Sujet Précédent Sujet Suivant

Virus dropper

Fermé
sad67 - 1 oct. 2008 à 22:50
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 3 oct. 2008 à 22:31
Bonjour, J ai chopper des droppers mon pc beug apres quelque minute ou beug au demarrage je peu plus rien faire y a des programmes qui manque puis windows update est hors service merci de m aider j envoie le rapport HijackThis .


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55, on 01/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\eMule\emule.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tanrikulu\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://eo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7655838A-E444-433C-8086-46ECD6102D41} - C:\WINDOWS\system32\hgGyXoOe.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: {d6c565d9-c2be-e74b-1d84-4fe6ba41ae5c} - {c5ea14ab-6ef4-48d1-b47e-eb2c9d565c6d} - C:\WINDOWS\system32\sqpagq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [f8148482] rundll32.exe "C:\WINDOWS\system32\bjsjgnkw.dll",b
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BlueStork BS-WG-USB Wireless LAN Utility.lnk = C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.tiktik.net/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1221660712343
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F3AC18F-3DCB-4C8E-A1DE-F48E19739576} (SesliSistem Control) - http://www.seslisistem.com/newcab/ss.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://80.237.209.20/objects/NpFp415.dll
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB63} (Flatcast Producer 4.16) - http://data.flatcast.com/data/objects/NpFp41629.dll
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB66} (Flatcast Producer 5.0) - http://controls.flatcast-data.com/data/objects/NpFp501.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.flatcast.com/data/objects/NpFv501.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D10B851-FCAD-4634-92C7-8A6841BCFD40}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: tfvose.dll sqpagq.dll
O20 - Winlogon Notify: tuvUMfgF - tuvUMfgF.dll (file missing)
O20 - Winlogon Notify: xxywWpQi - xxywWpQi.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
A voir également:

72 réponses

Précédent
Réponse 21 / 72
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
2 oct. 2008 à 01:35
re,

postes bien les rapports demandés , je les analyserai et te réponderai demain ... C'est l'heure du dodo pour moi ...




A demain donc pour la suite ... =)

D'ici là , ne touches pas au PC ! Sauf pour venir ici poursuivre la désinfection ...
0
Réponse 22 / 72
sad67
2 oct. 2008 à 01:49
[b]SDFix: Version 1.230 [/b]
Run by Tanrikulu on 02/10/2008 at 01:40

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\Tanrikulu\real.txt - Deleted
C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted
C:\WINDOWS\system32\tdssadw.dll - Deleted
C:\WINDOWS\system32\tdssinit.dll - Deleted
C:\WINDOWS\system32\tdssl.dll - Deleted
C:\WINDOWS\system32\tdsslog.dll - Deleted
C:\WINDOWS\system32\tdssmain.dll - Deleted
C:\WINDOWS\system32\tdssserf.dll - Deleted
C:\WINDOWS\system32\tdssservers.dat - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 01:44:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Thu 25 Oct 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 11 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 20 Oct 2007 444 ...HR --- "C:\Documents and Settings\Tanrikulu\Application Data\SecuROM\UserData\securom_v7_01.bak"

[b]Finished![/b]
0
Réponse 23 / 72
sad67
2 oct. 2008 à 01:50
Logfile of random's system information tool 1.04 (written by random/random)
Run by Tanrikulu at 2008-10-02 01:49:38
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 50 GB (50%) free of 100 GB
Total RAM: 2047 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:49:50, on 02/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Tanrikulu\Bureau\RSIT.exe
C:\Program Files\trend micro\Tanrikulu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7655838A-E444-433C-8086-46ECD6102D41} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: {d6c565d9-c2be-e74b-1d84-4fe6ba41ae5c} - {c5ea14ab-6ef4-48d1-b47e-eb2c9d565c6d} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [f8148482] rundll32.exe "C:\WINDOWS\system32\bjsjgnkw.dll",b
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BlueStork BS-WG-USB Wireless LAN Utility.lnk = C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.tiktik.net/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1221660712343
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F3AC18F-3DCB-4C8E-A1DE-F48E19739576} (SesliSistem Control) - http://www.seslisistem.com/newcab/ss.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://80.237.209.20/objects/NpFp415.dll
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB63} (Flatcast Producer 4.16) - http://data.flatcast.com/data/objects/NpFp41629.dll
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB66} (Flatcast Producer 5.0) - http://controls.flatcast-data.com/data/objects/NpFp501.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.flatcast.com/data/objects/NpFv501.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D10B851-FCAD-4634-92C7-8A6841BCFD40}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: tfvose.dll sqpagq.dll
O20 - Winlogon Notify: tuvUMfgF - tuvUMfgF.dll (file missing)
O20 - Winlogon Notify: xxywWpQi - xxywWpQi.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 24 / 72
sad67
2 oct. 2008 à 01:52
ok ca marche merci bcp pour ton aide a demain bonne nuit
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 72
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
2 oct. 2008 à 09:36
Salut,

suite des opérations :


1- refais un coup de CCleaner (registre compris) .


2- Télécharges MalwareByte's :
ici ftp://ftp.commentcamarche.com/download/mbam-setup.exe
ou ici : http://www.malwarebytes.org/mbam.php

Installes le ( choisis bien "francais" ; ne modifies pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharges le ici : https://www.malekal.com/tutorial-aboutbuster/ )

Potasses le tuto pour te familiariser avec le prg : https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

Impératif : redémarres en mode sans échec :

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec
1) Redémarres ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...)

Lances Malwarebyte's .

Fais un scan dit "complet" ( sélectionnes bien tous tes disks avant le scan ! ) et supprimes tout ce qu'il peut trouver, c'est à dire :
-->Laisses le scan se terminer,puis à la fin tu cliques sur "résultat" .
-->Vérifies que tous les objets infectés soient validés, puis cliques sur " suppression " .

Redémarres ton PC ( mode normal ).

Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date) accompagné d'un nouveaurapport RSIT ( fait en mode normal ) ...
0
Réponse 26 / 72
sad67
2 oct. 2008 à 13:21
Salut j ai lancer malwarebytes je te donne le resultat des que je rentre d ici 3 h
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
2 oct. 2008 à 13:27
Ok ... ;)
0
Réponse 27 / 72
sad67
2 oct. 2008 à 16:53
me revoila c finie je t envoie le rapport

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1225
Windows 5.1.2600 Service Pack 3

02/10/2008 16:43:35
mbam-log-2008-10-02 (16-43-35).txt

Type de recherche: Examen complet (C:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 87731
Temps écoulé: 3 hour(s), 16 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\tfvose.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd.dll (Rogue.PCAntispyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd.dll (Rogue.PCAntispyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f8148482 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\bjsjgnkw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wkngjsjb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Everest Poker\casino.exe (Adware.Adorable casino) -> Quarantined and deleted successfully.
C:\Program Files\Everest Poker\gvcrt.dll (Adware.Adorable casino) -> Quarantined and deleted successfully.
C:\Program Files\Everest Poker\gvmain.exe (Adware.Adorable casino) -> Quarantined and deleted successfully.
C:\WINDOWS\emgs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijasflwk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcmyqhgl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\npcgvoka.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfdnwm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rcjtks.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfvose.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tkltnhbm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.




Logfile of random's system information tool 1.04 (written by random/random)
Run by Tanrikulu at 2008-10-02 16:52:05
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 50 GB (50%) free of 100 GB
Total RAM: 2047 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52:16, on 02/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tanrikulu\Bureau\RSIT.exe
C:\Program Files\trend micro\Tanrikulu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7655838A-E444-433C-8086-46ECD6102D41} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: {d6c565d9-c2be-e74b-1d84-4fe6ba41ae5c} - {c5ea14ab-6ef4-48d1-b47e-eb2c9d565c6d} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BlueStork BS-WG-USB Wireless LAN Utility.lnk = C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.tiktik.net/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1221660712343
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F3AC18F-3DCB-4C8E-A1DE-F48E19739576} (SesliSistem Control) - http://www.seslisistem.com/newcab/ss.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://80.237.209.20/objects/NpFp415.dll
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB63} (Flatcast Producer 4.16) - http://data.flatcast.com/data/objects/NpFp41629.dll
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB66} (Flatcast Producer 5.0) - http://controls.flatcast-data.com/data/objects/NpFp501.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.flatcast.com/data/objects/NpFv501.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D10B851-FCAD-4634-92C7-8A6841BCFD40}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: tfvose.dll sqpagq.dll
O20 - Winlogon Notify: tuvUMfgF - tuvUMfgF.dll (file missing)
O20 - Winlogon Notify: xxywWpQi - xxywWpQi.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 28 / 72
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
2 oct. 2008 à 17:05
Bien ... Dans l'ordre :

1- Supprimes tout ce qui se trouve dans la quarantaine de Malwarebytes .


2- refais un coup de CCleaner ( registre compris ) .


3- Fais exactement ce qui suit :

Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! Déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENSES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques sur l'icône "combofix.exe" pour lancer l'outil .

Appuyes sur la touche Y (Yes) pour démarrer le scan .

Notes importantes :
--> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
--> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisses le faire .
--> si un message d'erreur windows apparait à un momment : clik sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée dans: C:\Combofix.txt

Postes le rapport Combofix accompagné d'un nouveau rapport RSIT pour analyse ...
0
Réponse 29 / 72
sad67
2 oct. 2008 à 17:13
est ce que je doit installer la console de recuperation comme dit dans le tuto ?
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
2 oct. 2008 à 17:16
non , cela devrai être bon ... parcontre suis bien toutes les instructions que je t'ai donné ... ;)
0
Réponse 30 / 72
sad67
2 oct. 2008 à 17:18
ok ca marche
0
Réponse 31 / 72
sad67
2 oct. 2008 à 17:41
ComboFix 08-10-01.05 - Tanrikulu 2008-10-02 17:24:35.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1607 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Tanrikulu\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\wfdigaey.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_FREEZESCREENSAVER
-------\Legacy_MCHINJDRV
-------\Legacy_TDSSSERV
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
.

2008-10-02 13:14 . 2008-10-02 13:14 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-02 13:14 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-02 13:14 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-02 01:39 . 2008-10-02 01:39 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-02 01:36 . 2008-10-02 01:37 <REP> d-------- C:\WINDOWS\ERUNT
2008-10-02 01:30 . 2008-10-02 01:46 <REP> d-------- C:\SDFix
2008-10-01 23:40 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-01 23:40 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-01 23:40 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-01 23:40 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-01 23:40 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-01 23:11 . 2008-10-01 23:11 <REP> d-------- C:\rsit
2008-10-01 23:11 . 2008-10-02 16:52 <REP> d-------- C:\Program Files\trend micro
2008-10-01 22:44 . 2008-10-01 22:44 244 --ah----- C:\sqmnoopt06.sqm
2008-10-01 22:44 . 2008-10-01 22:44 232 --ah----- C:\sqmdata05.sqm
2008-09-27 00:47 . 2008-09-27 00:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-09-26 07:11 . 2008-09-26 07:11 143 --a------ C:\WINDOWS\system32\mcrh.MSNFix
2008-09-25 07:16 . 2008-10-02 17:26 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-09-24 21:09 . 2008-09-24 21:09 44 --a------ C:\WINDOWS\cookies.MSNFix
2008-09-22 21:49 . 2008-09-23 21:49 1,077,366 ---hs---- C:\WINDOWS\system32\knidjriq.ini
2008-09-21 04:20 . 2008-09-22 21:49 1,036,052 ---hs---- C:\WINDOWS\system32\weksikyw.ini
2008-09-19 23:09 . 2008-09-19 23:10 <REP> d-------- C:\Program Files\RootKit Hook Analyzer
2008-09-19 23:09 . 2007-07-07 00:39 19,248 --a------ C:\WINDOWS\system32\drivers\rspsc32.sys
2008-09-18 20:20 . 2008-09-19 23:53 978,073 ---hs---- C:\WINDOWS\system32\gckiahob.ini
2008-09-18 20:19 . 2008-09-24 19:08 558,760 --ahs---- C:\WINDOWS\system32\eOoXyGgh.ini2
2008-09-18 20:19 . 2008-09-24 19:09 558,760 --ahs---- C:\WINDOWS\system32\eOoXyGgh.ini
2008-09-18 19:32 . 2008-09-18 19:32 <REP> d-------- C:\WINDOWS\system32\document
2008-09-18 19:32 . 2008-09-18 19:32 <REP> d-------- C:\Documents and Settings\Tanrikulu\document
2008-09-18 15:41 . 2008-09-18 15:41 <REP> d-------- C:\WINDOWS\system32\msmq
2008-09-18 15:41 . 2008-09-18 15:41 <REP> d-------- C:\Inetpub
2008-09-18 15:16 . 2008-09-18 15:16 1,005,871 --ahs---- C:\WINDOWS\system32\vrjejhgg.ini
2008-09-18 14:09 . 2008-09-18 14:09 <REP> d-------- C:\Documents and Settings\Tanrikulu\Application Data\MSNInstaller
2008-09-17 22:49 . 2008-09-17 22:49 91 --a------ C:\WINDOWS\wininit.ini
2008-09-17 14:22 . 2008-10-01 21:39 <REP> d-------- C:\Program Files\WinClamAVShield
2008-09-16 21:10 . 2008-09-16 21:10 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-09-16 15:38 . 2008-09-18 15:16 1,005,871 ---hs---- C:\WINDOWS\system32\bfjgyhcl.ini
2008-09-16 15:37 . 2008-09-18 17:30 448,612 --ahs---- C:\WINDOWS\system32\iQXbHRqr.ini2
2008-09-16 15:37 . 2008-09-18 17:31 448,612 --ahs---- C:\WINDOWS\system32\iQXbHRqr.ini
2008-09-09 02:22 . 2008-09-09 03:05 <REP> d-------- C:\Program Files\Steam
2008-09-09 02:21 . 2008-09-09 03:00 <REP> d-------- C:\Program Files\EoRezo

