Probleme Virus Google Redirection

Raf -  
 manumanu -
Bonjour,

J'ai un probleme de redirection à partir de google : A chaque fois que je clique sur les résultats d'une recherche, je suis systématiquement redirigé vers https://www.ebay.fr/b/Occasions/bn_7114980671 ou http://fp.free-mediacenter.com/FR/lecteur-universel/103/?&nums=FHPHevTAAA-FGfjgO4AAA&grpid=3349&tag_id=450

De temps a autre une fenêtre blanche s'ouvre toute seule et ralentit le pc.

J'ai fait une analyse avec Avast qui n'a pas donné de résultats.

Merci d'avance.
A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
glarf Messages postés 108 Statut Membre 8
 
Un petit coup de hijackthis ne fait jamais de mal, essaie à tout hasard.
0
Réponse 2 / 21
Raf
 
Comment il fonctionne?
0
Réponse 3 / 21
glarf Messages postés 108 Statut Membre 8
 
https://fr.wikipedia.org/wiki/HijackThis ;)
0
Réponse 4 / 21
Raf
 
c'est bon J'ai fait un scan. Et voila le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29:16, on 20/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Kiwee Toolbar\2.9.201\kwtbaim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\freddy58.exe
c:\windows\pp11.exe
C:\WINDOWS\sySTEM32\SvchoSt.ExE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Raf.COULOIR\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66028
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.9.201\kwtbaim.exe"
O4 - HKLM\..\Run: [sysldtray] c:\windows\ld14.exe
O4 - HKLM\..\Run: [sysfbtray] c:\windows\freddy58.exe
O4 - HKLM\..\Run: [pp] c:\windows\pp11.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
glarf Messages postés 108 Statut Membre 8
 
C'est quoi ce freddy58?
0
Réponse 6 / 21
Raf
 
Je ne sais pâs. Je suis un novice J'a& aucune idée ce ce que ca signifie tout ca :)
0
Réponse 7 / 21
Raf
 
Tu aurai une idée de ce que je dois faire pour virer mon virus?
0
Réponse 8 / 21
Utilisateur anonyme
 
Salut vous deux,

A la lecture de ton scan HIJACKTHIS ton pc est bien bien vérolé !

Commence par faire ceci:

---> Télécharge OTM (OldTimer) sur ton Bureau :
http: http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/


---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:processes
explorer.exe

:files
c:\program files\kiwee toolbar\2.9.201\kwtbaim.exe
c:\windows\freddy58.exe
c:\program files\agi\common\agcutils.dll
c:\program files\kiwee toolbar\2.9.201\kiweeietoolbar.dll
c:\windows\ld14.exe


:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
[-HKEY_CLASSES_ROOT\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KiweeHook"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"sysldtray"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"sysfbtray"=-


:commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre: Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

a+



0
Réponse 9 / 21
Raf
 
Merci pour ton aide :). Voici le rapport:

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
c:\program files\kiwee toolbar\2.9.201\kwtbaim.exe moved successfully.
c:\windows\freddy58.exe moved successfully.
c:\program files\agi\common\agcutils.dll unregistered successfully.
c:\program files\agi\common\agcutils.dll moved successfully.
LoadLibrary failed for c:\program files\kiwee toolbar\2.9.201\KiweeIEToolbar.dll
c:\program files\kiwee toolbar\2.9.201\KiweeIEToolbar.dll NOT unregistered.
c:\program files\kiwee toolbar\2.9.201\KiweeIEToolbar.dll moved successfully.
c:\windows\ld14.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KiweeHook deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysldtray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysfbtray deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4551820 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Invité
->Temp folder emptied: 643 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.AUTORITE NT
->Temp folder emptied: 115616 bytes
File delete failed. C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.AUTORITE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1071056 bytes

User: Raf.COULOIR
File delete failed. C:\Documents and Settings\Raf.COULOIR\Local Settings\Temp\~DFDDF2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Raf.COULOIR\Local Settings\Temp\~DFF790.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 1073451593 bytes
->Temporary Internet Files folder emptied: 134701473 bytes
->Java cache emptied: 2698025 bytes
->FireFox cache emptied: 84186373 bytes

User: Requiem

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1139202 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 61400189 bytes
RecycleBin emptied: 1005487127 bytes

Total Files Cleaned = -1836,71 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08202009_191559

Files moved on Reboot...
File C:\Documents and Settings\Raf.COULOIR\Local Settings\Temp\~DFDDF2.tmp not found!
C:\Documents and Settings\Raf.COULOIR\Local Settings\Temp\~DFF790.tmp moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat moved successfully.

