Pas d acces aux sites antivirus et microsoft
elmoon
Messages postés
27
Statut
Membre
-
rey619 -
rey619 -
Bonjour,
je ne peux plus acceder aux sites antivirus ni au site de microsoft.
Mon Internet explorer me renvoit le message Impossible d'afficher la page.
J'ai essayé de m'en sortir tout seul en utilisant sdfix, combofix, malwaresbytes et sdfix mais ca n'a rien changé.
Peut etre parce que je n'ai pas pu faire la mise à jour en ligne pour malwaresbytes.
Est ce quelqu'un pourrait m'aider à supprimer ce virus ?
Voici ci dessous les logs que j'ai obtenu en passant les antivirus.
D'abord celui de hijack this
Puis celui de combofix
et celui de sdfix
En esperant que ca suffira :)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:13:37, on 19/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Native Instruments\Audio Kontrol 1\Audio Kontrol 1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
I:\Progs\divers\antispyware\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKCU\..\Run: [Audio Kontrol 1] C:\Program Files\Native Instruments\Audio Kontrol 1\Audio Kontrol 1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /M "Stylus Photo RX420" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 8809 bytes
ComboFix 09-06-16.05 - utilisateur 17/06/2009 20:14.8 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1535.1157 [GMT 2:00]
Lancé depuis: c:\documents and settings\utilisateur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090616-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-17 au 2009-06-17 ))))))))))))))))))))))))))))))))))))
.
2009-06-14 00:50 . 2009-06-14 00:58 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Braid
2009-06-14 00:48 . 2009-06-14 00:48 -------- d-----w- c:\windows\Logs
2009-06-14 00:47 . 2009-06-14 10:08 -------- d-----w- c:\program files\Braid
2009-06-14 00:41 . 2008-10-30 09:57 3851784 ----a-w- c:\windows\system32\d3dx9_39.dll
2009-06-06 06:06 . 2009-06-06 06:06 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Goto.Games
2009-06-06 06:06 . 2009-06-06 06:06 -------- d-----w- c:\program files\Goto.Games
2009-06-05 20:37 . 2009-06-05 20:37 286720 ----a-w- c:\windows\iun506.exe
2009-06-01 13:06 . 2009-06-01 13:06 -------- d-----w- c:\program files\MusicBrainz Picard
2009-05-23 16:52 . 2009-05-23 16:52 -------- d-----w- c:\program files\Remove Empty Directories
2009-05-23 14:25 . 2008-08-20 17:58 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-23 14:25 . 2008-08-20 17:58 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-23 14:25 . 2008-08-20 17:58 129520 ------w- c:\windows\system32\pxafs.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 18:12 . 2008-07-03 17:01 -------- d-----w- c:\program files\Warcraft3
2009-06-17 07:35 . 2009-06-17 07:35 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-06-16 22:56 . 2008-12-28 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 22:55 . 2001-08-28 14:00 72126 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-16 22:55 . 2001-08-28 14:00 460986 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-16 22:42 . 2006-07-15 19:30 -------- d-----w- c:\documents and settings\utilisateur\Application Data\uTorrent
2009-06-08 19:52 . 2009-05-06 17:27 -------- d-----w- c:\documents and settings\utilisateur\Application Data\XnView
2009-06-02 18:10 . 2007-03-28 21:06 -------- d-----w- c:\program files\Guitar Pro 5
2009-06-01 13:00 . 2007-06-16 15:09 -------- d-----w- c:\program files\MusicBrainz Tagger
2009-05-29 18:57 . 2007-07-02 18:35 -------- d-----w- c:\program files\emule
2009-05-26 11:20 . 2009-06-16 22:56 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2009-06-16 22:56 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-25 17:57 . 2007-04-02 21:13 -------- d-----w- c:\program files\TagRename
2009-05-24 03:18 . 2006-03-25 19:20 -------- d-----w- c:\program files\Winamp
2009-05-23 17:10 . 2007-01-02 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-23 17:09 . 2007-01-21 18:57 -------- d-----w- c:\program files\Torrent Harvester
2009-05-23 17:09 . 2007-05-20 13:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-23 17:09 . 2007-03-10 10:33 -------- d-----w- c:\program files\Real Alternative
2009-05-23 17:09 . 2007-06-18 23:32 -------- d-----w- c:\program files\QuickTime
2009-05-23 17:08 . 2007-03-11 13:52 -------- d-----w- c:\program files\Kap.GMATTests
2009-05-23 17:07 . 2007-09-09 14:36 -------- d-----w- c:\program files\Fichiers communs\ACD Systems
2009-05-23 17:07 . 2007-08-12 13:03 -------- d-----w- c:\program files\DOSBox-0.71