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-01 20:55 --------- d-----w C:\Program Files\eMule
2008-10-01 19:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-30 17:04 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\Spyware Terminator
2008-09-28 23:55 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\LimeWire
2008-09-28 21:53 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-18 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-17 20:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-17 20:06 --------- d-----w C:\Program Files\Everest Poker
2008-09-16 22:22 --------- d-----w C:\Program Files\RKFree
2008-09-10 09:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 01:00 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\EoRezo
2008-08-31 03:28 --------- d-----w C:\Program Files\LimeWire
2008-08-30 13:50 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\Printer Info Cache
2008-08-30 13:50 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\Image Zone Express
2008-08-29 00:23 --------- d-----w C:\Program Files\Lavasoft
2008-08-29 00:23 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-29 00:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-23 21:03 --------- d-----w C:\Program Files\Tvnet Online Media Center 3.6
2008-08-23 21:02 --------- d-----w C:\Program Files\Tvnet Online Media Center 3.5
2008-08-20 16:48 --------- d-----w C:\Program Files\Mayan Waterfall 3D Screensaver
2008-08-19 22:17 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-19 12:48 --------- d-----w C:\Program Files\Ancient Castle 3D Screensaver
2008-08-19 12:45 --------- d-----w C:\Program Files\Spirit of Fire 3D Screensaver
2008-08-19 12:43 --------- d-----w C:\Program Files\Lagoon 3D Screensaver
2008-08-19 12:40 --------- d-----w C:\Program Files\Deep Space 3D Screensaver
2008-08-19 12:36 --------- d-----w C:\Program Files\Watermill 3D Screensaver
2008-08-19 12:34 --------- d-----w C:\Program Files\Fireplace 3D Screensaver
2008-08-19 12:34 --------- d-----w C:\Program Files\3Planesoft Screensaver Manager
2008-08-19 12:31 --------- d-----w C:\Program Files\Koi Fish 3D Screensaver
2008-08-06 19:50 72,748 ----a-w C:\WINDOWS\unins000.exe
2008-08-06 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winferno
2008-08-06 19:28 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2008-08-06 19:28 --------- d-----w C:\Program Files\Real
2008-08-06 19:28 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-08-06 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-12 68856]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-29 185632]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 8491008]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-03 1817600]
"nwiz"="nwiz.exe" [2007-09-17 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=tfvose.dll sqpagq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-03 141312]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
S3 RTL8187B;BlueStork BS-WG-USB Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2008-02-20 275712]
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{7655838A-E444-433C-8086-46ECD6102D41} - (no file)
BHO-{c5ea14ab-6ef4-48d1-b47e-eb2c9d565c6d} - (no file)
ShellExecuteHooks-{135B4804-7728-4137-B6D8-5CC590110C9D} - (no file)
Notify-tuvUMfgF - tuvUMfgF.dll
Notify-WgaLogon - (no file)
Notify-xxywWpQi - xxywWpQi.dll


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Tanrikulu\Application Data\Mozilla\Firefox\Profiles\lm5zwgat.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://eo.st
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 17:27:12
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-10-02 17:29:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-02 15:29:40

Avant-CF: 52ÿ093ÿ644ÿ800 octets libres
Après-CF: 52,003,692,544 octets libres

186 --- E O F --- 2008-09-10 09:53:15
0
Réponse 32 / 72
sad67
2 oct. 2008 à 17:43
ComboFix 08-10-01.05 - Tanrikulu 2008-10-02 17:24:35.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1607 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Tanrikulu\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\wfdigaey.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_FREEZESCREENSAVER
-------\Legacy_MCHINJDRV
-------\Legacy_TDSSSERV
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
.

