Dos optimizer

Résolu
Profil bloqué -  
 Profil bloqué -
Bonjour,
Il y a le virus dos optimizer sur mon pc, que faire ?
Configuration: Windows XP Internet Explorer 7.0

28 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    Salut ,

    ▶ Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.

    • Double-clique sur RSIT.exe afin de lancer RSIT.

    • Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

    • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt .

    • Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
    0
  2. Profil bloqué
     
    merci pour la réponse, mais il y'a un seul fichier ki s'ouvre :
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by ESS at 2009-09-03 17:53:03
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 5 GB (12%) free of 38 GB
    Total RAM: 1015 MB (28% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:53:31, on 03/09/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Games\Pool Sharks\Starter.exe
    C:\Documents and Settings\ESS\Bureau\RSIT.exe
    C:\Program Files\trend micro\ESS.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.69.254.242:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
    R3 - URLSearchHook: LiveTV_ Toolbar - {59385f95-c52f-4a84-b674-4a4206b17218} - C:\Program Files\LiveTV_\tbLive.dll
    R3 - URLSearchHook: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: LiveTV_ Toolbar - {59385f95-c52f-4a84-b674-4a4206b17218} - C:\Program Files\LiveTV_\tbLive.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
    O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: LiveTV_ Toolbar - {59385f95-c52f-4a84-b674-4a4206b17218} - C:\Program Files\LiveTV_\tbLive.dll
    O3 - Toolbar: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Dos Optimizer.pif = ?
    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator\Ghost (file missing)
    O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator\Ghost (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: prxernsp.dll
    O10 - Unknown file in Winsock LSP: prxerdrv.dll
    O10 - Unknown file in Winsock LSP: prxerdrv.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D64A6D53-4B27-4AF5-AA10-4B69889C9792}: NameServer = 213.150.176.196,196.203.251.8
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
    0
  3. Utilisateur anonyme
     
    • Télécharge et install UsbFix

    ->> http://pagesperso-orange.fr/NosTools/cariboost_files/UsbFix.exe

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    • Double clic sur le raccourci UsbFix présent sur ton bureau .

    • Choisis l'option 1 ( Recherche )

    • Laisse travailler l'outil.

    • Ensuite post le rapport UsbFix.txt qui apparaitra.

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    • Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
    0
  4. Profil bloqué
     
    ############################## | UsbFix V6.024 |

    User : ESS (Administrateurs) # AYMEN
    Update on 01/09/09 by Chiquitine29, C_XX & Chimay8
    Start at: 18:03:25 | 03/09/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html

    Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 7.0.5730.13
    Windows Firewall Status : Disabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local # 37,26 Go (4,47 Go free) # NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque amovible # 1,86 Go (726,03 Mo free) [2 GO] # FAT32

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Games\Pool Sharks\Starter.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | Fichiers # Dossiers infectieux |

    Présent ! C:\WINDOWS\inf\smss.exe
    Présent ! C:\WINDOWS\system32\Sexy Girls.scr
    Présent ! C:\DOCUME~1\ESS\APPLIC~1\smss.exe
    Présent ! C:\autorun.inf
    Présent ! E:\autorun.inf

    ################## | Suspect ! ... | https://www.virustotal.com/gui/ |

    ################## | Registre # Clés Run infectieuses |

    Présent ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
    Présent ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
    Présent ! HKU\S-1-5-21-448539723-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
    Présent ! HKLM\software\microsoft\security center "AntiVirusDisableNotify" ( 0x1 )
    Présent ! HKLM\software\microsoft\security center "FirewallDisableNotify" ( 0x1 )
    Présent ! HKLM\software\microsoft\security center "UpdatesDisableNotify" ( 0x1 )

    ################## | Registre # Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{a7bdb175-97d4-11de-834b-0019700fc30d}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wlan.exe
    Shell\default\command =E:\wlan.exe

    ################## | Cracks / Keygens / Serials |

    ################## | ! Fin du rapport # UsbFix V6.024 ! |
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Profil bloqué
     
    ############################## | UsbFix V6.024 |

    User : ESS (Administrateurs) # AYMEN
    Update on 01/09/09 by Chiquitine29, C_XX & Chimay8
    Start at: 18:03:25 | 03/09/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html

    Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 7.0.5730.13
    Windows Firewall Status : Disabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local # 37,26 Go (4,47 Go free) # NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque amovible # 1,86 Go (726,03 Mo free) [2 GO] # FAT32

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Games\Pool Sharks\Starter.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | Fichiers # Dossiers infectieux |

    Présent ! C:\WINDOWS\inf\smss.exe
    Présent ! C:\WINDOWS\system32\Sexy Girls.scr
    Présent ! C:\DOCUME~1\ESS\APPLIC~1\smss.exe
    Présent ! C:\autorun.inf
    Présent ! E:\autorun.inf

    ################## | Suspect ! ... | https://www.virustotal.com/gui/ |

    ################## | Registre # Clés Run infectieuses |

    Présent ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
    Présent ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
    Présent ! HKU\S-1-5-21-448539723-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
    Présent ! HKLM\software\microsoft\security center "AntiVirusDisableNotify" ( 0x1 )
    Présent ! HKLM\software\microsoft\security center "FirewallDisableNotify" ( 0x1 )
    Présent ! HKLM\software\microsoft\security center "UpdatesDisableNotify" ( 0x1 )

    ################## | Registre # Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{a7bdb175-97d4-11de-834b-0019700fc30d}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wlan.exe
    Shell\default\command =E:\wlan.exe

    ################## | Cracks / Keygens / Serials |

    ################## | ! Fin du rapport # UsbFix V6.024 ! |
    0
  7. Utilisateur anonyme
     
    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

    • Double clic sur le raccourci UsbFix présent sur ton bureau

    • choisis l'option 2 ( Suppression )

    • Ton bureau disparaitra et le pc redémarrera .

    • Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

    • Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    0
  8. Profil bloqué
     
    ############################## | UsbFix V6.024 |

    User : ESS (Administrateurs) # AYMEN
    Update on 01/09/09 by Chiquitine29, C_XX & Chimay8
    Start at: 18:19:03 | 03/09/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html

    Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 7.0.5730.13
    Windows Firewall Status : Disabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local # 37,26 Go (4,42 Go free) # NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque amovible # 1,86 Go (726,03 Mo free) [2 GO] # FAT32

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | Fichiers # Dossiers infectieux |

    Supprimé ! C:\WINDOWS\inf\smss.exe
    Supprimé ! C:\WINDOWS\system32\Sexy Girls.scr
    Supprimé ! C:\DOCUME~1\ESS\APPLIC~1\smss.exe
    Supprimé ! C:\autorun.inf
    Supprimé ! E:\autorun.inf

    ################## | Autres |

    ################## | Suspect ! ... | https://www.virustotal.com/gui/ |

    ################## | Registre # Clés Run infectieuses |

    Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
    Supprimé ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
    # HKLM\software\microsoft\security center "AntiVirusDisableNotify" # -> Reset sucessfully !
    # HKLM\software\microsoft\security center "FirewallDisableNotify" # -> Reset sucessfully !
    # HKLM\software\microsoft\security center "UpdatesDisableNotify" # -> Reset sucessfully !

    ################## | Registre # Mountpoints2 |

    ################## | Listing des fichiers présent |

    [10/10/2008 01:29|--a------|1024] -> C:\.rnd
    [12/07/2009 16:23|---hs----|212] -> C:\boot.ini
    [15/10/2001 00:41|-rahs----|4952] -> C:\Bootfont.bin
    [25/08/2008 15:43|--a------|0] -> C:\CONFIG.SYS
    [16/03/2009 23:41|--a------|120] -> C:\drmHeader.bin
    [22/08/2009 07:39|--a------|184] -> C:\drwtsn32.log
    [23/09/2008 02:56|--a------|117] -> C:\finfos.txt
    [27/03/2001 00:00|--a------|53248] -> C:\gendel32.exe
    [18/11/2008 04:44|--a------|164] -> C:\install.dat
    [25/08/2008 15:43|-rahs----|0] -> C:\IO.SYS
    [04/04/2009 02:58|--a------|125] -> C:\ioSpecial.ini
    [09/11/2008 18:28|--a------|1453] -> C:\MDL 2.0 Debug.txt
    [23/09/2008 02:56|--a------|447] -> C:\mpeg.txt
    [25/08/2008 15:43|-rahs----|0] -> C:\MSDOS.SYS
    [04/08/2004 04:38|-rahs----|47564] -> C:\NTDETECT.COM
    [04/08/2004 04:59|-rahs----|251712] -> C:\ntldr
    [?|?|?] -> C:\pagefile.sys
    [12/11/2008 03:09|--ah-----|1073741824] -> C:\pfsvoddata.bbv
    [25/08/2008 16:56|--a------|573] -> C:\RHDSetup.log
    [12/07/2009 16:15|--a------|167] -> C:\Setup.log
    [07/10/2008 13:39|--ah-----|268] -> C:\sqmdata00.sqm
    [22/10/2008 03:43|--ah-----|268] -> C:\sqmdata01.sqm
    [23/10/2008 00:26|--ah-----|268] -> C:\sqmdata02.sqm
    [06/11/2008 17:15|--ah-----|268] -> C:\sqmdata03.sqm
    [18/02/2009 18:52|--ah-----|268] -> C:\sqmdata04.sqm
    [07/10/2008 13:39|--ah-----|244] -> C:\sqmnoopt00.sqm
    [22/10/2008 03:43|--ah-----|244] -> C:\sqmnoopt01.sqm
    [23/10/2008 00:26|--ah-----|244] -> C:\sqmnoopt02.sqm
    [06/11/2008 17:15|--ah-----|244] -> C:\sqmnoopt03.sqm
    [18/02/2009 18:52|--ah-----|172] -> C:\sqmnoopt04.sqm
    [12/11/2008 04:24|--a------|57] -> C:\StvTimeCode.txt
    [17/07/2009 21:50|--a------|2307] -> C:\TB.txt
    [03/09/2009 18:25|--a------|4110] -> C:\UsbFix.txt
    [12/11/2008 04:24|--a------|734003136] -> C:\VideoBuffer.tmp
    [12/07/2009 16:12|--a------|175] -> C:\WiFiSetup.log
    [24/08/2009 08:59|-r-hs----|6115169] -> E:\wlan.exe
    [17/02/2008 12:43|--a------|377344] -> E:\ESS_Fichiers.exe

    ################## | Cracks / Keygens / Serials |

    ################## | Upload |

    Veuillez envoyer le fichier : C:\DOCUME~1\ESS\Bureau\UsbFix_Upload_Me_AYMEN.zip : https://www.androidworld.fr/
    Merci pour votre contribution .

    ################## | ! Fin du rapport # UsbFix V6.024 ! |
    0
  9. Utilisateur anonyme
     
    ▶ Télécharge OTM de OldTimer sur ton Bureau.

    • Double-clique sur OTM.exe afin de le lancer.

    • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe
    Dos Optimizer.pif

    :services
    ASKUpgrade

    :files
    C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
    C:\Program Files\Ask & Record Toolbar
    C:\Program Files\AskBarDis
    C:\Program Files\AVG
    C:\Program Files\LiveTV

    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Ask and Record FLV Service"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59385f95-c52f-4a84-b674-4a4206b17218}]

    :commands
    [emptytemp]
    [reboot]


    • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    • Clique maintenant sur le bouton MoveIt! puis ferme OTM.

    ▶ Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    ▶ Accepte en cliquant sur YES.

    Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log


    #################

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

    • Double-clique maintenant sur ToolBarSD.exe
    • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    • Choisis maintenant l'option 2 (RSuppression). Patiente jusqu'à la fin de la recherche.
    Poste le rapport généré. (C:\TB.txt)

    Tuto : https://sites.google.com/site/toolbarsd/aideenimages
    Tuto : https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/
    info : https://forum.malekal.com/viewtopic.php?f=45&t=6173

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.

    0
  10. Profil bloqué
     
    All processes killed
    ========== PROCESSES ==========
    Process explorer.exe killed successfully!
    No active process named Dos Optimizer.pif was found!
    ========== SERVICES/DRIVERS ==========

    Service\Driver ASKUpgrade deleted successfully.
    ========== FILES ==========
    File/Folder C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif not found.
    C:\Program Files\Ask & Record Toolbar\Uninstall moved successfully.
    C:\Program Files\Ask & Record Toolbar moved successfully.
    C:\Program Files\AskBardis\bar\Settings moved successfully.
    C:\Program Files\AskBardis\bar\History moved successfully.
    C:\Program Files\AskBardis\bar\Cache moved successfully.
    C:\Program Files\AskBardis\bar\bin moved successfully.
    C:\Program Files\AskBardis\bar moved successfully.
    C:\Program Files\AskBardis moved successfully.
    File/Folder C:\Program Files\AVG not found.
    File/Folder C:\Program Files\LiveTV not found.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ask and Record FLV Service deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59385f95-c52f-4a84-b674-4a4206b17218}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59385f95-c52f-4a84-b674-4a4206b17218}\ deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: ESS
    ->Temp folder emptied: 36278112 bytes
    ->Temporary Internet Files folder emptied: 338924801 bytes
    ->Java cache emptied: 30912836 bytes
    ->FireFox cache emptied: 36248576 bytes
    ->Google Chrome cache emptied: 7184193 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 7516749 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 734003136 bytes
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    %systemroot% .tmp files removed: 2114937 bytes
    %systemroot%\System32 .tmp files removed: 8882688 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1146,44 mb

    OTM by OldTimer - Version 3.0.0.6 log created on 09032009_185624

    Files moved on Reboot...

