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,12,4c,2f,13,60,
f9,07,86,df,20,58,62,78,6b,cf,c8,6f,1d,fa,bc,93,70,79,0f,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,03,39,1d,67,7b,
a7,17,8f,fb,a7,78,e6,12,2f,9a,ea,c7,68,08,ed,fe,98,57,93,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,89,c5,64,99,
15,87,53,01,3a,48,fc,e8,04,4a,f1,57,0e,a8,22,14,d2,ab,ba,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1e,3e,30,6a,ed,
67,5b,15,f6,0f,4e,58,98,5b,89,c9,26,29,d7,23,55,3a,82,85,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e2,76,af,80,6d,
04,86,21,3d,ce,ea,26,2d,45,aa,78,d1,49,cc,16,28,09,89,83,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ad,ef,fc,f2,39,
ec,bb,26,2a,b7,cc,b5,b9,7f,41,e7,cd,f0,dc,9f,bb,ce,c6,8b,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2d,44,33,fa,03,
fd,4d,c5,6c,43,2d,1e,aa,22,2f,9c,ad,35,bd,da,ac,c9,57,4c,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="789DC0252CE3703BA7588FC03F90689669B341F395E5ED51BFC8A86DB31B7A901450CA8DA0B5B7B04079D710D9A39E756ED8624C9774D856C35EF587E21604D2DCE3744C78ABACD89B464960FE6C31BA420D673E851AE736E02A9B2564FE148C91BF2BB6D405B12583FD4628EA530CC9DA8A477FDB072A65DBFD45DD106E80E1E26D706587E1808CB783C52290A26B8826AB118AC7CE015A6DCEB68F7162EF7CF69ADB361C4BA4076A5D554B150BE26203EFE1A1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DFE6508E9C5C6F450DF8C6C7711B1769110C769D568FB8E869254E7D2BEC97EDEFA8B17C48287BEF6E78080B605D53C173F37F1B92002EEC3C862B9B43A90329A0FB8A74F88DC7A3F96D66FE236B8585EDFB0C407C8B440B5BD996124E05E34BAFACBC01BC4A2AD414894C37DBE3462BD8B06114F48875115E9B2526405DDA8F8B286B93E945EED559028DB8DA84285519169592CF40D035E774BD43EECDAC3D1DE10BE534B35661AB45E691D74038478747374B81F80CAD0C66485FE5248D2875D72D1F5B073D6F2AB6CF03C96BA33D56AA10C9307BCB1706B645378623DB11EBD1CC6C9FE06130526E8CCFBF6D2F7D0DDD321605FC35407AB93027D41F153DFC45F46F36582813A044EACF3F05450146ECD044854BA669E04212A6783C5BE59E973CE9D871E1E415BFD103F5571CC8F6D395D7680692A88A41C369333B88D5B5C712F737B34778CF5BA4C7B687C907561A1269A77BD7AD9EFFA6661CEF26EFB79D70D29CCC3B1D0CF2B8DCBE06FD5BD84F7AFE6BB48C3697D18CE3548BB2213D78AE173F9ED04099B5B4FD66C64E62447101A95C73E88D31AAE5779050480BE3F4F790C777DB8F4BF3AE547A91C25264AA2DDDF87F75DF7C3E23C1ADFDBF3DF2CCEF4B02BD92F14549C74CB2D790508E54C45065DF26BFBAE388B86A679F91CCE1AC7227013DBAE28B775177F848E50A28D6FCD1D50EF47C2972A351BB6A55C8C22BCA796DBC5CDBBA7B75E1B6ADDCA40C9CE7B91533D051B50509D72911CCC7EBDEF8A5F8B873F446CDB5E727A2206304AA95DF4E5B7278613093DD8AB19606F26D117829DCF16ABE9D9D567A9A1D51ABB9B417A1658608974B494EA4B694AE0FA289F2C2F642890E57885538D3351582D13FCC7132CA95BEE06A7BB5AEF05073F89F979041A8F430E57B501E244D27815D2E5F2B1D5BEE7DE077E4F67A24D4BD7E401FE84DCAA49EEE6AF310AD479BE4972D88BEC0AA0CE8690A722A20D244811FA1043B9AC1BDC7EEEC39887F7AAA009DA3592601212E10C54B22062CBCE50965E0B41521BC76A1307C35E81D60A48F24D5FFACB4A9BAB76D5B4"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(992)
c:\windows\DPPWDFLT.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\DigitalPersona\Bin\DpHost.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\snmp.exe
c:\program files\DigitalPersona\Bin\DPFUSMgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-26 0:05:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-25 23:05:29
ComboFix2.txt 2009-01-22 16:34:03
Pre-Run: 1 227 235 328 octets libres
Post-Run: 1,234,153,472 octets libres
Current=4 Default=4 Failed=1 LastKnownGood=2 Sets=1,2,3,4
393 --- E O F --- 2009-01-06 09:20:44
Répondre à Voodoobear
Reposte un rapport Hijackthis.
Répondre à Angeldark
Voilà :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:01, on 26/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Voodoobear\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2581702031
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 7772 bytes
Répondre à Voodoobear
Re,
Sélectionne l'intégralité du cadre ci-dessous :
Registry::
|
- Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Enregistre le sous sur ton bureau sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
- Cela va relancer Combofix.
- Tu devras accepter la licence.