2008-10-02 13:14 . 2008-10-02 13:14 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-02 13:14 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-02 13:14 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-02 01:39 . 2008-10-02 01:39 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-02 01:36 . 2008-10-02 01:37 <REP> d-------- C:\WINDOWS\ERUNT
2008-10-02 01:30 . 2008-10-02 01:46 <REP> d-------- C:\SDFix
2008-10-01 23:40 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-01 23:40 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-01 23:40 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-01 23:40 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-01 23:40 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-01 23:11 . 2008-10-01 23:11 <REP> d-------- C:\rsit
2008-10-01 23:11 . 2008-10-02 16:52 <REP> d-------- C:\Program Files\trend micro
2008-10-01 22:44 . 2008-10-01 22:44 244 --ah----- C:\sqmnoopt06.sqm
2008-10-01 22:44 . 2008-10-01 22:44 232 --ah----- C:\sqmdata05.sqm
2008-09-27 00:47 . 2008-09-27 00:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-09-26 07:11 . 2008-09-26 07:11 143 --a------ C:\WINDOWS\system32\mcrh.MSNFix
2008-09-25 07:16 . 2008-10-02 17:26 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-09-24 21:09 . 2008-09-24 21:09 44 --a------ C:\WINDOWS\cookies.MSNFix
2008-09-22 21:49 . 2008-09-23 21:49 1,077,366 ---hs---- C:\WINDOWS\system32\knidjriq.ini
2008-09-21 04:20 . 2008-09-22 21:49 1,036,052 ---hs---- C:\WINDOWS\system32\weksikyw.ini
2008-09-19 23:09 . 2008-09-19 23:10 <REP> d-------- C:\Program Files\RootKit Hook Analyzer
2008-09-19 23:09 . 2007-07-07 00:39 19,248 --a------ C:\WINDOWS\system32\drivers\rspsc32.sys
2008-09-18 20:20 . 2008-09-19 23:53 978,073 ---hs---- C:\WINDOWS\system32\gckiahob.ini
2008-09-18 20:19 . 2008-09-24 19:08 558,760 --ahs---- C:\WINDOWS\system32\eOoXyGgh.ini2
2008-09-18 20:19 . 2008-09-24 19:09 558,760 --ahs---- C:\WINDOWS\system32\eOoXyGgh.ini
2008-09-18 19:32 . 2008-09-18 19:32 <REP> d-------- C:\WINDOWS\system32\document
2008-09-18 19:32 . 2008-09-18 19:32 <REP> d-------- C:\Documents and Settings\Tanrikulu\document
2008-09-18 15:41 . 2008-09-18 15:41 <REP> d-------- C:\WINDOWS\system32\msmq
2008-09-18 15:41 . 2008-09-18 15:41 <REP> d-------- C:\Inetpub
2008-09-18 15:16 . 2008-09-18 15:16 1,005,871 --ahs---- C:\WINDOWS\system32\vrjejhgg.ini
2008-09-18 14:09 . 2008-09-18 14:09 <REP> d-------- C:\Documents and Settings\Tanrikulu\Application Data\MSNInstaller
2008-09-17 22:49 . 2008-09-17 22:49 91 --a------ C:\WINDOWS\wininit.ini
2008-09-17 14:22 . 2008-10-01 21:39 <REP> d-------- C:\Program Files\WinClamAVShield
2008-09-16 21:10 . 2008-09-16 21:10 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-09-16 15:38 . 2008-09-18 15:16 1,005,871 ---hs---- C:\WINDOWS\system32\bfjgyhcl.ini
2008-09-16 15:37 . 2008-09-18 17:30 448,612 --ahs---- C:\WINDOWS\system32\iQXbHRqr.ini2
2008-09-16 15:37 . 2008-09-18 17:31 448,612 --ahs---- C:\WINDOWS\system32\iQXbHRqr.ini
2008-09-09 02:22 . 2008-09-09 03:05 <REP> d-------- C:\Program Files\Steam
2008-09-09 02:21 . 2008-09-09 03:00 <REP> d-------- C:\Program Files\EoRezo

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-01 20:55 --------- d-----w C:\Program Files\eMule
2008-10-01 19:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-30 17:04 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\Spyware Terminator
2008-09-28 23:55 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\LimeWire
2008-09-28 21:53 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-18 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-17 20:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-17 20:06 --------- d-----w C:\Program Files\Everest Poker
2008-09-16 22:22 --------- d-----w C:\Program Files\RKFree
2008-09-10 09:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 01:00 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\EoRezo
2008-08-31 03:28 --------- d-----w C:\Program Files\LimeWire
2008-08-30 13:50 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\Printer Info Cache
2008-08-30 13:50 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\Image Zone Express
2008-08-29 00:23 --------- d-----w C:\Program Files\Lavasoft
2008-08-29 00:23 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-29 00:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-23 21:03 --------- d-----w C:\Program Files\Tvnet Online Media Center 3.6
2008-08-23 21:02 --------- d-----w C:\Program Files\Tvnet Online Media Center 3.5
2008-08-20 16:48 --------- d-----w C:\Program Files\Mayan Waterfall 3D Screensaver
2008-08-19 22:17 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-19 12:48 --------- d-----w C:\Program Files\Ancient Castle 3D Screensaver
2008-08-19 12:45 --------- d-----w C:\Program Files\Spirit of Fire 3D Screensaver
2008-08-19 12:43 --------- d-----w C:\Program Files\Lagoon 3D Screensaver
2008-08-19 12:40 --------- d-----w C:\Program Files\Deep Space 3D Screensaver
2008-08-19 12:36 --------- d-----w C:\Program Files\Watermill 3D Screensaver
2008-08-19 12:34 --------- d-----w C:\Program Files\Fireplace 3D Screensaver
2008-08-19 12:34 --------- d-----w C:\Program Files\3Planesoft Screensaver Manager
2008-08-19 12:31 --------- d-----w C:\Program Files\Koi Fish 3D Screensaver
2008-08-06 19:50 72,748 ----a-w C:\WINDOWS\unins000.exe
2008-08-06 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winferno
2008-08-06 19:28 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2008-08-06 19:28 --------- d-----w C:\Program Files\Real
2008-08-06 19:28 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-08-06 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-12 68856]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-29 185632]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 8491008]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-03 1817600]
"nwiz"="nwiz.exe" [2007-09-17 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=tfvose.dll sqpagq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-03 141312]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
S3 RTL8187B;BlueStork BS-WG-USB Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2008-02-20 275712]
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{7655838A-E444-433C-8086-46ECD6102D41} - (no file)
BHO-{c5ea14ab-6ef4-48d1-b47e-eb2c9d565c6d} - (no file)
ShellExecuteHooks-{135B4804-7728-4137-B6D8-5CC590110C9D} - (no file)
Notify-tuvUMfgF - tuvUMfgF.dll
Notify-WgaLogon - (no file)
Notify-xxywWpQi - xxywWpQi.dll


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Tanrikulu\Application Data\Mozilla\Firefox\Profiles\lm5zwgat.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://eo.st
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 17:27:12
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-10-02 17:29:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-02 15:29:40

Avant-CF: 52ÿ093ÿ644ÿ800 octets libres
Après-CF: 52,003,692,544 octets libres

186 --- E O F --- 2008-09-10 09:53:15
0
Réponse 33 / 72
sad67
2 oct. 2008 à 17:45
ComboFix 08-10-01.05 - Tanrikulu 2008-10-02 17:24:35.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1607 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Tanrikulu\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\wfdigaey.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_FREEZESCREENSAVER
-------\Legacy_MCHINJDRV
-------\Legacy_TDSSSERV
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
.