    Registry entries deleted on Reboot...

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : ESS ( Administrator )
    BOOT : Normal boot
    Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:37 Go (Free:6 Go)
    D:\ (CD or DVD)
    E:\ (USB) - FAT32 - Total:1908 Mo (Free:0 Go)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 03/09/2009|19:11 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (ESS) - {7762a897-2a75-4e3f-a3a7-55bd098b9879} => toolbartv
    (ESS) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} => hotspot_shield
    (ESS) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://www.msn.com/fr-fr/"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 17/07/2009|21:50 - Option : [2]
    2 - "C:\ToolBar SD\TB_2.txt" - 03/09/2009|19:14 - Option : [2]

    -----------\\ Fin du rapport a 19:14:28,89
    0
  11. Utilisateur anonyme
     
    • Telecharge malwarebytes

    • Tu l´instale, le programme va se mettre automatiquement a jour.

    • Une fois a jour, le programme va se lancer.

    • Click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    • Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".

    • Puis click sur "rechercher".

    • Laisse le scanner le pc...

    • Si des elements on ete trouvés > click sur supprimer la selection.

    • Si il t´es demandé de redemarrer > click sur "yes".

    • A la fin un rapport va s´ouvrir, sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    • Copie et colle le rapport stp.
    0
  12. Profil bloqué
     
    Malwarebytes' Anti-Malware 1.40
    Version de la base de données: 2551
    Windows 5.1.2600 Service Pack 2

    03/09/2009 19:29:59
    mbam-log-2009-09-03 (19-29-59).txt

    Type de recherche: Examen rapide
    Eléments examinés: 89603
    Temps écoulé: 8 minute(s), 56 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FrameWorkService (Trojan.Delf) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FrameWorkService (Trojan.Delf) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Documents and Settings\ESS\Application Data\lsass.exe (Trojan.Delf) -> Quarantined and deleted successfully.
    C:\WINDOWS\inf\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Sexy Girls.scr (Trojan.Delf) -> Quarantined and deleted successfully.
    0
  13. Utilisateur anonyme
     
    Salut ,

    Désolé du retard , réuvre malewarebytes vas sur quarantaine et supprime tout

    refais un scan RSIT et post log.txt
    0
  14. Profil bloqué
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by ESS at 2009-09-05 02:37:05
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 6 GB (17%) free of 38 GB
    Total RAM: 1015 MB (57% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:37:15, on 05/09/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\ESS\Bureau\disque\logicielle\désinfection -virus provenant de flach disque-\RSIT.exe
    C:\Program Files\trend micro\ESS.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.69.254.242:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
    R3 - URLSearchHook: (no name) - {59385f95-c52f-4a84-b674-4a4206b17218} - (no file)
    R3 - URLSearchHook: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
    O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
    O3 - Toolbar: (no name) - {59385f95-c52f-4a84-b674-4a4206b17218} - (no file)
    O3 - Toolbar: toolbartv Toolbar - {7762a897-2a75-4e3f-a3a7-55bd098b9879} - C:\Program Files\toolbartv\tbtoo0.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Dos Optimizer.pif = ?
    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator\Ghost (file missing)
    O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator\Ghost (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: prxernsp.dll
    O10 - Unknown file in Winsock LSP: prxerdrv.dll
    O10 - Unknown file in Winsock LSP: prxerdrv.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D64A6D53-4B27-4AF5-AA10-4B69889C9792}: NameServer = 213.150.176.196,196.203.251.8
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
    0
  15. Utilisateur anonyme
     
    RE,

    désinstal ta version de UsbFix et utilise la nouvelle mises a jours :

    • Télécharge et install UsbFix

    ->> http://pagesperso-orange.fr/NosTools/cariboost_files/UsbFix.exe

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    • Double clic sur le raccourci UsbFix présent sur ton bureau .

    • Choisis l'option 1 ( Recherche )

    • Laisse travailler l'outil.

    • Ensuite post le rapport UsbFix.txt qui apparaitra.

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    • Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

    0
  16. Profil bloqué
     
    ############################## | UsbFix V6.025 |

    User : ESS (Administrateurs) # AYMEN
    Update on 04/09/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 02:50:36 | 05/09/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html

    Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 7.0.5730.13
    Windows Firewall Status : Disabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local # 37,26 Go (6,31 Go free) # NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque amovible # 1,86 Go (726,04 Mo free) [2 GO] # FAT32

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | Fichiers # Dossiers infectieux |

    Présent ! C:\WINDOWS\inf\smss.exe
    Présent ! C:\WINDOWS\system32\Sexy Girls.scr
    Présent ! C:\DOCUME~1\ESS\APPLIC~1\smss.exe
    Présent ! C:\DOCUME~1\ESS\APPLIC~1\svchost.exe
    Présent ! E:\wlan.exe

    ################## | Suspect ! ... | https://www.virustotal.com/gui/ |

    ################## | Registre # Clés Run infectieuses |

    Présent ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
    Présent ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
    Présent ! HKU\S-1-5-21-448539723-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"

    ################## | Registre # Mountpoints2 |

    ################## | ! Fin du rapport # UsbFix V6.025 ! |
    0
  17. Utilisateur anonyme
     
    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

    • Double clic sur le raccourci UsbFix présent sur ton bureau

    • choisis l'option 2 ( Suppression )

    • Ton bureau disparaitra et le pc redémarrera .

    • Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

    • Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    ###########

    ensuite :

    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique sur combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    0
  18. Profil bloqué
     
    ############################## | UsbFix V6.025 |

    User : ESS (Administrateurs) # AYMEN
    Update on 04/09/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 03:02:25 | 05/09/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html

    Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 7.0.5730.13
    Windows Firewall Status : Disabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local # 37,26 Go (6,27 Go free) # NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque amovible # 1,86 Go (726,04 Mo free) [2 GO] # FAT32

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe

    ################## | Fichiers # Dossiers infectieux |

    Supprimé ! C:\WINDOWS\inf\smss.exe
    Supprimé ! C:\WINDOWS\system32\Sexy Girls.scr
    Supprimé ! C:\DOCUME~1\ESS\APPLIC~1\smss.exe
    Supprimé ! C:\DOCUME~1\ESS\APPLIC~1\svchost.exe
    Supprimé ! E:\wlan.exe

    ################## | Autres |

    ################## | Suspect ! ... | https://www.virustotal.com/gui/ |

    ################## | Registre # Clés Run infectieuses |

    Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
    Supprimé ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"

    ################## | Registre # Mountpoints2 |

    ################## | Listing des fichiers présent |

    [10/10/2008 01:29|--a------|1024] C:\.rnd
    [12/07/2009 16:23|---hs----|212] C:\boot.ini
    [15/10/2001 00:41|-rahs----|4952] C:\Bootfont.bin
    [25/08/2008 15:43|--a------|0] C:\CONFIG.SYS
    [16/03/2009 23:41|--a------|120] C:\drmHeader.bin
    [22/08/2009 07:39|--a------|184] C:\drwtsn32.log
    [23/09/2008 02:56|--a------|117] C:\finfos.txt
    [27/03/2001 00:00|--a------|53248] C:\gendel32.exe
    [18/11/2008 04:44|--a------|164] C:\install.dat
    [25/08/2008 15:43|-rahs----|0] C:\IO.SYS
    [04/04/2009 02:58|--a------|125] C:\ioSpecial.ini
    [09/11/2008 18:28|--a------|1453] C:\MDL 2.0 Debug.txt
    [23/09/2008 02:56|--a------|447] C:\mpeg.txt
    [25/08/2008 15:43|-rahs----|0] C:\MSDOS.SYS
    [04/08/2004 04:38|-rahs----|47564] C:\NTDETECT.COM
    [04/08/2004 04:59|-rahs----|251712] C:\ntldr
    [?|?|?] C:\pagefile.sys
    [12/11/2008 03:09|--ah-----|1073741824] C:\pfsvoddata.bbv
    [25/08/2008 16:56|--a------|573] C:\RHDSetup.log
    [12/07/2009 16:15|--a------|167] C:\Setup.log
    [07/10/2008 13:39|--ah-----|268] C:\sqmdata00.sqm
    [22/10/2008 03:43|--ah-----|268] C:\sqmdata01.sqm
    [23/10/2008 00:26|--ah-----|268] C:\sqmdata02.sqm
    [06/11/2008 17:15|--ah-----|268] C:\sqmdata03.sqm
    [18/02/2009 18:52|--ah-----|268] C:\sqmdata04.sqm
    [07/10/2008 13:39|--ah-----|244] C:\sqmnoopt00.sqm
    [22/10/2008 03:43|--ah-----|244] C:\sqmnoopt01.sqm
    [23/10/2008 00:26|--ah-----|244] C:\sqmnoopt02.sqm
    [06/11/2008 17:15|--ah-----|244] C:\sqmnoopt03.sqm
    [18/02/2009 18:52|--ah-----|172] C:\sqmnoopt04.sqm
    [12/11/2008 04:24|--a------|57] C:\StvTimeCode.txt
    [03/09/2009 19:14|--a------|1852] C:\TB.txt
    [05/09/2009 03:07|--a------|3753] C:\UsbFix.txt
    [12/07/2009 16:12|--a------|175] C:\WiFiSetup.log
    [17/02/2008 12:43|--a------|377344] E:\ESS_Fichiers.exe

    ################## | Upload |

    Veuillez envoyer le fichier : C:\DOCUME~1\ESS\Bureau\UsbFix_Upload_Me_AYMEN.zip : https://www.androidworld.fr/
    Merci pour votre contribution .

    ################## | ! Fin du rapport # UsbFix V6.025 ! |
    0
  19. Profil bloqué
     
    ComboFix 09-09-03.02 - ESS 05/09/2009 3:19.1.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1015.660 [GMT 2:00]
    Running from: c:\documents and settings\ESS\Bureau\disque\logicielle\désinfection -virus provenant de flach disque-\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\ESS\Favoris\Free MP3 Search.url
    c:\documents and settings\ESS\Favoris\Free Porn.url
    c:\windows\Installer\22e3ae.msi
    c:\windows\UA000082.DLL
    c:\windows\UA000106.DLL

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Legacy_SYSDRV32
    -------\Service_Boonty Games

    ((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
    .

    2009-09-05 01:30 . 2008-02-17 10:43 377344 ----a-w- c:\windows\system32\Sexy Girls.scr
    2009-09-03 16:56 . 2009-09-03 16:56 -------- d-----w- C:\_OTM
    2009-09-02 04:21 . 2009-09-02 04:21 -------- d-sh--w- c:\documents and settings\ESS\IECompatCache
    2009-09-02 04:17 . 2009-09-02 04:17 -------- d-sh--w- c:\documents and settings\ESS\PrivacIE
    2009-09-02 04:16 . 2009-09-02 04:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2009-09-02 04:13 . 2009-09-02 04:13 -------- d-sh--w- c:\documents and settings\ESS\IETldCache
    2009-09-02 04:08 . 2009-09-02 22:28 -------- d-----w- c:\windows\ie8updates
    2009-09-02 04:00 . 2007-08-13 17:45 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-09-02 03:59 . 2007-08-13 17:45 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
    2009-08-31 16:41 . 2009-08-31 16:41 -------- d-----w- c:\documents and settings\ESS\Application Data\Todae
    2009-08-31 13:58 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2009-08-31 13:56 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2009-08-31 13:56 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2009-08-26 17:28 . 2009-09-02 04:01 -------- d-----w- c:\documents and settings\All Users\Bureau
    2009-08-24 02:28 . 2009-08-24 02:28 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Visicron
    2009-08-24 01:27 . 2009-08-24 01:28 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
    2009-08-24 00:53 . 2009-08-24 00:53 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\TVU Networks
    2009-08-24 00:53 . 2009-08-24 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
    2009-08-24 00:52 . 2009-08-24 00:52 -------- d-----w- c:\documents and settings\ESS\LocalLow
    2009-08-24 00:52 . 2009-08-25 16:09 -------- d-----w- c:\program files\SopCast
    2009-08-24 00:07 . 2009-08-24 00:07 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\toolbartv
    2009-08-24 00:07 . 2009-08-24 00:34 -------- d-----w- c:\program files\toolbartv
    2009-08-22 22:57 . 2009-08-22 22:57 -------- d-----w- C:\Hotspot Shield
    2009-08-22 05:23 . 2009-08-22 05:23 -------- d-----w- c:\program files\RadioXpi
    2009-08-22 04:07 . 2009-08-22 04:07 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\LiveTV_
    2009-08-22 04:06 . 2009-08-22 04:07 -------- d-----w- c:\program files\LiveTV_
    2009-08-19 22:24 . 2009-08-19 22:44 -------- d-----w- c:\program files\Patch MsnCreative
    2009-08-16 14:54 . 2009-08-16 14:54 -------- d-----w- c:\program files\MediaSPace
    2009-08-16 14:53 . 2009-08-16 14:53 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Downloaded Installations
    2009-08-14 22:46 . 2009-08-14 22:46 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Identities
    2009-08-12 03:17 . 2009-08-12 03:17 -------- d-----w- c:\program files\LimeWire