2009-05-23 17:07 . 2006-02-08 12:52 -------- d-----w- c:\program files\Ahead
2009-05-06 20:27 . 2009-05-06 19:47 -------- d-----w- c:\program files\Prey
2009-05-06 17:26 . 2009-05-06 17:26 -------- d-----w- c:\program files\XnView
2009-05-06 16:59 . 2009-01-17 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-05 20:59 . 2009-05-05 20:59 -------- d-----w- c:\program files\Alwil Software
2009-05-05 20:43 . 2009-05-05 20:43 172 ----a-w- C:\curr_ver.tmp
2009-05-05 18:42 . 2006-02-08 13:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-04 22:04 . 2009-05-04 22:00 -------- d-----w- c:\program files\Painkiller
2009-05-04 21:01 . 2009-05-04 20:46 -------- d-----w- c:\program files\UrbanTerror
2009-05-04 20:39 . 2009-05-04 20:39 -------- d-----w- c:\documents and settings\utilisateur\Application Data\atitray
2009-05-04 20:32 . 2009-05-04 20:28 -------- d-----w- c:\program files\MultiRes
2009-05-04 20:27 . 2009-05-04 20:27 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-05-04 20:27 . 2009-05-04 20:27 -------- d-----w- c:\program files\Radeon Omega Drivers
2009-05-03 19:38 . 2009-05-03 19:38 -------- d-----w- c:\program files\LucasArts
2009-04-29 21:52 . 2009-04-29 21:47 -------- d-----r- c:\program files\MameUI32
2009-04-26 18:31 . 2006-08-23 18:02 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Skype
2009-04-26 16:58 . 2008-11-23 17:24 -------- d-----w- c:\documents and settings\utilisateur\Application Data\skypePM
2009-03-21 00:22 . 2008-07-03 17:04 74136 ----a-w- c:\windows\War3Unin.dat
2007-08-12 18:29 . 2007-08-12 13:18 2441 ----a-w- c:\program files\DOSBox-0.jpg
2008-09-22 19:32 . 2008-09-22 19:32 60983 --sha-w- c:\windows\system32\duvabova.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 62229 --sha-w- c:\windows\system32\jojubasa.dll.tmp
2008-09-29 20:27 . 2008-09-29 20:27 61541 --sha-w- c:\windows\system32\kuhunuze.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 67913 --sha-w- c:\windows\system32\libinisu.dll.tmp
2008-09-22 19:32 . 2008-09-22 19:32 60983 --sha-w- c:\windows\system32\nakakoye.dll.tmp
2008-09-29 20:27 . 2008-09-29 20:27 61541 --sha-w- c:\windows\system32\nogezote.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 62229 --sha-w- c:\windows\system32\pawajinu.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 67913 --sha-w- c:\windows\system32\penipure.dll.tmp
2008-09-22 19:32 . 2008-09-22 19:32 60983 --sha-w- c:\windows\system32\tuvujuka.dll.tmp
2008-09-29 20:27 . 2008-09-29 20:27 61541 --sha-w- c:\windows\system32\vufeguja.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 62229 --sha-w- c:\windows\system32\wuyedawa.dll.tmp
2004-08-19 15:09 . 2006-08-10 07:25 156691 --sha-r- c:\windows\system32\zpdow.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-16_22.24.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-17 17:33 . 2009-06-17 17:33 16384 c:\windows\Temp\Perflib_Perfdata_600.dat
+ 2001-08-28 14:00 . 2009-06-16 22:55 59440 c:\windows\system32\perfc009.dat
- 2001-08-28 14:00 . 2009-03-29 12:31 59440 c:\windows\system32\perfc009.dat
+ 2001-08-28 14:00 . 2009-06-16 22:55 395200 c:\windows\system32\perfh009.dat
- 2001-08-28 14:00 . 2009-03-29 12:31 395200 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Audio Kontrol 1"="c:\program files\Native Instruments\Audio Kontrol 1\Audio Kontrol 1.exe" [2006-11-30 7008256]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Peterson's\\GMAT\\jre\\bin\\java.exe"=
"c:\\Program Files\\Peterson's\\GMAT\\server\\data\\firebirdsql\\bin\\fbserver.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7Debug\\mdm.exe"=
"c:\\Program Files\\Belkin\\Logiciel Bluetooth\\bin\\btwdins.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Native Instruments\\Audio Kontrol 1\\Audio Kontrol 1.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\UrbanTerror\\ioUrbanTerror.exe"=
"c:\\Program Files\\MusicBrainz Picard\\picard.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:6112
"2433:TCP"= 2433:TCP:zuvlyxi
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/05/2009 22:59 114768]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [04/05/2009 22:28 17952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/05/2009 22:59 20560]
S2 zaylreqql;System Network;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 17:10 14336]
S3 ak1avs;ak1avs;c:\windows\system32\drivers\ak1avs.sys [20/03/2007 20:24 25600]
S3 ak1usb;ak1usb;c:\windows\system32\drivers\ak1usb.sys [20/03/2007 20:24 85504]
S3 MA763013;M-Audio JamLab;c:\windows\system32\drivers\MA763013.sys --> c:\windows\system32\drivers\MA763013.sys [?]
S3 MAUSBJL;Service for M-Audio JamLab Driver (WDM);c:\windows\system32\DRIVERS\mausbjl.sys --> c:\windows\system32\DRIVERS\mausbjl.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23/04/2007 15:11 224896]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zaylreqql
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
Trusted Zone: microsoft.com\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 20:16
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zaylreqql]
"ServiceDll"="c:\windows\system32\zpdow.dll"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-790525478-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{34ED3E2A-6BF1-AD8E-8189-1ADEEE6171AE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"japjceakjipdjdbaodcn"=hex:6b,61,64,64,6c,6b,67,64,63,67,67,6a,6c,6b,70,6c,6a,
62,6d,6b,63,63,00,00
"iajkmpcimjogkjghno"=hex:6b,61,64,64,6c,6b,67,64,63,67,67,6a,6c,6b,70,6c,6a,62,
6d,6b,63,63,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2784)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-06-17 20:18
ComboFix-quarantined-files.txt 2009-06-17 18:18
ComboFix2.txt 2009-06-16 22:25
Avant-CF: 14 115 119 104 octets libres
Après-CF: 14 108 647 424 octets libres
183
[b]SDFix: Version 1.240 /b
Run by Administrateur on 19/06/2009 at 01:06
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services /b:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files /b:
No Trojan Files Found
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 01:15:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:de2416b6
"s2"=dword:ff54ea15
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:f5,00,53,c3,c8,bf,64,23,e3,a7,ea,78,67,b9,fc,44,91,ac,93,1e,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a8,dc,0d,33,c9,af,f2,95,20,8a,ac,16,4c,3a,94,b9,ae,..
"khjeh"=hex:ee,25,12,0d,96,80,4e,95,44,d0,60,57,2c,5b,bf,14,ed,7d,48,bb,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:77,52,39,dd,fe,b1,71,a9,6a,35,96,c5,84,29,48,8e,46,d2,64,05,ea,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:13,c0,53,9b,ab,f7,e4,5f,2a,fc,39,c4,60,72,00,60,4f,45,42,2b,8f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zaylreqql]
"DisplayName"="System Network"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Fournit une interface commune et un modèle objet pour accéder aux informations de gestion du système d'exploitation, des périphériques, des applications et des services. Si ce service est arrêté, la plupart des logiciels sur base Windows ne fonctionneront pas correctement. Si ce service est désactivé, tout service qui en dépend explicitement ne démarrera pas."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zaylreqql\Parameters]
"ServiceDll"=str(2):"C:\WINDOWS\system32\zpdow.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:f5,00,53,c3,c8,bf,64,23,e3,a7,ea,78,67,b9,fc,44,91,ac,93,1e,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a8,dc,0d,33,c9,af,f2,95,20,8a,ac,16,4c,3a,94,b9,ae,..
"khjeh"=hex:ee,25,12,0d,96,80,4e,95,44,d0,60,57,2c,5b,bf,14,ed,7d,48,bb,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:77,52,39,dd,fe,b1,71,a9,6a,35,96,c5,84,29,48,8e,46,d2,64,05,ea,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:13,c0,53,9b,ab,f7,e4,5f,2a,fc,39,c4,60,72,00,60,4f,45,42,2b,8f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zaylreqql]
"DisplayName"="System Network"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Fournit une interface commune et un modèle objet pour accéder aux informations de gestion du système d'exploitation, des périphériques, des applications et des services. Si ce service est arrêté, la plupart des logiciels sur base Windows ne fonctionneront pas correctement. Si ce service est désactivé, tout service qui en dépend explicitement ne démarrera pas."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zaylreqql\Parameters]
"ServiceDll"=str(2):"C:\WINDOWS\system32\zpdow.dll"
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{34ED3E2A-6BF1-AD8E-8189-1ADEEE6171AE}]
"japjceakjipdjdbaodcn"=hex:6b,61,64,64,6c,6b,67,64,63,67,67,6a,6c,6b,70,6c,6a,62,6d,6b,63,..