2008-10-02 13:14 . 2008-10-02 13:14 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-02 13:14 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-02 13:14 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-02 01:39 . 2008-10-02 01:39 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-02 01:36 . 2008-10-02 01:37 <REP> d-------- C:\WINDOWS\ERUNT
2008-10-02 01:30 . 2008-10-02 01:46 <REP> d-------- C:\SDFix
2008-10-01 23:40 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-01 23:40 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-01 23:40 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-01 23:40 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-01 23:40 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-01 23:11 . 2008-10-01 23:11 <REP> d-------- C:\rsit
2008-10-01 23:11 . 2008-10-02 16:52 <REP> d-------- C:\Program Files\trend micro
2008-10-01 22:44 . 2008-10-01 22:44 244 --ah----- C:\sqmnoopt06.sqm
2008-10-01 22:44 . 2008-10-01 22:44 232 --ah----- C:\sqmdata05.sqm
2008-09-27 00:47 . 2008-09-27 00:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-09-26 07:11 . 2008-09-26 07:11 143 --a------ C:\WINDOWS\system32\mcrh.MSNFix
2008-09-25 07:16 . 2008-10-02 17:26 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-09-24 21:09 . 2008-09-24 21:09 44 --a------ C:\WINDOWS\cookies.MSNFix
2008-09-22 21:49 . 2008-09-23 21:49 1,077,366 ---hs---- C:\WINDOWS\system32\knidjriq.ini
2008-09-21 04:20 . 2008-09-22 21:49 1,036,052 ---hs---- C:\WINDOWS\system32\weksikyw.ini
2008-09-19 23:09 . 2008-09-19 23:10 <REP> d-------- C:\Program Files\RootKit Hook Analyzer
2008-09-19 23:09 . 2007-07-07 00:39 19,248 --a------ C:\WINDOWS\system32\drivers\rspsc32.sys
2008-09-18 20:20 . 2008-09-19 23:53 978,073 ---hs---- C:\WINDOWS\system32\gckiahob.ini
2008-09-18 20:19 . 2008-09-24 19:08 558,760 --ahs---- C:\WINDOWS\system32\eOoXyGgh.ini2
2008-09-18 20:19 . 2008-09-24 19:09 558,760 --ahs---- C:\WINDOWS\system32\eOoXyGgh.ini
2008-09-18 19:32 . 2008-09-18 19:32 <REP> d-------- C:\WINDOWS\system32\document
2008-09-18 19:32 . 2008-09-18 19:32 <REP> d-------- C:\Documents and Settings\Tanrikulu\document
2008-09-18 15:41 . 2008-09-18 15:41 <REP> d-------- C:\WINDOWS\system32\msmq
2008-09-18 15:41 . 2008-09-18 15:41 <REP> d-------- C:\Inetpub
2008-09-18 15:16 . 2008-09-18 15:16 1,005,871 --ahs---- C:\WINDOWS\system32\vrjejhgg.ini
2008-09-18 14:09 . 2008-09-18 14:09 <REP> d-------- C:\Documents and Settings\Tanrikulu\Application Data\MSNInstaller
2008-09-17 22:49 . 2008-09-17 22:49 91 --a------ C:\WINDOWS\wininit.ini
2008-09-17 14:22 . 2008-10-01 21:39 <REP> d-------- C:\Program Files\WinClamAVShield
2008-09-16 21:10 . 2008-09-16 21:10 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-09-16 15:38 . 2008-09-18 15:16 1,005,871 ---hs---- C:\WINDOWS\system32\bfjgyhcl.ini
2008-09-16 15:37 . 2008-09-18 17:30 448,612 --ahs---- C:\WINDOWS\system32\iQXbHRqr.ini2
2008-09-16 15:37 . 2008-09-18 17:31 448,612 --ahs---- C:\WINDOWS\system32\iQXbHRqr.ini
2008-09-09 02:22 . 2008-09-09 03:05 <REP> d-------- C:\Program Files\Steam
2008-09-09 02:21 . 2008-09-09 03:00 <REP> d-------- C:\Program Files\EoRezo