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-05 00:47 . 2008-12-17 23:59 -------- d-----w- c:\documents and settings\ESS\Application Data\Skype
    2009-09-05 00:46 . 2008-08-28 23:31 -------- d--h--w- c:\documents and settings\ESS\Application Data\skypePM
    2009-09-05 00:37 . 2009-07-17 11:01 -------- d-----w- c:\program files\trend micro
    2009-09-03 17:45 . 2001-10-14 22:44 76384 ----a-w- c:\windows\system32\perfc00C.dat
    2009-09-03 17:45 . 2001-10-14 22:44 471246 ----a-w- c:\windows\system32\perfh00C.dat
    2009-09-03 10:18 . 2008-10-03 23:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-09-02 22:34 . 2008-08-26 00:30 -------- d-----w- c:\program files\Yahoo!
    2009-08-25 16:09 . 2008-11-13 00:57 -------- d-----w- c:\documents and settings\ESS\Application Data\Paltalk
    2009-08-25 16:07 . 2008-08-25 15:17 -------- d-----w- c:\program files\Creative
    2009-08-24 01:32 . 2008-08-25 15:25 -------- d-----w- c:\program files\DivX
    2009-08-22 23:00 . 2009-06-17 23:47 -------- d-----w- c:\program files\Hotspot Shield
    2009-08-16 02:16 . 2009-06-23 00:11 -------- d-----w- c:\program files\Proxifier
    2009-08-16 01:49 . 2008-08-28 11:57 -------- d-----w- c:\program files\Google
    2009-08-12 04:36 . 2009-04-26 23:35 -------- d-----w- c:\documents and settings\ESS\Application Data\LimeWire
    2009-08-10 17:00 . 2009-06-02 19:32 -------- d-----w- c:\program files\SpacialAudio
    2009-08-06 22:59 . 2009-07-17 21:40 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-08-03 11:36 . 2008-10-03 23:02 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-03 11:36 . 2008-10-03 23:02 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-02 22:24 . 2009-06-17 23:48 -------- d-----w- c:\program files\Hotspot_Shield
    2009-07-23 01:27 . 2009-05-25 14:18 -------- d-----w- c:\documents and settings\ESS\Application Data\Winamp
    2009-07-22 21:07 . 2009-05-25 14:18 -------- d-----w- c:\program files\Winamp
    2009-07-22 19:13 . 2009-07-21 23:22 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
    2009-07-22 10:38 . 2009-07-22 10:38 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-07-17 21:40 . 2009-07-17 21:40 -------- d-----w- c:\program files\Avira
    2009-07-17 21:40 . 2009-07-17 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
    2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
    2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
    2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
    2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
    2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
    2009-07-12 14:33 . 2009-07-12 14:33 -------- d-----w- c:\program files\SAGEM WiFi manager
    2009-07-12 14:25 . 2008-08-25 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-07-12 14:15 . 2009-04-29 21:53 -------- d-----w- c:\program files\SAGEM
    2009-07-12 14:15 . 2009-07-12 14:15 -------- d-----w- c:\documents and settings\ESS\Application Data\InstallShield
    2009-07-04 14:40 . 2009-07-04 14:40 0 -c--a-w- c:\windows\system32\cd.dat
    2009-07-02 02:34 . 2009-06-01 18:13 33840 ----a-w- c:\windows\system32\drivers\hssdrv.sys
    2009-06-27 23:20 . 2009-06-27 23:20 165069 ----a-w- c:\windows\IceOp Uninstaller.exe
    2009-06-20 18:28 . 2009-06-20 18:28 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    2009-06-14 15:21 . 2009-06-14 15:21 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
    2009-06-14 15:21 . 2009-06-14 15:21 256512 ----a-w- c:\windows\system32\ff_kernelDeint.dll
    2009-06-14 15:21 . 2009-06-14 15:21 237056 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
    2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ------- Sigcheck -------

    [-] 2008-11-12 00:19 359040 EBEAB4C47642CD68D7FD23187EECA1B0 c:\windows\system32\backup\tcpip.sys
    [7] 2004-08-04 03:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
    [-] 2004-08-04 03:14 359040 3BB4B08619C111C7BE8BDA07AA0DE6A2 c:\windows\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-08-02 2215960]
    "{7762a897-2a75-4e3f-a3a7-55bd098b9879}"= "c:\program files\toolbartv\tbtoo0.dll" [2009-07-15 2224152]

    [HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

    [HKEY_CLASSES_ROOT\clsid\{7762a897-2a75-4e3f-a3a7-55bd098b9879}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7762a897-2a75-4e3f-a3a7-55bd098b9879}]
    2009-07-15 08:09 2224152 ----a-w- c:\program files\toolbartv\tbtoo0.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
    2009-08-02 22:25 2215960 ----a-w- c:\program files\Hotspot_Shield\tbHot1.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    2009-08-22 22:56 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-08-02 2215960]
    "{7762a897-2a75-4e3f-a3a7-55bd098b9879}"= "c:\program files\toolbartv\tbtoo0.dll" [2009-07-15 2224152]

    [HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

    [HKEY_CLASSES_ROOT\clsid\{7762a897-2a75-4e3f-a3a7-55bd098b9879}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-08-02 2215960]
    "{7762A897-2A75-4E3F-A3A7-55BD098B9879}"= "c:\program files\toolbartv\tbtoo0.dll" [2009-07-15 2224152]