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Répondre à Angeldark
Voilà :
ComboFix 09-01-21.04 - Voodoobear 2009-01-27 13:34:17.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.261 [GMT 1:00]
Running from: c:\documents and settings\Voodoobear\Bureau\ComboFix.exe.exe
Command switches used :: c:\documents and settings\Voodoobear\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
.
2009-01-23 20:19 . 2009-01-23 20:19 <REP> d-------- c:\program files\Avira
2009-01-23 20:19 . 2009-01-23 20:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-23 17:17 . 2009-01-23 17:17 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-23 16:01 . 2009-01-23 16:18 <REP> d-------- c:\program files\Google
2009-01-23 13:56 . 2009-01-23 13:56 <REP> d-------- c:\program files\Bonjour
2009-01-23 13:42 . 2009-01-23 13:42 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2009-01-21 23:58 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-21 21:50 . 2009-01-23 20:27 <REP> d-------- C:\Bibitte
2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- c:\program files\Smallvideosoft
2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- C:\Mp3 Output
2009-01-21 13:58 . 2007-03-01 04:18 4,762,112 --a------ c:\windows\system32\NCMedia.dll
2009-01-21 13:58 . 2007-02-25 15:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
2009-01-20 00:35 . 2009-01-20 00:35 61,440 --a------ c:\windows\system32\drivers\sjsnq.sys
2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Malwarebytes
2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-19 23:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-19 23:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-19 08:19 . 2009-01-19 08:19 <REP> d-------- c:\program files\AC3Filter
2009-01-19 08:19 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2009-01-18 16:27 . 2009-01-18 16:27 <REP> d-------- C:\VundoFix Backups
2009-01-18 01:27 . 2009-01-18 16:08 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-17 23:07 . 2009-01-18 00:20 264 --a------ c:\windows\wininit.ini
2009-01-17 21:37 . 2009-01-17 21:47 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-17 21:37 . 2009-01-22 00:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-14 14:29 . 2009-01-25 23:50 <REP> d-------- C:\Recreg
2009-01-14 13:38 . 2009-01-14 13:38 <REP> d-------- c:\program files\CCleaner
2009-01-13 16:03 . 2009-01-17 10:44 <REP> d-------- c:\windows\BDOSCAN8
2009-01-11 20:02 . 2009-01-11 20:11 <REP> d-------- c:\program files\Random Software
2009-01-11 11:04 . 2009-01-11 11:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-01-11 11:03 . 2009-01-11 11:03 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
2009-01-09 10:29 . 2009-01-09 10:29 172 ---h----- c:\windows\formacd.id
2009-01-09 09:02 . 2009-01-09 09:02 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\DigitalPersona
2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\program files\Webteh
2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\BSplayer Pro
2009-01-08 15:55 . 2009-01-08 16:02 <REP> d-------- C:\xampp
2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\windows\DPDrv
2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\program files\DigitalPersona
2009-01-07 18:19 . 2009-01-07 18:19 <REP> d-------- c:\program files\Guitar Pro 5
2009-01-06 12:33 . 2009-01-06 12:33 <REP> d-------- c:\windows\Sun
2009-01-06 10:15 . 2009-01-06 10:15 <REP> d-------- c:\documents and settings\Voodoobear\Incomplete
2009-01-06 10:12 . 2009-01-26 20:13 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\LimeWire
2009-01-06 09:54 . 2009-01-13 11:49 <REP> d-------- c:\program files\LimeWire
2009-01-06 09:37 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliPoint
2009-01-06 09:36 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliType Pro
2009-01-05 22:00 . 2009-01-05 22:01 <REP> d-------- c:\program files\Fichiers communs\Merge Modules
2009-01-05 19:52 . 2009-01-05 19:52 <REP> d-------- c:\program files\Microsoft SQL Server
2009-01-05 19:46 . 2009-01-07 19:19 <REP> d-------- c:\documents and settings\Voodoobear\dwhelper
2009-01-05 19:40 . 2009-01-05 19:40 <REP> d-------- c:\program files\Microsoft.NET
2009-01-05 19:38 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Visual Studio 8
2009-01-05 19:37 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Web Designer Tools
2009-01-05 19:37 . 2009-01-06 10:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-05 19:36 . 2009-01-05 19:36 <REP> dr-h----- C:\MSOCache
2009-01-05 19:33 . 2009-01-05 19:33 <REP> d-------- c:\program files\Microsoft SDKs
2009-01-05 19:18 . 2009-01-05 19:26 <REP> d-------- c:\windows\system32\XPSViewer
2009-01-05 19:17 . 2009-01-05 19:17 <REP> d-------- c:\program files\MSBuild
2009-01-05 19:16 . 2009-01-05 19:16 <REP> d-------- c:\program files\Reference Assemblies
2009-01-05 19:14 . 2009-01-05 19:14 212 --a------ c:\windows\system32\spupdsvc.inf
2009-01-05 19:06 . 2009-01-06 09:06 <REP> d-------- c:\windows\SxsCaPendDel
2009-01-05 15:18 . 2009-01-05 15:18 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\AdobeUM
2009-01-05 10:44 . 2009-01-05 10:48 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Dev-Cpp
2009-01-05 10:31 . 2009-01-05 10:31 <REP> d-------- c:\program files\Microsoft
2009-01-05 10:11 . 2009-01-27 13:42 <REP> d-------- c:\documents and settings\Voodoobear\Tracing