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-01 20:55 --------- d-----w C:\Program Files\eMule
2008-10-01 19:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-30 17:04 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\Spyware Terminator
2008-09-28 23:55 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\LimeWire
2008-09-28 21:53 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-18 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-17 20:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-17 20:06 --------- d-----w C:\Program Files\Everest Poker
2008-09-16 22:22 --------- d-----w C:\Program Files\RKFree
2008-09-10 09:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 01:00 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\EoRezo
2008-08-31 03:28 --------- d-----w C:\Program Files\LimeWire
2008-08-30 13:50 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\Printer Info Cache
2008-08-30 13:50 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\Image Zone Express
2008-08-29 00:23 --------- d-----w C:\Program Files\Lavasoft
2008-08-29 00:23 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-29 00:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-23 21:03 --------- d-----w C:\Program Files\Tvnet Online Media Center 3.6
2008-08-23 21:02 --------- d-----w C:\Program Files\Tvnet Online Media Center 3.5
2008-08-20 16:48 --------- d-----w C:\Program Files\Mayan Waterfall 3D Screensaver
2008-08-19 22:17 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-19 12:48 --------- d-----w C:\Program Files\Ancient Castle 3D Screensaver
2008-08-19 12:45 --------- d-----w C:\Program Files\Spirit of Fire 3D Screensaver
2008-08-19 12:43 --------- d-----w C:\Program Files\Lagoon 3D Screensaver
2008-08-19 12:40 --------- d-----w C:\Program Files\Deep Space 3D Screensaver
2008-08-19 12:36 --------- d-----w C:\Program Files\Watermill 3D Screensaver
2008-08-19 12:34 --------- d-----w C:\Program Files\Fireplace 3D Screensaver
2008-08-19 12:34 --------- d-----w C:\Program Files\3Planesoft Screensaver Manager
2008-08-19 12:31 --------- d-----w C:\Program Files\Koi Fish 3D Screensaver
2008-08-06 19:50 72,748 ----a-w C:\WINDOWS\unins000.exe
2008-08-06 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winferno
2008-08-06 19:28 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2008-08-06 19:28 --------- d-----w C:\Program Files\Real
2008-08-06 19:28 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-08-06 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-12 68856]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-29 185632]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 8491008]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-03 1817600]
"nwiz"="nwiz.exe" [2007-09-17 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=tfvose.dll sqpagq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-03 141312]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
S3 RTL8187B;BlueStork BS-WG-USB Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2008-02-20 275712]
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{7655838A-E444-433C-8086-46ECD6102D41} - (no file)
BHO-{c5ea14ab-6ef4-48d1-b47e-eb2c9d565c6d} - (no file)
ShellExecuteHooks-{135B4804-7728-4137-B6D8-5CC590110C9D} - (no file)
Notify-tuvUMfgF - tuvUMfgF.dll
Notify-WgaLogon - (no file)
Notify-xxywWpQi - xxywWpQi.dll


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Tanrikulu\Application Data\Mozilla\Firefox\Profiles\lm5zwgat.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://eo.st
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 17:27:12
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-10-02 17:29:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-02 15:29:40

Avant-CF: 52ÿ093ÿ644ÿ800 octets libres
Après-CF: 52,003,692,544 octets libres

186 --- E O F --- 2008-09-10 09:53:15
0
Réponse 34 / 72
sad67
2 oct. 2008 à 17:47
Logfile of random's system information tool 1.04 (written by random/random)
Run by Tanrikulu at 2008-10-02 17:46:15
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 50 GB (50%) free of 100 GB
Total RAM: 2047 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:22, on 02/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Tanrikulu\Bureau\RSIT.exe
C:\Program Files\trend micro\Tanrikulu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BlueStork BS-WG-USB Wireless LAN Utility.lnk = C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.tiktik.net/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1221660712343
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F3AC18F-3DCB-4C8E-A1DE-F48E19739576} (SesliSistem Control) - http://www.seslisistem.com/newcab/ss.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://80.237.209.20/objects/NpFp415.dll
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB63} (Flatcast Producer 4.16) - http://data.flatcast.com/data/objects/NpFp41629.dll
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB66} (Flatcast Producer 5.0) - http://controls.flatcast-data.com/data/objects/NpFp501.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.flatcast.com/data/objects/NpFv501.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D10B851-FCAD-4634-92C7-8A6841BCFD40}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: tfvose.dll sqpagq.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 35 / 72
sad67
2 oct. 2008 à 17:49
Logfile of random's system information tool 1.04 (written by random/random)
Run by Tanrikulu at 2008-10-02 17:46:15
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 50 GB (50%) free of 100 GB
Total RAM: 2047 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:22, on 02/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Tanrikulu\Bureau\RSIT.exe
C:\Program Files\trend micro\Tanrikulu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BlueStork BS-WG-USB Wireless LAN Utility.lnk = C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.tiktik.net/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1221660712343
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F3AC18F-3DCB-4C8E-A1DE-F48E19739576} (SesliSistem Control) - http://www.seslisistem.com/newcab/ss.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://80.237.209.20/objects/NpFp415.dll
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB63} (Flatcast Producer 4.16) - http://data.flatcast.com/data/objects/NpFp41629.dll
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB66} (Flatcast Producer 5.0) - http://controls.flatcast-data.com/data/objects/NpFp501.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.flatcast.com/data/objects/NpFv501.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D10B851-FCAD-4634-92C7-8A6841BCFD40}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: tfvose.dll sqpagq.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 36 / 72
sad67
2 oct. 2008 à 17:55
Logfile of random's system information tool 1.04 (written by random/random)
Run by Tanrikulu at 2008-10-02 17:46:15
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 50 GB (50%) free of 100 GB
Total RAM: 2047 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:22, on 02/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Tanrikulu\Bureau\RSIT.exe
C:\Program Files\trend micro\Tanrikulu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BlueStork BS-WG-USB Wireless LAN Utility.lnk = C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.tiktik.net/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1221660712343
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F3AC18F-3DCB-4C8E-A1DE-F48E19739576} (SesliSistem Control) - http://www.seslisistem.com/newcab/ss.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://80.237.209.20/objects/NpFp415.dll
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB63} (Flatcast Producer 4.16) - http://data.flatcast.com/data/objects/NpFp41629.dll
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB66} (Flatcast Producer 5.0) - http://controls.flatcast-data.com/data/objects/NpFp501.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.flatcast.com/data/objects/NpFv501.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D10B851-FCAD-4634-92C7-8A6841BCFD40}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: tfvose.dll sqpagq.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 37 / 72
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
2 oct. 2008 à 17:59
la suite :

1-Crées un doc texte sur ton bureau :
pointes ta souris sur ton bureau , cliques droit : vas dans "nouveau" et choisis "document texte" .

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""


File::
C:\WINDOWS\system32\knidjriq.ini
C:\WINDOWS\system32\weksikyw.ini
C:\WINDOWS\system32\gckiahob.ini
C:\WINDOWS\system32\eOoXyGgh.ini2
C:\WINDOWS\system32\eOoXyGgh.ini
C:\WINDOWS\system32\vrjejhgg.ini
C:\WINDOWS\system32\bfjgyhcl.ini
C:\WINDOWS\system32\iQXbHRqr.ini2
C:\WINDOWS\system32\iQXbHRqr.ini
C:\sqmnoopt06.sqm
C:\sqmdata05.sqm

Folder::
C:\Program Files\EoRezo
C:\Documents and Settings\Tanrikulu\Application Data\EoRezo


Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valides ...


