Qq1 peut analyser svp...

Fermé
evilkat Messages postés 45 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 17 septembre 2008 - 27 mars 2008 à 23:03
 Utilisateur anonyme - 2 avril 2008 à 11:51
Bonjour,
j'ai spyware terminator et antivir mais j'ai encore des problemes...(pop-ups, voix dans les amplis...) je viens de faire les scans suivants, navilog, highjack this et clean... pouvez vous me dire quel est mon probleme???
merci!

Navilog

Search Navipromo version 3.4.8 commencé le Thu 03/27/2008 à 16:39:35.65

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 25.02.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Jessica\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\Jessica\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\Jessica\STARTM~1\Programs" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Jessica\locals~1\applic~1" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\Jessica\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\onXFNqss.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\vybeg.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le Thu 03/27/2008 à 16:53:43.65 ***





Highjack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:59 PM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dellcanada.myway.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellcanada.myway.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BM9715a939] Rundll32.exe "C:\DOCUME~1\Jessica\LOCALS~1\Temp\xidebbjc.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://creampuff34.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sorryimbusy.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab
O22 - SharedTaskScheduler: auras - {f0d4f88e-e1f8-460f-a41c-6cfb7f73af79} - C:\WINDOWS\system32\xskmoqx.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: (no name) - About:Home
A voir également:

30 réponses

Utilisateur anonyme
27 mars 2008 à 23:18
bonsoir tu as plusieurs infections differentes


Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

pour effectuer les fix deconnect toi et ferme toutes tes applications !!

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp



_______________________



Télécharge sur le bureau
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau


___________________________________


Télécharges ComboFix à partir d'un de ces liens :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.


Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0
evilkat Messages postés 45 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 17 septembre 2008
28 mars 2008 à 03:43
tout d'abord merci pour ton temps!


rien a signaler avec vundofix rien avec VirtumundoBeGone

voici le rapport de ComboFix :

ComboFix 08-03-26.3 - Jessica 2008-03-27 21:25:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.619 [GMT -4:00]
Running from: C:\Documents and Settings\Jessica\Desktop\spyware ect\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\James\Application Data\DriveCleaner 2006 Free
C:\Documents and Settings\James\Application Data\DriveCleaner 2006 Free\Logs\update.log
C:\Documents and Settings\James\Application Data\FunWebProducts
C:\Documents and Settings\James\Application Data\SystemDoctor 2006 Free
C:\Documents and Settings\James\Application Data\SystemDoctor 2006 Free\Logs\update.log
C:\Documents and Settings\Jessica\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\Jessica\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\Jessica\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Documents and Settings\Jessica\Application Data\macromedia\Flash Player\#SharedObjects\2HAGRWHM\iforex.com
C:\Documents and Settings\Jessica\Application Data\macromedia\Flash Player\#SharedObjects\2HAGRWHM\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Jessica\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Jessica\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\outlook
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERInst.exe
C:\Program Files\Windows NT\niqacidyq777444.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\gbRve12
C:\Temp\gbRve12\csLioes.log
C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\BM9715a939.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\ecurit~1
C:\WINDOWS\ppatch~1
C:\WINDOWS\ppatch~1\??pPatch\
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\A12
C:\WINDOWS\system32\aqVreo18
C:\WINDOWS\system32\avkmdxqw.dll
C:\WINDOWS\system32\htjfrcom.dll
C:\WINDOWS\system32\lvhlctua.dll
C:\WINDOWS\system32\lyitcukb.dll
C:\WINDOWS\system32\mbjkpvxb.dll
C:\WINDOWS\system32\nvuyirue.dll
C:\WINDOWS\system32\odvjpdau.dll
C:\WINDOWS\system32\onXFNqss.ini
C:\WINDOWS\system32\onXFNqss.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\rssfxbfo.dll
C:\WINDOWS\system32\sqrgvygi.dll
C:\WINDOWS\system32\ssqNFXno.dll
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\vMW04a
C:\WINDOWS\system32\wfkpmyks.dll
C:\WINDOWS\system32\xhvfkfab.dll
C:\winlogo.exe
C:\winlogon.exe
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.