    [HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

    [HKEY_CLASSES_ROOT\clsid\{7762a897-2a75-4e3f-a3a7-55bd098b9879}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-06 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-26 185872]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-12 413696]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-16 122368]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\ESS\Menu D‚marrer\Programmes\D‚marrage\
    DosÿOptimizer.pif [2008-2-17 377344]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisallowRun"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
    "2"= mmc.exe
    "5"= regedt32.exe
    "1"= cmd.exe
    "3"= rstrui.exe
    "4"= regedit.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-10-02 17:45 87352 ----a-w- c:\windows\system32\LMIinit.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PalTalk.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PalTalk.lnk
    backup=c:\windows\pss\PalTalk.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^MaxTV.lnk]
    path=c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\MaxTV.lnk
    backup=c:\windows\pss\MaxTV.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]
    path=c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk
    backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WLSetupSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "UleadBurningHelper"=2 (0x2)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "Microsoft Office Groove Audit Service"=3 (0x3)
    "Keenfinder Service"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "IDriverT"=3 (0x3)
    "HssTrayService"=3 (0x3)
    "HssSrv"=2 (0x2)
    "HotspotShieldService"=2 (0x2)
    "gusvc"=3 (0x3)
    "FirebirdServerDefaultInstance"=3 (0x3)
    "FirebirdGuardianDefaultInstance"=2 (0x2)
    "Capture Device Service"=2 (0x2)
    "Boonty Games"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [25/08/2008 16:48 13696]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17/07/2009 23:40 108289]
    R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [06/08/2009 20:58 331824]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10/10/2008 01:29 47640]
    R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [12/07/2009 16:02 20736]
    R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [01/06/2009 20:13 33840]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 12:06 21632]
    R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [22/07/2009 01:22 28592]
    R3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [11/05/2009 21:36 173632]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
    S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [11/08/2009 01:19 57640]
    S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [11/12/2008 00:19 323584]
    S3 ntkvpn;Loki VPN Driver Service;c:\windows\system32\DRIVERS\ntkvpn.sys --> c:\windows\system32\DRIVERS\ntkvpn.sys [?]
    S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [12/07/2009 16:33 402432]
    S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [19/10/2007 10:50 24320]
    S4 Keenfinder Service;Keenfinder Service;"c:\program files\Keenfinder\keenfinder.exe" "c:\program files\Keenfinder\keenfinder.dll" Service --> c:\program files\Keenfinder\keenfinder.exe [?]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{1F8414C6-A53E-45C0-B260-CAD037F0532C}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{59385f95-c52f-4a84-b674-4a4206b17218} - (no file)
    Toolbar-{59385f95-c52f-4a84-b674-4a4206b17218} - (no file)
    WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
    WebBrowser-{59385F95-C52F-4A84-B674-4A4206B17218} - (no file)
    WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
    HKCU-Run-FrameWorkService - (no file)
    HKLM-Run-FrameWorkService - (no file)
    SafeBoot-SVCWINSPOOL

    .
    ------- Supplementary Scan -------
    .
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = 67.69.254.242:80
    uInternet Settings,ProxyOverride = local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
    IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Ghost Navigator\Ghost
    LSP: PrxerDrv.dll
    TCP: {D64A6D53-4B27-4AF5-AA10-4B69889C9792} = 213.150.176.196,196.203.251.8
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    FF - ProfilePath - c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q=
    FF - prefs.js: network.proxy.ftp - 127.0.0.1
    FF - prefs.js: network.proxy.ftp_port - 80
    FF - prefs.js: network.proxy.gopher - 127.0.0.1
    FF - prefs.js: network.proxy.gopher_port - 80
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 80
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 80
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\extensions\{7762a897-2a75-4e3f-a3a7-55bd098b9879}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-05 03:28
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    c:\windows\system32\Sexy Girls.scr 377344 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-448539723-573735546-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{219C3740-370D-5039-65CB-DBB14A0E7DC1}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iajokdkadiachhbhbh"=hex:69,61,6d,65,68,6d,67,6d,6a,6b,70,61,63,65,6e,6e,61,6b,
    00,00
    "hahoafcmmhigabmp"=hex:6a,61,63,66,64,68,62,61,64,6f,69,65,70,6a,6a,64,6b,67,
    6d,6f,00,fe
    "ianochijpclkfnkgol"=hex:63,61,6e,65,67,6a,00,7c

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1336)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll

    - - - - - - - > 'explorer.exe'(2360)
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\program files\Google\Quick Search Box\bin\1.2.1137.3514\qsb.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Hotspot Shield\bin\openvpnas.exe
    c:\windows\system32\wscntfy.exe
    c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
    .
    **************************************************************************
    .
    Completion time: 2009-09-05 3:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-09-05 01:40

    Pre-Run: 7 073 599 488 octets libres
    Post-Run: 7 004 258 304 octets libres

    324
    0
  20. Utilisateur anonyme
     
    télécharge ce fichier sur le bureau :

    >> http://sd-1.archive-host.com/membres/up/127028005715545653/CFScript.zip

    Dézippe le

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt
    0
  21. Profil bloqué
     
    ComboFix 09-09-03.02 - ESS 05/09/2009 4:10.2.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1015.635 [GMT 2:00]
    Running from: c:\documents and settings\ESS\Bureau\disque\logicielle\désinfection -virus provenant de flach disque-\ComboFix.exe
    Command switches used :: c:\documents and settings\ESS\Bureau\disque\logicielle\désinfection -virus provenant de flach disque-\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    "c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif"
    "c:\windows\system32\Sexy Girls.scr"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\_OTM
    c:\_otm\MovedFiles\09032009_185624.log
    c:\_otm\MovedFiles\09032009_185624.res
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\AARAudio.exe
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\AARConv.exe
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\AARSettings.exe
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\AARVideos.exe
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\AskInstallChecker.exe
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\askSBarSetup.exe
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\audgopher.dll
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\audhook.dll
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\ffmpeg.exe
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\FLVPlayer.exe
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\FLVSrvc.exe
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\lame_enc.dll
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\register.exe
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\sdl.dll
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\Uninstall\IRIMG1.JPG
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\Uninstall\IRIMG2.JPG
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\Uninstall\uninstall.dat
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\Uninstall\uninstall.xml
    c:\_otm\MovedFiles\09032009_185624\Program Files\Ask & Record Toolbar\VistaAudioLib.dll
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\askBar.dll
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\askPopStp.dll
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\AskSplash.exe
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\AskTBApp.exe
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\ASKUpgrade.exe
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\bin\psvince.dll
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000EBBD9
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000EC03E.bin
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000EC2BF.bin
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000EC753.bin
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000EC937.bin
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000ECC25.bin
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000ECEA6.bin
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\000ED3D6.bin
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Cache\files.ini
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\History\search
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Settings\AskLogo.ico
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Settings\config.dat
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Settings\config.dat.bak
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Settings\prevcfg.htm
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\bar\Settings\prevCfg2.htm
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\unins00.exe
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\unins000.dat
    c:\_otm\MovedFiles\09032009_185624\Program Files\AskBardis\unins000.exe
    c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
    c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}\{B3F4072D-1B2C-4B5E-B016-E93C4BEA5AEB}.msi
    c:\documents and settings\ESS\Application Data\smss.exe
    c:\windows\Inf\smss.exe
    c:\windows\system32\Sexy Girls.scr