2-Nettoyage :

!! Déconnectes toi, fermes toutes tes applications et désactives TOUTES TES DEFENSES ( tu les réactiveras après ) !!

--->Sur ton bureau, fais un glissé avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tapes 1 puis valide.

Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

!! Ne touches à rien tant que le scan n'est pas terminé !!

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport RSIT pour analyse ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )
0
Réponse 38 / 72
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
2 oct. 2008 à 18:01
la suite :

1-Crées un doc texte sur ton bureau :
pointes ta souris sur ton bureau , cliques droit : vas dans "nouveau" et choisis "document texte" .

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""


File::
C:\WINDOWS\system32\knidjriq.ini
C:\WINDOWS\system32\weksikyw.ini
C:\WINDOWS\system32\gckiahob.ini
C:\WINDOWS\system32\eOoXyGgh.ini2
C:\WINDOWS\system32\eOoXyGgh.ini
C:\WINDOWS\system32\vrjejhgg.ini
C:\WINDOWS\system32\bfjgyhcl.ini
C:\WINDOWS\system32\iQXbHRqr.ini2
C:\WINDOWS\system32\iQXbHRqr.ini
C:\sqmnoopt06.sqm
C:\sqmdata05.sqm

Folder::
C:\Program Files\EoRezo
C:\Documents and Settings\Tanrikulu\Application Data\EoRezo


Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valides ...


2-Nettoyage :

!! Déconnectes toi, fermes toutes tes applications et désactives TOUTES TES DEFENSES ( tu les réactiveras après ) !!

--->Sur ton bureau, fais un glissé avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tapes 1 puis valide.

Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

!! Ne touches à rien tant que le scan n'est pas terminé !!

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport RSIT pour analyse ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )
0
Réponse 39 / 72
sad67
2 oct. 2008 à 18:13
ComboFix 08-10-01.05 - Tanrikulu 2008-10-02 18:09:24.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1615 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Tanrikulu\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Tanrikulu\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\sqmdata05.sqm
C:\sqmnoopt06.sqm
C:\WINDOWS\system32\bfjgyhcl.ini
C:\WINDOWS\system32\eOoXyGgh.ini
C:\WINDOWS\system32\eOoXyGgh.ini2
C:\WINDOWS\system32\gckiahob.ini
C:\WINDOWS\system32\iQXbHRqr.ini
C:\WINDOWS\system32\iQXbHRqr.ini2
C:\WINDOWS\system32\knidjriq.ini
C:\WINDOWS\system32\vrjejhgg.ini
C:\WINDOWS\system32\weksikyw.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tanrikulu\Application Data\EoRezo
C:\Program Files\EoRezo
C:\sqmdata05.sqm
C:\sqmnoopt06.sqm
C:\WINDOWS\system32\bfjgyhcl.ini
C:\WINDOWS\system32\eOoXyGgh.ini
C:\WINDOWS\system32\eOoXyGgh.ini2
C:\WINDOWS\system32\gckiahob.ini
C:\WINDOWS\system32\iQXbHRqr.ini
C:\WINDOWS\system32\iQXbHRqr.ini2
C:\WINDOWS\system32\knidjriq.ini
C:\WINDOWS\system32\vrjejhgg.ini
C:\WINDOWS\system32\weksikyw.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
.

2008-10-02 13:14 . 2008-10-02 13:14 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-02 13:14 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-02 13:14 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-02 01:39 . 2008-10-02 01:39 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-02 01:36 . 2008-10-02 01:37 <REP> d-------- C:\WINDOWS\ERUNT
2008-10-02 01:30 . 2008-10-02 01:46 <REP> d-------- C:\SDFix
2008-10-01 23:40 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-01 23:40 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-01 23:40 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-01 23:40 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-01 23:40 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-01 23:11 . 2008-10-01 23:11 <REP> d-------- C:\rsit
2008-10-01 23:11 . 2008-10-02 17:46 <REP> d-------- C:\Program Files\trend micro
2008-09-27 00:47 . 2008-09-27 00:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-09-26 07:11 . 2008-09-26 07:11 143 --a------ C:\WINDOWS\system32\mcrh.MSNFix
2008-09-25 07:16 . 2008-10-02 17:29 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-09-24 21:09 . 2008-09-24 21:09 44 --a------ C:\WINDOWS\cookies.MSNFix
2008-09-19 23:09 . 2008-09-19 23:10 <REP> d-------- C:\Program Files\RootKit Hook Analyzer
2008-09-19 23:09 . 2007-07-07 00:39 19,248 --a------ C:\WINDOWS\system32\drivers\rspsc32.sys
2008-09-18 19:32 . 2008-09-18 19:32 <REP> d-------- C:\WINDOWS\system32\document
2008-09-18 19:32 . 2008-09-18 19:32 <REP> d-------- C:\Documents and Settings\Tanrikulu\document
2008-09-18 15:41 . 2008-09-18 15:41 <REP> d-------- C:\WINDOWS\system32\msmq
2008-09-18 15:41 . 2008-09-18 15:41 <REP> d-------- C:\Inetpub
2008-09-18 14:09 . 2008-09-18 14:09 <REP> d-------- C:\Documents and Settings\Tanrikulu\Application Data\MSNInstaller
2008-09-17 22:49 . 2008-09-17 22:49 91 --a------ C:\WINDOWS\wininit.ini
2008-09-17 14:22 . 2008-10-01 21:39 <REP> d-------- C:\Program Files\WinClamAVShield
2008-09-16 21:10 . 2008-09-16 21:10 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-09-09 02:22 . 2008-09-09 03:05 <REP> d-------- C:\Program Files\Steam