"iajkmpcimjogkjghno"=hex:6b,61,64,64,6c,6b,67,64,63,67,67,6a,6c,6b,70,6c,6a,62,6d,6b,63,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Peterson's\\GMAT\\jre\\bin\\java.exe"="C:\\Program Files\\Peterson's\\GMAT\\jre\\bin\\java.exe:*:Enabled:java"
"C:\\Program Files\\Peterson's\\GMAT\\server\\data\\firebirdsql\\bin\\fbserver.exe"="C:\\Program Files\\Peterson's\\GMAT\\server\\data\\firebirdsql\\bin\\fbserver.exe:*:Enabled:Firebird SQL Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMuleMorphXT"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7Debug\\mdm.exe"="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7Debug\\mdm.exe:*:Enabled:mdm"
"C:\\Program Files\\Belkin\\Logiciel Bluetooth\\bin\\btwdins.exe"="C:\\Program Files\\Belkin\\Logiciel Bluetooth\\bin\\btwdins.exe:*:Enabled:btwdins"
"C:\\WINDOWS\\system32\\spoolsv.exe"="C:\\WINDOWS\\system32\\spoolsv.exe:*:Enabled:spoolsv"
"C:\\Program Files\\Native Instruments\\Audio Kontrol 1\\Audio Kontrol 1.exe"="C:\\Program Files\\Native Instruments\\Audio Kontrol 1\\Audio Kontrol 1.exe:*:Enabled:Audio Kontrol 1"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\UrbanTerror\\ioUrbanTerror.exe"="C:\\Program Files\\UrbanTerror\\ioUrbanTerror.exe:*:Enabled:ioUrbanTerror"
"C:\\Program Files\\MusicBrainz Picard\\picard.exe"="C:\\Program Files\\MusicBrainz Picard\\picard.exe:*:Enabled:The next generation MusicBrainz tagger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files /b:
[b]Files with Hidden Attributes /b:
Mon 22 Sep 2008 60,983 A.SH. --- "C:\WINDOWS\system32\duvabova.dll.tmp"
--- 62,229 A.SH. --- "C:\WINDOWS\system32\jojubasa.dll.tmp"
Mon 29 Sep 2008 61,541 A.SH. --- "C:\WINDOWS\system32\kuhunuze.dll.tmp"
--- 67,913 A.SH. --- "C:\WINDOWS\system32\libinisu.dll.tmp"
Mon 22 Sep 2008 60,983 A.SH. --- "C:\WINDOWS\system32\nakakoye.dll.tmp"
Mon 29 Sep 2008 61,541 A.SH. --- "C:\WINDOWS\system32\nogezote.dll.tmp"
--- 62,229 A.SH. --- "C:\WINDOWS\system32\pawajinu.dll.tmp"
--- 67,913 A.SH. --- "C:\WINDOWS\system32\penipure.dll.tmp"
Mon 22 Sep 2008 60,983 A.SH. --- "C:\WINDOWS\system32\tuvujuka.dll.tmp"
Mon 29 Sep 2008 61,541 A.SH. --- "C:\WINDOWS\system32\vufeguja.dll.tmp"
--- 62,229 A.SH. --- "C:\WINDOWS\system32\wuyedawa.dll.tmp"
Thu 19 Aug 2004 156,691 A.SHR --- "C:\WINDOWS\system32\zpdow.dll"
Mon 10 Apr 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 12 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 22 May 2009 65,536 A..H. --- "C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Outlook\~Outlook.pst.tmp"
Mon 12 Feb 2007 32,768 A..H. --- "C:\Documents and Settings\utilisateur\Bureau\arnaud emploi\_historique\_old\RESEARCH INTERNATIONAL\~WRL0003.tmp"
[b]Finished!/b
J'espere que quelqu'un aura la gentillesse de me filer un coup de main parce que la je bloque...
je ne peux plus acceder aux sites antivirus ni au site de microsoft.
Mon Internet explorer me renvoit le message Impossible d'afficher la page.
J'ai essayé de m'en sortir tout seul en utilisant sdfix, combofix, malwaresbytes et sdfix mais ca n'a rien changé.
Peut etre parce que je n'ai pas pu faire la mise à jour en ligne pour malwaresbytes.
Est ce quelqu'un pourrait m'aider à supprimer ce virus ?
Voici ci dessous les logs que j'ai obtenu en passant les antivirus.
D'abord celui de hijack this
Puis celui de combofix
et celui de sdfix
En esperant que ca suffira :)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:13:37, on 19/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Native Instruments\Audio Kontrol 1\Audio Kontrol 1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
I:\Progs\divers\antispyware\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKCU\..\Run: [Audio Kontrol 1] C:\Program Files\Native Instruments\Audio Kontrol 1\Audio Kontrol 1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /M "Stylus Photo RX420" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 8809 bytes
ComboFix 09-06-16.05 - utilisateur 17/06/2009 20:14.8 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1535.1157 [GMT 2:00]
Lancé depuis: c:\documents and settings\utilisateur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090616-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-17 au 2009-06-17 ))))))))))))))))))))))))))))))))))))
.
2009-06-14 00:50 . 2009-06-14 00:58 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Braid
2009-06-14 00:48 . 2009-06-14 00:48 -------- d-----w- c:\windows\Logs
2009-06-14 00:47 . 2009-06-14 10:08 -------- d-----w- c:\program files\Braid
2009-06-14 00:41 . 2008-10-30 09:57 3851784 ----a-w- c:\windows\system32\d3dx9_39.dll
2009-06-06 06:06 . 2009-06-06 06:06 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Goto.Games
2009-06-06 06:06 . 2009-06-06 06:06 -------- d-----w- c:\program files\Goto.Games
2009-06-05 20:37 . 2009-06-05 20:37 286720 ----a-w- c:\windows\iun506.exe
2009-06-01 13:06 . 2009-06-01 13:06 -------- d-----w- c:\program files\MusicBrainz Picard
2009-05-23 16:52 . 2009-05-23 16:52 -------- d-----w- c:\program files\Remove Empty Directories
2009-05-23 14:25 . 2008-08-20 17:58 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-23 14:25 . 2008-08-20 17:58 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-23 14:25 . 2008-08-20 17:58 129520 ------w- c:\windows\system32\pxafs.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 18:12 . 2008-07-03 17:01 -------- d-----w- c:\program files\Warcraft3
2009-06-17 07:35 . 2009-06-17 07:35 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-06-16 22:56 . 2008-12-28 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 22:55 . 2001-08-28 14:00 72126 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-16 22:55 . 2001-08-28 14:00 460986 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-16 22:42 . 2006-07-15 19:30 -------- d-----w- c:\documents and settings\utilisateur\Application Data\uTorrent
2009-06-08 19:52 . 2009-05-06 17:27 -------- d-----w- c:\documents and settings\utilisateur\Application Data\XnView
2009-06-02 18:10 . 2007-03-28 21:06 -------- d-----w- c:\program files\Guitar Pro 5
2009-06-01 13:00 . 2007-06-16 15:09 -------- d-----w- c:\program files\MusicBrainz Tagger
2009-05-29 18:57 . 2007-07-02 18:35 -------- d-----w- c:\program files\emule
2009-05-26 11:20 . 2009-06-16 22:56 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2009-06-16 22:56 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-25 17:57 . 2007-04-02 21:13 -------- d-----w- c:\program files\TagRename
2009-05-24 03:18 . 2006-03-25 19:20 -------- d-----w- c:\program files\Winamp
2009-05-23 17:10 . 2007-01-02 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-23 17:09 . 2007-01-21 18:57 -------- d-----w- c:\program files\Torrent Harvester
2009-05-23 17:09 . 2007-05-20 13:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-23 17:09 . 2007-03-10 10:33 -------- d-----w- c:\program files\Real Alternative
2009-05-23 17:09 . 2007-06-18 23:32 -------- d-----w- c:\program files\QuickTime
2009-05-23 17:08 . 2007-03-11 13:52 -------- d-----w- c:\program files\Kap.GMATTests
2009-05-23 17:07 . 2007-09-09 14:36 -------- d-----w- c:\program files\Fichiers communs\ACD Systems
2009-05-23 17:07 . 2007-08-12 13:03 -------- d-----w- c:\program files\DOSBox-0.71
2009-05-23 17:07 . 2006-02-08 12:52 -------- d-----w- c:\program files\Ahead
2009-05-06 20:27 . 2009-05-06 19:47 -------- d-----w- c:\program files\Prey
2009-05-06 17:26 . 2009-05-06 17:26 -------- d-----w- c:\program files\XnView
2009-05-06 16:59 . 2009-01-17 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-05 20:59 . 2009-05-05 20:59 -------- d-----w- c:\program files\Alwil Software
2009-05-05 20:43 . 2009-05-05 20:43 172 ----a-w- C:\curr_ver.tmp
2009-05-05 18:42 . 2006-02-08 13:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-04 22:04 . 2009-05-04 22:00 -------- d-----w- c:\program files\Painkiller
2009-05-04 21:01 . 2009-05-04 20:46 -------- d-----w- c:\program files\UrbanTerror
2009-05-04 20:39 . 2009-05-04 20:39 -------- d-----w- c:\documents and settings\utilisateur\Application Data\atitray
2009-05-04 20:32 . 2009-05-04 20:28 -------- d-----w- c:\program files\MultiRes
2009-05-04 20:27 . 2009-05-04 20:27 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-05-04 20:27 . 2009-05-04 20:27 -------- d-----w- c:\program files\Radeon Omega Drivers
2009-05-03 19:38 . 2009-05-03 19:38 -------- d-----w- c:\program files\LucasArts
2009-04-29 21:52 . 2009-04-29 21:47 -------- d-----r- c:\program files\MameUI32
2009-04-26 18:31 . 2006-08-23 18:02 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Skype
2009-04-26 16:58 . 2008-11-23 17:24 -------- d-----w- c:\documents and settings\utilisateur\Application Data\skypePM
2009-03-21 00:22 . 2008-07-03 17:04 74136 ----a-w- c:\windows\War3Unin.dat
2007-08-12 18:29 . 2007-08-12 13:18 2441 ----a-w- c:\program files\DOSBox-0.jpg
2008-09-22 19:32 . 2008-09-22 19:32 60983 --sha-w- c:\windows\system32\duvabova.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 62229 --sha-w- c:\windows\system32\jojubasa.dll.tmp
2008-09-29 20:27 . 2008-09-29 20:27 61541 --sha-w- c:\windows\system32\kuhunuze.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 67913 --sha-w- c:\windows\system32\libinisu.dll.tmp
2008-09-22 19:32 . 2008-09-22 19:32 60983 --sha-w- c:\windows\system32\nakakoye.dll.tmp
2008-09-29 20:27 . 2008-09-29 20:27 61541 --sha-w- c:\windows\system32\nogezote.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 62229 --sha-w- c:\windows\system32\pawajinu.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 67913 --sha-w- c:\windows\system32\penipure.dll.tmp
2008-09-22 19:32 . 2008-09-22 19:32 60983 --sha-w- c:\windows\system32\tuvujuka.dll.tmp
2008-09-29 20:27 . 2008-09-29 20:27 61541 --sha-w- c:\windows\system32\vufeguja.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 62229 --sha-w- c:\windows\system32\wuyedawa.dll.tmp
2004-08-19 15:09 . 2006-08-10 07:25 156691 --sha-r- c:\windows\system32\zpdow.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-16_22.24.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-17 17:33 . 2009-06-17 17:33 16384 c:\windows\Temp\Perflib_Perfdata_600.dat
+ 2001-08-28 14:00 . 2009-06-16 22:55 59440 c:\windows\system32\perfc009.dat
- 2001-08-28 14:00 . 2009-03-29 12:31 59440 c:\windows\system32\perfc009.dat
+ 2001-08-28 14:00 . 2009-06-16 22:55 395200 c:\windows\system32\perfh009.dat
- 2001-08-28 14:00 . 2009-03-29 12:31 395200 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Audio Kontrol 1"="c:\program files\Native Instruments\Audio Kontrol 1\Audio Kontrol 1.exe" [2006-11-30 7008256]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Peterson's\\GMAT\\jre\\bin\\java.exe"=
"c:\\Program Files\\Peterson's\\GMAT\\server\\data\\firebirdsql\\bin\\fbserver.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7Debug\\mdm.exe"=
"c:\\Program Files\\Belkin\\Logiciel Bluetooth\\bin\\btwdins.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Native Instruments\\Audio Kontrol 1\\Audio Kontrol 1.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\UrbanTerror\\ioUrbanTerror.exe"=
"c:\\Program Files\\MusicBrainz Picard\\picard.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:6112
"2433:TCP"= 2433:TCP:zuvlyxi
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/05/2009 22:59 114768]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [04/05/2009 22:28 17952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/05/2009 22:59 20560]
S2 zaylreqql;System Network;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 17:10 14336]
S3 ak1avs;ak1avs;c:\windows\system32\drivers\ak1avs.sys [20/03/2007 20:24 25600]
S3 ak1usb;ak1usb;c:\windows\system32\drivers\ak1usb.sys [20/03/2007 20:24 85504]
S3 MA763013;M-Audio JamLab;c:\windows\system32\drivers\MA763013.sys --> c:\windows\system32\drivers\MA763013.sys [?]
S3 MAUSBJL;Service for M-Audio JamLab Driver (WDM);c:\windows\system32\DRIVERS\mausbjl.sys --> c:\windows\system32\DRIVERS\mausbjl.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23/04/2007 15:11 224896]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zaylreqql
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
Trusted Zone: microsoft.com\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 20:16
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zaylreqql]
"ServiceDll"="c:\windows\system32\zpdow.dll"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-790525478-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{34ED3E2A-6BF1-AD8E-8189-1ADEEE6171AE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"japjceakjipdjdbaodcn"=hex:6b,61,64,64,6c,6b,67,64,63,67,67,6a,6c,6b,70,6c,6a,
62,6d,6b,63,63,00,00
"iajkmpcimjogkjghno"=hex:6b,61,64,64,6c,6b,67,64,63,67,67,6a,6c,6b,70,6c,6a,62,
6d,6b,63,63,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2784)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-06-17 20:18
ComboFix-quarantined-files.txt 2009-06-17 18:18
ComboFix2.txt 2009-06-16 22:25
Avant-CF: 14 115 119 104 octets libres
Après-CF: 14 108 647 424 octets libres
183
[b]SDFix: Version 1.240 /b
Run by Administrateur on 19/06/2009 at 01:06
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services /b:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files /b:
No Trojan Files Found
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 01:15:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:de2416b6
"s2"=dword:ff54ea15
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:f5,00,53,c3,c8,bf,64,23,e3,a7,ea,78,67,b9,fc,44,91,ac,93,1e,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a8,dc,0d,33,c9,af,f2,95,20,8a,ac,16,4c,3a,94,b9,ae,..
"khjeh"=hex:ee,25,12,0d,96,80,4e,95,44,d0,60,57,2c,5b,bf,14,ed,7d,48,bb,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:77,52,39,dd,fe,b1,71,a9,6a,35,96,c5,84,29,48,8e,46,d2,64,05,ea,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:13,c0,53,9b,ab,f7,e4,5f,2a,fc,39,c4,60,72,00,60,4f,45,42,2b,8f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zaylreqql]
"DisplayName"="System Network"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Fournit une interface commune et un modèle objet pour accéder aux informations de gestion du système d'exploitation, des périphériques, des applications et des services. Si ce service est arrêté, la plupart des logiciels sur base Windows ne fonctionneront pas correctement. Si ce service est désactivé, tout service qui en dépend explicitement ne démarrera pas."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zaylreqql\Parameters]
"ServiceDll"=str(2):"C:\WINDOWS\system32\zpdow.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:f5,00,53,c3,c8,bf,64,23,e3,a7,ea,78,67,b9,fc,44,91,ac,93,1e,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a8,dc,0d,33,c9,af,f2,95,20,8a,ac,16,4c,3a,94,b9,ae,..
"khjeh"=hex:ee,25,12,0d,96,80,4e,95,44,d0,60,57,2c,5b,bf,14,ed,7d,48,bb,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:77,52,39,dd,fe,b1,71,a9,6a,35,96,c5,84,29,48,8e,46,d2,64,05,ea,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:13,c0,53,9b,ab,f7,e4,5f,2a,fc,39,c4,60,72,00,60,4f,45,42,2b,8f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zaylreqql]
"DisplayName"="System Network"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Fournit une interface commune et un modèle objet pour accéder aux informations de gestion du système d'exploitation, des périphériques, des applications et des services. Si ce service est arrêté, la plupart des logiciels sur base Windows ne fonctionneront pas correctement. Si ce service est désactivé, tout service qui en dépend explicitement ne démarrera pas."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zaylreqql\Parameters]
"ServiceDll"=str(2):"C:\WINDOWS\system32\zpdow.dll"
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{34ED3E2A-6BF1-AD8E-8189-1ADEEE6171AE}]
"japjceakjipdjdbaodcn"=hex:6b,61,64,64,6c,6b,67,64,63,67,67,6a,6c,6b,70,6c,6a,62,6d,6b,63,..
"iajkmpcimjogkjghno"=hex:6b,61,64,64,6c,6b,67,64,63,67,67,6a,6c,6b,70,6c,6a,62,6d,6b,63,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Peterson's\\GMAT\\jre\\bin\\java.exe"="C:\\Program Files\\Peterson's\\GMAT\\jre\\bin\\java.exe:*:Enabled:java"
"C:\\Program Files\\Peterson's\\GMAT\\server\\data\\firebirdsql\\bin\\fbserver.exe"="C:\\Program Files\\Peterson's\\GMAT\\server\\data\\firebirdsql\\bin\\fbserver.exe:*:Enabled:Firebird SQL Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMuleMorphXT"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7Debug\\mdm.exe"="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7Debug\\mdm.exe:*:Enabled:mdm"
"C:\\Program Files\\Belkin\\Logiciel Bluetooth\\bin\\btwdins.exe"="C:\\Program Files\\Belkin\\Logiciel Bluetooth\\bin\\btwdins.exe:*:Enabled:btwdins"
"C:\\WINDOWS\\system32\\spoolsv.exe"="C:\\WINDOWS\\system32\\spoolsv.exe:*:Enabled:spoolsv"
"C:\\Program Files\\Native Instruments\\Audio Kontrol 1\\Audio Kontrol 1.exe"="C:\\Program Files\\Native Instruments\\Audio Kontrol 1\\Audio Kontrol 1.exe:*:Enabled:Audio Kontrol 1"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\UrbanTerror\\ioUrbanTerror.exe"="C:\\Program Files\\UrbanTerror\\ioUrbanTerror.exe:*:Enabled:ioUrbanTerror"
"C:\\Program Files\\MusicBrainz Picard\\picard.exe"="C:\\Program Files\\MusicBrainz Picard\\picard.exe:*:Enabled:The next generation MusicBrainz tagger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files /b:
[b]Files with Hidden Attributes /b:
Mon 22 Sep 2008 60,983 A.SH. --- "C:\WINDOWS\system32\duvabova.dll.tmp"
--- 62,229 A.SH. --- "C:\WINDOWS\system32\jojubasa.dll.tmp"
Mon 29 Sep 2008 61,541 A.SH. --- "C:\WINDOWS\system32\kuhunuze.dll.tmp"
--- 67,913 A.SH. --- "C:\WINDOWS\system32\libinisu.dll.tmp"
Mon 22 Sep 2008 60,983 A.SH. --- "C:\WINDOWS\system32\nakakoye.dll.tmp"
Mon 29 Sep 2008 61,541 A.SH. --- "C:\WINDOWS\system32\nogezote.dll.tmp"
--- 62,229 A.SH. --- "C:\WINDOWS\system32\pawajinu.dll.tmp"
--- 67,913 A.SH. --- "C:\WINDOWS\system32\penipure.dll.tmp"
Mon 22 Sep 2008 60,983 A.SH. --- "C:\WINDOWS\system32\tuvujuka.dll.tmp"
Mon 29 Sep 2008 61,541 A.SH. --- "C:\WINDOWS\system32\vufeguja.dll.tmp"
--- 62,229 A.SH. --- "C:\WINDOWS\system32\wuyedawa.dll.tmp"
Thu 19 Aug 2004 156,691 A.SHR --- "C:\WINDOWS\system32\zpdow.dll"
Mon 10 Apr 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 12 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 22 May 2009 65,536 A..H. --- "C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Outlook\~Outlook.pst.tmp"
Mon 12 Feb 2007 32,768 A..H. --- "C:\Documents and Settings\utilisateur\Bureau\arnaud emploi\_historique\_old\RESEARCH INTERNATIONAL\~WRL0003.tmp"
[b]Finished!/b
J'espere que quelqu'un aura la gentillesse de me filer un coup de main parce que la je bloque...
Configuration: Windows XP Internet Explorer 6.0
A voir également:
- Pas d acces aux sites antivirus et microsoft
- Microsoft money - Télécharger - Comptabilité & Facturation
- Adieu Microsoft Money ! Ce logiciel gratuit est bien meilleur pour vos comptes personnels - Guide
- Acces rapide - Guide
- Microsoft office - Guide
- Telecharger microsoft store - Guide