2008-03-27 17:50 . 2008-03-27 17:50 449,786,052 --a------ C:\upload_moi_D3SHSZ91.tar.gz
2008-03-27 04:36 . 2008-03-27 04:36 <DIR> d-------- C:\Program Files\Avira
2008-03-27 04:36 . 2008-03-27 04:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-26 16:00 . 2008-03-26 20:28 1,586,310 ---hs---- C:\WINDOWS\system32\drxckokt.ini
2008-03-25 21:06 . 2008-03-25 21:06 <DIR> d-------- C:\WINDOWS\wb
2008-03-25 20:59 . 2008-03-25 21:02 585 --a------ C:\WINDOWS\PowerReg.dat
2008-03-25 20:56 . 2008-03-25 20:56 <DIR> d-------- C:\Program Files\MicroProse
2008-03-25 20:55 . 2008-03-25 20:55 <DIR> d-------- C:\Documents and Settings\Jessica\WINDOWS
2008-03-25 20:55 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
2008-03-23 15:27 . 2008-03-27 09:47 <DIR> d-------- C:\Program Files\nvcoi
2008-03-22 18:57 . 2008-03-23 10:16 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-22 18:49 . 2008-03-22 18:49 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\DAEMON Tools
2008-03-22 18:49 . 2008-03-22 18:49 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-22 13:48 . 2008-03-22 13:48 1,543,219 ---hs---- C:\WINDOWS\system32\rlhcchss.ini
2008-03-22 13:01 . 2008-03-22 13:48 1,543,159 ---hs---- C:\WINDOWS\system32\rctuftvu.ini
2008-03-21 22:24 . 2008-03-21 22:24 <DIR> d-------- C:\WINDOWS\Build-a-lot DeLEGiON
2008-03-21 22:24 . 2008-03-21 22:24 <DIR> d-------- C:\Program Files\Build-a-lot DeLEGiON
2008-03-21 20:22 . 2008-03-27 04:16 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\Azureus
2008-03-21 20:22 . 2008-03-21 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-21 20:21 . 2008-03-21 22:29 <DIR> d-------- C:\Program Files\Azureus
2008-03-21 20:07 . 2008-03-21 20:07 650 --a------ C:\WINDOWS\system32\sms_msn40.exe
2008-03-21 20:07 . 2008-03-21 20:07 649 --a------ C:\WINDOWS\system32\RegClass.dll
2008-03-21 20:07 . 2008-03-21 20:07 648 --a------ C:\WINDOWS\system32\vbshell.tlb
2008-03-21 20:07 . 2008-03-21 20:07 648 --a------ C:\WINDOWS\system32\shdocvw.oca
2008-03-21 20:07 . 2008-03-21 20:07 647 --a------ C:\WINDOWS\system32\ngsh40.dll
2008-03-21 20:07 . 2008-03-21 20:07 647 --a------ C:\WINDOWS\system32\ngpw40.exe
2008-03-21 20:07 . 2008-03-21 20:07 647 --a------ C:\WINDOWS\Sngsh40.dll
2008-03-21 20:07 . 2008-03-21 20:07 647 --a------ C:\WINDOWS\sngpw40.exe
2008-03-21 19:31 . 2008-03-21 21:23 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\Torrent Episode Downloader
2008-03-20 11:07 . 2008-03-20 11:07 128 --a------ C:\Documents and Settings\Jessica\services.exe
2008-03-20 10:04 . 2008-03-20 10:04 <DIR> d-------- C:\Program Files\General
2008-03-19 19:14 . 2008-03-19 19:14 134 --a------ C:\n.bat
2008-03-18 22:06 . 2008-03-18 22:08 <DIR> d-------- C:\Documents and Settings\Jessica\freecol
2008-03-18 21:31 . 2008-03-18 22:59 <DIR> d-------- C:\Program Files\freecol
2008-03-18 16:22 . 2008-03-18 16:23 <DIR> d-------- C:\Program Files\Buildalot
2008-03-18 16:16 . 2008-03-18 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-03-18 03:01 . 2008-03-18 03:01 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-17 17:30 . 2008-03-18 00:28 <DIR> d-------- C:\Program Files\Smugglers 3
2008-03-17 13:39 . 2008-03-17 11:39 66,560 --a------ C:\WINDOWS\b155.exe
2008-03-11 14:47 . 2008-03-11 14:47 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\muvee Technologies
2008-03-11 14:46 . 2008-03-11 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-03-03 17:37 . 2008-03-27 20:55 <DIR> d-------- C:\VundoFix Backups
2008-03-02 13:42 . 2008-03-02 13:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-02 12:36 . 2008-03-27 17:46 <DIR> d-------- C:\Program Files\Navilog1
2008-03-02 12:26 . 2008-03-02 10:26 73,728 --a------ C:\WINDOWS\b153.exe
2008-03-02 01:45 . 2008-03-02 01:45 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Spyware Terminator
2008-03-01 20:44 . 2008-03-27 04:20 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-03-01 20:42 . 2008-03-27 11:25 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-01 20:42 . 2008-03-27 11:00 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\Spyware Terminator
2008-03-01 20:42 . 2008-03-27 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-01 20:42 . 2008-03-01 20:42 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-01 20:35 . 2008-03-01 20:35 10,062,200 --a------ C:\SpywareTerminatorSetup.exe
2008-03-01 15:55 . 2008-03-02 00:08 <DIR> d-------- C:\Program Files\Sotfone
2008-03-01 12:08 . 2008-03-01 12:08 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 12:08 . 2008-03-01 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 23:31 . 2008-02-28 23:31 <DIR> d-------- C:\Program Files\1964
2008-02-28 23:20 . 2008-02-28 23:22 <DIR> d-------- C:\Program Files\mupen64 0.5
2008-02-28 23:10 . 2008-02-28 23:10 305,781 --a------ C:\output.wrl
2008-02-28 16:53 . 2008-02-28 16:53 <DIR> d-------- C:\Program Files\directx
2008-02-28 16:48 . 2008-02-28 16:48 <DIR> d-------- C:\Program Files\Ubi Soft
2008-02-28 16:47 . 2008-03-01 16:20 <DIR> d--h----- C:\Program Files\Zero G Registry