2009-01-05 10:05 . 2009-01-05 10:05 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-01-05 09:39 . 2009-01-05 10:47 <REP> d-------- C:\Dev-Cpp
2009-01-04 21:40 . 2009-01-22 17:00 2,331,008 --a------ c:\windows\system32\TUKernel.exe
2009-01-04 21:21 . 2009-01-26 23:52 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Azureus
2009-01-04 21:21 . 2009-01-04 21:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
2009-01-04 21:20 . 2009-01-26 21:46 <REP> d-------- c:\program files\Vuze
2009-01-04 21:12 . 2009-01-04 21:12 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\InstallShield
2009-01-04 20:48 . 2009-01-22 16:33 <REP> d-------- c:\program files\TuneUp Utilities 2008
2009-01-04 20:48 . 2009-01-04 20:48 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-04 19:30 . 2009-01-27 13:44 12,650,528 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-04 19:30 . 2009-01-27 13:39 152,384 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-04 19:23 . 2009-01-04 19:23 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-01-04 19:23 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
2009-01-04 19:23 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
2009-01-04 19:23 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
2009-01-04 19:23 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
2009-01-04 19:23 . 2009-01-04 19:26 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-01-04 19:22 . 2009-01-04 19:22 <REP> d-------- c:\program files\Zone Labs
2009-01-04 19:21 . 2009-01-27 13:40 358,382 --a------ c:\windows\system32\vsconfig.xml
2009-01-04 19:20 . 2009-01-27 13:17 <REP> d-------- c:\windows\Internet Logs
2009-01-04 19:11 . 2009-01-04 19:11 <REP> d-------- c:\documents and settings\Voodoobear\Contacts
2009-01-04 19:10 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-04 19:09 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-04 19:08 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-04 19:08 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-04 19:08 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-04 19:08 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-04 19:07 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-04 19:07 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-01-04 19:06 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-01-04 19:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-04 19:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-04 18:24 . 2009-01-04 18:24 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-01-03 21:24 . 2009-01-03 21:24 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Media Player Classic
2009-01-03 20:20 . 2009-01-03 20:20 <REP> d-------- c:\program files\SAGEM Wi-Fi USB 802.11g
2009-01-03 20:20 . 2005-06-17 10:27 16,292 --a------ c:\windows\system32\PCANDIS5.SYS
2009-01-03 20:19 . 2009-01-03 20:19 <REP> d-------- c:\program files\SAGEM
2009-01-03 20:19 . 2005-06-17 10:27 379,456 --a------ c:\windows\system32\drivers\WlanUIG.sys
2009-01-03 20:19 . 2005-07-04 16:25 163,840 --a------ c:\windows\UninstWiFi.exe
2009-01-03 20:19 . 2005-06-17 10:26 114,688 --a------ c:\windows\system32\WLANUTL.dll
2009-01-03 20:19 . 2005-06-17 10:26 61,440 --a------ c:\windows\system32\W32N50.dll
2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a------ c:\windows\system32\irftp.exe
2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a--c--- c:\windows\system32\dllcache\irftp.exe
2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a------ c:\windows\system32\irmon.dll
2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a--c--- c:\windows\system32\dllcache\irmon.dll
2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a------ c:\windows\system32\wshirda.dll
2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-01-03 11:57 . 2009-01-03 11:57 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\TuneUp Software
2009-01-03 11:41 . 2009-01-17 23:07 <REP> d-------- c:\program files\Sleepy
2009-01-02 21:51 . 2009-01-02 21:50 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-02 21:51 . 2009-01-02 21:50 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-02 21:50 . 2009-01-02 21:50 <REP> d-------- c:\program files\Java
2009-01-02 21:50 . 2009-01-02 21:52 <REP> d-------- c:\program files\EasyPHP 2.0b1
2009-01-02 21:50 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-01-02 21:49 . 2009-01-02 21:49 <REP> d-------- c:\program files\wxGlade
2009-01-02 21:49 . 2009-01-05 18:16 <REP> d-------- c:\program files\Unlocker
2009-01-02 21:49 . 2009-01-02 21:49 <REP> d-------- c:\program files\K-Lite Codec Pack
2009-01-02 21:49 . 2009-01-20 00:34 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Desktopicon
2009-01-02 21:49 . 2008-09-19 22:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2009-01-02 21:49 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-01-02 21:49 . 2006-11-01 14:52 765,952 --a------ c:\windows\system32\xvidcore.dll
2009-01-02 21:49 . 2008-10-28 23:35 684,032 --a------ c:\windows\system32\divx.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 12:56 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-11 13:19 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-05 09:09 --------- d-----w c:\program files\Windows Live
2009-01-05 08:20 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-04 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-01-03 19:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-04-14 02:34 28,858,803 --sh--r c:\windows\system32\windir.exe
.