Registry entries deleted on Reboot...
0
Réponse 10 / 21
Utilisateur anonyme
 
De rien....

Télécharges RSIT (de random/random) sur le bureau :

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .

Les rapports sont dans le dossier ici C:\rsit
a+







0
Réponse 11 / 21
Raf
 
Le contenu de log.txt:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Raf at 2009-08-20 19:37:31
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 20 GB (26%) free of 76 GB
Total RAM: 511 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:54, on 20/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sySTEM32\SvchoSt.ExE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\windows\pp11.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Raf.COULOIR\Bureau\RSIT.exe
C:\Documents and Settings\Raf.COULOIR\Bureau\Raf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66028
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [pp] C:\windows\pp11.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 12 / 21
Utilisateur anonyme
 
Re ...Raf,

Fais ceci dans l'ordre :

1)
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2 (suppression).
Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

2)
Fais un scan avec cet antispyware :
TelechargesMalwarebytes + tutoriel

Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.

3)
Un nouveau RSIT (comme au mess :10)
==> tu n'auras que le log/txt c'est normal....

4)

Si tu peux faire cela assez vite...stp car je ne serai pas dispo tard ce soir !!!!!!!
==>Sinon réponse demain soir....(Eh oui je bosse...demain tres tot !!!!)
a+














0
Réponse 13 / 21
Raf
 
Le rapport de Toolbar-S&D :


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.66GHz )
BIOS : BIOS Date: 10/20/02 17:32:10 Ver: 08.00.05
USER : Raf ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090730-0] 4.8.1296 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:19 Go)
D:\ (CD or DVD)
E:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 20/08/2009|20:21 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\RAF~1.COU\Cookies\raf@crawler[1].txt
Supprime! - C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kiwee Toolbar\config
Supprime! - C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kiwee Toolbar\images
Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201
Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\AGTBCore.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeCommonCtrls.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeTBCore.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\mfc80u.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\MsnIMToolbar.dll
Supprime! - C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Kiwee Toolbar
Supprime! - C:\DOCUME~1\RAF~1.COU\Cookies\raf@mywebsearch[1].txt
Supprime! - C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kiwee Toolbar
Echec ! - C:\Program Files\Kiwee Toolbar

-----------\\ DEUXIEME PASSAGE

Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201
Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\AGTBCore.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeCommonCtrls.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeTBCore.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\mfc80u.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.9.201\MsnIMToolbar.dll
Echec ! - C:\Program Files\Kiwee Toolbar

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Kiwee Toolbar
C:\Program Files\Kiwee Toolbar\2.9.201
C:\Program Files\Kiwee Toolbar\2.9.201\AGTBCore.dll
C:\Program Files\Kiwee Toolbar\2.9.201\KiweeCommonCtrls.dll
C:\Program Files\Kiwee Toolbar\2.9.201\KiweeTBCore.dll
C:\Program Files\Kiwee Toolbar\2.9.201\mfc80u.dll
C:\Program Files\Kiwee Toolbar\2.9.201\MsnIMToolbar.dll

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Raf.COULOIR) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Raf.COULOIR) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://hp.mywebsearch.com/mywebsearch/index.html"
"Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66028"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=66028"
"CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\RAF~1.COU\Mes documents\Ma musique\Freezer Raf\Eminem\Crack A Bottle - Eminem ft Dr Dre & 50 Cent.mp3



1 - "C:\ToolBar SD\TB_1.txt" - 20/08/2009|20:25 - Option : [2]

-----------\\ Fin du rapport a 20:25:15,28

Le reste suis :)
0
Réponse 14 / 21
Raf
 
Le lien pour télécharger Malwarebytes + tutoriel est mort. Ya erreur de chargement a chaque fois...
0
Réponse 15 / 21
Raf
 
Si t'a un autre antispyware...
0
Réponse 16 / 21
Utilisateur anonyme
 
Il y a qque chose de vraiment pas net:

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

<gras>/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ </gras
>En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

a+
0
Réponse 17 / 21
Utilisateur anonyme
 
DSL ....pour ce soir! ==> Dodo.
A demain soir....
J'espère que tu me comprends !
0
Réponse 18 / 21
Raf
 
Voila ca a pris du temps mais ca y est :):


ComboFix 09-08-19.0C - Raf 20/08/2009 21:02.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.312 [GMT 2:00]
Running from: c:\documents and settings\Raf.COULOIR\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090730-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Bureau\avast! Antivirus.lnk
c:\recycler\S-1-5-21-515967899-583907252-839522115-1004
c:\recycler\S-1-5-21-515967899-583907252-839522115-1007
c:\recycler\S-1-5-21-515967899-583907252-839522115-1009
c:\recycler\S-1-5-21-515967899-583907252-839522115-1010
c:\recycler\S-1-5-21-515967899-583907252-839522115-1011
c:\recycler\S-1-5-21-515967899-583907252-839522115-1012
c:\windows\010112010146101105.xe
c:\windows\0101120101464857.xe
c:\windows\0101120101465653.xe
c:\windows\Installer\2071d7.msi
c:\windows\Installer\257ce.msi
c:\windows\Installer\4f42a.msi
c:\windows\Installer\5da6bb.msi
c:\windows\Installer\5da6bc.msp
c:\windows\Installer\5da6bd.msp
c:\windows\Installer\5da6be.msp
c:\windows\Installer\5da6bf.msp
c:\windows\Installer\5da6c0.msp
c:\windows\Installer\5da6c1.msp
c:\windows\Installer\5da6c2.msp
c:\windows\Installer\5da6c3.msp
c:\windows\Installer\5da6c4.msp
c:\windows\pp11.exe
c:\windows\prxid93ps.dat
c:\recycler\S-1-5-21-515967899-583907252-839522115-1008 . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SfX


((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-20 19:12 . 2009-08-20 19:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kiwee Toolbar
2009-08-20 18:53 . 2009-08-20 18:53 -------- d-----w- c:\documents and settings\Raf.COULOIR\Application Data\Malwarebytes
2009-08-20 18:53 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 18:53 . 2009-08-20 18:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-08-20 18:53 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 18:53 . 2009-08-20 18:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-20 18:20 . 2009-08-20 18:25 -------- d-----w- C:\ToolBar SD
2009-08-20 17:37 . 2009-08-20 17:38 -------- d-----w- C:\rsit
2009-08-20 17:15 . 2009-08-20 17:15 -------- d-----w- C:\_OTM
2009-08-20 14:17 . 2009-08-20 14:17 38016 ----a-w- c:\windows\system32\drivers\DnsFilter.sys
2009-08-20 14:17 . 2009-08-20 14:17 -------- d-----w- c:\program files\DDnsFilter
2009-08-20 14:17 . 2009-08-20 14:17 1 ---h--w- c:\windows\ex23567.dat
2009-08-04 16:20 . 2009-08-04 16:20 -------- d-----w- c:\documents and settings\LocalService.AUTORITE NT\Application Data\agi
2009-08-04 16:19 . 2009-08-04 16:19 -------- d-----w- c:\documents and settings\Raf.COULOIR\Local Settings\Application Data\Kiwee Toolbar
2009-08-04 16:19 . 2009-08-04 16:19 -------- d-----w- c:\program files\Kiwee Toolbar
2009-08-04 16:18 . 2009-08-04 16:19 -------- d-----w- c:\documents and settings\Raf.COULOIR\Application Data\agi
2009-08-04 16:17 . 2009-08-04 16:17 339968 ----a-w- c:\windows\system32\pythoncom25.dll
2009-08-04 16:17 . 2009-08-04 16:17 114688 ----a-w- c:\windows\system32\pywintypes25.dll
2009-08-04 16:17 . 2009-08-04 16:17 2117632 ----a-w- c:\windows\system32\python25.dll
2009-08-04 16:17 . 2008-09-16 16:26 1332197 ----a-w- c:\windows\system32\pythondll.zip
2009-08-04 16:17 . 2009-08-04 16:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AGI
2009-08-04 16:17 . 2009-08-04 16:17 -------- d-----w- c:\program files\AGI
2009-08-02 18:38 . 2009-08-02 18:38 -------- d-----w- c:\documents and settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Google
2009-08-02 18:26 . 2009-08-02 18:26 -------- d-----w- c:\documents and settings\LocalService.AUTORITE NT\Local Settings\Application Data\Google
2009-08-02 18:26 . 2009-08-02 18:26 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-08-02 17:06 . 2009-08-02 17:29 -------- d-----w- c:\documents and settings\Raf.COULOIR\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 12:38 . 2006-08-26 14:45 -------- d-----w- c:\program files\Google
2009-08-02 18:27 . 2008-12-03 19:22 -------- d-----w- c:\program files\DivX
2009-07-19 15:22 . 2009-06-29 08:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\TrackMania
2009-07-15 09:10 . 2008-07-26 19:39 -------- d-----w- c:\documents and settings\Raf.COULOIR\Application Data\OpenOffice.org2
2009-07-15 09:09 . 2008-07-26 19:41 1 ----a-w- c:\documents and settings\Raf.COULOIR\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-07-07 11:33 . 2009-07-07 11:33 -------- d-----w- c:\program files\Ubisoft
2009-07-01 19:21 . 2007-12-19 09:40 -------- d-----w- c:\program files\Windows Live
2009-06-29 15:57 . 2006-06-23 11:28 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2007-08-22 22:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2002-08-30 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-28 22:01 . 2009-06-28 21:56 -------- d-----w- c:\program files\TmNationsForever
2009-06-16 14:40 . 2002-08-30 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2002-08-30 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2007-08-22 13:43 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 15:02 . 2002-08-30 12:00 85058 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-27 15:02 . 2002-08-30 12:00 511154 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2008-11-23 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\Raf.COULOIR\Menu D‚marrer\Programmes\D‚marrage\
Registration Heroes of Might & Magic 5.LNK - c:\program files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [2009-7-7 868352]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Raf.COULOIR^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Raf.COULOIR\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
"c:\\Documents and Settings\\Raf.COULOIR\\Bureau\\freezer v1.4 fr\\freezer v1.4 fr\\freezer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"8085:TCP"= 8085:TCP:ddnsfilter

R?2 ddnsfilter;ddnsfilter;c:\windows\sySTEM32\SvchoSt.ExE -k ddnsfilter [30/08/2002 14:00 14336]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/05/2008 17:06 111184]
R1 DnsFilter;DnsFilter;c:\windows\system32\drivers\DnsFilter.sys [20/08/2009 16:17 38016]
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [04/08/2009 18:17 10240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/05/2008 17:06 20560]
R3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [15/05/2008 15:04 299904]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [07/03/2009 23:42 30272]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.drv [07/03/2009 23:42 37440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
ddnsfilter REG_MULTI_SZ ddnsfilter
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tropal.net/
mStart Page = hxxp://www.tropal.net/
mWindow Title =
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Raf.COULOIR\Application Data\Mozilla\Firefox\Profiles\a06j66w4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Kiwee Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-20 21:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdkLBF]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(748)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-20 21:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-20 19:18

Pre-Run: 20 710 662 144 octets libres
Post-Run: 21 549 858 816 octets libres

215 --- E O F --- 2009-07-30 21:01
0
Réponse 19 / 21
Raf
 
Pas grave cest normal. Merci beaucoup :)

Dit moi quand tu es dispo je m'arrangerai pour etre la.

a+
0
Réponse 20 / 21
Utilisateur anonyme
 
Dis moi si cela macrhe maintenant;

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ Malwarebytes + tutoriel ]

a+

0