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-01 20:55 --------- d-----w C:\Program Files\eMule
2008-10-01 19:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-30 17:04 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\Spyware Terminator
2008-09-28 23:55 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\LimeWire
2008-09-28 21:53 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-18 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-17 20:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-17 20:06 --------- d-----w C:\Program Files\Everest Poker
2008-09-16 22:22 --------- d-----w C:\Program Files\RKFree
2008-09-10 09:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-31 03:28 --------- d-----w C:\Program Files\LimeWire
2008-08-30 13:50 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\Printer Info Cache
2008-08-30 13:50 --------- d-----w C:\Documents and Settings\Tanrikulu\Application Data\Image Zone Express
2008-08-29 00:23 --------- d-----w C:\Program Files\Lavasoft
2008-08-29 00:23 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-29 00:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-23 21:03 --------- d-----w C:\Program Files\Tvnet Online Media Center 3.6
2008-08-23 21:02 --------- d-----w C:\Program Files\Tvnet Online Media Center 3.5
2008-08-20 16:48 --------- d-----w C:\Program Files\Mayan Waterfall 3D Screensaver
2008-08-19 22:17 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-19 12:48 --------- d-----w C:\Program Files\Ancient Castle 3D Screensaver
2008-08-19 12:45 --------- d-----w C:\Program Files\Spirit of Fire 3D Screensaver
2008-08-19 12:43 --------- d-----w C:\Program Files\Lagoon 3D Screensaver
2008-08-19 12:40 --------- d-----w C:\Program Files\Deep Space 3D Screensaver
2008-08-19 12:36 --------- d-----w C:\Program Files\Watermill 3D Screensaver
2008-08-19 12:34 --------- d-----w C:\Program Files\Fireplace 3D Screensaver
2008-08-19 12:34 --------- d-----w C:\Program Files\3Planesoft Screensaver Manager
2008-08-19 12:31 --------- d-----w C:\Program Files\Koi Fish 3D Screensaver
2008-08-06 19:50 72,748 ----a-w C:\WINDOWS\unins000.exe
2008-08-06 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winferno
2008-08-06 19:28 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2008-08-06 19:28 --------- d-----w C:\Program Files\Real
2008-08-06 19:28 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-08-06 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-02 13:03 2,119,640 ----a-w C:\WINDOWS\system32\NpFp501.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-12 68856]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-29 185632]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 8491008]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-03 1817600]
"nwiz"="nwiz.exe" [2007-09-17 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-03 141312]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
S3 RTL8187B;BlueStork BS-WG-USB Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2008-02-20 275712]
.
Contenu du dossier 'Tâches planifiées'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 18:10:23
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


C:\DOCUME~1\TANRIK~1\LOCALS~1\Temp\RGI9.tmp 7136 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
Heure de fin: 2008-10-02 18:10:59
ComboFix-quarantined-files.txt 2008-10-02 16:10:52
ComboFix2.txt 2008-10-02 15:29:44

Avant-CF: 51ÿ987ÿ849ÿ216 octets libres
Après-CF: 51,964,874,752 octets libres

168 --- E O F --- 2008-09-10 09:53:15
0
Réponse 40 / 72
sad67
2 oct. 2008 à 18:14
Logfile of random's system information tool 1.04 (written by random/random)
Run by Tanrikulu at 2008-10-02 18:13:52
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 50 GB (50%) free of 100 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:57, on 02/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Tanrikulu\Bureau\RSIT.exe
C:\Program Files\trend micro\Tanrikulu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BlueStork BS-WG-USB Wireless LAN Utility.lnk = C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWLan.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.tiktik.net/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1221660712343
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F3AC18F-3DCB-4C8E-A1DE-F48E19739576} (SesliSistem Control) - http://www.seslisistem.com/newcab/ss.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://80.237.209.20/objects/NpFp415.dll
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB63} (Flatcast Producer 4.16) - http://data.flatcast.com/data/objects/NpFp41629.dll
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB66} (Flatcast Producer 5.0) - http://controls.flatcast-data.com/data/objects/NpFp501.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.flatcast.com/data/objects/NpFv501.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D10B851-FCAD-4634-92C7-8A6841BCFD40}: NameServer = 192.168.1.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
2 oct. 2008 à 18:23
impeccable ... ^^

comment va le PC ... encore des soucis ?

Fais ceci :
A- Pour restaurer tes fichiers hosts :

télécharges Hoster ici : http://www.funkytoad.com/download/HostsXpert.zip

--> Dézippes le dossier sur le bureau ( = cliques droit/"extraire tout" )
Lances Hoster et cliques sur "Restore Microsoft's Hosts File"


B- Si disparition de l'icone d'avast dans la barre des taches ( suite à combofix ... ) :

vas dans "C:\program files", puis recherche le dossier "alwil" (Avast) .
Tu rentres dedans et recherches " ashDisp.exe " -> tu cliques dessus ---> l´icone d´avast devrait réaparaitre ...

**********************************

Ensuite fais ce qui suit dans l'ordre :

1-Télécharges ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://pc-system.fr/

Déconnectes toi et fermes bien toutes tes applications en cours .

Lances le .
*Cliques sur Recherche et laisses le scan se terminer (cela peut être long).
*Cliques sur Suppression pour finaliser.
*Tu peux, si tu le souhaites, te servir des Options facultatives
*Cliques sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
--> Postes ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt .

Note : Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection .
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolscleaner2 n'a pas supprimé .

( gardes CCleaner et Malwarebytes : très utiles ! )


2- Refais un coup de CCleaner ( registre compris ) .


3- Retélécharges et réinstalles hijackthis ( car supprimé par Toolscleaner2 ) ,

Télécharges et installes le logiciel HijackThis :

ici ftp://ftp.commentcamarche.com/download/HJTInstall.exe
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

-> Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

( ne fais pas de scan pour le momment )


4- Purge de la restauration système
*Désactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
--->Redémarres ton PC
*Réactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarres ton PC
( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).


5- Fais ce scan en ligne pour vérifier :

Fais un scan en ligne avec Kaspersky : https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
- Sous Démonstration en ligne, on t'explique la marche à suivre, et pour lancer le scan il faut sélectionner < Exécuter l'analyse en ligne >.
Le scan ne marche que sous Internet Explorer(et pas sous firefox ou autre...).
- On va te demander de télécharger un contôle active x, accepte .
- Dans le menu Choisissez la cible de l'analyse, sélectionne Poste de travail. Le scan va commencer.
- Sauvegardes le rapport qui sera généré, puis copies/colles le dans ta prochaine réponse pour analyse et attends la suite ...

S'il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme décrit sur ce lien : http://www.inoculer.com/activex.php3
Rappel : le scan est à faire sous Internet Explorer !

--> tuto :
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566

0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses