Qq1 peut analyser svp...

evilkat Messages postés 45 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
j'ai spyware terminator et antivir mais j'ai encore des problemes...(pop-ups, voix dans les amplis...) je viens de faire les scans suivants, navilog, highjack this et clean... pouvez vous me dire quel est mon probleme???
merci!

Navilog

Search Navipromo version 3.4.8 commencé le Thu 03/27/2008 à 16:39:35.65

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 25.02.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "C:\Documents and Settings\Jessica\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Jessica\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Jessica\STARTM~1\Programs" ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Jessica\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

* Dans "C:\Documents and Settings\Jessica\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\onXFNqss.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\vybeg.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le Thu 03/27/2008 à 16:53:43.65 ***

Highjack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:59 PM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dellcanada.myway.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellcanada.myway.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BM9715a939] Rundll32.exe "C:\DOCUME~1\Jessica\LOCALS~1\Temp\xidebbjc.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://creampuff34.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sorryimbusy.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab
O22 - SharedTaskScheduler: auras - {f0d4f88e-e1f8-460f-a41c-6cfb7f73af79} - C:\WINDOWS\system32\xskmoqx.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: (no name) - About:Home

--
End of file - 7555 bytes

Clean

Thu 03/27/2008 a 17:48:24.65

*** Recherche C:

*** Recherche C:\WINDOWS\

*** Recherche C:\WINDOWS\system32
C:\WINDOWS\System32\regedit.com FOUND
C:\WINDOWS\system32\sms_msn40.exe FOUND

*** Recherche C:\Program Files
"C:\Program Files\outlook\" FOUND
Configuration: Windows XP
Internet Explorer 7.0

30 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    bonsoir tu as plusieurs infections differentes

    Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

    pour effectuer les fix deconnect toi et ferme toutes tes applications !!

    * Double-cliquer sur VundoFix.exe afin de le lancer.
    * Cliquer sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
    * Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
    * Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    * Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
    * Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

    _______________________

    Télécharge sur le bureau
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
    => Double clic sur VirtumundoBeGone.exe
    => Clic Continue ==> clic Start
    => Clic Oui
    => A la fin si Vundo est présent , le PC s’éteint et redémarre
    - Si Ecran bleu et message : Erreur fatale .. pas de problème
    => Poster le rapport VBG.TXT qui est sur le bureau

    ___________________________________

    Télécharges ComboFix à partir d'un de ces liens :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    https://forospyware.com
    http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

    Et important, enregistre le sur le bureau.

    Avant d'utiliser ComboFix :

    ► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    ► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    ► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
  2. evilkat Messages postés 45 Statut Membre
     
    tout d'abord merci pour ton temps!

    rien a signaler avec vundofix rien avec VirtumundoBeGone

    voici le rapport de ComboFix :

    ComboFix 08-03-26.3 - Jessica 2008-03-27 21:25:10.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.619 [GMT -4:00]
    Running from: C:\Documents and Settings\Jessica\Desktop\spyware ect\ComboFix.exe
    * Created a new restore point

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\James\Application Data\DriveCleaner 2006 Free
    C:\Documents and Settings\James\Application Data\DriveCleaner 2006 Free\Logs\update.log
    C:\Documents and Settings\James\Application Data\FunWebProducts
    C:\Documents and Settings\James\Application Data\SystemDoctor 2006 Free
    C:\Documents and Settings\James\Application Data\SystemDoctor 2006 Free\Logs\update.log
    C:\Documents and Settings\Jessica\Application Data\Adssite Advanced Toolbar
    C:\Documents and Settings\Jessica\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
    C:\Documents and Settings\Jessica\Application Data\Adssite Advanced Toolbar\selected.xml
    C:\Documents and Settings\Jessica\Application Data\macromedia\Flash Player\#SharedObjects\2HAGRWHM\iforex.com
    C:\Documents and Settings\Jessica\Application Data\macromedia\Flash Player\#SharedObjects\2HAGRWHM\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
    C:\Documents and Settings\Jessica\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\Documents and Settings\Jessica\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
    C:\Program Files\outlook
    C:\Program Files\Temporary
    C:\Program Files\Temporary\InsiDERInst.exe
    C:\Program Files\Windows NT\niqacidyq777444.dll
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\Temp\gbRve12
    C:\Temp\gbRve12\csLioes.log
    C:\Temp\xOe
    C:\Temp\xOe\tOasF.log
    C:\WINDOWS\BM9715a939.xml
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\ecurit~1
    C:\WINDOWS\ppatch~1
    C:\WINDOWS\ppatch~1\??pPatch\
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\A12
    C:\WINDOWS\system32\aqVreo18
    C:\WINDOWS\system32\avkmdxqw.dll
    C:\WINDOWS\system32\htjfrcom.dll
    C:\WINDOWS\system32\lvhlctua.dll
    C:\WINDOWS\system32\lyitcukb.dll
    C:\WINDOWS\system32\mbjkpvxb.dll
    C:\WINDOWS\system32\nvuyirue.dll
    C:\WINDOWS\system32\odvjpdau.dll
    C:\WINDOWS\system32\onXFNqss.ini
    C:\WINDOWS\system32\onXFNqss.ini2
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\regedit.com
    C:\WINDOWS\system32\rssfxbfo.dll
    C:\WINDOWS\system32\sqrgvygi.dll
    C:\WINDOWS\system32\ssqNFXno.dll
    C:\WINDOWS\system32\stera.log
    C:\WINDOWS\system32\vMW04a
    C:\WINDOWS\system32\wfkpmyks.dll
    C:\WINDOWS\system32\xhvfkfab.dll
    C:\winlogo.exe
    C:\winlogon.exe
    C:\x.dat
    C:\z.dat

    .
    ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
    .

    2008-03-27 17:50 . 2008-03-27 17:50 449,786,052 --a------ C:\upload_moi_D3SHSZ91.tar.gz
    2008-03-27 04:36 . 2008-03-27 04:36 <DIR> d-------- C:\Program Files\Avira
    2008-03-27 04:36 . 2008-03-27 04:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-26 16:00 . 2008-03-26 20:28 1,586,310 ---hs---- C:\WINDOWS\system32\drxckokt.ini
    2008-03-25 21:06 . 2008-03-25 21:06 <DIR> d-------- C:\WINDOWS\wb
    2008-03-25 20:59 . 2008-03-25 21:02 585 --a------ C:\WINDOWS\PowerReg.dat
    2008-03-25 20:56 . 2008-03-25 20:56 <DIR> d-------- C:\Program Files\MicroProse
    2008-03-25 20:55 . 2008-03-25 20:55 <DIR> d-------- C:\Documents and Settings\Jessica\WINDOWS
    2008-03-25 20:55 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
    2008-03-23 15:27 . 2008-03-27 09:47 <DIR> d-------- C:\Program Files\nvcoi
    2008-03-22 18:57 . 2008-03-23 10:16 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
    2008-03-22 18:49 . 2008-03-22 18:49 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\DAEMON Tools
    2008-03-22 18:49 . 2008-03-22 18:49 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-03-22 13:48 . 2008-03-22 13:48 1,543,219 ---hs---- C:\WINDOWS\system32\rlhcchss.ini
    2008-03-22 13:01 . 2008-03-22 13:48 1,543,159 ---hs---- C:\WINDOWS\system32\rctuftvu.ini
    2008-03-21 22:24 . 2008-03-21 22:24 <DIR> d-------- C:\WINDOWS\Build-a-lot DeLEGiON
    2008-03-21 22:24 . 2008-03-21 22:24 <DIR> d-------- C:\Program Files\Build-a-lot DeLEGiON
    2008-03-21 20:22 . 2008-03-27 04:16 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\Azureus
    2008-03-21 20:22 . 2008-03-21 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-03-21 20:21 . 2008-03-21 22:29 <DIR> d-------- C:\Program Files\Azureus
    2008-03-21 20:07 . 2008-03-21 20:07 650 --a------ C:\WINDOWS\system32\sms_msn40.exe
    2008-03-21 20:07 . 2008-03-21 20:07 649 --a------ C:\WINDOWS\system32\RegClass.dll
    2008-03-21 20:07 . 2008-03-21 20:07 648 --a------ C:\WINDOWS\system32\vbshell.tlb
    2008-03-21 20:07 . 2008-03-21 20:07 648 --a------ C:\WINDOWS\system32\shdocvw.oca
    2008-03-21 20:07 . 2008-03-21 20:07 647 --a------ C:\WINDOWS\system32\ngsh40.dll
    2008-03-21 20:07 . 2008-03-21 20:07 647 --a------ C:\WINDOWS\system32\ngpw40.exe
    2008-03-21 20:07 . 2008-03-21 20:07 647 --a------ C:\WINDOWS\Sngsh40.dll
    2008-03-21 20:07 . 2008-03-21 20:07 647 --a------ C:\WINDOWS\sngpw40.exe
    2008-03-21 19:31 . 2008-03-21 21:23 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\Torrent Episode Downloader
    2008-03-20 11:07 . 2008-03-20 11:07 128 --a------ C:\Documents and Settings\Jessica\services.exe
    2008-03-20 10:04 . 2008-03-20 10:04 <DIR> d-------- C:\Program Files\General
    2008-03-19 19:14 . 2008-03-19 19:14 134 --a------ C:\n.bat
    2008-03-18 22:06 . 2008-03-18 22:08 <DIR> d-------- C:\Documents and Settings\Jessica\freecol
    2008-03-18 21:31 . 2008-03-18 22:59 <DIR> d-------- C:\Program Files\freecol
    2008-03-18 16:22 . 2008-03-18 16:23 <DIR> d-------- C:\Program Files\Buildalot
    2008-03-18 16:16 . 2008-03-18 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games
    2008-03-18 03:01 . 2008-03-18 03:01 118 --a------ C:\WINDOWS\system32\MRT.INI
    2008-03-17 17:30 . 2008-03-18 00:28 <DIR> d-------- C:\Program Files\Smugglers 3
    2008-03-17 13:39 . 2008-03-17 11:39 66,560 --a------ C:\WINDOWS\b155.exe
    2008-03-11 14:47 . 2008-03-11 14:47 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\muvee Technologies
    2008-03-11 14:46 . 2008-03-11 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
    2008-03-03 17:37 . 2008-03-27 20:55 <DIR> d-------- C:\VundoFix Backups
    2008-03-02 13:42 . 2008-03-02 13:42 <DIR> d-------- C:\Program Files\Trend Micro
    2008-03-02 12:36 . 2008-03-27 17:46 <DIR> d-------- C:\Program Files\Navilog1
    2008-03-02 12:26 . 2008-03-02 10:26 73,728 --a------ C:\WINDOWS\b153.exe
    2008-03-02 01:45 . 2008-03-02 01:45 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Spyware Terminator
    2008-03-01 20:44 . 2008-03-27 04:20 <DIR> d-------- C:\Program Files\WinClamAVShield
    2008-03-01 20:42 . 2008-03-27 11:25 <DIR> d-------- C:\Program Files\Spyware Terminator
    2008-03-01 20:42 . 2008-03-27 11:00 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\Spyware Terminator
    2008-03-01 20:42 . 2008-03-27 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-03-01 20:42 . 2008-03-01 20:42 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-03-01 20:35 . 2008-03-01 20:35 10,062,200 --a------ C:\SpywareTerminatorSetup.exe
    2008-03-01 15:55 . 2008-03-02 00:08 <DIR> d-------- C:\Program Files\Sotfone
    2008-03-01 12:08 . 2008-03-01 12:08 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-01 12:08 . 2008-03-01 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-28 23:31 . 2008-02-28 23:31 <DIR> d-------- C:\Program Files\1964
    2008-02-28 23:20 . 2008-02-28 23:22 <DIR> d-------- C:\Program Files\mupen64 0.5
    2008-02-28 23:10 . 2008-02-28 23:10 305,781 --a------ C:\output.wrl
    2008-02-28 16:53 . 2008-02-28 16:53 <DIR> d-------- C:\Program Files\directx
    2008-02-28 16:48 . 2008-02-28 16:48 <DIR> d-------- C:\Program Files\Ubi Soft
    2008-02-28 16:47 . 2008-03-01 16:20 <DIR> d--h----- C:\Program Files\Zero G Registry

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-27 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-03-25 14:10 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    2008-03-24 22:26 --------- d-----w C:\Documents and Settings\Jessica\Application Data\LimeWire
    2008-03-23 15:07 --------- d-----w C:\Program Files\3DO
    2008-03-19 23:17 316,928 ----a-w C:\WINDOWS\Fonts\rar.exe
    2008-03-18 04:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-02 18:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-02 18:17 --------- d-----w C:\Program Files\EA Games
    2008-03-02 05:08 --------- d-----w C:\Program Files\Metin2.us
    2008-03-02 04:02 --------- d-----w C:\Program Files\Project64 1.6
    2008-03-01 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
    2008-03-01 22:44 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-03-01 16:09 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-01 16:08 --------- d-----w C:\Program Files\Windows Live
    2008-02-27 05:16 --------- d-----w C:\Program Files\Diablo II
    2008-02-26 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
    2008-02-24 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
    2008-02-23 23:56 --------- d-----w C:\Program Files\Tower Constructor
    2008-02-23 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-02-23 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-14 01:55 102,400 ----a-w C:\WINDOWS\DIIUnin.exe
    2008-02-12 02:05 --------- d--h--w C:\Program Files\InstallJammer Registry
    2008-02-03 23:54 --------- d-----w C:\Program Files\Common Files\3DO Shared
    2007-10-02 21:39 32,768 ----a-w C:\Documents and Settings\Jessica\winlogo.exe
    2007-10-02 21:39 249 ----a-w C:\Documents and Settings\Jessica\4607.bat
    2007-10-01 23:23 249 ----a-w C:\Documents and Settings\Jessica\2142.bat
    2007-10-01 22:16 249 ----a-w C:\Documents and Settings\Jessica\1959.bat
    2007-10-01 22:01 249 ----a-w C:\Documents and Settings\Jessica\8178.bat
    2007-10-01 21:47 249 ----a-w C:\Documents and Settings\Jessica\1918.bat
    2007-09-30 19:09 32,768 ----a-w C:\Documents and Settings\James\winlogo.exe
    2007-09-30 19:09 249 ----a-w C:\Documents and Settings\James\5475.bat
    2007-09-30 18:54 249 ----a-w C:\Documents and Settings\James\4479.bat
    2007-09-30 18:39 249 ----a-w C:\Documents and Settings\James\5370.bat
    2007-09-30 18:24 249 ----a-w C:\Documents and Settings\James\8735.bat
    2007-09-30 18:09 249 ----a-w C:\Documents and Settings\James\8796.bat
    2007-09-30 17:54 249 ----a-w C:\Documents and Settings\James\7112.bat
    2007-09-30 17:39 249 ----a-w C:\Documents and Settings\James\6256.bat
    2007-09-29 20:57 249 ----a-w C:\Documents and Settings\James\7470.bat
    2007-09-29 20:42 249 ----a-w C:\Documents and Settings\James\7548.bat
    2007-09-29 20:27 249 ----a-w C:\Documents and Settings\James\5934.bat
    2007-09-29 20:12 249 ----a-w C:\Documents and Settings\James\6640.bat
    2007-09-29 17:20 249 ----a-w C:\Documents and Settings\James\5152.bat
    2007-09-29 16:08 249 ----a-w C:\Documents and Settings\Jessica\3609.bat
    2006-11-20 20:28 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2007-08-28 20:13 88 --sh--r C:\WINDOWS\system32\280759C86D.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03B902B1-9B25-4173-9468-56775C85A8D4}]
    C:\Program Files\Helper\1204401331.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1211CE4E-E3CB-474C-989F-527541027392}]
    C:\Program Files\Windows Media Player\lavupaxos59.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7647864a-f97d-4ea4-bef7-7cc1ff7870c9}]
    C:\WINDOWS\system32\xwkgwmkx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
    C:\Program Files\NetProject\sbmdl.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 14:31 68856]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
    "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 04:30 486856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 20:22 94208]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 20:19 77824]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 20:23 114688]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-01 20:42 2957824]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-27 04:41 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-05-28 18:31:07 118784]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-10-09 20:34:59 124912]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}"= C:\WINDOWS\system32\xskmoqx.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcDwuTj]
    ddcDwuTj.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcddab]
    efcddab.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebaaay]
    gebaaay.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebayww]
    gebayww.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklkij]
    jkklkij.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrpmll]
    rqrpmll.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvstq]
    wvuvstq.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Metin2.us\\metin2.bin"=
    "C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
    "9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager

    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-01 20:42]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" []
    S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-10-09 05:51]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-27 21:34:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    .
    **************************************************************************
    .
    Completion time: 2008-03-27 21:38:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-28 01:38:12
    Pre-Run: 18,558,644,224 bytes free
    Post-Run: 18,788,274,176 bytes free
    .
    2008-03-18 07:01:54 --- E O F ---
    0
  3. Utilisateur anonyme
     
    bonjour il nous reste encore pas mal de trail sur ton pc tu as accumule plus d'infections que je pensais

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de <gras>CFScript.txt.

    Copie le texte en gras : ci-dessous :

    registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03B902B1-9B25-4173-9468-56775C85A8D4}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1211CE4E-E3CB-474C-989F-527541027392}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7647864a-f97d-4ea4-bef7-7cc1ff7870c9}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler­]
    "{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}"=-

    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcDwuTj]
    ddcDwuTj.dll

    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcddab]
    efcddab.dll

    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebaaay]
    gebaaay.dll

    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebayww]
    gebayww.dll

    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklkij]
    jkklkij.dll

    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrpmll]
    rqrpmll.dll

    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvstq]
    wvuvstq.dll

    files::
    C:\WINDOWS\system32\drxckokt.ini
    C:\WINDOWS\system32\rlhcchss.ini
    C:\WINDOWS\system32\rctuftvu.ini
    C:\n.bat
    C:\Program Files\1964
    C:\Documents and Settings\Jessica\services.exe
    C:\WINDOWS\b155.exe
    C:\WINDOWS\b153.exe
    C:\Documents and Settings\Jessica\winlogo.exe
    C:\Documents and Settings\James\winlogo.exe
    C:\Documents and Settings\Jessica\4607.bat
    C:\Documents and Settings\Jessica\2142.bat
    C:\Documents and Settings\Jessica\1959.bat
    C:\Documents and Settings\Jessica\8178.bat
    C:\Documents and Settings\Jessica\1918.bat
    C:\Documents and Settings\James\winlogo.exe
    C:\Documents and Settings\James\5475.bat
    C:\Documents and Settings\James\4479.bat
    C:\Documents and Settings\James\5370.bat
    C:\Documents and Settings\James\8735.bat
    C:\Documents and Settings\James\8796.bat
    C:\Documents and Settings\James\7112.bat
    C:\Documents and Settings\James\6256.bat
    C:\Documents and Settings\James\7470.bat
    C:\Documents and Settings\James\7548.bat
    C:\Documents and Settings\James\5934.bat
    C:\Documents and Settings\James\6640.bat
    C:\Documents and Settings\James\5152.bat
    C:\Documents and Settings\Jessica\3609.bat
    C:\Program Files\RngInterstitial.dll
    C:\WINDOWS\system32\280759C86D.sys

    folder::
    C:\WINDOWS\system32\xskmoqx.dll
    C:\Program Files\NetProject\sbmdl.dll
    C:\WINDOWS\system32\xwkgwmkx.dll
    C:\Program Files\Windows Media Player\lavupaxos59.dll


    fait Glisser maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    0
  4. evilkat Messages postés 45 Statut Membre
     
    et voila!!
    dsl pour le décalage... je suis au canada... lol

    ComboFix 08-03-26.3 - Jessica 2008-03-28 10:20:50.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.683 [GMT -4:00]
    Running from: C:\Documents and Settings\Jessica\Desktop\spyware ect\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Jessica\Desktop\spyware ect\CFScript.txt
    * Created a new restore point

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\James\err.log
    C:\Documents and Settings\James\winlogo.exe
    C:\Documents and Settings\Jessica\winlogo.exe
    C:\WINDOWS\b153.exe
    C:\WINDOWS\b155.exe
    C:\WINDOWS\sngpw40.exe
    C:\WINDOWS\Sngsh40.dll
    C:\WINDOWS\system32\ngpw40.exe
    C:\WINDOWS\system32\ngsh40.dll
    C:\WINDOWS\system32\RegClass.dll
    C:\WINDOWS\system32\sms_msn40.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
    .

    2008-03-27 17:50 . 2008-03-27 17:50 449,786,052 --a------ C:\upload_moi_D3SHSZ91.tar.gz
    2008-03-27 04:36 . 2008-03-27 04:36 <DIR> d-------- C:\Program Files\Avira
    2008-03-27 04:36 . 2008-03-27 04:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-26 16:00 . 2008-03-26 20:28 1,586,310 ---hs---- C:\WINDOWS\system32\drxckokt.ini
    2008-03-25 21:06 . 2008-03-25 21:06 <DIR> d-------- C:\WINDOWS\wb
    2008-03-25 20:59 . 2008-03-25 21:02 585 --a------ C:\WINDOWS\PowerReg.dat
    2008-03-25 20:56 . 2008-03-25 20:56 <DIR> d-------- C:\Program Files\MicroProse
    2008-03-25 20:55 . 2008-03-25 20:55 <DIR> d-------- C:\Documents and Settings\Jessica\WINDOWS
    2008-03-25 20:55 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
    2008-03-23 15:27 . 2008-03-27 09:47 <DIR> d-------- C:\Program Files\nvcoi
    2008-03-22 18:57 . 2008-03-23 10:16 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
    2008-03-22 18:49 . 2008-03-22 18:49 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\DAEMON Tools
    2008-03-22 18:49 . 2008-03-22 18:49 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-03-22 13:48 . 2008-03-22 13:48 1,543,219 ---hs---- C:\WINDOWS\system32\rlhcchss.ini
    2008-03-22 13:01 . 2008-03-22 13:48 1,543,159 ---hs---- C:\WINDOWS\system32\rctuftvu.ini
    2008-03-21 22:24 . 2008-03-21 22:24 <DIR> d-------- C:\WINDOWS\Build-a-lot DeLEGiON
    2008-03-21 22:24 . 2008-03-21 22:24 <DIR> d-------- C:\Program Files\Build-a-lot DeLEGiON
    2008-03-21 20:22 . 2008-03-27 04:16 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\Azureus
    2008-03-21 20:22 . 2008-03-21 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-03-21 20:21 . 2008-03-21 22:29 <DIR> d-------- C:\Program Files\Azureus
    2008-03-21 20:07 . 2008-03-21 20:07 648 --a------ C:\WINDOWS\system32\vbshell.tlb
    2008-03-21 20:07 . 2008-03-21 20:07 648 --a------ C:\WINDOWS\system32\shdocvw.oca
    2008-03-21 19:31 . 2008-03-21 21:23 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\Torrent Episode Downloader
    2008-03-20 11:07 . 2008-03-20 11:07 128 --a------ C:\Documents and Settings\Jessica\services.exe
    2008-03-20 10:04 . 2008-03-20 10:04 <DIR> d-------- C:\Program Files\General
    2008-03-19 19:14 . 2008-03-19 19:14 134 --a------ C:\n.bat
    2008-03-18 22:06 . 2008-03-18 22:08 <DIR> d-------- C:\Documents and Settings\Jessica\freecol
    2008-03-18 21:31 . 2008-03-18 22:59 <DIR> d-------- C:\Program Files\freecol
    2008-03-18 16:22 . 2008-03-18 16:23 <DIR> d-------- C:\Program Files\Buildalot
    2008-03-18 16:16 . 2008-03-18 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games
    2008-03-18 03:01 . 2008-03-18 03:01 118 --a------ C:\WINDOWS\system32\MRT.INI
    2008-03-17 17:30 . 2008-03-18 00:28 <DIR> d-------- C:\Program Files\Smugglers 3
    2008-03-11 14:47 . 2008-03-11 14:47 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\muvee Technologies
    2008-03-11 14:46 . 2008-03-11 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
    2008-03-03 17:37 . 2008-03-27 20:55 <DIR> d-------- C:\VundoFix Backups
    2008-03-02 13:42 . 2008-03-02 13:42 <DIR> d-------- C:\Program Files\Trend Micro
    2008-03-02 12:36 . 2008-03-27 17:46 <DIR> d-------- C:\Program Files\Navilog1
    2008-03-02 01:45 . 2008-03-02 01:45 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Spyware Terminator
    2008-03-01 20:44 . 2008-03-27 04:20 <DIR> d-------- C:\Program Files\WinClamAVShield
    2008-03-01 20:42 . 2008-03-27 11:25 <DIR> d-------- C:\Program Files\Spyware Terminator
    2008-03-01 20:42 . 2008-03-27 11:00 <DIR> d-------- C:\Documents and Settings\Jessica\Application Data\Spyware Terminator
    2008-03-01 20:42 . 2008-03-27 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-03-01 20:42 . 2008-03-01 20:42 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-03-01 20:35 . 2008-03-01 20:35 10,062,200 --a------ C:\SpywareTerminatorSetup.exe
    2008-03-01 15:55 . 2008-03-02 00:08 <DIR> d-------- C:\Program Files\Sotfone
    2008-03-01 12:08 . 2008-03-01 12:08 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-01 12:08 . 2008-03-01 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-28 23:31 . 2008-02-28 23:31 <DIR> d-------- C:\Program Files\1964
    2008-02-28 23:20 . 2008-02-28 23:22 <DIR> d-------- C:\Program Files\mupen64 0.5
    2008-02-28 23:10 . 2008-02-28 23:10 305,781 --a------ C:\output.wrl
    2008-02-28 16:53 . 2008-02-28 16:53 <DIR> d-------- C:\Program Files\directx
    2008-02-28 16:48 . 2008-02-28 16:48 <DIR> d-------- C:\Program Files\Ubi Soft
    2008-02-28 16:47 . 2008-03-01 16:20 <DIR> d--h----- C:\Program Files\Zero G Registry

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-28 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-03-25 14:10 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    2008-03-24 22:26 --------- d-----w C:\Documents and Settings\Jessica\Application Data\LimeWire
    2008-03-23 15:07 --------- d-----w C:\Program Files\3DO
    2008-03-19 23:17 316,928 ----a-w C:\WINDOWS\Fonts\rar.exe
    2008-03-18 04:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-02 18:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-02 18:17 --------- d-----w C:\Program Files\EA Games
    2008-03-02 05:08 --------- d-----w C:\Program Files\Metin2.us
    2008-03-02 04:02 --------- d-----w C:\Program Files\Project64 1.6
    2008-03-01 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
    2008-03-01 22:44 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-03-01 16:09 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-01 16:08 --------- d-----w C:\Program Files\Windows Live
    2008-02-27 05:16 --------- d-----w C:\Program Files\Diablo II
    2008-02-26 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
    2008-02-24 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
    2008-02-23 23:56 --------- d-----w C:\Program Files\Tower Constructor
    2008-02-23 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-02-23 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-14 01:55 102,400 ----a-w C:\WINDOWS\DIIUnin.exe
    2008-02-12 02:05 --------- d--h--w C:\Program Files\InstallJammer Registry
    2008-02-03 23:54 --------- d-----w C:\Program Files\Common Files\3DO Shared
    2007-10-02 21:39 249 ----a-w C:\Documents and Settings\Jessica\4607.bat
    2007-10-01 23:23 249 ----a-w C:\Documents and Settings\Jessica\2142.bat
    2007-10-01 22:16 249 ----a-w C:\Documents and Settings\Jessica\1959.bat
    2007-10-01 22:01 249 ----a-w C:\Documents and Settings\Jessica\8178.bat
    2007-10-01 21:47 249 ----a-w C:\Documents and Settings\Jessica\1918.bat
    2007-09-30 19:09 249 ----a-w C:\Documents and Settings\James\5475.bat
    2007-09-30 18:54 249 ----a-w C:\Documents and Settings\James\4479.bat
    2007-09-30 18:39 249 ----a-w C:\Documents and Settings\James\5370.bat
    2007-09-30 18:24 249 ----a-w C:\Documents and Settings\James\8735.bat
    2007-09-30 18:09 249 ----a-w C:\Documents and Settings\James\8796.bat
    2007-09-30 17:54 249 ----a-w C:\Documents and Settings\James\7112.bat
    2007-09-30 17:39 249 ----a-w C:\Documents and Settings\James\6256.bat
    2007-09-29 20:57 249 ----a-w C:\Documents and Settings\James\7470.bat
    2007-09-29 20:42 249 ----a-w C:\Documents and Settings\James\7548.bat
    2007-09-29 20:27 249 ----a-w C:\Documents and Settings\James\5934.bat
    2007-09-29 20:12 249 ----a-w C:\Documents and Settings\James\6640.bat
    2007-09-29 17:20 249 ----a-w C:\Documents and Settings\James\5152.bat
    2007-09-29 16:08 249 ----a-w C:\Documents and Settings\Jessica\3609.bat
    2006-11-20 20:28 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2007-08-28 20:13 88 --sh--r C:\WINDOWS\system32\280759C86D.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 14:31 68856]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 04:30 486856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 20:22 94208]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 20:19 77824]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 20:23 114688]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-01 20:42 2957824]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-27 04:41 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-05-28 18:31:07 118784]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-10-09 20:34:59 124912]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}"= C:\WINDOWS\system32\xskmoqx.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Metin2.us\\metin2.bin"=
    "C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
    "9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager

    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-01 20:42]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" []
    S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-10-09 05:51]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-28 10:26:28
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\msiexec.exe
    .
    **************************************************************************
    .
    Completion time: 2008-03-28 10:29:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-28 14:29:45
    ComboFix2.txt 2008-03-28 01:38:17
    Pre-Run: 18,784,763,904 bytes free
    Post-Run: 18,790,457,344 bytes free
    .
    2008-03-18 07:01:54 --- E O F ---
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    tu n'as pas a etre desoles ! bon on avance doucement mais on avance il reste encore des saletées dans ton pc voici la suite

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
    0
  7. evilkat Messages postés 45 Statut Membre
     
    et re voila!!

    [b]SDFix: Version 1.163 [/b]

    Run by Jessica on Fri 03/28/2008 at 10:53 AM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\PROGRA~1\WINDOW~2\LAVUPA~1 - Deleted
    C:\Program Files\nvcoi\mst.stt - Deleted
    C:\n.bat - Deleted
    C:\Documents and Settings\Jessica\services.exe - Deleted

    Folder C:\Program Files\nvcoi - Removed
    Folder C:\Program Files\Sotfone - Removed

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-28 11:11:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:f5,8d,66,9d,6f,c0,f2,1b,f8,63,55,7b,d1,3b,d9,46,b8,7d,13,c1,57,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,13,34,96,4e,79,70,ae,bc,87,6a,8d,eb,25,49,fb,48,95,..
    "khjeh"=hex:28,f6,1a,71,9c,8b,df,41,30,dd,b8,50,99,5d,b3,29,62,c5,e8,3b,4f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:73,dc,1b,f4,1c,dd,84,c9,23,5f,17,cf,61,0b,5b,95,dd,e2,28,a4,dd,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:64,f6,81,c2,91,cf,a1,3e,f0,c0,3e,85,57,6f,42,a4,8b,fb,cd,24,b5,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:f5,8d,66,9d,6f,c0,f2,1b,f8,63,55,7b,d1,3b,d9,46,b8,7d,13,c1,57,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,13,34,96,4e,79,70,ae,bc,87,6a,8d,eb,25,49,fb,48,95,..
    "khjeh"=hex:28,f6,1a,71,9c,8b,df,41,30,dd,b8,50,99,5d,b3,29,62,c5,e8,3b,4f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:73,dc,1b,f4,1c,dd,84,c9,23,5f,17,cf,61,0b,5b,95,dd,e2,28,a4,dd,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:64,f6,81,c2,91,cf,a1,3e,f0,c0,3e,85,57,6f,42,a4,8b,fb,cd,24,b5,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 113

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Metin2.us\\metin2.bin"="C:\\Program Files\\Metin2.us\\metin2.bin:*:Enabled:metin2"
    "C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"="C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe:*:Enabled:DarkCrusade"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
    "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [b]Remaining Files [/b]:

    File Backups: - C:\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Fri 26 May 2006 88 A.SHR --- "C:\i386\280759C86D.sys"
    Fri 26 May 2006 3,350 A.SH. --- "C:\i386\KGyGaAvL.sys"
    Tue 28 Aug 2007 88 ..SHR --- "C:\WINDOWS\system32\280759C86D.sys"
    Tue 18 Mar 2008 56 ..SHR --- "C:\WINDOWS\system32\6DC8590728.sys"
    Tue 18 Mar 2008 5,018 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Tue 2 Oct 2007 1,174,418 A.SH. --- "C:\WINDOWS\system32\vybeg.tmp"
    Wed 21 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Mon 13 Feb 2006 121,344 A..HR --- "C:\Program Files\THQ\Dawn Of War\Disk1CheckW40k.EXE"
    Wed 21 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Thu 9 Aug 2007 8 A..H. --- "C:\Documents and Settings\Jessica\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
    Fri 10 Aug 2007 8 A..H. --- "C:\Documents and Settings\Jessica\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
    Thu 16 Aug 2007 8 A..H. --- "C:\Documents and Settings\Jessica\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
    Thu 16 Aug 2007 8 A..H. --- "C:\Documents and Settings\Jessica\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

    [b]Finished![/b]
    0
  8. evilkat Messages postés 45 Statut Membre
     
    et re voila!!

    [b]SDFix: Version 1.163 [/b]

    Run by Jessica on Fri 03/28/2008 at 10:53 AM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\PROGRA~1\WINDOW~2\LAVUPA~1 - Deleted
    C:\Program Files\nvcoi\mst.stt - Deleted
    C:\n.bat - Deleted
    C:\Documents and Settings\Jessica\services.exe - Deleted

    Folder C:\Program Files\nvcoi - Removed
    Folder C:\Program Files\Sotfone - Removed

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-28 11:11:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:f5,8d,66,9d,6f,c0,f2,1b,f8,63,55,7b,d1,3b,d9,46,b8,7d,13,c1,57,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,13,34,96,4e,79,70,ae,bc,87,6a,8d,eb,25,49,fb,48,95,..
    "khjeh"=hex:28,f6,1a,71,9c,8b,df,41,30,dd,b8,50,99,5d,b3,29,62,c5,e8,3b,4f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:73,dc,1b,f4,1c,dd,84,c9,23,5f,17,cf,61,0b,5b,95,dd,e2,28,a4,dd,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:64,f6,81,c2,91,cf,a1,3e,f0,c0,3e,85,57,6f,42,a4,8b,fb,cd,24,b5,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:f5,8d,66,9d,6f,c0,f2,1b,f8,63,55,7b,d1,3b,d9,46,b8,7d,13,c1,57,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,13,34,96,4e,79,70,ae,bc,87,6a,8d,eb,25,49,fb,48,95,..
    "khjeh"=hex:28,f6,1a,71,9c,8b,df,41,30,dd,b8,50,99,5d,b3,29,62,c5,e8,3b,4f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:73,dc,1b,f4,1c,dd,84,c9,23,5f,17,cf,61,0b,5b,95,dd,e2,28,a4,dd,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:64,f6,81,c2,91,cf,a1,3e,f0,c0,3e,85,57,6f,42,a4,8b,fb,cd,24,b5,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 113

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Metin2.us\\metin2.bin"="C:\\Program Files\\Metin2.us\\metin2.bin:*:Enabled:metin2"
    "C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"="C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe:*:Enabled:DarkCrusade"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
    "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [b]Remaining Files [/b]:

    File Backups: - C:\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Fri 26 May 2006 88 A.SHR --- "C:\i386\280759C86D.sys"
    Fri 26 May 2006 3,350 A.SH. --- "C:\i386\KGyGaAvL.sys"
    Tue 28 Aug 2007 88 ..SHR --- "C:\WINDOWS\system32\280759C86D.sys"
    Tue 18 Mar 2008 56 ..SHR --- "C:\WINDOWS\system32\6DC8590728.sys"
    Tue 18 Mar 2008 5,018 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Tue 2 Oct 2007 1,174,418 A.SH. --- "C:\WINDOWS\system32\vybeg.tmp"
    Wed 21 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Mon 13 Feb 2006 121,344 A..HR --- "C:\Program Files\THQ\Dawn Of War\Disk1CheckW40k.EXE"
    Wed 21 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Thu 9 Aug 2007 8 A..H. --- "C:\Documents and Settings\Jessica\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
    Fri 10 Aug 2007 8 A..H. --- "C:\Documents and Settings\Jessica\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
    Thu 16 Aug 2007 8 A..H. --- "C:\Documents and Settings\Jessica\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
    Thu 16 Aug 2007 8 A..H. --- "C:\Documents and Settings\Jessica\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

    [b]Finished![/b]
    0
  9. Utilisateur anonyme
     
    parfait comment se porte ton pc ?
    relance hijackthis do a scan systeme and save logfile copie et colle le rapport dans ta prochaine reponse
    0
  10. evilkat Messages postés 45 Statut Membre
     
    il se porte beaucoup mieux!!!!!!!!!!

    merci beaucoup!!!!!!!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:00:11 PM, on 3/28/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellcanada.myway.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://creampuff34.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sorryimbusy.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab
    O22 - SharedTaskScheduler: auras - {f0d4f88e-e1f8-460f-a41c-6cfb7f73af79} - C:\WINDOWS\system32\xskmoqx.dll (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O24 - Desktop Component 0: (no name) - About:Home
    0
  11. evilkat Messages postés 45 Statut Membre
     
    c'est tellement cool!!! je n'ai plus de pop ups et ma protection en temps réel a arreter de s'affoler!!!! merci énormément!!!!
    0
  12. Utilisateur anonyme
     
    de rien , mais on as pas encore fini , malheureusement il en reste encore un peu

    1-Télécharge BTFix de Bibi26
    http://cluster1.easy-hebergement.net/

    *Dézippe l'archive sur ton Bureau.
    *Ouvre le dossier BTFix.
    *Double clique sur BTFix.exe.
    *Clique sur Rechercher.
    *Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
    0
  13. evilkat Messages postés 45 Statut Membre
     
    BTFix 1.091 (par bibi26) - 28/03/2008 12:42:54 - Analyse
    Lancé depuis C:\Documents and Settings\Jessica\Desktop\spyware ect\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouvés

    - C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf

    ---> Analyse terminée le 28/03/2008 12:42:55
    0
  14. Utilisateur anonyme
     
    * Démarre l'ordinateur en mode sans echecs.
    * Une fois le chargement du BIOS terminé, il y a un écran noir.
    * Appuie sur la touche F8 ou F5, à répétition jusqu'à l'affichage du menu des options avancées de Windows.
    * En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuie sur Entrée.
    * Choisis ton compte usuel et non Administrateur.

    * Ouvre BTFix
    * Clique sur "Nettoyer"
    * Un rapport va apparaître, copie/colle-le dans ta prochaine réponse
    0
  15. evilkat Messages postés 45 Statut Membre
     
    BTFix 1.091 (par bibi26) - 28/03/2008 13:02:17 - Nettoyage - Mode sans échec
    Lancé depuis C:\Documents and Settings\Jessica\Desktop\spyware ect\BTFix\BTFix.exe

    ---> Fichiers/dossiers supprimés (Première passe)

    - Fichiers temporaires effacés

    ---> Nettoyage terminé le 28/03/2008 13:02:23
    0
  16. evilkat Messages postés 45 Statut Membre
     
    mon antivirus a trouver ceci: TR/Qhost.WV

    est ce que tu connais?
    0
  17. Utilisateur anonyme
     
    ok on attaques le dernier virage

    télécharges smitfraudfix : (outil de desinfection )

    En image :
    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
    cela vas générer un rapport.

    Copie/colle le rapport sur le forum stp.
    0
  18. evilkat Messages postés 45 Statut Membre
     
    TR/Dldr.VB.dht a été trouvé aussi........

    SmitFraudFix v2.309

    Scan done at 15:52:51.37, Fri 03/28/2008
    Run from C:\Documents and Settings\Jessica\Desktop\spyware ect\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jessica

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jessica\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jessica\FAVORI~1

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"=""
    "FriendlyName"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}"="auras"

    [HKEY_CLASSES_ROOT\CLSID\{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}\InProcServer32]
    @="C:\WINDOWS\system32\xskmoqx.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}\InProcServer32]
    @="C:\WINDOWS\system32\xskmoqx.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
    DNS Server Search Order: 192.168.2.1
    DNS Server Search Order: 192.168.2.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{5CA02F89-6F4A-4C3B-A0B2-22577BA0AE5E}: DhcpNameServer=192.168.2.1 192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{5CA02F89-6F4A-4C3B-A0B2-22577BA0AE5E}: DhcpNameServer=192.168.2.1 192.168.2.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{5CA02F89-6F4A-4C3B-A0B2-22577BA0AE5E}: DhcpNameServer=192.168.2.1 192.168.2.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

    »»»»»»»»»»»»»»»»»»»»»»»» End
    0
  19. Utilisateur anonyme
     
    parfait voici la suite , tu as cumule un grand nombre d'infection ton pc va te remercier , lol

    Smitfraud option 2

    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    Relance le programme Smitfraud,
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport, Redémarre en mode normal,
    copie/colle le rapport sauvegardé sur le forum
    0
  20. evilkat Messages postés 45 Statut Membre
     
    SmitFraudFix v2.309

    Scan done at 20:11:51.26, Fri 03/28/2008
    Run from C:\Documents and Settings\Jessica\Desktop\spyware ect\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}"="auras"

    [HKEY_CLASSES_ROOT\CLSID\{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}\InProcServer32]
    @="C:\WINDOWS\system32\xskmoqx.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}\InProcServer32]
    @="C:\WINDOWS\system32\xskmoqx.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{5CA02F89-6F4A-4C3B-A0B2-22577BA0AE5E}: DhcpNameServer=192.168.2.1 192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{5CA02F89-6F4A-4C3B-A0B2-22577BA0AE5E}: DhcpNameServer=192.168.2.1 192.168.2.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{5CA02F89-6F4A-4C3B-A0B2-22577BA0AE5E}: DhcpNameServer=192.168.2.1 192.168.2.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}"="auras"

    [HKEY_CLASSES_ROOT\CLSID\{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}\InProcServer32]
    @="C:\WINDOWS\system32\xskmoqx.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}\InProcServer32]
    @="C:\WINDOWS\system32\xskmoqx.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» End
    0
  21. Utilisateur anonyme
     
    bonjour tu as reussi , maintenant ton pc dois commencer a se sentir mieu !

    poste un nouveau rapport hijackthis avant d'attaquer le nettoyage final
    0
  • 1
  • 2