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-25 14:10 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-03-24 22:26 --------- d-----w C:\Documents and Settings\Jessica\Application Data\LimeWire
2008-03-23 15:07 --------- d-----w C:\Program Files\3DO
2008-03-19 23:17 316,928 ----a-w C:\WINDOWS\Fonts\rar.exe
2008-03-18 04:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 18:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-02 18:17 --------- d-----w C:\Program Files\EA Games
2008-03-02 05:08 --------- d-----w C:\Program Files\Metin2.us
2008-03-02 04:02 --------- d-----w C:\Program Files\Project64 1.6
2008-03-01 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-03-01 22:44 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-01 16:09 --------- d-----w C:\Program Files\MSN Messenger
2008-03-01 16:08 --------- d-----w C:\Program Files\Windows Live
2008-02-27 05:16 --------- d-----w C:\Program Files\Diablo II
2008-02-26 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-24 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-23 23:56 --------- d-----w C:\Program Files\Tower Constructor
2008-02-23 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-23 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-14 01:55 102,400 ----a-w C:\WINDOWS\DIIUnin.exe
2008-02-12 02:05 --------- d--h--w C:\Program Files\InstallJammer Registry
2008-02-03 23:54 --------- d-----w C:\Program Files\Common Files\3DO Shared
2007-10-02 21:39 32,768 ----a-w C:\Documents and Settings\Jessica\winlogo.exe
2007-10-02 21:39 249 ----a-w C:\Documents and Settings\Jessica\4607.bat
2007-10-01 23:23 249 ----a-w C:\Documents and Settings\Jessica\2142.bat
2007-10-01 22:16 249 ----a-w C:\Documents and Settings\Jessica\1959.bat
2007-10-01 22:01 249 ----a-w C:\Documents and Settings\Jessica\8178.bat
2007-10-01 21:47 249 ----a-w C:\Documents and Settings\Jessica\1918.bat
2007-09-30 19:09 32,768 ----a-w C:\Documents and Settings\James\winlogo.exe
2007-09-30 19:09 249 ----a-w C:\Documents and Settings\James\5475.bat
2007-09-30 18:54 249 ----a-w C:\Documents and Settings\James\4479.bat
2007-09-30 18:39 249 ----a-w C:\Documents and Settings\James\5370.bat
2007-09-30 18:24 249 ----a-w C:\Documents and Settings\James\8735.bat
2007-09-30 18:09 249 ----a-w C:\Documents and Settings\James\8796.bat
2007-09-30 17:54 249 ----a-w C:\Documents and Settings\James\7112.bat
2007-09-30 17:39 249 ----a-w C:\Documents and Settings\James\6256.bat
2007-09-29 20:57 249 ----a-w C:\Documents and Settings\James\7470.bat
2007-09-29 20:42 249 ----a-w C:\Documents and Settings\James\7548.bat
2007-09-29 20:27 249 ----a-w C:\Documents and Settings\James\5934.bat
2007-09-29 20:12 249 ----a-w C:\Documents and Settings\James\6640.bat
2007-09-29 17:20 249 ----a-w C:\Documents and Settings\James\5152.bat
2007-09-29 16:08 249 ----a-w C:\Documents and Settings\Jessica\3609.bat
2006-11-20 20:28 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2007-08-28 20:13 88 --sh--r C:\WINDOWS\system32\280759C86D.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03B902B1-9B25-4173-9468-56775C85A8D4}]
C:\Program Files\Helper\1204401331.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1211CE4E-E3CB-474C-989F-527541027392}]
C:\Program Files\Windows Media Player\lavupaxos59.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7647864a-f97d-4ea4-bef7-7cc1ff7870c9}]
C:\WINDOWS\system32\xwkgwmkx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
C:\Program Files\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 14:31 68856]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 04:30 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 20:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 20:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 20:23 114688]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-01 20:42 2957824]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-27 04:41 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-05-28 18:31:07 118784]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-10-09 20:34:59 124912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}"= C:\WINDOWS\system32\xskmoqx.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcDwuTj]
ddcDwuTj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcddab]
efcddab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebaaay]
gebaaay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebayww]
gebayww.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklkij]
jkklkij.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrpmll]
rqrpmll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvstq]
wvuvstq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Metin2.us\\metin2.bin"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-01 20:42]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" []
S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-10-09 05:51]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 21:34:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2008-03-27 21:38:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-28 01:38:12
Pre-Run: 18,558,644,224 bytes free
Post-Run: 18,788,274,176 bytes free
.
2008-03-18 07:01:54 --- E O F ---
0
Utilisateur anonyme
28 mars 2008 à 10:15
bonjour il nous reste encore pas mal de trail sur ton pc tu as accumule plus d'infections que je pensais








Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de <gras>CFScript.txt.

Copie le texte en gras : ci-dessous :





registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03B902B1-9B25-4173-9468-56775C85A8D4}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1211CE4E-E3CB-474C-989F-527541027392}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7647864a-f97d-4ea4-bef7-7cc1ff7870c9}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler­]
"{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcDwuTj]
ddcDwuTj.dll

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcddab]
efcddab.dll

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebaaay]
gebaaay.dll

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebayww]
gebayww.dll

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklkij]
jkklkij.dll

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrpmll]
rqrpmll.dll

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvstq]
wvuvstq.dll

files::
C:\WINDOWS\system32\drxckokt.ini
C:\WINDOWS\system32\rlhcchss.ini
C:\WINDOWS\system32\rctuftvu.ini
C:\n.bat
C:\Program Files\1964
C:\Documents and Settings\Jessica\services.exe
C:\WINDOWS\b155.exe
C:\WINDOWS\b153.exe
C:\Documents and Settings\Jessica\winlogo.exe
C:\Documents and Settings\James\winlogo.exe
C:\Documents and Settings\Jessica\4607.bat
C:\Documents and Settings\Jessica\2142.bat
C:\Documents and Settings\Jessica\1959.bat
C:\Documents and Settings\Jessica\8178.bat
C:\Documents and Settings\Jessica\1918.bat
C:\Documents and Settings\James\winlogo.exe
C:\Documents and Settings\James\5475.bat
C:\Documents and Settings\James\4479.bat
C:\Documents and Settings\James\5370.bat
C:\Documents and Settings\James\8735.bat
C:\Documents and Settings\James\8796.bat
C:\Documents and Settings\James\7112.bat
C:\Documents and Settings\James\6256.bat
C:\Documents and Settings\James\7470.bat
C:\Documents and Settings\James\7548.bat
C:\Documents and Settings\James\5934.bat
C:\Documents and Settings\James\6640.bat
C:\Documents and Settings\James\5152.bat
C:\Documents and Settings\Jessica\3609.bat
C:\Program Files\RngInterstitial.dll
C:\WINDOWS\system32\280759C86D.sys

folder::
C:\WINDOWS\system32\xskmoqx.dll
C:\Program Files\NetProject\sbmdl.dll
C:\WINDOWS\system32\xwkgwmkx.dll
C:\Program Files\Windows Media Player\lavupaxos59.dll






fait Glisser maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

0
evilkat Messages postés 45 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 17 septembre 2008
28 mars 2008 à 15:33
et voila!!
dsl pour le décalage... je suis au canada... lol

ComboFix 08-03-26.3 - Jessica 2008-03-28 10:20:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.683 [GMT -4:00]
Running from: C:\Documents and Settings\Jessica\Desktop\spyware ect\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jessica\Desktop\spyware ect\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\James\err.log
C:\Documents and Settings\James\winlogo.exe
C:\Documents and Settings\Jessica\winlogo.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\b155.exe
C:\WINDOWS\sngpw40.exe
C:\WINDOWS\Sngsh40.dll
C:\WINDOWS\system32\ngpw40.exe
C:\WINDOWS\system32\ngsh40.dll
C:\WINDOWS\system32\RegClass.dll
C:\WINDOWS\system32\sms_msn40.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.

2008-03-27 17:50 . 2008-03-27 17:50 449,786,052 --a------ C:\upload_moi_D3SHSZ91.tar.gz
2008-03-27 04:36 . 2008-03-27 04:36 <DIR> d-------- C:\Program Files\Avira
2008-03-27 04:36 . 2008-03-27 04:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-26 16:00 . 2008-03-26 20:28 1,586,310 ---hs---- C:\WINDOWS\system32\drxckokt.ini
2008-03-25 21:06 . 2008-03-25 21:06 <DIR> d-------- C:\WINDOWS\wb
2008-03-25 20:59 . 2008-03-25 21:02 585 --a------ C:\WINDOWS\PowerReg.dat
2008-03-25 20:56 . 2008-03-25 20:56 <DIR> d-------- C:\Program Files\MicroProse
2008-03-25 20:55 . 2008-03-25 20:55 <DIR> d-------- C:\Documents and Settings\Jessica\WINDOWS
2008-03-25 20:55 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
2008-03-23 15:27 . 2008-03-27 09:47 <DIR> d-------- C:\Program Files\nvcoi
2008-03-22 18:57 . 2008-03-23 10:16 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-22 18:49 . 2008-03-22 18:49 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\DAEMON Tools
2008-03-22 18:49 . 2008-03-22 18:49 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-22 13:48 . 2008-03-22 13:48 1,543,219 ---hs---- C:\WINDOWS\system32\rlhcchss.ini
2008-03-22 13:01 . 2008-03-22 13:48 1,543,159 ---hs---- C:\WINDOWS\system32\rctuftvu.ini
2008-03-21 22:24 . 2008-03-21 22:24 <DIR> d-------- C:\WINDOWS\Build-a-lot DeLEGiON
2008-03-21 22:24 . 2008-03-21 22:24 <DIR> d-------- C:\Program Files\Build-a-lot DeLEGiON
2008-03-21 20:22 . 2008-03-27 04:16 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\Azureus
2008-03-21 20:22 . 2008-03-21 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-21 20:21 . 2008-03-21 22:29 <DIR> d-------- C:\Program Files\Azureus
2008-03-21 20:07 . 2008-03-21 20:07 648 --a------ C:\WINDOWS\system32\vbshell.tlb
2008-03-21 20:07 . 2008-03-21 20:07 648 --a------ C:\WINDOWS\system32\shdocvw.oca
2008-03-21 19:31 . 2008-03-21 21:23 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\Torrent Episode Downloader
2008-03-20 11:07 . 2008-03-20 11:07 128 --a------ C:\Documents and Settings\Jessica\services.exe
2008-03-20 10:04 . 2008-03-20 10:04 <DIR> d-------- C:\Program Files\General
2008-03-19 19:14 . 2008-03-19 19:14 134 --a------ C:\n.bat
2008-03-18 22:06 . 2008-03-18 22:08 <DIR> d-------- C:\Documents and Settings\Jessica\freecol
2008-03-18 21:31 . 2008-03-18 22:59 <DIR> d-------- C:\Program Files\freecol
2008-03-18 16:22 . 2008-03-18 16:23 <DIR> d-------- C:\Program Files\Buildalot
2008-03-18 16:16 . 2008-03-18 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-03-18 03:01 . 2008-03-18 03:01 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-17 17:30 . 2008-03-18 00:28 <DIR> d-------- C:\Program Files\Smugglers 3
2008-03-11 14:47 . 2008-03-11 14:47 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\muvee Technologies
2008-03-11 14:46 . 2008-03-11 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-03-03 17:37 . 2008-03-27 20:55 <DIR> d-------- C:\VundoFix Backups
2008-03-02 13:42 . 2008-03-02 13:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-02 12:36 . 2008-03-27 17:46 <DIR> d-------- C:\Program Files\Navilog1
2008-03-02 01:45 . 2008-03-02 01:45 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Spyware Terminator
2008-03-01 20:44 . 2008-03-27 04:20 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-03-01 20:42 . 2008-03-27 11:25 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-01 20:42 . 2008-03-27 11:00 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\Spyware Terminator
2008-03-01 20:42 . 2008-03-27 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-01 20:42 . 2008-03-01 20:42 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-01 20:35 . 2008-03-01 20:35 10,062,200 --a------ C:\SpywareTerminatorSetup.exe
2008-03-01 15:55 . 2008-03-02 00:08 <DIR> d-------- C:\Program Files\Sotfone
2008-03-01 12:08 . 2008-03-01 12:08 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 12:08 . 2008-03-01 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 23:31 . 2008-02-28 23:31 <DIR> d-------- C:\Program Files\1964
2008-02-28 23:20 . 2008-02-28 23:22 <DIR> d-------- C:\Program Files\mupen64 0.5
2008-02-28 23:10 . 2008-02-28 23:10 305,781 --a------ C:\output.wrl
2008-02-28 16:53 . 2008-02-28 16:53 <DIR> d-------- C:\Program Files\directx
2008-02-28 16:48 . 2008-02-28 16:48 <DIR> d-------- C:\Program Files\Ubi Soft
2008-02-28 16:47 . 2008-03-01 16:20 <DIR> d--h----- C:\Program Files\Zero G Registry

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-25 14:10 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-03-24 22:26 --------- d-----w C:\Documents and Settings\Jessica\Application Data\LimeWire
2008-03-23 15:07 --------- d-----w C:\Program Files\3DO
2008-03-19 23:17 316,928 ----a-w C:\WINDOWS\Fonts\rar.exe
2008-03-18 04:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 18:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-02 18:17 --------- d-----w C:\Program Files\EA Games
2008-03-02 05:08 --------- d-----w C:\Program Files\Metin2.us
2008-03-02 04:02 --------- d-----w C:\Program Files\Project64 1.6
2008-03-01 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-03-01 22:44 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-01 16:09 --------- d-----w C:\Program Files\MSN Messenger
2008-03-01 16:08 --------- d-----w C:\Program Files\Windows Live
2008-02-27 05:16 --------- d-----w C:\Program Files\Diablo II
2008-02-26 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-24 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-23 23:56 --------- d-----w C:\Program Files\Tower Constructor
2008-02-23 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-23 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-14 01:55 102,400 ----a-w C:\WINDOWS\DIIUnin.exe
2008-02-12 02:05 --------- d--h--w C:\Program Files\InstallJammer Registry
2008-02-03 23:54 --------- d-----w C:\Program Files\Common Files\3DO Shared
2007-10-02 21:39 249 ----a-w C:\Documents and Settings\Jessica\4607.bat
2007-10-01 23:23 249 ----a-w C:\Documents and Settings\Jessica\2142.bat
2007-10-01 22:16 249 ----a-w C:\Documents and Settings\Jessica\1959.bat
2007-10-01 22:01 249 ----a-w C:\Documents and Settings\Jessica\8178.bat
2007-10-01 21:47 249 ----a-w C:\Documents and Settings\Jessica\1918.bat
2007-09-30 19:09 249 ----a-w C:\Documents and Settings\James\5475.bat
2007-09-30 18:54 249 ----a-w C:\Documents and Settings\James\4479.bat
2007-09-30 18:39 249 ----a-w C:\Documents and Settings\James\5370.bat
2007-09-30 18:24 249 ----a-w C:\Documents and Settings\James\8735.bat
2007-09-30 18:09 249 ----a-w C:\Documents and Settings\James\8796.bat
2007-09-30 17:54 249 ----a-w C:\Documents and Settings\James\7112.bat
2007-09-30 17:39 249 ----a-w C:\Documents and Settings\James\6256.bat
2007-09-29 20:57 249 ----a-w C:\Documents and Settings\James\7470.bat
2007-09-29 20:42 249 ----a-w C:\Documents and Settings\James\7548.bat
2007-09-29 20:27 249 ----a-w C:\Documents and Settings\James\5934.bat
2007-09-29 20:12 249 ----a-w C:\Documents and Settings\James\6640.bat
2007-09-29 17:20 249 ----a-w C:\Documents and Settings\James\5152.bat
2007-09-29 16:08 249 ----a-w C:\Documents and Settings\Jessica\3609.bat
2006-11-20 20:28 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2007-08-28 20:13 88 --sh--r C:\WINDOWS\system32\280759C86D.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 14:31 68856]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 04:30 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 20:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 20:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 20:23 114688]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-01 20:42 2957824]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-27 04:41 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-05-28 18:31:07 118784]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-10-09 20:34:59 124912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}"= C:\WINDOWS\system32\xskmoqx.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Metin2.us\\metin2.bin"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-01 20:42]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" []
S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-10-09 05:51]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 10:26:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-03-28 10:29:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-28 14:29:45
ComboFix2.txt 2008-03-28 01:38:17
Pre-Run: 18,784,763,904 bytes free
Post-Run: 18,790,457,344 bytes free
.
2008-03-18 07:01:54 --- E O F ---
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Utilisateur anonyme
28 mars 2008 à 15:37
tu n'as pas a etre desoles ! bon on avance doucement mais on avance il reste encore des saletées dans ton pc voici la suite




Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
0
evilkat Messages postés 45 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 17 septembre 2008
28 mars 2008 à 16:18
et re voila!!



[b]SDFix: Version 1.163 [/b]

Run by Jessica on Fri 03/28/2008 at 10:53 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\PROGRA~1\WINDOW~2\LAVUPA~1 - Deleted
C:\Program Files\nvcoi\mst.stt - Deleted
C:\n.bat - Deleted
C:\Documents and Settings\Jessica\services.exe - Deleted



Folder C:\Program Files\nvcoi - Removed
Folder C:\Program Files\Sotfone - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 11:11:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:f5,8d,66,9d,6f,c0,f2,1b,f8,63,55,7b,d1,3b,d9,46,b8,7d,13,c1,57,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,13,34,96,4e,79,70,ae,bc,87,6a,8d,eb,25,49,fb,48,95,..
"khjeh"=hex:28,f6,1a,71,9c,8b,df,41,30,dd,b8,50,99,5d,b3,29,62,c5,e8,3b,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:73,dc,1b,f4,1c,dd,84,c9,23,5f,17,cf,61,0b,5b,95,dd,e2,28,a4,dd,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:64,f6,81,c2,91,cf,a1,3e,f0,c0,3e,85,57,6f,42,a4,8b,fb,cd,24,b5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:f5,8d,66,9d,6f,c0,f2,1b,f8,63,55,7b,d1,3b,d9,46,b8,7d,13,c1,57,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,13,34,96,4e,79,70,ae,bc,87,6a,8d,eb,25,49,fb,48,95,..
"khjeh"=hex:28,f6,1a,71,9c,8b,df,41,30,dd,b8,50,99,5d,b3,29,62,c5,e8,3b,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:73,dc,1b,f4,1c,dd,84,c9,23,5f,17,cf,61,0b,5b,95,dd,e2,28,a4,dd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:64,f6,81,c2,91,cf,a1,3e,f0,c0,3e,85,57,6f,42,a4,8b,fb,cd,24,b5,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 113


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Metin2.us\\metin2.bin"="C:\\Program Files\\Metin2.us\\metin2.bin:*:Enabled:metin2"
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"="C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Fri 26 May 2006 88 A.SHR --- "C:\i386\280759C86D.sys"
Fri 26 May 2006 3,350 A.SH. --- "C:\i386\KGyGaAvL.sys"
Tue 28 Aug 2007 88 ..SHR --- "C:\WINDOWS\system32\280759C86D.sys"
Tue 18 Mar 2008 56 ..SHR --- "C:\WINDOWS\system32\6DC8590728.sys"
Tue 18 Mar 2008 5,018 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 2 Oct 2007 1,174,418 A.SH. --- "C:\WINDOWS\system32\vybeg.tmp"
Wed 21 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 13 Feb 2006 121,344 A..HR --- "C:\Program Files\THQ\Dawn Of War\Disk1CheckW40k.EXE"
Wed 21 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 9 Aug 2007 8 A..H. --- "C:\Documents and Settings\Jessica\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Fri 10 Aug 2007 8 A..H. --- "C:\Documents and Settings\Jessica\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Thu 16 Aug 2007 8 A..H. --- "C:\Documents and Settings\Jessica\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Thu 16 Aug 2007 8 A..H. --- "C:\Documents and Settings\Jessica\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

[b]Finished![/b]
0
evilkat Messages postés 45 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 17 septembre 2008
28 mars 2008 à 16:18
et re voila!!



[b]SDFix: Version 1.163 [/b]

Run by Jessica on Fri 03/28/2008 at 10:53 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\PROGRA~1\WINDOW~2\LAVUPA~1 - Deleted
C:\Program Files\nvcoi\mst.stt - Deleted
C:\n.bat - Deleted
C:\Documents and Settings\Jessica\services.exe - Deleted



Folder C:\Program Files\nvcoi - Removed
Folder C:\Program Files\Sotfone - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 11:11:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:f5,8d,66,9d,6f,c0,f2,1b,f8,63,55,7b,d1,3b,d9,46,b8,7d,13,c1,57,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,13,34,96,4e,79,70,ae,bc,87,6a,8d,eb,25,49,fb,48,95,..
"khjeh"=hex:28,f6,1a,71,9c,8b,df,41,30,dd,b8,50,99,5d,b3,29,62,c5,e8,3b,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:73,dc,1b,f4,1c,dd,84,c9,23,5f,17,cf,61,0b,5b,95,dd,e2,28,a4,dd,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:64,f6,81,c2,91,cf,a1,3e,f0,c0,3e,85,57,6f,42,a4,8b,fb,cd,24,b5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:f5,8d,66,9d,6f,c0,f2,1b,f8,63,55,7b,d1,3b,d9,46,b8,7d,13,c1,57,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,13,34,96,4e,79,70,ae,bc,87,6a,8d,eb,25,49,fb,48,95,..
"khjeh"=hex:28,f6,1a,71,9c,8b,df,41,30,dd,b8,50,99,5d,b3,29,62,c5,e8,3b,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:73,dc,1b,f4,1c,dd,84,c9,23,5f,17,cf,61,0b,5b,95,dd,e2,28,a4,dd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:64,f6,81,c2,91,cf,a1,3e,f0,c0,3e,85,57,6f,42,a4,8b,fb,cd,24,b5,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 113


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Metin2.us\\metin2.bin"="C:\\Program Files\\Metin2.us\\metin2.bin:*:Enabled:metin2"
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"="C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Fri 26 May 2006 88 A.SHR --- "C:\i386\280759C86D.sys"
Fri 26 May 2006 3,350 A.SH. --- "C:\i386\KGyGaAvL.sys"
Tue 28 Aug 2007 88 ..SHR --- "C:\WINDOWS\system32\280759C86D.sys"
Tue 18 Mar 2008 56 ..SHR --- "C:\WINDOWS\system32\6DC8590728.sys"
Tue 18 Mar 2008 5,018 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 2 Oct 2007 1,174,418 A.SH. --- "C:\WINDOWS\system32\vybeg.tmp"
Wed 21 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 13 Feb 2006 121,344 A..HR --- "C:\Program Files\THQ\Dawn Of War\Disk1CheckW40k.EXE"
Wed 21 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 9 Aug 2007 8 A..H. --- "C:\Documents and Settings\Jessica\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Fri 10 Aug 2007 8 A..H. --- "C:\Documents and Settings\Jessica\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Thu 16 Aug 2007 8 A..H. --- "C:\Documents and Settings\Jessica\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Thu 16 Aug 2007 8 A..H. --- "C:\Documents and Settings\Jessica\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

[b]Finished![/b]
0
Utilisateur anonyme
28 mars 2008 à 16:42
parfait comment se porte ton pc ?
relance hijackthis do a scan systeme and save logfile copie et colle le rapport dans ta prochaine reponse
0
evilkat Messages postés 45 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 17 septembre 2008
28 mars 2008 à 17:01
il se porte beaucoup mieux!!!!!!!!!!

merci beaucoup!!!!!!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:11 PM, on 3/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellcanada.myway.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://creampuff34.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sorryimbusy.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab
O22 - SharedTaskScheduler: auras - {f0d4f88e-e1f8-460f-a41c-6cfb7f73af79} - C:\WINDOWS\system32\xskmoqx.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: (no name) - About:Home
0
evilkat Messages postés 45 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 17 septembre 2008
28 mars 2008 à 17:15
c'est tellement cool!!! je n'ai plus de pop ups et ma protection en temps réel a arreter de s'affoler!!!! merci énormément!!!!
0
Utilisateur anonyme
28 mars 2008 à 17:20
de rien , mais on as pas encore fini , malheureusement il en reste encore un peu


1-Télécharge BTFix de Bibi26
http://cluster1.easy-hebergement.net/

*Dézippe l'archive sur ton Bureau.
*Ouvre le dossier BTFix.
*Double clique sur BTFix.exe.
*Clique sur Rechercher.
*Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
0
evilkat Messages postés 45 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 17 septembre 2008
28 mars 2008 à 17:43
BTFix 1.091 (par bibi26) - 28/03/2008 12:42:54 - Analyse
Lancé depuis C:\Documents and Settings\Jessica\Desktop\spyware ect\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf

---> Analyse terminée le 28/03/2008 12:42:55
0
Utilisateur anonyme
28 mars 2008 à 17:50
* Démarre l'ordinateur en mode sans echecs.
* Une fois le chargement du BIOS terminé, il y a un écran noir.
* Appuie sur la touche F8 ou F5, à répétition jusqu'à l'affichage du menu des options avancées de Windows.
* En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuie sur Entrée.
* Choisis ton compte usuel et non Administrateur.

* Ouvre BTFix
* Clique sur "Nettoyer"
* Un rapport va apparaître, copie/colle-le dans ta prochaine réponse
0
evilkat Messages postés 45 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 17 septembre 2008
28 mars 2008 à 18:06
BTFix 1.091 (par bibi26) - 28/03/2008 13:02:17 - Nettoyage - Mode sans échec
Lancé depuis C:\Documents and Settings\Jessica\Desktop\spyware ect\BTFix\BTFix.exe

---> Fichiers/dossiers supprimés (Première passe)

- Fichiers temporaires effacés

---> Nettoyage terminé le 28/03/2008 13:02:23
0
evilkat Messages postés 45 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 17 septembre 2008
28 mars 2008 à 19:49
mon antivirus a trouver ceci: TR/Qhost.WV

est ce que tu connais?
0
Utilisateur anonyme
28 mars 2008 à 19:53
ok on attaques le dernier virage


télécharges smitfraudfix : (outil de desinfection )

En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php

tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
cela vas générer un rapport.

Copie/colle le rapport sur le forum stp.
0
evilkat Messages postés 45 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 17 septembre 2008
28 mars 2008 à 20:55
TR/Dldr.VB.dht a été trouvé aussi........




SmitFraudFix v2.309

Scan done at 15:52:51.37, Fri 03/28/2008
Run from C:\Documents and Settings\Jessica\Desktop\spyware ect\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jessica


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jessica\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jessica\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"=""
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}"="auras"

[HKEY_CLASSES_ROOT\CLSID\{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}\InProcServer32]
@="C:\WINDOWS\system32\xskmoqx.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}\InProcServer32]
@="C:\WINDOWS\system32\xskmoqx.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5CA02F89-6F4A-4C3B-A0B2-22577BA0AE5E}: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5CA02F89-6F4A-4C3B-A0B2-22577BA0AE5E}: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5CA02F89-6F4A-4C3B-A0B2-22577BA0AE5E}: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Utilisateur anonyme
28 mars 2008 à 21:06
parfait voici la suite , tu as cumule un grand nombre d'infection ton pc va te remercier , lol

Smitfraud option 2

Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal,
copie/colle le rapport sauvegardé sur le forum
0
evilkat Messages postés 45 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 17 septembre 2008
29 mars 2008 à 02:35
SmitFraudFix v2.309

Scan done at 20:11:51.26, Fri 03/28/2008
Run from C:\Documents and Settings\Jessica\Desktop\spyware ect\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}"="auras"

[HKEY_CLASSES_ROOT\CLSID\{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}\InProcServer32]
@="C:\WINDOWS\system32\xskmoqx.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}\InProcServer32]
@="C:\WINDOWS\system32\xskmoqx.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5CA02F89-6F4A-4C3B-A0B2-22577BA0AE5E}: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5CA02F89-6F4A-4C3B-A0B2-22577BA0AE5E}: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5CA02F89-6F4A-4C3B-A0B2-22577BA0AE5E}: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}"="auras"

[HKEY_CLASSES_ROOT\CLSID\{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}\InProcServer32]
@="C:\WINDOWS\system32\xskmoqx.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}\InProcServer32]
@="C:\WINDOWS\system32\xskmoqx.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End
0
Utilisateur anonyme
29 mars 2008 à 11:52
bonjour tu as reussi , maintenant ton pc dois commencer a se sentir mieu !

poste un nouveau rapport hijackthis avant d'attaquer le nettoyage final
0