Probleme Virus Google Redirection

Raf -  
 manumanu -
Bonjour,

J'ai un probleme de redirection à partir de google : A chaque fois que je clique sur les résultats d'une recherche, je suis systématiquement redirigé vers https://www.ebay.fr/b/Occasions/bn_7114980671 ou http://fp.free-mediacenter.com/FR/lecteur-universel/103/?&nums=FHPHevTAAA-FGfjgO4AAA&grpid=3349&tag_id=450

De temps a autre une fenêtre blanche s'ouvre toute seule et ralentit le pc.

J'ai fait une analyse avec Avast qui n'a pas donné de résultats.

Merci d'avance.
Configuration: Windows XP
Firefox 3.0.13

21 réponses

  • 1
  • 2
  1. glarf Messages postés 108 Statut Membre 8
     
    Un petit coup de hijackthis ne fait jamais de mal, essaie à tout hasard.
    0
  2. Raf
     
    c'est bon J'ai fait un scan. Et voila le rapport:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:29:16, on 20/08/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AGI\common\win32\PythonService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Kiwee Toolbar\2.9.201\kwtbaim.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    c:\windows\freddy58.exe
    c:\windows\pp11.exe
    C:\WINDOWS\sySTEM32\SvchoSt.ExE
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Raf.COULOIR\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66028
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.9.201\kwtbaim.exe"
    O4 - HKLM\..\Run: [sysldtray] c:\windows\ld14.exe
    O4 - HKLM\..\Run: [sysfbtray] c:\windows\freddy58.exe
    O4 - HKLM\..\Run: [pp] c:\windows\pp11.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  3. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  4. glarf Messages postés 108 Statut Membre 8
     
    C'est quoi ce freddy58?
    0
  5. Raf
     
    Je ne sais pâs. Je suis un novice J'a& aucune idée ce ce que ca signifie tout ca :)
    0
  6. Raf
     
    Tu aurai une idée de ce que je dois faire pour virer mon virus?
    0
  7. archet9
     
    Salut vous deux,

    A la lecture de ton scan HIJACKTHIS ton pc est bien bien vérolé !

    Commence par faire ceci:

    ---> Télécharge OTM (OldTimer) sur ton Bureau :
    http: http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

    :processes
    explorer.exe

    :files
    c:\program files\kiwee toolbar\2.9.201\kwtbaim.exe
    c:\windows\freddy58.exe
    c:\program files\agi\common\agcutils.dll
    c:\program files\kiwee toolbar\2.9.201\kiweeietoolbar.dll
    c:\windows\ld14.exe

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
    "{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
    [-HKEY_CLASSES_ROOT\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "KiweeHook"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "sysldtray"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "sysfbtray"=-

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre: Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    a+

    0
  8. Raf
     
    Merci pour ton aide :). Voici le rapport:

    All processes killed
    ========== PROCESSES ==========
    Process explorer.exe killed successfully!
    ========== FILES ==========
    c:\program files\kiwee toolbar\2.9.201\kwtbaim.exe moved successfully.
    c:\windows\freddy58.exe moved successfully.
    c:\program files\agi\common\agcutils.dll unregistered successfully.
    c:\program files\agi\common\agcutils.dll moved successfully.
    LoadLibrary failed for c:\program files\kiwee toolbar\2.9.201\KiweeIEToolbar.dll
    c:\program files\kiwee toolbar\2.9.201\KiweeIEToolbar.dll NOT unregistered.
    c:\program files\kiwee toolbar\2.9.201\KiweeIEToolbar.dll moved successfully.
    c:\windows\ld14.exe moved successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.
    Registry key HKEY_CLASSES_ROOT\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KiweeHook deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysldtray deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysfbtray deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: All Users.WINDOWS

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 4551820 bytes

    User: Default User.WINDOWS
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Invité
    ->Temp folder emptied: 643 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 65984 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService.AUTORITE NT
    ->Temp folder emptied: 115616 bytes
    File delete failed. C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService.AUTORITE NT
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 1071056 bytes

    User: Raf.COULOIR
    File delete failed. C:\Documents and Settings\Raf.COULOIR\Local Settings\Temp\~DFDDF2.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Raf.COULOIR\Local Settings\Temp\~DFF790.tmp scheduled to be deleted on reboot.
    ->Temp folder emptied: 1073451593 bytes
    ->Temporary Internet Files folder emptied: 134701473 bytes
    ->Java cache emptied: 2698025 bytes
    ->FireFox cache emptied: 84186373 bytes

    User: Requiem

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1139202 bytes
    %systemroot%\System32 .tmp files removed: 3072 bytes
    File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied: 61400189 bytes
    RecycleBin emptied: 1005487127 bytes

    Total Files Cleaned = -1836,71 mb

    OTM by OldTimer - Version 3.0.0.6 log created on 08202009_191559

    Files moved on Reboot...
    File C:\Documents and Settings\Raf.COULOIR\Local Settings\Temp\~DFDDF2.tmp not found!
    C:\Documents and Settings\Raf.COULOIR\Local Settings\Temp\~DFF790.tmp moved successfully.
    File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
    C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat moved successfully.

    Registry entries deleted on Reboot...
    0
  9. archet9
     
    De rien....

    Télécharges RSIT (de random/random) sur le bureau :

    - Double clique sur RSIT.exe qui est sur le bureau
    - Clique sur Continue dans la fenêtre
    - RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
    - Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .

    Les rapports sont dans le dossier ici C:\rsit
    a+

    0
  10. Raf
     
    Le contenu de log.txt:
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Raf at 2009-08-20 19:37:31
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 20 GB (26%) free of 76 GB
    Total RAM: 511 MB (42% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:37:54, on 20/08/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AGI\common\win32\PythonService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\sySTEM32\SvchoSt.ExE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\windows\pp11.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Raf.COULOIR\Bureau\RSIT.exe
    C:\Documents and Settings\Raf.COULOIR\Bureau\Raf.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66028
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [pp] C:\windows\pp11.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  11. archet9
     
    Re ...Raf,

    Fais ceci dans l'ordre :

    1)
    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 2 (suppression).
    Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)

    2)
    Fais un scan avec cet antispyware :
    TelechargesMalwarebytes + tutoriel

    Tu l´installes; mets le a jour...(onglet mise a jour)
    Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
    Puis click sur "rechercher".
    Laisses le scanner le pc...Si des elements on ete trouvés > click sur supprimer la selection.
    si il t´es demandé de redemarrer > click sur "oui".
    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
    Copies et colles le rapport stp.

    3)
    Un nouveau RSIT (comme au mess :10)
    ==> tu n'auras que le log/txt c'est normal....

    4)

    Si tu peux faire cela assez vite...stp car je ne serai pas dispo tard ce soir !!!!!!!
    ==>Sinon réponse demain soir....(Eh oui je bosse...demain tres tot !!!!)
    a+

    0
  12. Raf
     
    Le rapport de Toolbar-S&D :

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.66GHz )
    BIOS : BIOS Date: 10/20/02 17:32:10 Ver: 08.00.05
    USER : Raf ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1296 [VPS 090730-0] 4.8.1296 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:74 Go (Free:19 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 20/08/2009|20:21 )

    -----------\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\RAF~1.COU\Cookies\raf@crawler[1].txt
    Supprime! - C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kiwee Toolbar\config
    Supprime! - C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kiwee Toolbar\images
    Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201
    Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\AGTBCore.dll
    Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeCommonCtrls.dll
    Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeTBCore.dll
    Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\mfc80u.dll
    Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\MsnIMToolbar.dll
    Supprime! - C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Kiwee Toolbar
    Supprime! - C:\DOCUME~1\RAF~1.COU\Cookies\raf@mywebsearch[1].txt
    Supprime! - C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kiwee Toolbar
    Echec ! - C:\Program Files\Kiwee Toolbar

    -----------\\ DEUXIEME PASSAGE

    Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201
    Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\AGTBCore.dll
    Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeCommonCtrls.dll
    Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeTBCore.dll
    Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\mfc80u.dll
    Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\MsnIMToolbar.dll
    Echec ! - C:\Program Files\Kiwee Toolbar

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\Kiwee Toolbar
    C:\Program Files\Kiwee Toolbar\2.9.201
    C:\Program Files\Kiwee Toolbar\2.9.201\AGTBCore.dll
    C:\Program Files\Kiwee Toolbar\2.9.201\KiweeCommonCtrls.dll
    C:\Program Files\Kiwee Toolbar\2.9.201\KiweeTBCore.dll
    C:\Program Files\Kiwee Toolbar\2.9.201\mfc80u.dll
    C:\Program Files\Kiwee Toolbar\2.9.201\MsnIMToolbar.dll

    -----------\\ Extensions

    (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

    (Raf.COULOIR) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
    (Raf.COULOIR) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://hp.mywebsearch.com/mywebsearch/index.html"
    "Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66028"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://www.msn.com/fr-fr/"
    "SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=66028"
    "CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\RAF~1.COU\Mes documents\Ma musique\Freezer Raf\Eminem\Crack A Bottle - Eminem ft Dr Dre & 50 Cent.mp3

    1 - "C:\ToolBar SD\TB_1.txt" - 20/08/2009|20:25 - Option : [2]

    -----------\\ Fin du rapport a 20:25:15,28

    Le reste suis :)
    0
  13. Raf
     
    Le lien pour télécharger Malwarebytes + tutoriel est mort. Ya erreur de chargement a chaque fois...
    0
  14. archet9
     
    Il y a qque chose de vraiment pas net:

    ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
    ---> Double-clique sur Combofix.exe
    Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
    Accepte en cliquant sur "Oui"

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    <gras>/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ </gras
    >En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix.txt

    a+
    0
  15. archet9
     
    DSL ....pour ce soir! ==> Dodo.
    A demain soir....
    J'espère que tu me comprends !
    0
  16. Raf
     
    Voila ca a pris du temps mais ca y est :):

    ComboFix 09-08-19.0C - Raf 20/08/2009 21:02.1.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.312 [GMT 2:00]
    Running from: c:\documents and settings\Raf.COULOIR\Bureau\ComboFix.exe
    AV: avast! antivirus 4.8.1296 [VPS 090730-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users.WINDOWS\Bureau\avast! Antivirus.lnk
    c:\recycler\S-1-5-21-515967899-583907252-839522115-1004
    c:\recycler\S-1-5-21-515967899-583907252-839522115-1007
    c:\recycler\S-1-5-21-515967899-583907252-839522115-1009
    c:\recycler\S-1-5-21-515967899-583907252-839522115-1010
    c:\recycler\S-1-5-21-515967899-583907252-839522115-1011
    c:\recycler\S-1-5-21-515967899-583907252-839522115-1012
    c:\windows\010112010146101105.xe
    c:\windows\0101120101464857.xe
    c:\windows\0101120101465653.xe
    c:\windows\Installer\2071d7.msi
    c:\windows\Installer\257ce.msi
    c:\windows\Installer\4f42a.msi
    c:\windows\Installer\5da6bb.msi
    c:\windows\Installer\5da6bc.msp
    c:\windows\Installer\5da6bd.msp
    c:\windows\Installer\5da6be.msp
    c:\windows\Installer\5da6bf.msp
    c:\windows\Installer\5da6c0.msp
    c:\windows\Installer\5da6c1.msp
    c:\windows\Installer\5da6c2.msp
    c:\windows\Installer\5da6c3.msp
    c:\windows\Installer\5da6c4.msp
    c:\windows\pp11.exe
    c:\windows\prxid93ps.dat
    c:\recycler\S-1-5-21-515967899-583907252-839522115-1008 . . . . failed to delete

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_SfX

    ((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
    .

    2009-08-20 19:12 . 2009-08-20 19:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kiwee Toolbar
    2009-08-20 18:53 . 2009-08-20 18:53 -------- d-----w- c:\documents and settings\Raf.COULOIR\Application Data\Malwarebytes
    2009-08-20 18:53 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-20 18:53 . 2009-08-20 18:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
    2009-08-20 18:53 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-20 18:53 . 2009-08-20 18:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-20 18:20 . 2009-08-20 18:25 -------- d-----w- C:\ToolBar SD
    2009-08-20 17:37 . 2009-08-20 17:38 -------- d-----w- C:\rsit
    2009-08-20 17:15 . 2009-08-20 17:15 -------- d-----w- C:\_OTM
    2009-08-20 14:17 . 2009-08-20 14:17 38016 ----a-w- c:\windows\system32\drivers\DnsFilter.sys
    2009-08-20 14:17 . 2009-08-20 14:17 -------- d-----w- c:\program files\DDnsFilter
    2009-08-20 14:17 . 2009-08-20 14:17 1 ---h--w- c:\windows\ex23567.dat
    2009-08-04 16:20 . 2009-08-04 16:20 -------- d-----w- c:\documents and settings\LocalService.AUTORITE NT\Application Data\agi
    2009-08-04 16:19 . 2009-08-04 16:19 -------- d-----w- c:\documents and settings\Raf.COULOIR\Local Settings\Application Data\Kiwee Toolbar
    2009-08-04 16:19 . 2009-08-04 16:19 -------- d-----w- c:\program files\Kiwee Toolbar
    2009-08-04 16:18 . 2009-08-04 16:19 -------- d-----w- c:\documents and settings\Raf.COULOIR\Application Data\agi
    2009-08-04 16:17 . 2009-08-04 16:17 339968 ----a-w- c:\windows\system32\pythoncom25.dll
    2009-08-04 16:17 . 2009-08-04 16:17 114688 ----a-w- c:\windows\system32\pywintypes25.dll
    2009-08-04 16:17 . 2009-08-04 16:17 2117632 ----a-w- c:\windows\system32\python25.dll
    2009-08-04 16:17 . 2008-09-16 16:26 1332197 ----a-w- c:\windows\system32\pythondll.zip
    2009-08-04 16:17 . 2009-08-04 16:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AGI
    2009-08-04 16:17 . 2009-08-04 16:17 -------- d-----w- c:\program files\AGI
    2009-08-02 18:38 . 2009-08-02 18:38 -------- d-----w- c:\documents and settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Google
    2009-08-02 18:26 . 2009-08-02 18:26 -------- d-----w- c:\documents and settings\LocalService.AUTORITE NT\Local Settings\Application Data\Google
    2009-08-02 18:26 . 2009-08-02 18:26 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
    2009-08-02 17:06 . 2009-08-02 17:29 -------- d-----w- c:\documents and settings\Raf.COULOIR\Application Data\LimeWire

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-03 12:38 . 2006-08-26 14:45 -------- d-----w- c:\program files\Google
    2009-08-02 18:27 . 2008-12-03 19:22 -------- d-----w- c:\program files\DivX
    2009-07-19 15:22 . 2009-06-29 08:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\TrackMania
    2009-07-15 09:10 . 2008-07-26 19:39 -------- d-----w- c:\documents and settings\Raf.COULOIR\Application Data\OpenOffice.org2
    2009-07-15 09:09 . 2008-07-26 19:41 1 ----a-w- c:\documents and settings\Raf.COULOIR\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
    2009-07-07 11:33 . 2009-07-07 11:33 -------- d-----w- c:\program files\Ubisoft
    2009-07-01 19:21 . 2007-12-19 09:40 -------- d-----w- c:\program files\Windows Live
    2009-06-29 15:57 . 2006-06-23 11:28 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-06-29 15:57 . 2007-08-22 22:36 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-29 15:57 . 2002-08-30 12:00 17408 ------w- c:\windows\system32\corpol.dll
    2009-06-28 22:01 . 2009-06-28 21:56 -------- d-----w- c:\program files\TmNationsForever
    2009-06-16 14:40 . 2002-08-30 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:40 . 2002-08-30 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-03 19:10 . 2007-08-22 13:43 1297408 ----a-w- c:\windows\system32\quartz.dll
    2009-05-27 15:02 . 2002-08-30 12:00 85058 ----a-w- c:\windows\system32\perfc00C.dat
    2009-05-27 15:02 . 2002-08-30 12:00 511154 ----a-w- c:\windows\system32\perfh00C.dat
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2008-11-23 2356088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
    "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

    c:\documents and settings\Raf.COULOIR\Menu D‚marrer\Programmes\D‚marrage\
    Registration Heroes of Might & Magic 5.LNK - c:\program files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [2009-7-7 868352]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Raf.COULOIR^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
    path=c:\documents and settings\Raf.COULOIR\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
    backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=
    "c:\\Program Files\\TmNationsForever\\TmForever.exe"=
    "c:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
    "c:\\Documents and Settings\\Raf.COULOIR\\Bureau\\freezer v1.4 fr\\freezer v1.4 fr\\freezer.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "8085:TCP"= 8085:TCP:ddnsfilter

    R?2 ddnsfilter;ddnsfilter;c:\windows\sySTEM32\SvchoSt.ExE -k ddnsfilter [30/08/2002 14:00 14336]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/05/2008 17:06 111184]
    R1 DnsFilter;DnsFilter;c:\windows\system32\drivers\DnsFilter.sys [20/08/2009 16:17 38016]
    R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [04/08/2009 18:17 10240]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/05/2008 17:06 20560]
    R3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [15/05/2008 15:04 299904]
    S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [07/03/2009 23:42 30272]
    S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.drv [07/03/2009 23:42 37440]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    ddnsfilter REG_MULTI_SZ ddnsfilter
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
    WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.tropal.net/
    mStart Page = hxxp://www.tropal.net/
    mWindow Title =
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Raf.COULOIR\Application Data\Mozilla\Firefox\Profiles\a06j66w4.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Kiwee Live Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
    FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
    FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-20 21:13
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31]
    "ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdkLBF]
    "ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(748)
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
    c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
    c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\program files\PC Connectivity Solution\ServiceLayer.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-20 21:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-20 19:18

    Pre-Run: 20 710 662 144 octets libres
    Post-Run: 21 549 858 816 octets libres

    215 --- E O F --- 2009-07-30 21:01
    0
  17. Raf
     
    Pas grave cest normal. Merci beaucoup :)

    Dit moi quand tu es dispo je m'arrangerai pour etre la.

    a+
    0
  • 1
  • 2