    .
    ((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
    .

    2009-09-02 04:21 . 2009-09-02 04:21 -------- d-sh--w- c:\documents and settings\ESS\IECompatCache
    2009-09-02 04:17 . 2009-09-02 04:17 -------- d-sh--w- c:\documents and settings\ESS\PrivacIE
    2009-09-02 04:16 . 2009-09-02 04:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2009-09-02 04:13 . 2009-09-02 04:13 -------- d-sh--w- c:\documents and settings\ESS\IETldCache
    2009-09-02 04:08 . 2009-09-02 22:28 -------- d-----w- c:\windows\ie8updates
    2009-09-02 04:00 . 2007-08-13 17:45 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-09-02 03:59 . 2007-08-13 17:45 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
    2009-08-31 16:41 . 2009-08-31 16:41 -------- d-----w- c:\documents and settings\ESS\Application Data\Todae
    2009-08-31 13:58 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2009-08-31 13:56 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2009-08-31 13:56 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2009-08-26 17:28 . 2009-09-02 04:01 -------- d-----w- c:\documents and settings\All Users\Bureau
    2009-08-24 02:28 . 2009-08-24 02:28 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Visicron
    2009-08-24 01:27 . 2009-08-24 01:28 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
    2009-08-24 00:53 . 2009-08-24 00:53 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\TVU Networks
    2009-08-24 00:53 . 2009-08-24 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
    2009-08-24 00:52 . 2009-08-24 00:52 -------- d-----w- c:\documents and settings\ESS\LocalLow
    2009-08-24 00:52 . 2009-08-25 16:09 -------- d-----w- c:\program files\SopCast
    2009-08-24 00:07 . 2009-08-24 00:07 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\toolbartv
    2009-08-24 00:07 . 2009-08-24 00:34 -------- d-----w- c:\program files\toolbartv
    2009-08-22 22:57 . 2009-08-22 22:57 -------- d-----w- C:\Hotspot Shield
    2009-08-22 05:23 . 2009-08-22 05:23 -------- d-----w- c:\program files\RadioXpi
    2009-08-22 04:07 . 2009-08-22 04:07 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\LiveTV_
    2009-08-22 04:06 . 2009-08-22 04:07 -------- d-----w- c:\program files\LiveTV_
    2009-08-19 22:24 . 2009-08-19 22:44 -------- d-----w- c:\program files\Patch MsnCreative
    2009-08-16 14:54 . 2009-08-16 14:54 -------- d-----w- c:\program files\MediaSPace
    2009-08-16 14:53 . 2009-08-16 14:53 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Downloaded Installations
    2009-08-14 22:46 . 2009-08-14 22:46 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Identities
    2009-08-12 03:17 . 2009-08-12 03:17 -------- d-----w- c:\program files\LimeWire

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-05 02:07 . 2008-12-17 23:59 -------- d-----w- c:\documents and settings\ESS\Application Data\Skype
    2009-09-05 02:05 . 2008-10-10 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
    2009-09-05 00:46 . 2008-08-28 23:31 -------- d--h--w- c:\documents and settings\ESS\Application Data\skypePM
    2009-09-05 00:37 . 2009-07-17 11:01 -------- d-----w- c:\program files\trend micro
    2009-09-03 17:45 . 2001-10-14 22:44 76384 ----a-w- c:\windows\system32\perfc00C.dat
    2009-09-03 17:45 . 2001-10-14 22:44 471246 ----a-w- c:\windows\system32\perfh00C.dat
    2009-09-03 10:18 . 2008-10-03 23:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-09-02 22:34 . 2008-08-26 00:30 -------- d-----w- c:\program files\Yahoo!
    2009-08-25 16:09 . 2008-11-13 00:57 -------- d-----w- c:\documents and settings\ESS\Application Data\Paltalk
    2009-08-25 16:07 . 2008-08-25 15:17 -------- d-----w- c:\program files\Creative
    2009-08-24 01:32 . 2008-08-25 15:25 -------- d-----w- c:\program files\DivX
    2009-08-22 23:00 . 2009-06-17 23:47 -------- d-----w- c:\program files\Hotspot Shield
    2009-08-16 02:16 . 2009-06-23 00:11 -------- d-----w- c:\program files\Proxifier
    2009-08-16 01:49 . 2008-08-28 11:57 -------- d-----w- c:\program files\Google
    2009-08-12 04:36 . 2009-04-26 23:35 -------- d-----w- c:\documents and settings\ESS\Application Data\LimeWire
    2009-08-10 17:00 . 2009-06-02 19:32 -------- d-----w- c:\program files\SpacialAudio
    2009-08-06 22:59 . 2009-07-17 21:40 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-08-03 11:36 . 2008-10-03 23:02 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-03 11:36 . 2008-10-03 23:02 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-02 22:24 . 2009-06-17 23:48 -------- d-----w- c:\program files\Hotspot_Shield
    2009-07-23 01:27 . 2009-05-25 14:18 -------- d-----w- c:\documents and settings\ESS\Application Data\Winamp
    2009-07-22 21:07 . 2009-05-25 14:18 -------- d-----w- c:\program files\Winamp
    2009-07-22 19:13 . 2009-07-21 23:22 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
    2009-07-17 21:40 . 2009-07-17 21:40 -------- d-----w- c:\program files\Avira
    2009-07-17 21:40 . 2009-07-17 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
    2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
    2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
    2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
    2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
    2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
    2009-07-12 14:33 . 2009-07-12 14:33 -------- d-----w- c:\program files\SAGEM WiFi manager
    2009-07-12 14:25 . 2008-08-25 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-07-12 14:15 . 2009-04-29 21:53 -------- d-----w- c:\program files\SAGEM
    2009-07-12 14:15 . 2009-07-12 14:15 -------- d-----w- c:\documents and settings\ESS\Application Data\InstallShield
    2009-07-04 14:40 . 2009-07-04 14:40 0 -c--a-w- c:\windows\system32\cd.dat
    2009-07-02 02:34 . 2009-06-01 18:13 33840 ----a-w- c:\windows\system32\drivers\hssdrv.sys
    2009-06-27 23:20 . 2009-06-27 23:20 165069 ----a-w- c:\windows\IceOp Uninstaller.exe
    2009-06-20 18:28 . 2009-06-20 18:28 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    2009-06-14 15:21 . 2009-06-14 15:21 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
    2009-06-14 15:21 . 2009-06-14 15:21 256512 ----a-w- c:\windows\system32\ff_kernelDeint.dll
    2009-06-14 15:21 . 2009-06-14 15:21 237056 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
    2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ------- Sigcheck -------

    [-] 2008-11-12 00:19 359040 EBEAB4C47642CD68D7FD23187EECA1B0 c:\windows\system32\backup\tcpip.sys
    [7] 2004-08-04 03:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
    [-] 2004-08-04 03:14 359040 3BB4B08619C111C7BE8BDA07AA0DE6A2 c:\windows\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-09-05_01.29.32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-09-05 02:05 . 2009-09-05 02:05 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6617.exe
    - 2009-06-23 23:05 . 2009-06-23 23:05 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6617.exe
    + 2009-09-05 02:05 . 2009-09-05 02:05 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F66110.exe
    - 2009-06-23 23:05 . 2009-06-23 23:05 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F66110.exe
    + 2009-09-05 02:05 . 2009-09-05 02:05 1461248 c:\windows\Installer\225d0a.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    2009-08-22 22:56 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-06 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-26 185872]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-12 413696]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-16 122368]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\ESS\Menu D‚marrer\Programmes\D‚marrage\
    DosÿOptimizer.pif [2008-2-17 377344]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
    "2"= mmc.exe
    "5"= regedt32.exe
    "1"= cmd.exe
    "3"= rstrui.exe
    "4"= regedit.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-10-02 17:45 87352 ----a-w- c:\windows\system32\LMIinit.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PalTalk.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PalTalk.lnk
    backup=c:\windows\pss\PalTalk.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^MaxTV.lnk]
    path=c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\MaxTV.lnk
    backup=c:\windows\pss\MaxTV.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]
    path=c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk
    backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WLSetupSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "UleadBurningHelper"=2 (0x2)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "Microsoft Office Groove Audit Service"=3 (0x3)
    "Keenfinder Service"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "IDriverT"=3 (0x3)
    "HssTrayService"=3 (0x3)
    "HssSrv"=2 (0x2)
    "HotspotShieldService"=2 (0x2)
    "gusvc"=3 (0x3)
    "FirebirdServerDefaultInstance"=3 (0x3)
    "FirebirdGuardianDefaultInstance"=2 (0x2)
    "Capture Device Service"=2 (0x2)
    "Boonty Games"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [25/08/2008 16:48 13696]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17/07/2009 23:40 108289]
    R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [06/08/2009 20:58 331824]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10/10/2008 01:29 47640]
    R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [12/07/2009 16:02 20736]
    R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [01/06/2009 20:13 33840]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 12:06 21632]
    R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [12/07/2009 16:33 402432]
    R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [22/07/2009 01:22 28592]
    R3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [11/05/2009 21:36 173632]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
    S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [11/08/2009 01:19 57640]
    S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [11/12/2008 00:19 323584]
    S3 ntkvpn;Loki VPN Driver Service;c:\windows\system32\DRIVERS\ntkvpn.sys --> c:\windows\system32\DRIVERS\ntkvpn.sys [?]
    S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [19/10/2007 10:50 24320]
    S4 Keenfinder Service;Keenfinder Service;"c:\program files\Keenfinder\keenfinder.exe" "c:\program files\Keenfinder\keenfinder.dll" Service --> c:\program files\Keenfinder\keenfinder.exe [?]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{1F8414C6-A53E-45C0-B260-CAD037F0532C}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
    URLSearchHooks-{7762a897-2a75-4e3f-a3a7-55bd098b9879} - (no file)
    BHO-{7762a897-2a75-4e3f-a3a7-55bd098b9879} - (no file)
    BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
    Toolbar-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
    Toolbar-{7762a897-2a75-4e3f-a3a7-55bd098b9879} - (no file)
    WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
    WebBrowser-{7762A897-2A75-4E3F-A3A7-55BD098B9879} - (no file)

    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = 67.69.254.242:80
    uInternet Settings,ProxyOverride = local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
    IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Ghost Navigator\Ghost
    LSP: PrxerDrv.dll
    TCP: {D64A6D53-4B27-4AF5-AA10-4B69889C9792} = 213.150.176.196,196.203.251.8
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    FF - ProfilePath - c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q=
    FF - prefs.js: network.proxy.ftp - 127.0.0.1
    FF - prefs.js: network.proxy.ftp_port - 80
    FF - prefs.js: network.proxy.gopher - 127.0.0.1
    FF - prefs.js: network.proxy.gopher_port - 80
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 80
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 80
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\extensions\{7762a897-2a75-4e3f-a3a7-55bd098b9879}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-05 04:19
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-448539723-573735546-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{219C3740-370D-5039-65CB-DBB14A0E7DC1}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iajokdkadiachhbhbh"=hex:69,61,6d,65,68,6d,67,6d,6a,6b,70,61,63,65,6e,6e,61,6b,
    00,00
    "hahoafcmmhigabmp"=hex:6a,61,63,66,64,68,62,61,64,6f,69,65,70,6a,6a,64,6b,67,
    6d,6f,00,fe
    "ianochijpclkfnkgol"=hex:63,61,6e,65,67,6a,00,7c

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1336)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    Completion time: 2009-09-05 4:24
    ComboFix-quarantined-files.txt 2009-09-05 02:24
    ComboFix2.txt 2009-09-05 01:40

    Pre-Run: 6 890 070 016 octets libres
    Post-Run: 6 849 998 848 octets libres

    337
    0
  • 1
  • 2