Votre question

Yoog search [résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Février 2009 02:25:36

Bonjour,

Je n'arrive pas a me débarasser de cet engin de recherche qui s'est insallé tout seul...
Chose interessante (peut-être) J'ai changer d'utilisateur sur windows XP et yoog search n'est pas là!

Merci d'avance,
Yves

Autres pages sur : yoog search resolu

9 Février 2009 19:01:05

bonsoir
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
10 Février 2009 05:50:30

ComboFix 09-02-08.02 - Administrator 2009-02-09 22:35:22.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.240 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS.1\Application Data\vlc-0.9.4-win32.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))
.

2009-02-09 20:12 . 2009-02-09 21:43 <DIR> d-------- c:\documents and settings\Garfield\Application Data\Azureus
2009-02-08 10:11 . 2009-02-08 10:21 <DIR> d-------- c:\documents and settings\Garfield\Application Data\vlc
2009-02-07 20:26 . 2009-02-07 20:26 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-02-07 16:58 . 2009-02-08 18:12 <DIR> d-------- c:\program files\Google
2009-02-07 16:58 . 2009-02-09 20:01 <DIR> d-------- c:\documents and settings\All Users.WINDOWS.1\Application Data\Google Updater
2009-02-04 23:53 . 2009-02-09 21:52 <DIR> d-------- C:\Combo-Fix
2009-01-13 21:27 . 2003-11-04 15:10 65,536 --a------ c:\windows.1\system32\lfeps13n.dll
2009-01-13 21:26 . 2004-05-14 16:53 462,848 --a------ c:\windows.1\system32\ltkrn13n.dll
2009-01-13 21:26 . 2004-05-14 16:53 450,560 --a------ c:\windows.1\system32\ltimg13n.dll
2009-01-13 21:26 . 2004-05-14 16:53 401,408 --a------ c:\windows.1\system32\lfcmp13n.dll
2009-01-13 21:26 . 2004-05-14 16:53 299,008 --a------ c:\windows.1\system32\ltdis13n.dll
2009-01-13 21:26 . 2004-01-12 02:09 206,336 --a------ c:\windows.1\system32\ltefx13n.dll
2009-01-13 21:26 . 2004-05-14 16:53 163,840 --a------ c:\windows.1\system32\ltfil13n.dll
2009-01-13 21:26 . 2003-11-04 15:10 69,632 --a------ c:\windows.1\system32\lfgif13n.dll
2009-01-13 21:26 . 2004-05-14 16:53 57,344 --a------ c:\windows.1\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 03:30 --------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
2009-02-10 02:24 --------- d-----w c:\program files\Azureus
2009-01-27 01:07 --------- d-----w c:\documents and settings\Administrator\Application Data\MiniLyrics
2009-01-18 16:58 --------- d-----w c:\documents and settings\All Users.WINDOWS.1\Application Data\avg8
2009-01-15 14:18 325,128 ----a-w c:\windows.1\system32\drivers\avgldx86.sys
2009-01-15 08:17 --------- d-----w c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft Help
2009-01-11 13:20 --------- d-----w c:\program files\CCleaner
2009-01-07 18:48 107,272 ----a-w c:\windows.1\system32\drivers\avgtdix.sys
2009-01-07 18:48 10,520 ----a-w c:\windows.1\system32\avgrsstx.dll
2009-01-07 18:47 12,552 ----a-w c:\windows.1\system32\drivers\avgrkx86.sys
2009-01-06 02:11 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2009-01-05 02:31 68,513 ----a-w c:\windows.1\system32\zwcgcgusyxtgs.dll-uninst.exe
2009-01-05 02:31 47,576 ----a-w c:\windows.1\system32\pczelklqximbhwrmd.exe
2009-01-04 23:38 38,496 ----a-w c:\windows.1\system32\drivers\mbamswissarmy.sys
2009-01-04 23:38 15,504 ----a-w c:\windows.1\system32\drivers\mbam.sys
2008-12-29 23:32 --------- d-----w c:\program files\iNav
2008-12-27 20:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-27 19:44 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-13 06:40 3,593,216 ----a-w c:\windows.1\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ------w c:\windows.1\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows.1\system32\dllcache\srv.sys
2008-11-10 10:43 410,984 ----a-w c:\windows.1\system32\deploytk.dll
2008-10-26 15:56 4,096 --sha-w c:\program files\Thumbs.db
2006-05-21 17:09 25 ---h--r c:\program files\perso
2004-04-02 14:36 30,020 ----a-r c:\program files\Français.cgl
2004-01-21 20:51 26,551 ----a-r c:\program files\US-English.cgl
2004-01-19 19:18 2,504 ----a-r c:\program files\Lisez-moi.txt
2002-09-16 21:14 9,158 ---ha-r c:\program files\CabriIIPlus.ico
2008-10-12 17:51 952 --sha-w c:\windows.1\system32\KGyGaAvL.sys
2008-10-24 23:41 32,768 --sha-w c:\windows.1\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102420081025\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"H/PC Connection Agent"="g:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-07 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-07 13:48 10520 c:\windows.1\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"g:\\Program Files\\webcamXP\\webcamXP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"g:\program files\Microsoft ActiveSync\rapimgr.exe"= g:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"g:\program files\Microsoft ActiveSync\wcescomm.exe"= g:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"g:\program files\Microsoft ActiveSync\WCESMgr.exe"= g:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"g:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"\\\\Yves\\g on yves\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"62000:UDP"= 62000:UDP:Azureus
"62000:TCP"= 62000:TCP:Azureus
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AvgRkx86;avgrkx86.sys;c:\windows.1\system32\drivers\avgrkx86.sys [2008-11-30 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows.1\system32\drivers\avgldx86.sys [2008-11-30 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows.1\system32\drivers\avgtdix.sys [2008-11-30 107272]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-07 298264]
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows.1\system32\drivers\IntelH51.sys [2004-09-29 469935]
S2 gupdate1c9896f93f59a80;Google Update Service (gupdate1c9896f93f59a80);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
S3 UnlockerDriver4;UnlockerDriver4 Driver;c:\windows.1\system32\UnlockerDriver4.sys [2006-05-13 3584]
S3 VirtualDK;VirtualDK;\??\c:\eeepcfr\usb_prep8\vdk.sys --> c:\eeepcfr\usb_prep8\vdk.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GUPDATE1C9896F93F59A80
*NewlyCreated* - GUSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{818655ff-d09f-11dd-b31a-0050bafb95f3}]
\Shell\AutoRun\command - H:\DPFMate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab7ba2a0-9f5f-11db-8a9e-0050bafb95f3}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f319dc82-beb7-11dc-ba5e-0050bafb95f3}]
\Shell\AutoRun\command - I:\DigitalPhotoKeychain.EXE
.
Contents of the 'Scheduled Tasks' folder