((((((((((((((((((((((((((((( snapshot_2009-01-26_ 0.04.07.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-27 12:40:20 16,384 ----atw c:\windows\temp\Perflib_Perfdata_264.dat
+ 2009-01-27 12:40:19 16,384 ----atw c:\windows\temp\Perflib_Perfdata_d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 913408]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2009-01-03 741376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NETGEAR WPN111 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WPN111 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Scheduler.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pinnacle Scheduler.lnk
backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-06-28 23:01 2512128 c:\windows\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 05:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a--c--- 2001-12-26 13:12 472576 c:\windows\mHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R3 dpK0Bx01;Pilote supérieur de lecteur d'empreintes digitales;c:\windows\system32\drivers\dpK0Bx01.sys [2004-08-04 32640]
R3 UsbdpFP;Pilote de classe Lecteur d'empreintes digitales;c:\windows\system32\drivers\UsbdpFP.sys [2004-08-04 34560]
R3 WB528MS;Winbond PCI Memory Stick PRO Storage (MSPRO) Device Driver;c:\windows\system32\drivers\wb528ms.sys [2008-09-27 38400]
R3 WB528SD;Winbond PCI Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\WB528SD.sys [2008-09-27 35712]
R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2009-01-03 379456]
S3 AMDMSRIO;AMDMSRIO;\??\f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys --> f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys [?]
S3 ATICDSDr;ATICDSDr;\??\f:\install\bin\atiicdxx.sys --> f:\install\bin\atiicdxx.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-10-06 17149]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PCANDIS5
.
Contents of the 'Scheduled Tasks' folder
2009-01-27 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Voodoobear\Application Data\Mozilla\Firefox\Profiles\41a3xjcs.default\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 13:44:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b5,f7,05,cc,5f,
6d,d6,ab,e2,63,26,f1,3f,c8,ff,68,8b,93,e2,ad,93,45,f4,42,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9d,6e,ea,72,50,
aa,d8,7f,6a,9c,d6,61,af,45,84,18,3a,1e,55,dc,e6,ab,49,aa,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e5,ee,d5,bf,55,
1f,67,7e,ff,7c,85,e0,43,d4,0e,fe,ab,c0,1f,5d,c7,0c,c0,92,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,97,60,b8,42,70,
b3,ec,e7,86,8c,21,01,be,91,eb,e7,d8,b5,b1,5a,b0,a6,68,0a,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,3f,50,4e,29,f9,
43,bb,a5,f5,1d,4d,73,a8,13,5c,05,e7,3c,4e,76,c2,9c,dc,3f,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,12,4c,2f,13,60,
f9,07,86,df,20,58,62,78,6b,cf,c8,6f,1d,fa,bc,93,70,79,0f,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,03,39,1d,67,7b,
a7,17,8f,fb,a7,78,e6,12,2f,9a,ea,c7,68,08,ed,fe,98,57,93,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,89,c5,64,99,
15,87,53,01,3a,48,fc,e8,04,4a,f1,57,0e,a8,22,14,d2,ab,ba,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1e,3e,30,6a,ed,
67,5b,15,f6,0f,4e,58,98,5b,89,c9,26,29,d7,23,55,3a,82,85,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e2,76,af,80,6d,
04,86,21,3d,ce,ea,26,2d,45,aa,78,d1,49,cc,16,28,09,89,83,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ad,ef,fc,f2,39,
ec,bb,26,2a,b7,cc,b5,b9,7f,41,e7,cd,f0,dc,9f,bb,ce,c6,8b,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2d,44,33,fa,03,
fd,4d,c5,6c,43,2d,1e,aa,22,2f,9c,ad,35,bd,da,ac,c9,57,4c,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="789DC0252CE3703BA7588FC03F90689669B341F395E5ED51BFC8A86DB31B7A901450CA8DA0B5B7B04079D710D9A39E756ED8624C9774D856C35EF587E21604D2DCE3744C78ABACD89B464960FE6C31BA420D673E851AE736E02A9B2564FE148C91BF2BB6D405B12583FD4628EA530CC9DA8A477FDB072A65DBFD45DD106E80E1E26D706587E1808CB783C52290A26B8826AB118AC7CE015A6DCEB68F7162EF7CF69ADB361C4BA4076A5D554B150BE26203EFE1A1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DFE6508E9C5C6F450DF8C6C7711B1769110C769D568FB8E869254E7D2BEC97EDEFA8B17C48287BEF6E78080B605D53C173F37F1B92002EEC3C862B9B43A90329A0FB8A74F88DC7A3F96D66FE236B8585EDFB0C407C8B440B5BD996124E05E34BAFACBC01BC4A2AD414894C37DBE3462BD8B06114F48875115E9B2526405DDA8F8B286B93E945EED559028DB8DA84285519169592CF40D035E774BD43EECDAC3D1DE10BE534B35661AB45E691D74038478747374B81F80CAD0C66485FE5248D2875D72D1F5B073D6F2AB6CF03C96BA33D56AA10C9307BCB1706B645378623DB11EBD1CC6C9FE06130526E8CCFBF6D2F7D0DDD321605FC35407AB93027D41F153DFC45F46F36582813A044EACF3F05450146ECD044854BA669E04212A6783C5BE59E973CE9D871E1E415BFD103F5571CC8F6D395D7680692A88A41C369333B88D5B5C712F737B34778CF5BA4C7B687C907561A1269A77BD7AD9EFFA6661CEF26EFB79D70D29CCC3B1D0CF2B8DCBE06FD5BD84F7AFE6BB48C3697D18CE3548BB2213D78AE173F9ED04099B5B4FD66C64E62447101A95C73E88D31AAE5779050480BE3F4F790C777DB8F4BF3AE547A91C25264AA2DDDF87F75DF7C3E23C1ADFDBF3DF2CCEF4B02BD92F14549C74CB2D790508E54C45065DF26BFBAE388B86A679F91CCE1AC7227013DBAE28B775177F848E50A28D6FCD1D50EF47C2972A351BB6A55C8C22BCA796DBC5CDBBA7B75E1B6ADDCA40C9CE7B91533D051B50509D72911CCC7EBDEF8A5F8B873F446CDB5E727A2206304AA95DF4E5B7278613093DD8AB19606F26D117829DCF16ABE9D9D567A9A1D51ABB9B417A1658608974B494EA4B694AE0FA289F2C2F642890E57885538D3351582D13FCC7132CA95BEE06A7BB5AEF05073F89F979041A8F430E57B501E244D27815D2E5F2B1D5BEE7DE077E4F67A24D4BD7E401FE84DCAA49EEE6AF310AD479BE4972D88BEC0AA0CE8690A722A20D244811FA1043B9AC1BDC7EEEC39887F7AAA009DA3592601212E10C54B22062CBCE50965E0B41521BC76A1307C35E81D60A48F24D5FFACB4A9BAB76D5B4"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(988)
c:\windows\DPPWDFLT.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\DigitalPersona\Bin\DpHost.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\snmp.exe
c:\program files\DigitalPersona\Bin\DPFUSMgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-27 13:47:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-27 12:47:40
ComboFix2.txt 2009-01-25 23:05:42
ComboFix3.txt 2009-01-22 16:34:03
Pre-Run: 1 719 074 816 octets libres
Post-Run: 1,726,328,832 octets libres
Current=4 Default=4 Failed=1 LastKnownGood=2 Sets=1,2,3,4
350 --- E O F --- 2009-01-06 09:20:44
Par prévention, je reposte après ce scan un raport Hijackthis =) :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:24, on 27/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Voodoobear\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2581702031
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 7317 bytes
Répondre à Voodoobear
Tu as les mêmes problèmes ?
Répondre à Angeldark
Je n'ai plus aucun problèmes, il me suffit de redémarrer pour voir si j'ai toujours des messages d'avertissement pour le démarrage des deux DLL qui me saoulaient! =)
Je réédite pour dire tout ça quand j'aurais redémarré et si tout est okay, je met le topic en résolu =).
En attendant, mes soucis Firefox sont Okay...
Message édité par Voodoobear le 27-01-2009 à 15:55:43
Répondre à Voodoobear
Bonne continuation
Répondre à Angeldark
Alors, après redémarrage du PC, il me remet les erreures DLL pour :
regikiho.dll",s
et rizizozu.dll",a qu'il n'arrive bien évidement pas à trouver étant donné que je les ai renomés et que j'ai changé leur type de fichier (de DLL en TXT) par précaution...
Y'a t'il quelque chose pour virer ça?
Voici mon raport Hijackthis après redémarrage... :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:55, on 28/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Voodoobear\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2581702031
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 7635 bytes
Répondre à Voodoobear
Désactive le TeaTimer de Spybot qui nous empêche de désinfecter.
Répondre à Angeldark
J'ai désinstallé spybot et vérifier avant le scan qu'il était bien désactivé dans les processus (que je réinstallerais après ou y'a plus pratique pour prtéger mon pC?)
Voici le raport combofix :
ComboFix 09-01-21.04 - Voodoobear 2009-01-29 13:14:32.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.172 [GMT 1:00]
Lancé depuis: c:\documents and settings\Voodoobear\Bureau\ComboFix.exe.exe
Commutateurs utilisés :: c:\documents and settings\Voodoobear\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-28 au 2009-01-29 ))))))))))))))))))))))))))))))))))))
.
2009-01-28 00:14 . 2009-01-28 00:22 720,896 --a------ c:\windows\iun6002ev.exe
2009-01-28 00:02 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2009-01-27 23:59 . 2009-01-27 23:59 34 --------- c:\windows\system32\oeminfo.ini
2009-01-23 20:19 . 2009-01-23 20:19 <REP> d-------- c:\program files\Avira
2009-01-23 20:19 . 2009-01-23 20:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-23 17:17 . 2009-01-23 17:17 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-23 16:01 . 2009-01-23 16:18 <REP> d-------- c:\program files\Google
2009-01-23 13:56 . 2009-01-23 13:56 <REP> d-------- c:\program files\Bonjour
2009-01-23 13:42 . 2009-01-23 13:42 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2009-01-21 23:58 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-21 21:50 . 2009-01-23 20:27 <REP> d-------- C:\Bibitte
2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- c:\program files\Smallvideosoft
2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- C:\Mp3 Output
2009-01-21 13:58 . 2007-03-01 04:18 4,762,112 --a------ c:\windows\system32\NCMedia.dll
2009-01-21 13:58 . 2007-02-25 15:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
2009-01-20 00:35 . 2009-01-20 00:35 61,440 --a------ c:\windows\system32\drivers\sjsnq.sys
2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Malwarebytes
2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-19 23:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-19 23:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-19 08:19 . 2009-01-19 08:19 <REP> d-------- c:\program files\AC3Filter
2009-01-19 08:19 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2009-01-18 16:27 . 2009-01-18 16:27 <REP> d-------- C:\VundoFix Backups
2009-01-18 01:27 . 2009-01-18 16:08 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-17 23:07 . 2009-01-18 00:20 264 --a------ c:\windows\wininit.ini
2009-01-17 21:37 . 2009-01-29 12:58 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-17 21:37 . 2009-01-29 12:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-14 14:29 . 2009-01-25 23:50 <REP> d-------- C:\Recreg
2009-01-14 13:38 . 2009-01-14 13:38 <REP> d-------- c:\program files\CCleaner
2009-01-13 16:03 . 2009-01-17 10:44 <REP> d-------- c:\windows\BDOSCAN8
2009-01-11 20:02 . 2009-01-11 20:11 <REP> d-------- c:\program files\Random Software
2009-01-11 11:04 . 2009-01-11 11:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-01-11 11:03 . 2009-01-11 11:03 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
2009-01-09 10:29 . 2009-01-09 10:29 172 ---h----- c:\windows\formacd.id
2009-01-09 09:02 . 2009-01-09 09:02 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\DigitalPersona
2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\program files\Webteh
2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\BSplayer Pro
2009-01-08 15:55 . 2009-01-08 16:02 <REP> d-------- C:\xampp
2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\windows\DPDrv
2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\program files\DigitalPersona
2009-01-07 18:19 . 2009-01-07 18:19 <REP> d-------- c:\program files\Guitar Pro 5
2009-01-06 12:33 . 2009-01-06 12:33 <REP> d-------- c:\windows\Sun
2009-01-06 10:15 . 2009-01-06 10:15 <REP> d-------- c:\documents and settings\Voodoobear\Incomplete
2009-01-06 10:12 . 2009-01-26 20:13 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\LimeWire
2009-01-06 09:54 . 2009-01-13 11:49 <REP> d-------- c:\program files\LimeWire
2009-01-06 09:37 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliPoint
2009-01-06 09:36 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliType Pro
2009-01-05 22:00 . 2009-01-05 22:01 <REP> d-------- c:\program files\Fichiers communs\Merge Modules
2009-01-05 19:52 . 2009-01-05 19:52 <REP> d-------- c:\program files\Microsoft SQL Server
2009-01-05 19:46 . 2009-01-07 19:19 <REP> d-------- c:\documents and settings\Voodoobear\dwhelper
2009-01-05 19:40 . 2009-01-05 19:40 <REP> d-------- c:\program files\Microsoft.NET
2009-01-05 19:38 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Visual Studio 8
2009-01-05 19:37 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Web Designer Tools
2009-01-05 19:37 . 2009-01-06 10:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-05 19:36 . 2009-01-05 19:36 <REP> dr-h----- C:\MSOCache
2009-01-05 19:33 . 2009-01-05 19:33 <REP> d-------- c:\program files\Microsoft SDKs
2009-01-05 19:18 . 2009-01-05 19:26 <REP> d-------- c:\windows\system32\XPSViewer
2009-01-05 19:17 . 2009-01-05 19:17 <REP> d-------- c:\program files\MSBuild
2009-01-05 19:16 . 2009-01-05 19:16 <REP> d-------- c:\program files\Reference Assemblies
2009-01-05 19:14 . 2009-01-05 19:14 212 --a------ c:\windows\system32\spupdsvc.inf
2009-01-05 19:06 . 2009-01-06 09:06 <REP> d-------- c:\windows\SxsCaPendDel
2009-01-05 15:18 . 2009-01-05 15:18 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\AdobeUM
2009-01-05 10:44 . 2009-01-05 10:48 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Dev-Cpp
2009-01-05 10:31 . 2009-01-05 10:31 <REP> d-------- c:\program files\Microsoft
2009-01-05 10:11 . 2009-01-29 13:22 <REP> d-------- c:\documents and settings\Voodoobear\Tracing
2009-01-05 10:05 . 2009-01-05 10:05 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-01-05 09:39 . 2009-01-05 10:47 <REP> d-------- C:\Dev-Cpp
2009-01-04 21:40 . 2009-01-22 17:00 2,331,008 --a------ c:\windows\system32\TUKernel.exe
2009-01-04 21:21 . 2009-01-28 23:42 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Azureus
2009-01-04 21:21 . 2009-01-04 21:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
2009-01-04 21:20 . 2009-01-26 21:46 <REP> d-------- c:\program files\Vuze
2009-01-04 21:12 . 2009-01-04 21:12 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\InstallShield
2009-01-04 20:48 . 2009-01-22 16:33 <REP> d-------- c:\program files\TuneUp Utilities 2008
2009-01-04 20:48 . 2009-01-04 20:48 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-04 19:30 . 2009-01-29 13:23 13,090,848 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-04 19:30 . 2009-01-29 13:18 157,544 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-04 19:23 . 2009-01-04 19:23 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-01-04 19:23 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
2009-01-04 19:23 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
2009-01-04 19:23 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
2009-01-04 19:23 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
2009-01-04 19:23 . 2009-01-04 19:26 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-01-04 19:22 . 2009-01-04 19:22 <REP> d-------- c:\program files\Zone Labs
2009-01-04 19:21 . 2009-01-29 13:19 358,382 --a------ c:\windows\system32\vsconfig.xml
2009-01-04 19:20 . 2009-01-29 13:19 <REP> d-------- c:\windows\Internet Logs
2009-01-04 19:11 . 2009-01-04 19:11 <REP> d-------- c:\documents and settings\Voodoobear\Contacts
2009-01-04 19:10 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-04 19:09 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-04 19:08 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-04 19:08 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-04 19:08 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-04 19:08 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-04 19:07 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-04 19:07 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-01-04 19:06 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-01-04 19:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-04 19:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-04 18:24 . 2009-01-04 18:24 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-01-03 21:24 . 2009-01-03 21:24 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Media Player Classic
2009-01-03 20:20 . 2009-01-03 20:20 <REP> d-------- c:\program files\SAGEM Wi-Fi USB 802.11g
2009-01-03 20:20 . 2005-06-17 10:27 16,292 --a------ c:\windows\system32\PCANDIS5.SYS
2009-01-03 20:19 . 2009-01-03 20:19 <REP> d-------- c:\program files\SAGEM
2009-01-03 20:19 . 2005-06-17 10:27 379,456 --a------ c:\windows\system32\drivers\WlanUIG.sys
2009-01-03 20:19 . 2005-07-04 16:25 163,840 --a------ c:\windows\UninstWiFi.exe
2009-01-03 20:19 . 2005-06-17 10:26 114,688 --a------ c:\windows\system32\WLANUTL.dll
2009-01-03 20:19 . 2005-06-17 10:26 61,440 --a------ c:\windows\system32\W32N50.dll
2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a------ c:\windows\system32\irftp.exe
2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a--c--- c:\windows\system32\dllcache\irftp.exe
2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a------ c:\windows\system32\irmon.dll
2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a--c--- c:\windows\system32\dllcache\irmon.dll
2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a------ c:\windows\system32\wshirda.dll
2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-01-03 11:57 . 2009-01-03 11:57 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\TuneUp Software
2009-01-03 11:41 . 2009-01-17 23:07 <REP> d-------- c:\program files\Sleepy
2009-01-02 21:51 . 2009-01-02 21:50 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-02 21:51 . 2009-01-02 21:50 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-02 21:50 . 2009-01-02 21:50 <REP> d-------- c:\program files\Java
2009-01-02 21:50 . 2009-01-02 21:52 <REP> d-------- c:\program files\EasyPHP 2.0b1
2009-01-02 21:50 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-01-02 21:49 . 2009-01-02 21:49 <REP> d-------- c:\program files\wxGlade
2009-01-02 21:49 . 2009-01-05 18:16 <REP> d-------- c:\program files\Unlocker
2009-01-02 21:49 . 2009-01-02 21:49 <REP> d-------- c:\program files\K-Lite Codec Pack
2009-01-02 21:49 . 2009-01-20 00:34 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Desktopicon
2009-01-02 21:49 . 2008-09-19 22:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 12:56 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-11 13:19 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-05 09:09 --------- d-----w c:\program files\Windows Live
2009-01-05 08:20 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-04 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-01-03 19:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-04-14 02:34 28,858,803 --sh--r c:\windows\system32\windir.exe
.
((((((((((((((((((((((((((((( snapshot_2009-01-26_ 0.04.07.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-29 12:19:45 16,384 ----atw c:\windows\temp\Perflib_Perfdata_10c.dat
+ 2009-01-29 12:19:45 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7fc.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 913408]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2009-01-03 741376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NETGEAR WPN111 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WPN111 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Scheduler.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pinnacle Scheduler.lnk
backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-06-28 23:01 2512128 c:\windows\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 05:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a--c--- 2001-12-26 13:12 472576 c:\windows\mHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R3 dpK0Bx01;Pilote supérieur de lecteur d'empreintes digitales;c:\windows\system32\drivers\dpK0Bx01.sys [2004-08-04 32640]
R3 UsbdpFP;Pilote de classe Lecteur d'empreintes digitales;c:\windows\system32\drivers\UsbdpFP.sys [2004-08-04 34560]
R3 WB528MS;Winbond PCI Memory Stick PRO Storage (MSPRO) Device Driver;c:\windows\system32\drivers\wb528ms.sys [2008-09-27 38400]
R3 WB528SD;Winbond PCI Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\WB528SD.sys [2008-09-27 35712]
R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2009-01-03 379456]
S3 AMDMSRIO;AMDMSRIO;\??\f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys --> f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys [?]
S3 ATICDSDr;ATICDSDr;\??\f:\install\bin\atiicdxx.sys --> f:\install\bin\atiicdxx.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-10-06 17149]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2009-01-29 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Voodoobear\Application Data\Mozilla\Firefox\Profiles\41a3xjcs.default\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 13:23:35
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b5,f7,05,cc,5f,
6d,d6,ab,e2,63,26,f1,3f,c8,ff,68,8b,93,e2,ad,93,45,f4,42,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9d,6e,ea,72,50,
aa,d8,7f,6a,9c,d6,61,af,45,84,18,3a,1e,55,dc,e6,ab,49,aa,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e5,ee,d5,bf,55,
1f,67,7e,ff,7c,85,e0,43,d4,0e,fe,ab,c0,1f,5d,c7,0c,c0,92,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,97,60,b8,42,70,
b3,ec,e7,86,8c,21,01,be,91,eb,e7,d8,b5,b1,5a,b0,a6,68,0a,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,3f,50,4e,29,f9,
43,bb,a5,f5,1d,4d,73,a8,13,5c,05,e7,3c,4e,76,c2,9c,dc,3f,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,12,4c,2f,13,60,
f9,07,86,df,20,58,62,78,6b,cf,c8,6f,1d,fa,bc,93,70,79,0f,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,03,39,1d,67,7b,
a7,17,8f,fb,a7,78,e6,12,2f,9a,ea,c7,68,08,ed,fe,98,57,93,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,89,c5,64,99,
15,87,53,01,3a,48,fc,e8,04,4a,f1,57,0e,a8,22,14,d2,ab,ba,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1e,3e,30,6a,ed,
67,5b,15,f6,0f,4e,58,98,5b,89,c9,26,29,d7,23,55,3a,82,85,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e2,76,af,80,6d,
04,86,21,3d,ce,ea,26,2d,45,aa,78,d1,49,cc,16,28,09,89,83,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ad,ef,fc,f2,39,
ec,bb,26,2a,b7,cc,b5,b9,7f,41,e7,cd,f0,dc,9f,bb,ce,c6,8b,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2d,44,33,fa,03,
fd,4d,c5,6c,43,2d,1e,aa,22,2f,9c,ad,35,bd,da,ac,c9,57,4c,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="789DC0252CE3703BA7588FC03F90689669B341F395E5ED51BFC8A86DB31B7A901450CA8DA0B5B7B04079D710D9A39E756ED8624C9774D856C35EF587E21604D2DCE3744C78ABACD89B464960FE6C31BA420D673E851AE736E02A9B2564FE148C91BF2BB6D405B12583FD4628EA530CC9DA8A477FDB072A65DBFD45DD106E80E1E26D706587E1808CB783C52290A26B8826AB118AC7CE015A6DCEB68F7162EF7CF69ADB361C4BA4076A5D554B150BE26203EFE1A1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DFE6508E9C5C6F450DF8C6C7711B1769110C769D568FB8E869254E7D2BEC97EDEFA8B17C48287BEF6E78080B605D53C173F37F1B92002EEC3C862B9B43A90329A0FB8A74F88DC7A3F96D66FE236B8585EDFB0C407C8B440B5BD996124E05E34BAFACBC01BC4A2AD414894C37DBE3462BD8B06114F48875115E9B2526405DDA8F8B286B93E945EED559028DB8DA84285519169592CF40D035E774BD43EECDAC3D1DE10BE534B35661AB45E691D74038478747374B81F80CAD0C66485FE5248D2875D72D1F5B073D6F2AB6CF03C96BA33D56AA10C9307BCB1706B645378623DB11EBD1CC6C9FE06130526E8CCFBF6D2F7D0DDD321605FC35407AB93027D41F153DFC45F46F36582813A044EACF3F05450146ECD044854BA669E04212A6783C5BE59E973CE9D871E1E415BFD103F5571CC8F6D395D7680692A88A41C369333B88D5B5C712F737B34778CF5BA4C7B687C907561A1269A77BD7AD9EFFA6661CEF26EFB79D70D29CCC3B1D0CF2B8DCBE06FD5BD84F7AFE6BB48C3697D18CE3548BB2213D78AE173F9ED04099B5B4FD66C64E62447101A95C73E88D31AAE5779050480BE3F4F790C777DB8F4BF3AE547A91C25264AA2DDDF87F75DF7C3E23C1ADFDBF3DF2CCEF4B02BD92F14549C74CB2D790508E54C45065DF26BFBAE388B86A679F91CCE1AC7227013DBAE28B775177F848E50A28D6FCD1D50EF47C2972A351BB6A55C8C22BCA796DBC5CDBBA7B75E1B6ADDCA40C9CE7B91533D051B50509D72911CCC7EBDEF8A5F8B873F446CDB5E727A2206304AA95DF4E5B7278613093DD8AB19606F26D117829DCF16ABE9D9D567A9A1D51ABB9B417A1658608974B494EA4B694AE0FA289F2C2F642890E57885538D3351582D13FCC7132CA95BEE06A7BB5AEF05073F89F979041A8F430E57B501E244D27815D2E5F2B1D5BEE7DE077E4F67A24D4BD7E401FE84DCAA49EEE6AF310AD479BE4972D88BEC0AA0CE8690A722A20D244811FA1043B9AC1BDC7EEEC39887F7AAA009DA3592601212E10C54B22062CBCE50965E0B41521BC76A1307C35E81D60A48F24D5FFACB4A9BAB76D5B4"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(988)
c:\windows\DPPWDFLT.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\DigitalPersona\Bin\DpHost.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\snmp.exe
c:\program files\DigitalPersona\Bin\DPFUSMgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-29 13:27:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-29 12:27:22
ComboFix2.txt 2009-01-27 12:47:49
ComboFix3.txt 2009-01-25 23:05:42
ComboFix4.txt 2009-01-22 16:34:03
Avant-CF: 3 921 137 664 octets libres
Après-CF: 3,952,582,656 octets libres
349 --- E O F --- 2009-01-06 09:20:44
Voici le raport hijackthis sans redémarrage :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:18, on 29/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Voodoobear\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2581702031
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 7036 bytes
Et voici le raport après redémarrage au cas ou :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:43, on 29/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Voodoobear\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2581702031
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 7295 bytes
Message édité par Voodoobear le 29-01-2009 à 13:44:17
Répondre à Voodoobear
Spybot est très useless pour la protection. Tu as encore des soucis ?
Répondre à Angeldark
Merci, apparemment, non, aucun soucis!
Je revériffirais après redémmarage mais pour le moment, Impec .
Merci BEAUCOUP de l'aide et du temps consacré pour résoudre mon (mes) soucis!!!
Je clique de ce pas sur "prévention et protection" .
Répondre à Voodoobear
Bon surf
Répondre à Angeldark
Il y a 1663 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