2009-02-10 c:\windows.1\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-07 16:58]

2009-02-10 c:\windows.1\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 17:00]
.
- - - - ORPHANS REMOVED - - - -

BHO-{3f0e30c2-2d52-0ff1-fc52-cb1c1d42ac2f} - (no file)


.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - g:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
Trusted Zone: gouv.qc.ca\www.registrefoncier
Trusted Zone: spasrelaissante.com\www
Trusted Zone: theatreduvieuxterrebonne.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows.1\Java\classes\xmldso.cab
DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} - hxxp://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05_04/CPC...
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hmdcse1g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 22:41:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1911B7FB-60D9-BD4E-12F4-8EE64EA5B7CC}*]
"hajclhnebfnfngdf"=hex:64,62,67,65,61,63,63,6d,61,6c,62,6f,62,69,6c,6d,66,6c,
67,68,6f,67,63,69,68,6b,63,6f,6e,62,62,6c,64,68,6d,6a,63,68,6d,6f,00,03
"iafgcckjmnocjbpcaj"=hex:6a,61,6a,67,65,6c,64,6d,6e,63,61,65,68,65,62,65,67,6b,
62,65,00,b6
"halfignakhnlafgn"=hex:6a,61,6a,67,65,6c,64,6d,6e,63,61,65,68,65,62,65,67,6b,
62,65,00,f7
"hajclhneleafhmlm"=hex:6e,61,65,67,66,66,6f,6b,67,62,70,67,6e,70,61,6c,65,64,
69,68,70,62,64,67,6f,70,66,61,00,62

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911B7FB-60D9-BD4E-12F4-8EE64EA5B7CC}\InProcServer32*]
"iahfpekbjakaiakkfp"=hex:6e,61,65,67,66,66,6f,6b,67,62,70,67,6e,70,61,6c,65,64,
69,68,70,62,64,67,6f,70,66,61,00,00
"iahfpekbjaagcagjmn"=hex:64,62,67,65,61,63,63,6d,61,6c,62,6f,62,69,6c,6d,66,6c,
67,68,6f,67,63,69,68,6b,63,6f,6e,62,62,6c,64,68,6d,6a,63,68,6d,6f,00,03
"jahfdfdihldjajgjgfgj"=hex:6a,61,6a,67,65,6c,64,6d,6e,63,61,65,68,65,62,65,67,
6b,62,65,00,b6
"iahfjdnihnddaiolea"=hex:6a,61,6a,67,65,6c,64,6d,6e,63,61,65,68,65,62,65,67,6b,
62,65,00,f7
.
Completion time: 2009-02-09 22:46:04
ComboFix-quarantined-files.txt 2009-02-10 03:45:35

Pre-Run: 20,280,479,744 bytes free
Post-Run: 20,281,807,872 bytes free

199 --- E O F --- 2009-01-15 08:18:51
Contenus similaires
10 Février 2009 22:41:13

re

Copie (Ctrl+C) le texte ci-dessous :
File::
c:\windows.1\system32\zwcgcgusyxtgs.dll-uninst.exe
c:\windows.1\system32\pczelklqximbhwrmd.exe
H:\DPFMate.exe
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hmdcse1g.default\user.js

REGNULL::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911B7FB-60D9-BD4E-12F4-8EE64EA5B7CC}\InProcServer32*]
[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1911B7FB-60D9-BD4E-12F4-8EE64EA5B7CC}*]

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{818655ff-d09f-11dd-b31a-0050bafb95f3}]


Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    11 Février 2009 01:26:01

    ComboFix 09-02-10.01 - Administrator 2009-02-10 18:39:30.6 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.181 [GMT -5:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
    AV: AVG Internet Security *On-access scanning enabled* (Updated)
    * Created a new restore point

    FILE ::
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hmdcse1g.default\user.js
    c:\windows.1\system32\pczelklqximbhwrmd.exe
    c:\windows.1\system32\zwcgcgusyxtgs.dll-uninst.exe
    H:\DPFMate.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hmdcse1g.default\user.js
    c:\windows.1\system32\pczelklqximbhwrmd.exe
    c:\windows.1\system32\zwcgcgusyxtgs.dll-uninst.exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))
    .

    2009-02-09 20:12 . 2009-02-09 21:43 <DIR> d-------- c:\documents and settings\Garfield\Application Data\Azureus
    2009-02-08 10:11 . 2009-02-08 10:21 <DIR> d-------- c:\documents and settings\Garfield\Application Data\vlc
    2009-02-07 20:26 . 2009-02-07 20:26 <DIR> d-------- c:\program files\Microsoft ActiveSync
    2009-02-07 16:58 . 2009-02-08 18:12 <DIR> d-------- c:\program files\Google
    2009-02-07 16:58 . 2009-02-09 20:01 <DIR> d-------- c:\documents and settings\All Users.WINDOWS.1\Application Data\Google Updater
    2009-02-04 23:53 . 2009-02-09 21:52 <DIR> d-------- C:\Combo-Fix
    2009-01-13 21:27 . 2003-11-04 15:10 65,536 --a------ c:\windows.1\system32\lfeps13n.dll
    2009-01-13 21:26 . 2004-05-14 16:53 462,848 --a------ c:\windows.1\system32\ltkrn13n.dll
    2009-01-13 21:26 . 2004-05-14 16:53 450,560 --a------ c:\windows.1\system32\ltimg13n.dll
    2009-01-13 21:26 . 2004-05-14 16:53 401,408 --a------ c:\windows.1\system32\lfcmp13n.dll
    2009-01-13 21:26 . 2004-05-14 16:53 299,008 --a------ c:\windows.1\system32\ltdis13n.dll
    2009-01-13 21:26 . 2004-01-12 02:09 206,336 --a------ c:\windows.1\system32\ltefx13n.dll
    2009-01-13 21:26 . 2004-05-14 16:53 163,840 --a------ c:\windows.1\system32\ltfil13n.dll
    2009-01-13 21:26 . 2003-11-04 15:10 69,632 --a------ c:\windows.1\system32\lfgif13n.dll
    2009-01-13 21:26 . 2004-05-14 16:53 57,344 --a------ c:\windows.1\system32\lfbmp13n.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-10 03:30 --------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
    2009-02-10 02:24 --------- d-----w c:\program files\Azureus
    2009-01-27 01:07 --------- d-----w c:\documents and settings\Administrator\Application Data\MiniLyrics
    2009-01-18 16:58 --------- d-----w c:\documents and settings\All Users.WINDOWS.1\Application Data\avg8
    2009-01-15 14:18 325,128 ----a-w c:\windows.1\system32\drivers\avgldx86.sys
    2009-01-15 08:17 --------- d-----w c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft Help
    2009-01-11 13:20 --------- d-----w c:\program files\CCleaner
    2009-01-07 18:48 107,272 ----a-w c:\windows.1\system32\drivers\avgtdix.sys
    2009-01-07 18:48 10,520 ----a-w c:\windows.1\system32\avgrsstx.dll
    2009-01-07 18:47 12,552 ----a-w c:\windows.1\system32\drivers\avgrkx86.sys
    2009-01-06 02:11 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
    2009-01-04 23:38 38,496 ----a-w c:\windows.1\system32\drivers\mbamswissarmy.sys
    2009-01-04 23:38 15,504 ----a-w c:\windows.1\system32\drivers\mbam.sys
    2008-12-29 23:32 --------- d-----w c:\program files\iNav
    2008-12-27 20:29 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-27 19:44 --------- d-----w c:\program files\Common Files\InstallShield
    2008-12-13 06:40 3,593,216 ----a-w c:\windows.1\system32\dllcache\mshtml.dll
    2008-12-11 10:57 333,952 ------w c:\windows.1\system32\drivers\srv.sys
    2008-12-11 10:57 333,952 ------w c:\windows.1\system32\dllcache\srv.sys
    2008-11-10 10:43 410,984 ----a-w c:\windows.1\system32\deploytk.dll
    2008-10-26 15:56 4,096 --sha-w c:\program files\Thumbs.db
    2006-05-21 17:09 25 ---h--r c:\program files\perso
    2004-04-02 14:36 30,020 ----a-r c:\program files\Français.cgl
    2004-01-21 20:51 26,551 ----a-r c:\program files\US-English.cgl
    2004-01-19 19:18 2,504 ----a-r c:\program files\Lisez-moi.txt
    2002-09-16 21:14 9,158 ---ha-r c:\program files\CabriIIPlus.ico
    2008-10-12 17:51 952 --sha-w c:\windows.1\system32\KGyGaAvL.sys
    2008-10-24 23:41 32,768 --sha-w c:\windows.1\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102420081025\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-09_22.42.43.00 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-02-10 04:40:42 16,384 ----atw c:\windows.1\Temp\Perflib_Perfdata_284.dat
    + 2009-02-10 04:40:58 16,384 ----atw c:\windows.1\Temp\Perflib_Perfdata_4b8.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "H/PC Connection Agent"="g:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-07 1601304]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-01-07 13:48 10520 c:\windows.1\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"= ctwdm32.dll
    "VIDC.ACDV"= ACDV.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "g:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
    "g:\\Program Files\\webcamXP\\webcamXP.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "g:\program files\Microsoft ActiveSync\rapimgr.exe"= g:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "g:\program files\Microsoft ActiveSync\wcescomm.exe"= g:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "g:\program files\Microsoft ActiveSync\WCESMgr.exe"= g:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "g:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "\\\\Yves\\g on yves\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "62000:UDP"= 62000:UDP:Azureus
    "62000:TCP"= 62000:TCP:Azureus
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 AvgRkx86;avgrkx86.sys;c:\windows.1\system32\drivers\avgrkx86.sys [2008-11-30 12552]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows.1\system32\drivers\avgldx86.sys [2008-11-30 325128]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows.1\system32\drivers\avgtdix.sys [2008-11-30 107272]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-07 298264]
    R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows.1\system32\drivers\IntelH51.sys [2004-09-29 469935]
    S2 gupdate1c9896f93f59a80;Google Update Service (gupdate1c9896f93f59a80);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
    S3 UnlockerDriver4;UnlockerDriver4 Driver;c:\windows.1\system32\UnlockerDriver4.sys [2006-05-13 3584]
    S3 VirtualDK;VirtualDK;\??\c:\eeepcfr\usb_prep8\vdk.sys --> c:\eeepcfr\usb_prep8\vdk.sys [?]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab7ba2a0-9f5f-11db-8a9e-0050bafb95f3}]
    \Shell\AutoRun\command - H:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f319dc82-beb7-11dc-ba5e-0050bafb95f3}]
    \Shell\AutoRun\command - I:\DigitalPhotoKeychain.EXE
    .
    Contents of the 'Scheduled Tasks' folder

    2009-02-10 c:\windows.1\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-07 16:58]

    2009-02-10 c:\windows.1\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 17:00]
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = \blank.htm
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - g:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
    Trusted Zone: gouv.qc.ca\www.registrefoncier
    Trusted Zone: spasrelaissante.com\www
    Trusted Zone: theatreduvieuxterrebonne.com\www
    DPF: Microsoft XML Parser for Java - file://c:\windows.1\Java\classes\xmldso.cab
    DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} - hxxp://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05_04/CPC...
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hmdcse1g.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - Yoog Search
    FF - prefs.js: browser.startup.homepage -
    FF - prefs.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-10 18:43:34
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\Administrator\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1911B7FB-60D9-BD4E-12F4-8EE64EA5B7CC}*]
    "hajclhnebfnfngdf"=hex:64,62,67,65,61,63,63,6d,61,6c,62,6f,62,69,6c,6d,66,6c,
    67,68,6f,67,63,69,68,6b,63,6f,6e,62,62,6c,64,68,6d,6a,63,68,6d,6f,00,03
    "iafgcckjmnocjbpcaj"=hex:6a,61,6a,67,65,6c,64,6d,6e,63,61,65,68,65,62,65,67,6b,
    62,65,00,b6
    "halfignakhnlafgn"=hex:6a,61,6a,67,65,6c,64,6d,6e,63,61,65,68,65,62,65,67,6b,
    62,65,00,f7
    "hajclhneleafhmlm"=hex:6e,61,65,67,66,66,6f,6b,67,62,70,67,6e,70,61,6c,65,64,
    69,68,70,62,64,67,6f,70,66,61,00,62
    .
    Completion time: 2009-02-10 18:48:06
    ComboFix-quarantined-files.txt 2009-02-10 23:47:38
    ComboFix2.txt 2009-02-10 03:46:09

    Pre-Run: 20 345 113 088 bytes free
    Post-Run: 20,333,134,336 bytes free

    189 --- E O F --- 2009-01-15 08:18:51
    11 Février 2009 11:16:10

    Bonjour
    ça se termine :) 

    1

    Copie (Ctrl+C) le texte ci-dessous :
    File::
    c:\windows.1\Temp\Perflib_Perfdata_284.dat
    c:\windows.1\Temp\Perflib_Perfdata_4b8.dat

    Firefox::
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hmdcse1g.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - Yoog Search
    FF - prefs.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    2

    Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.

  • Autorise les Active x.
  • Clique sur Démarrer Online Scanner.
  • Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
  • Colle son rapport ici.

    Aide : Comment faire un scan en ligne avec Kaspersky .
    12 Février 2009 01:30:30

    Bonsoir Sham_Rock,

    Yoog Shearch est toujours là :(  dans internet explorer et dans FireFoxe !!!
    Voici le dernier log.txt et je vais scanner avec Kaspersky.

    ComboFix 09-02-11.02 - Administrator 2009-02-11 18:34:06.7 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.137 [GMT -5:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
    AV: AVG Internet Security *On-access scanning enabled* (Updated)

    FILE ::
    c:\windows.1\Temp\Perflib_Perfdata_284.dat
    c:\windows.1\Temp\Perflib_Perfdata_4b8.dat
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows.1\Temp\Perflib_Perfdata_284.dat
    c:\windows.1\Temp\Perflib_Perfdata_4b8.dat

    .
    ((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
    .

    2009-02-09 20:12 . 2009-02-09 21:43 <DIR> d-------- c:\documents and settings\Garfield\Application Data\Azureus
    2009-02-08 10:11 . 2009-02-08 10:21 <DIR> d-------- c:\documents and settings\Garfield\Application Data\vlc
    2009-02-07 20:26 . 2009-02-07 20:26 <DIR> d-------- c:\program files\Microsoft ActiveSync
    2009-02-07 16:58 . 2009-02-08 18:12 <DIR> d-------- c:\program files\Google
    2009-02-07 16:58 . 2009-02-10 21:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS.1\Application Data\Google Updater
    2009-02-04 23:53 . 2009-02-09 21:52 <DIR> d-------- C:\Combo-Fix
    2009-01-13 21:27 . 2003-11-04 15:10 65,536 --a------ c:\windows.1\system32\lfeps13n.dll
    2009-01-13 21:26 . 2004-05-14 16:53 462,848 --a------ c:\windows.1\system32\ltkrn13n.dll
    2009-01-13 21:26 . 2004-05-14 16:53 450,560 --a------ c:\windows.1\system32\ltimg13n.dll
    2009-01-13 21:26 . 2004-05-14 16:53 401,408 --a------ c:\windows.1\system32\lfcmp13n.dll
    2009-01-13 21:26 . 2004-05-14 16:53 299,008 --a------ c:\windows.1\system32\ltdis13n.dll
    2009-01-13 21:26 . 2004-01-12 02:09 206,336 --a------ c:\windows.1\system32\ltefx13n.dll
    2009-01-13 21:26 . 2004-05-14 16:53 163,840 --a------ c:\windows.1\system32\ltfil13n.dll
    2009-01-13 21:26 . 2003-11-04 15:10 69,632 --a------ c:\windows.1\system32\lfgif13n.dll
    2009-01-13 21:26 . 2004-05-14 16:53 57,344 --a------ c:\windows.1\system32\lfbmp13n.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-11 02:04 --------- d-----w c:\documents and settings\Administrator\Application Data\MiniLyrics
    2009-02-10 03:30 --------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
    2009-02-10 02:24 --------- d-----w c:\program files\Azureus
    2009-01-18 16:58 --------- d-----w c:\documents and settings\All Users.WINDOWS.1\Application Data\avg8
    2009-01-15 14:18 325,128 ----a-w c:\windows.1\system32\drivers\avgldx86.sys
    2009-01-15 08:17 --------- d-----w c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft Help
    2009-01-11 13:20 --------- d-----w c:\program files\CCleaner
    2009-01-07 18:48 107,272 ----a-w c:\windows.1\system32\drivers\avgtdix.sys
    2009-01-07 18:48 10,520 ----a-w c:\windows.1\system32\avgrsstx.dll
    2009-01-07 18:47 12,552 ----a-w c:\windows.1\system32\drivers\avgrkx86.sys
    2009-01-06 02:11 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
    2009-01-04 23:38 38,496 ----a-w c:\windows.1\system32\drivers\mbamswissarmy.sys
    2009-01-04 23:38 15,504 ----a-w c:\windows.1\system32\drivers\mbam.sys
    2008-12-29 23:32 --------- d-----w c:\program files\iNav
    2008-12-27 20:29 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-27 19:44 --------- d-----w c:\program files\Common Files\InstallShield
    2008-12-13 06:40 3,593,216 ----a-w c:\windows.1\system32\dllcache\mshtml.dll
    2008-12-11 10:57 333,952 ------w c:\windows.1\system32\drivers\srv.sys
    2008-12-11 10:57 333,952 ------w c:\windows.1\system32\dllcache\srv.sys
    2008-10-26 15:56 4,096 --sha-w c:\program files\Thumbs.db
    2006-05-21 17:09 25 ---h--r c:\program files\perso
    2004-04-02 14:36 30,020 ----a-r c:\program files\Français.cgl
    2004-01-21 20:51 26,551 ----a-r c:\program files\US-English.cgl
    2004-01-19 19:18 2,504 ----a-r c:\program files\Lisez-moi.txt
    2002-09-16 21:14 9,158 ---ha-r c:\program files\CabriIIPlus.ico
    2008-10-12 17:51 952 --sha-w c:\windows.1\system32\KGyGaAvL.sys
    2008-10-24 23:41 32,768 --sha-w c:\windows.1\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102420081025\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-09_22.42.43.00 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-02-10 02:23:40 2,404 ----a-w c:\windows.1\system32\d3d9caps.dat
    + 2009-02-11 04:36:43 2,404 ----a-w c:\windows.1\system32\d3d9caps.dat
    + 2009-02-11 00:19:52 16,384 ----atw c:\windows.1\Temp\Perflib_Perfdata_14c.dat
    + 2009-02-11 00:19:32 16,384 ----atw c:\windows.1\Temp\Perflib_Perfdata_254.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "H/PC Connection Agent"="g:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-07 1601304]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-01-07 13:48 10520 c:\windows.1\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"= ctwdm32.dll
    "VIDC.ACDV"= ACDV.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "g:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
    "g:\\Program Files\\webcamXP\\webcamXP.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "g:\program files\Microsoft ActiveSync\rapimgr.exe"= g:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "g:\program files\Microsoft ActiveSync\wcescomm.exe"= g:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "g:\program files\Microsoft ActiveSync\WCESMgr.exe"= g:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "g:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "\\\\Yves\\g on yves\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "62000:UDP"= 62000:UDP:Azureus
    "62000:TCP"= 62000:TCP:Azureus
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 AvgRkx86;avgrkx86.sys;c:\windows.1\system32\drivers\avgrkx86.sys [2008-11-30 12552]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows.1\system32\drivers\avgldx86.sys [2008-11-30 325128]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows.1\system32\drivers\avgtdix.sys [2008-11-30 107272]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-07 298264]
    R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows.1\system32\drivers\IntelH51.sys [2004-09-29 469935]
    S2 gupdate1c9896f93f59a80;Google Update Service (gupdate1c9896f93f59a80);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
    S3 UnlockerDriver4;UnlockerDriver4 Driver;c:\windows.1\system32\UnlockerDriver4.sys [2006-05-13 3584]
    S3 VirtualDK;VirtualDK;\??\c:\eeepcfr\usb_prep8\vdk.sys --> c:\eeepcfr\usb_prep8\vdk.sys [?]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab7ba2a0-9f5f-11db-8a9e-0050bafb95f3}]
    \Shell\AutoRun\command - H:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f319dc82-beb7-11dc-ba5e-0050bafb95f3}]
    \Shell\AutoRun\command - I:\DigitalPhotoKeychain.EXE
    .
    Contents of the 'Scheduled Tasks' folder

    2009-02-11 c:\windows.1\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-07 16:58]

    2009-02-11 c:\windows.1\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 17:00]
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = \blank.htm
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - g:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
    Trusted Zone: gouv.qc.ca\www.registrefoncier
    Trusted Zone: spasrelaissante.com\www
    Trusted Zone: theatreduvieuxterrebonne.com\www
    DPF: Microsoft XML Parser for Java - file://c:\windows.1\Java\classes\xmldso.cab
    DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} - hxxp://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05_04/CPC...
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hmdcse1g.default\
    FF - prefs.js: browser.startup.homepage -
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-11 18:38:14
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\Administrator\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1911B7FB-60D9-BD4E-12F4-8EE64EA5B7CC}*]
    "hajclhnebfnfngdf"=hex:64,62,67,65,61,63,63,6d,61,6c,62,6f,62,69,6c,6d,66,6c,
    67,68,6f,67,63,69,68,6b,63,6f,6e,62,62,6c,64,68,6d,6a,63,68,6d,6f,00,03
    "iafgcckjmnocjbpcaj"=hex:6a,61,6a,67,65,6c,64,6d,6e,63,61,65,68,65,62,65,67,6b,
    62,65,00,b6
    "halfignakhnlafgn"=hex:6a,61,6a,67,65,6c,64,6d,6e,63,61,65,68,65,62,65,67,6b,
    62,65,00,f7
    "hajclhneleafhmlm"=hex:6e,61,65,67,66,66,6f,6b,67,62,70,67,6e,70,61,6c,65,64,
    69,68,70,62,64,67,6f,70,66,61,00,62
    .
    Completion time: 2009-02-11 18:42:56
    ComboFix-quarantined-files.txt 2009-02-11 23:42:27
    ComboFix2.txt 2009-02-10 23:48:10
    ComboFix3.txt 2009-02-10 03:46:09

    Pre-Run: 20 215 941 632 bytes free
    Post-Run: 20,236,612,096 bytes free

    184 --- E O F --- 2009-01-15 08:18:51
    14 Février 2009 04:48:13

    Yoog_Fix v.02 by Batch_Man
    LogFile saved at 22:46:28 on 2009-02-13
    OS: Microsoft Windows XP Service Pack 3
    Boot mode: Normal
    Internet Explorer 7.0.5730.13
    Mozilla Firefox 3.0.6 (en-US)
    Launched on C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UMGK2SI3\Yoog_Fix[1].bat (Administrator)

    /----- Analyse de Firefox

    Moteur de recherche par default "browser.search.defaultenginename" : Yoog Search

    /----- Extensions Firefox

    Adblock Plus: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hmdcse1g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    AVG Safe Search: C:\Program Files\AVG\AVG8\Firefox
    Java Console: C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    Java Console: C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    Java Quick Starter: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    WebMail Notifier: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hmdcse1g.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    Default: C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    [2008-06-23 16:38 | 1108] C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hmdcse1g.default\searchplugins\wikipedia.xml: Wikipedia (en) - English Wikipedia: http://en.wikipedia.org/wiki/Special:Search
    [2009-02-11 19:20 | 1394] C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml: Amazon.com - Amazon.com Search: http://www.amazon.com/
    [2009-02-11 19:20 | 2193] C:\Program Files\Mozilla Firefox\searchplugins\answers.xml: Answers.com - Dictionary Search on Answers.com: http://www.answers.com/
    [2009-02-11 19:20 | 1534] C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml: Creative Commons - Find photos, movies, music, and text to rip, sample, mash, and share.: http://search.creativecommons.org/
    [2009-02-11 19:20 | 2343] C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml: eBay - eBay - Online actions: http://search.ebay.com/
    [2009-02-11 19:20 | 1706] C:\Program Files\Mozilla Firefox\searchplugins\google.xml: Google - Google Search: http://www.google.com/firefox
    [2009-02-11 19:20 | 1178] C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml: Wikipedia (en) - Wikipedia, the free encyclopedia: http://en.wikipedia.org/wiki/Special:Search
    [2009-02-11 19:20 | 792] C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml: Yahoo - Yahoo Search: http://search.yahoo.com/

    /----- Recherche de fichiers infectieux


    /----- Listing de dossiers

    [2009-02-11 19:19 | --a------ | 2925 bytes] "C:\Program Files\Mozilla Firefox\Components\aboutRights.js"
    [2009-02-11 19:19 | --a------ | 2927 bytes] "C:\Program Files\Mozilla Firefox\Components\aboutRobots.js"
    [2009-02-11 19:20 | --a------ | 348427 bytes] "C:\Program Files\Mozilla Firefox\Components\browser.xpt"
    [2009-02-11 19:20 | --a------ | 23032 bytes] "C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll"
    [2009-02-11 19:20 | --a------ | 134648 bytes] "C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll"
    [2009-02-11 19:19 | --a------ | 25339 bytes] "C:\Program Files\Mozilla Firefox\Components\FeedConverter.js"
    [2009-02-11 19:19 | --a------ | 66215 bytes] "C:\Program Files\Mozilla Firefox\Components\FeedProcessor.js"
    [2009-02-11 19:19 | --a------ | 49694 bytes] "C:\Program Files\Mozilla Firefox\Components\FeedWriter.js"
    [2009-02-11 19:20 | --a------ | 38238 bytes] "C:\Program Files\Mozilla Firefox\Components\fuelApplication.js"
    [2009-02-11 19:20 | --a------ | 1494 bytes] "C:\Program Files\Mozilla Firefox\Components\jsconsole-clhandler.js"
    [2009-02-11 19:20 | --a------ | 11659 bytes] "C:\Program Files\Mozilla Firefox\Components\nsAddonRepository.js"
    [2009-02-11 19:20 | --a------ | 3104 bytes] "C:\Program Files\Mozilla Firefox\Components\nsBadCertHandler.js"
    [2009-02-11 19:20 | --a------ | 29984 bytes] "C:\Program Files\Mozilla Firefox\Components\nsBlocklistService.js"
    [2009-02-11 19:20 | --a------ | 33087 bytes] "C:\Program Files\Mozilla Firefox\Components\nsBrowserContentHandler.js"
    [2009-02-11 19:20 | --a------ | 32315 bytes] "C:\Program Files\Mozilla Firefox\Components\nsBrowserGlue.js"
    [2009-02-11 19:20 | --a------ | 5005 bytes] "C:\Program Files\Mozilla Firefox\Components\nsContentDispatchChooser.js"
    [2009-02-11 19:20 | --a------ | 29973 bytes] "C:\Program Files\Mozilla Firefox\Components\nsContentPrefService.js"
    [2009-02-11 19:20 | --a------ | 6247 bytes] "C:\Program Files\Mozilla Firefox\Components\nsDefaultCLH.js"
    [2009-02-11 19:20 | --a------ | 5737 bytes] "C:\Program Files\Mozilla Firefox\Components\nsDownloadManagerUI.js"
    [2009-02-11 19:20 | --a------ | 333468 bytes] "C:\Program Files\Mozilla Firefox\Components\nsExtensionManager.js"
    [2009-02-11 19:20 | --a------ | 51214 bytes] "C:\Program Files\Mozilla Firefox\Components\nsHandlerService.js"
    [2009-02-11 19:20 | --a------ | 41716 bytes] "C:\Program Files\Mozilla Firefox\Components\nsHelperAppDlg.js"
    [2009-02-11 19:20 | --a------ | 36039 bytes] "C:\Program Files\Mozilla Firefox\Components\nsLivemarkService.js"
    [2009-02-11 19:20 | --a------ | 4302 bytes] "C:\Program Files\Mozilla Firefox\Components\nsLoginInfo.js"
    [2009-02-11 19:20 | --a------ | 44047 bytes] "C:\Program Files\Mozilla Firefox\Components\nsLoginManager.js"
    [2009-02-11 19:20 | --a------ | 40367 bytes] "C:\Program Files\Mozilla Firefox\Components\nsLoginManagerPrompter.js"
    [2009-02-11 19:20 | --a------ | 77051 bytes] "C:\Program Files\Mozilla Firefox\Components\nsMicrosummaryService.js"
    [2009-02-11 19:20 | --a------ | 33805 bytes] "C:\Program Files\Mozilla Firefox\Components\nsPlacesTransactionsService.js"
    [2009-02-11 19:20 | --a------ | 21420 bytes] "C:\Program Files\Mozilla Firefox\Components\nsPostUpdateWin.js"
    [2009-02-11 19:20 | --a------ | 13682 bytes] "C:\Program Files\Mozilla Firefox\Components\nsProxyAutoConfig.js"
    [2009-02-11 19:20 | --a------ | 25176 bytes] "C:\Program Files\Mozilla Firefox\Components\nsSafebrowsingApplication.js"
    [2009-02-11 19:20 | --a------ | 110646 bytes] "C:\Program Files\Mozilla Firefox\Components\nsSearchService.js"
    [2009-02-11 19:20 | --a------ | 24273 bytes] "C:\Program Files\Mozilla Firefox\Components\nsSearchSuggestions.js"
    [2009-02-11 19:20 | --a------ | 11428 bytes] "C:\Program Files\Mozilla Firefox\Components\nsSessionStartup.js"
    [2009-02-11 19:20 | --a------ | 76786 bytes] "C:\Program Files\Mozilla Firefox\Components\nsSessionStore.js"
    [2009-02-11 19:20 | --a------ | 2854 bytes] "C:\Program Files\Mozilla Firefox\Components\nsSetDefaultBrowser.js"
    [2009-02-11 19:20 | --a------ | 12513 bytes] "C:\Program Files\Mozilla Firefox\Components\nsSidebar.js"
    [2009-02-11 19:20 | --a------ | 9967 bytes] "C:\Program Files\Mozilla Firefox\Components\nsTaggingService.js"
    [2009-02-11 19:20 | --a------ | 3268 bytes] "C:\Program Files\Mozilla Firefox\Components\nsTryToClose.js"
    [2009-02-11 19:20 | --a------ | 112848 bytes] "C:\Program Files\Mozilla Firefox\Components\nsUpdateService.js"
    [2009-02-11 19:20 | --a------ | 50600 bytes] "C:\Program Files\Mozilla Firefox\Components\nsUrlClassifierLib.js"
    [2009-02-11 19:20 | --a------ | 19984 bytes] "C:\Program Files\Mozilla Firefox\Components\nsUrlClassifierListManager.js"
    [2009-02-11 19:20 | --a------ | 3097 bytes] "C:\Program Files\Mozilla Firefox\Components\nsURLFormatter.js"
    [2009-02-11 19:20 | --a------ | 6920 bytes] "C:\Program Files\Mozilla Firefox\Components\nsWebHandlerApp.js"
    [2009-02-11 19:20 | --a------ | 3142 bytes] "C:\Program Files\Mozilla Firefox\Components\pluginGlue.js"
    [2009-02-11 19:20 | --a------ | 49926 bytes] "C:\Program Files\Mozilla Firefox\Components\storage-Legacy.js"
    [2009-02-11 19:20 | --a------ | 6667 bytes] "C:\Program Files\Mozilla Firefox\Components\txEXSLTRegExFunctions.js"
    [2009-02-11 19:19 | --a------ | 34011 bytes] "C:\Program Files\Mozilla Firefox\Components\WebContentConverter.js"
    [2008-11-10 05:43 | --a------ | 410984 bytes] "C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll"
    [2009-02-11 19:20 | --a------ | 65528 bytes] "C:\Program Files\Mozilla Firefox\plugins\npnul32.dll"
    [2006-10-26 20:12 | --a------ | 16192 bytes] "C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL"
    [2007-03-22 18:23 | --a------ | 17248 bytes] "C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL"
    [2008-06-11 22:45 | --a------ | 103792 bytes] "C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll"

    /----- Analyse d'Internet Explorer

    HKCU\Software\Microsoft\Internet Explorer,Start Page: about:blank
    HKLM\Software\Microsoft\Internet Explorer,Start Page: http://go.microsoft.com/fwlink/?LinkId=69157
    HKCU\Software\Microsoft\Internet Explorer,Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
    HKLM\Software\Microsoft\Internet Explorer,Search Page: http://go.microsoft.com/fwlink/?LinkId=54896
    HKLM\Software\Microsoft\Internet Explorer,Default_Search_URL: http://go.microsoft.com/fwlink/?LinkId=54896
    HKLM\Software\Microsoft\Internet Explorer,CustomizeSearch: http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    HKLM\Software\Microsoft\Internet Explorer,SearchAssistant: http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    /----- Recherche dans le registre

    [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] @ieframe.dll,-12512 : http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{316A819A-2B62-4679-86EA-A1999275FD3E}] Yoog Search: http://www5.yoog.com/search.php?q={searchTerms}
    [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9424A2BC-7919-4DEC-97F0-A164E634ED74}] Google : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9C1A4564-A821-4E7E-821F-B53E9443419A}] Yahoo! Search: http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] @ieframe.dll,-12512 : http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    /----- Extensions

    Windows Messenger: C:\Program Files\Messenger\msmsgs.exe - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}

    <---------- Fin du rapport ---------->
    14 Février 2009 18:51:31

    re
    je ne vois qu'une clé...

    Ouvre le bloc-notes et fais un copier coller de ce qui est ci-dessous (copie tout d'un trait) :
    REGEDIT 4
    [-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{316A819A-2B62-4679-86EA-A1999275FD3E}]


    Puis "fichier"/"enregistrer sous" :
    dans : sur le bureau
    Nom du fichier : fix.reg
    Type de fichier : "tous les fichiers"
    clique sur "enregistrer"

    Quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
    Si c'est bien le cas, clique sur "oui".


    Dis moi si tu as toujours des soucis...

    19 Février 2009 06:26:22

    La procédure n'a pas fonctionnée, mais j'ai réussi en suivant le chemin de la clé à la supprimer directement du registre. Donc tout est beau maintenant:) 

    MERCI beaucoup,
    Yves (pooltech)
    19 Février 2009 19:17:02

    re
    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
    Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS