Aller au contenu

tiklenbibi

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    10

  • Inscription

  • Dernière visite

Profile Information

  • Sexe
    Female
  • Localisation
    québec

Autres informations

  • Mes langues
    français

tiklenbibi's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. tiklenbibi
    recoucou à toi cher thanos.... j'ai pris du temps à te répondre car j'ai au courant de la semaine dernière mis au monde un merveilleux petit ange nommé Damien ) alors mon temps sera désormais très précieux pour mon poupon j'ai tout fait ce que tu me suggérais et mon ordi va comme une neuve ( enfin presque loll ) un immense merci pour ta gentillesse , ainsi que ton aide précieuse Thanos..... :P bientôt peut-être et bonne continuation dans tout ce que tu fais ! au revoir
  2. tiklenbibi
    bonjour thanos... bon qoobox.zip est enlevé...mais dis-moi, dois-aussi enlever le dossier qoobox qu'il reste dans C: ? - la correction via Hijackthis est faite.... ( en passant est-ce que je dois supprimer le programme hijack ? ) - j'ai installé Zone alarm, le système a redémarré..... mais là...j'arrive plus à aller sur l'internet...Page introuvable bla bla... c'est mon pare-feu qui me bloque ou quoi ? OUBLIES ce que je t'ai écrit.... en vérifiant mes paramètres dans Zone Alarm, j'ai vu que je pouvait verouiilé l'accès à mon internet à ma guise... et il était coché ! maintenant c'est ok. j'ai décoché et voilà ! j'ai aussi lu les topics sur le p2p etc... mais est-ce le programme de Pokerstars à mon chum qui en est un ?c'est la seule chose que je voit... car moi-même je ne pense pas utiliser ce genre de logiciel ou autres... à moins que j'ai été très imprudente.. via internet ! il va très bien ( j'apprendrai comme il faut mon pare-feu..) et oui il m'arrive de consulter mes transactions.. c'est pas ok ??? oufff pauvre toi ! je te fait travailler fort ! en attendant ta réponse, et ben je vais aller faire des recherches pour essayer de mettre mon windows en français, car ça m'as donné quelques soucis pour te suivre parfois...moi et l'anglais oufff ! à +
  3. tiklenbibi
    bon lundi cher thanos.... je t'envoies mon rapport hijackthis...: pour ensuite attendre patiemment la suite du " ménage " Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:29:06, on 2009-02-09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221853253000 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1221853356656 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 5659 bytes bonne journée
  4. tiklenbibi
    bonjour à toi.... j'ai travaillé fort... mais j'ai passé à travers lollll je commence avec mes 2 rapports pour ensuite t'envoyer le lien pour mon Qoobox....: Combofix: ComboFix 09-02-02.04 - Audrey 2009-02-08 11:59:15.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.246 [GMT -5:00] Lancé depuis: c:\documents and settings\Audrey\Desktop\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Audrey\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé FILE :: c:\windows\Nheyoyuce.dll c:\windows\system32\tszjuf.dll c:\windows\system32\twex.exe c:\windows\system32\wvUkLDTn.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Audrey\Application Data\Twain c:\program files\WebShow C:\VundoFix Backups c:\windows\system32\twain32 c:\windows\system32\twain32\local.ds c:\windows\system32\twain32\user.ds c:\windows\system32\twain32\user.ds.lll . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-08 au 2009-02-08 )))))))))))))))))))))))))))))))))))) . 2009-02-07 08:10 . 2009-02-07 08:10 <DIR> d-------- c:\program files\Avira 2009-02-07 08:10 . 2009-02-07 08:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-02-07 07:34 . 2009-02-07 07:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-07 07:34 . 2009-02-07 07:34 <DIR> d-------- c:\documents and settings\Audrey\Application Data\Malwarebytes 2009-02-07 07:34 . 2009-02-07 07:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-07 07:34 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-07 07:34 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-06 07:24 . 2009-02-06 07:24 4,515,943 --a------ C:\Qoobox.zip 2009-02-05 15:07 . 2009-02-06 07:33 <DIR> d-------- c:\documents and settings\Audrey\Application Data\Memorex 2009-02-03 14:19 . 2009-02-03 14:19 <DIR> d-------- c:\program files\Trend Micro 2009-02-03 13:52 . 2009-02-03 13:52 444 --a------ c:\windows\system32\d3d8caps.dat 2009-02-03 12:17 . 2009-02-03 12:17 <DIR> d-------- c:\program files\CCleaner 2009-02-03 12:11 . 2009-02-03 12:11 812,344 --a------ c:\program files\HJTInstall.exe 2009-01-27 19:12 . 2008-04-13 19:12 26,112 --a--c--- c:\windows\system32\dllcache\userinit.exe 2009-01-27 12:39 . 2009-01-27 12:39 <DIR> d-------- c:\windows\system32\LogFiles 2009-01-26 10:01 . 2009-01-26 10:01 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-26 10:01 . 2009-01-26 10:01 1,409 --a------ c:\windows\QTFont.for 2009-01-17 14:51 . 2008-04-13 14:45 6,272 --a------ c:\windows\system32\drivers\splitter.sys 2009-01-17 14:51 . 2008-04-13 14:45 6,272 --a--c--- c:\windows\system32\dllcache\splitter.sys 2009-01-11 22:43 . 2009-01-11 22:43 <DIR> d-------- c:\program files\QuickTime 2009-01-11 22:43 . 2009-01-11 22:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-11 22:42 . 2009-01-11 22:42 <DIR> d-------- c:\program files\OLYMPUS 2009-01-11 22:41 . 2009-01-11 22:41 <DIR> d-------- c:\program files\MSXML 4.0 2009-01-10 02:39 . 2009-01-10 02:39 <DIR> d-------- c:\windows\system32\IOSUBSYS . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-03 17:44 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-03 17:44 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-01-11 22:18 --------- d-----w c:\program files\Google 2008-12-23 13:59 --------- d-----w c:\program files\PokerStars 2008-12-12 22:43 --------- d-----w c:\program files\Java 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-17 01:15 94,208 ----a-w c:\windows\DIIUnin.exe 2008-11-17 01:15 2,829 ----a-w c:\windows\DIIUnin.pif . ((((((((((((((((((((((((((((( snapshot@2009-02-03_19.30.29.09 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-15 22:11:29 189,000 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-02-08 16:40:36 189,000 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-02-04 16:07:28 273,092 ----a-w c:\windows\system32\Restore\rstrlog.dat + 2009-02-08 17:01:20 16,384 ----atw c:\windows\temp\Perflib_Perfdata_688.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-09 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2004-02-10 10:51 118784 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2004-02-10 10:55 155648 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] --a------ 2007-09-04 14:52 54576 c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-09-01 15:57 282624 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-10-09 15:08 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [2008-09-18 79616] . Contenu du dossier 'Tâches planifiées' 2009-02-08 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-08 12:20:26 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-02-08 12:21:54 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-08 17:21:51 ComboFix2.txt 2009-02-06 12:22:25 ComboFix3.txt 2009-02-05 21:00:27 ComboFix4.txt 2009-02-04 00:31:24 Avant-CF: 30 979 866 624 bytes free Après-CF: 30,970,507,264 bytes free 148 --- E O F --- 2009-01-14 23:02:31 ensuite Kasperky: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, February 8, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, February 08, 2009 17:50:58 Records in database: 1769753 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ Scan statistics: Files scanned: 38888 Threat name: 16 Infected objects: 45 Suspicious objects: 0 Duration of the scan: 00:44:32 File name / Threat name / Threats count C:\Qoobox\Quarantine\C\Documents and Settings\Audrey\Application Data\SpeedRunner\SRUninstall.exe.vir Infected: Trojan-Downloader.Win32.Agent.aldb 1 C:\Qoobox\Quarantine\C\efe.exe.vir Infected: Backdoor.Win32.IRCBot.hjv 1 C:\Qoobox\Quarantine\C\efffffff.exe.vir Infected: Backdoor.Win32.IRCBot.hjv 1 C:\Qoobox\Quarantine\C\evvvve.exe.vir Infected: Backdoor.Win32.IRCBot.hjv 1 C:\Qoobox\Quarantine\C\jojo.exe.vir Infected: Backdoor.Win32.IRCBot.hjv 1 C:\Qoobox\Quarantine\C\neee.exe.vir Infected: Backdoor.Win32.IRCBot.hjv 1 C:\Qoobox\Quarantine\C\nina.exe.vir Infected: Backdoor.Win32.IRCBot.hjv 1 C:\Qoobox\Quarantine\C\ofof.exe.vir Infected: Backdoor.Win32.IRCBot.hjv 1 C:\Qoobox\Quarantine\C\po.exe.vir Infected: Backdoor.Win32.IRCBot.hjv 1 C:\Qoobox\Quarantine\C\ukf.exe.vir Infected: Backdoor.Win32.IRCBot.hjv 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\chert6-303369.exe.vir Infected: Trojan.Win32.Agent.blrg 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\clickfile.exe.vir Infected: Trojan-Downloader.Win32.Injecter.cbs 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\senekaqltkklyf.sys.vir Infected: Trojan.Win32.Monderc.r 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\opnmLfFv.dll.vir Infected: Trojan.Win32.Monder.auxz 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\pkbhyg.dll.vir Infected: Trojan.Win32.Monder.auxz 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyxWqrq.dll.vir Infected: Trojan.Win32.Monder.auxz 1 C:\Qoobox\Quarantine\C\xhe.exe.vir Infected: Backdoor.Win32.IRCBot.hjv 1 C:\Qoobox.zip Infected: Trojan-Downloader.Win32.Agent.bghx 1 C:\Qoobox.zip Infected: Trojan-Downloader.Win32.Agent.aldb 1 C:\Qoobox.zip Infected: Backdoor.Win32.IRCBot.hjv 10 C:\Qoobox.zip Infected: Rootkit.Win32.TDSS.gwi 1 C:\Qoobox.zip Infected: Trojan.Win32.Small.aamc 1 C:\Qoobox.zip Infected: Trojan.Win32.BHO.kdf 1 C:\Qoobox.zip Infected: not-a-virus:Monitor.Win32.NetMon.a 1 C:\Qoobox.zip Infected: not-a-virus:AdWare.Win32.Agent.kju 1 C:\Qoobox.zip Infected: Backdoor.Win32.IRCBot.hlq 1 C:\Qoobox.zip Infected: not-a-virus:AdWare.Win32.CommAd.a 2 C:\Qoobox.zip Infected: Trojan.Win32.Agent2.baa 1 C:\Qoobox.zip Infected: Trojan.Win32.Agent.blrg 1 C:\Qoobox.zip Infected: Trojan-Downloader.Win32.Injecter.cbs 1 C:\Qoobox.zip Infected: Trojan.Win32.Monderc.r 1 C:\Qoobox.zip Infected: Trojan.Win32.Monder.auxz 3 C:\Qoobox.zip Infected: Backdoor.Win32.Bifrose.fng 1 The selected area was scanned. pour terminer avec Qoobox : ( ta boîte personnelle est pleine ! ) mon qoobox à plus et merci encore....j'attends tes prochaines directives sagement ...loll
  5. tiklenbibi
    salut toi ...aors voilà mon rapport MBAM ... Malwarebytes' Anti-Malware 1.33 Version de la base de données: 1736 Windows 5.1.2600 Service Pack 3 2009-02-07 07:58:15 mbam-log-2009-02-07 (07-58-15).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 88807 Temps écoulé: 15 minute(s), 42 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 31 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Qoobox\Quarantine\C\nmat.exe.vir (Rootkit.Seneka) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\pps.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Documents and Settings\Audrey\Application Data\SpeedRunner\SpeedRunner.exe.vir (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Documents and Settings\Audrey\Application Data\Twain\Twain.exe.vir (Adware.Agent) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\Mjcore\Mjcore.dll.vir (Trojan.BHO) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\Network Monitor\netmon.exe.vir (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\VnrPack\VnrPack23.exe.vir (Adware.ISM) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\fxstaller.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\QXVkcmV5\asappsrv.dll.vir (Adware.CommAd) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\QXVkcmV5\command.exe.vir (Adware.CommAd) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\algs.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon2.exe.vir (Backdoor.Bifrost) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP139\A0013433.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP140\A0013445.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP140\A0013466.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP140\A0013467.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP140\A0013468.exe (Adware.ISM) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP140\A0013470.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP140\A0013471.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP140\A0013475.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP140\A0013481.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP140\A0013483.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP140\A0013486.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP140\A0013492.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP140\A0013493.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP140\A0013494.exe (Adware.CommAd) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP142\A0013601.exe (Rootkit.Seneka) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP142\A0013602.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP143\A0014849.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP143\A0014846.exe (Rootkit.Seneka) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CDFCC5B8-095F-4663-841D-B2B344CE04B7}\RP143\A0014854.exe (Backdoor.Bifrost) -> Quarantined and deleted successfully. il a fait un grand ménage
  6. tiklenbibi
    bonjour à toi... ça va bien auj. ? je t'envoies le rapport combofix... ComboFix 09-02-02.04 - Audrey 2009-02-06 7:17:59.3 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.405 [GMT -5:00] Running from: c:\documents and settings\Audrey\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Audrey\Desktop\CFScript.txt FILE :: C:\efe.exe C:\efffffff.exe C:\evvvve.exe C:\ilknmj.dll C:\neee.exe C:\nina.exe C:\nmat.exe C:\ofof.exe C:\po.exe C:\pps.exe C:\ukf.exe c:\windows\amabopevube.dll c:\windows\ilknmj.dll c:\windows\system32\chert6-303369.exe c:\windows\system32\clickfile.exe c:\windows\system32\ilknmj.dll c:\windows\system32\winlogon2.exe c:\windows\system32\wvUkLDTn.dll C:\xhe.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Audrey\Application Data\cogad C:\efe.exe C:\efffffff.exe C:\evvvve.exe C:\neee.exe C:\nina.exe C:\nmat.exe C:\ofof.exe C:\po.exe C:\pps.exe C:\ukf.exe c:\windows\amabopevube.dll c:\windows\system32\chert6-303369.exe c:\windows\system32\clickfile.exe c:\windows\system32\winlogon2.exe C:\xhe.exe . ((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 ))))))))))))))))))))))))))))))) . 2009-02-05 15:09 . 2009-02-05 15:09 <DIR> d-------- C:\VundoFix Backups 2009-02-05 15:07 . 2009-02-06 07:14 <DIR> d-------- c:\documents and settings\Audrey\Application Data\Memorex 2009-02-03 14:22 . 2009-02-04 11:07 <DIR> d-------- c:\documents and settings\Audrey\Application Data\Twain 2009-02-03 14:19 . 2009-02-03 14:19 <DIR> d-------- c:\program files\Trend Micro 2009-02-03 14:17 . 2009-02-04 11:07 <DIR> d-------- c:\program files\WebShow 2009-02-03 13:52 . 2009-02-03 13:52 444 --a------ c:\windows\system32\d3d8caps.dat 2009-02-03 12:40 . 2009-02-03 12:40 22,148,280 --a------ c:\program files\antivir_workstation_winu_fr_h.exe 2009-02-03 12:17 . 2009-02-03 12:17 <DIR> d-------- c:\program files\CCleaner 2009-02-03 12:16 . 2009-02-03 12:16 3,171,208 --a------ c:\program files\ccsetup216.exe 2009-02-03 12:11 . 2009-02-03 12:11 812,344 --a------ c:\program files\HJTInstall.exe 2009-01-29 18:59 . 2009-01-29 18:59 <DIR> d--hs---- c:\windows\system32\twain32 2009-01-27 19:12 . 2008-04-13 19:12 26,112 --a--c--- c:\windows\system32\dllcache\userinit.exe 2009-01-27 12:39 . 2009-01-27 12:39 <DIR> d-------- c:\windows\system32\LogFiles 2009-01-26 10:01 . 2009-01-26 10:01 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-26 10:01 . 2009-01-26 10:01 1,409 --a------ c:\windows\QTFont.for 2009-01-17 14:51 . 2008-04-13 14:45 6,272 --a------ c:\windows\system32\drivers\splitter.sys 2009-01-17 14:51 . 2008-04-13 14:45 6,272 --a--c--- c:\windows\system32\dllcache\splitter.sys 2009-01-11 22:43 . 2009-01-11 22:43 <DIR> d-------- c:\program files\QuickTime 2009-01-11 22:43 . 2009-01-11 22:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-11 22:42 . 2009-01-11 22:42 <DIR> d-------- c:\program files\OLYMPUS 2009-01-11 22:41 . 2009-01-11 22:41 <DIR> d-------- c:\program files\MSXML 4.0 2009-01-10 02:39 . 2009-01-10 02:39 <DIR> d-------- c:\windows\system32\IOSUBSYS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-03 17:44 --------- d-----w c:\program files\Symantec AntiVirus 2009-02-03 17:44 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-03 17:44 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-01-11 22:18 --------- d-----w c:\program files\Google 2008-12-23 13:59 --------- d-----w c:\program files\PokerStars 2008-12-12 22:43 --------- d-----w c:\program files\Java 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-17 01:15 94,208 ----a-w c:\windows\DIIUnin.exe 2008-11-17 01:15 2,829 ----a-w c:\windows\DIIUnin.pif . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\windows\system32\twain32 ---- 2009-01-30 22:55 16515 --a------ c:\windows\system32\twain32\user.ds 2009-01-29 18:59 276 --a------ c:\windows\system32\twain32\user.ds.lll 2009-01-29 18:59 0 --a------ c:\windows\system32\twain32\local.ds ((((((((((((((((((((((((((((( snapshot@2009-02-03_19.30.29.09 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-04 16:07:28 273,092 ----a-w c:\windows\system32\Restore\rstrlog.dat + 2009-02-06 12:20:11 16,384 ----atw c:\windows\temp\Perflib_Perfdata_570.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2004-02-10 10:51 118784 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2004-02-10 10:55 155648 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] --a------ 2007-09-04 14:52 54576 c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-09-01 15:57 282624 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-10-09 15:08 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [2008-09-18 79616] . Contents of the 'Scheduled Tasks' folder 2009-02-06 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-06 07:20:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-02-06 7:22:23 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-06 12:22:19 ComboFix2.txt 2009-02-05 21:00:27 ComboFix3.txt 2009-02-04 00:31:24 Pre-Run: 31 108 112 384 bytes free Post-Run: 31,094,587,392 bytes free 167 --- E O F --- 2009-01-14 23:02:31 mais pour le qoobox, même en zip , le dossier est trop volumineux pour ma minime clé ... mais y a t-il certains fichiers en particuliers que tu veux ou tous ? à plus
  7. tiklenbibi
    héhé !!!! désolée pour le delai mais j'avait omis d'activer mes notifications par courriels... bon, je pense avoir une bonne nouvelle ! j'ai finalement réussi à aller en mode sans échec..... j'ai donc repassé combofix ( en sans échec et ordinaire.. ) et ai transféré le log sur ma clé USB pour venir te la poster ici ! pas bête comme idée hein ? mais, j'ai aussi fait un vundofix... mais ne me chicane surtout pas..... j'ai passé toute mon avant-midi à faire pleins de recherches sur mon virus ( encore par le biais de ma charmante amie... ) et l'ai aussi installé par ma clé usb.... je te poste le rapport combofix seulement car vundofix n'a rien détecté... ComboFix no 1:celui qui s'est arrêté ComboFix 09-02-02.04 - Audrey 2009-02-03 18:32:13.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.344 [GMT -5:00] Running from: c:\documents and settings\Audrey\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) . The following files were disabled during the run: c:\windows\QXVkcmV5\asappsrv.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Audrey\Application Data\SpeedRunner c:\documents and settings\Audrey\Application Data\SpeedRunner\config.cfg c:\documents and settings\Audrey\Application Data\SpeedRunner\SpeedRunner.exe c:\documents and settings\Audrey\Application Data\SpeedRunner\SRUninstall.exe c:\documents and settings\Audrey\Application Data\twain\Twain.exe c:\documents and settings\Audrey\Local Settings\Temporary Internet Files\bestwiner.stt c:\documents and settings\Audrey\Local Settings\Temporary Internet Files\CPV.stt c:\documents and settings\Audrey\Local Settings\Temporary Internet Files\fbk.sts c:\documents and settings\LocalService\Application Data\NetMon c:\documents and settings\LocalService\Application Data\NetMon\domains.txt c:\documents and settings\LocalService\Application Data\NetMon\log.txt C:\Jojo.exe c:\program files\iCheck c:\program files\iCheck\Uninstall.exe c:\program files\Mjcore c:\program files\Mjcore\Mjcore.dll c:\program files\network monitor c:\program files\network monitor\netmon.exe c:\program files\VnrPack c:\program files\VnrPack\dicts.gz c:\program files\VnrPack\trgts.gz c:\program files\VnrPack\VnrPack23.exe c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\windows\fxstaller.exe c:\windows\QXVkcmV5\ c:\windows\QXVkcmV5\\asappsrv.dll c:\windows\QXVkcmV5\\command.exe c:\windows\QXVkcmV5\\krp4wApc.vbs c:\windows\QXVkcmV5\command.exe c:\windows\system32\303369.exe c:\windows\system32\ahtn.htm c:\windows\system32\algs.exe c:\windows\system32\atmtd.dll c:\windows\system32\atmtd.dll._ c:\windows\system32\drivers\seneka.sys c:\windows\system32\drivers\senekaqltkklyf.sys c:\windows\system32\frmwrk32.exe c:\windows\system32\ntdll64.exe c:\windows\system32\senekabompnplt.dat c:\windows\system32\senekakolluoqy.dll c:\windows\system32\senekaowntniyr.dll c:\windows\system32\senekaqqaiteti.dll c:\windows\system32\senekauxdtmmtp.dat c:\windows\system32\test.ttt c:\windows\system32\uniq.tll c:\windows\system32\warning.gif c:\windows\system32\win32hlp.cnf c:\windows\uninstall_nmon.vbs . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SENEKA -------\Legacy_CMDSERVICE -------\Legacy_NETWORK_MONITOR -------\Service_cmdService -------\Service_Network Monitor ((((((((((((((((((((((((( Files Created from 2009-01-04 to 2009-02-04 ))))))))))))))))))))))))))))))) . 2009-02-03 14:22 . 2009-02-03 18:35 <DIR> d-------- c:\documents and settings\Audrey\Application Data\Twain 2009-02-03 14:19 . 2009-02-03 14:19 <DIR> d-------- c:\program files\Trend Micro 2009-02-03 14:17 . 2009-02-03 18:36 <DIR> d-------- c:\program files\WebShow 2009-02-03 13:52 . 2009-02-03 13:52 444 --a------ c:\windows\system32\d3d8caps.dat 2009-02-03 12:53 . 2009-02-03 12:53 <DIR> d-------- c:\program files\Avira 2009-02-03 12:53 . 2009-02-03 12:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-02-03 12:40 . 2009-02-03 12:40 22,148,280 --a------ c:\program files\antivir_workstation_winu_fr_h.exe 2009-02-03 12:17 . 2009-02-03 12:17 <DIR> d-------- c:\program files\CCleaner 2009-02-03 12:16 . 2009-02-03 12:16 3,171,208 --a------ c:\program files\ccsetup216.exe 2009-02-03 12:11 . 2009-02-03 12:11 812,344 --a------ c:\program files\HJTInstall.exe 2009-02-03 11:26 . 2009-02-03 11:26 35,328 --a------ c:\windows\system32\wvUkLDTn.dll 2009-02-03 11:25 . 2009-02-03 11:25 45,568 --------- c:\windows\system32\clickfile.exe 2009-02-02 17:40 . 2009-02-03 18:36 <DIR> d-------- c:\documents and settings\Audrey\Application Data\cogad 2009-01-29 18:59 . 2009-01-29 18:59 <DIR> d--hs---- c:\windows\system32\twain32 2009-01-29 18:59 . 2009-01-29 18:59 94,208 --a------ c:\windows\system32\winlogon2.exe 2009-01-28 15:17 . 2009-01-28 15:24 102,912 --a------ C:\po.exe 2009-01-28 15:16 . 2009-01-28 15:24 102,912 --a------ C:\ukf.exe 2009-01-28 15:05 . 2009-01-28 15:05 102,912 --a------ C:\neee.exe 2009-01-28 15:05 . 2009-01-28 15:05 102,912 --a------ C:\evvvve.exe 2009-01-28 15:00 . 2009-01-28 15:03 102,912 --a------ C:\efe.exe 2009-01-28 14:16 . 2009-01-28 15:14 102,912 --a------ C:\nina.exe 2009-01-28 14:12 . 2009-01-28 14:20 102,912 --a------ C:\xhe.exe 2009-01-28 13:44 . 2009-01-28 13:49 102,912 --a------ C:\ofof.exe 2009-01-28 13:41 . 2009-01-28 13:41 102,912 --a------ C:\efffffff.exe 2009-01-27 20:52 . 2009-01-28 15:31 101,888 --a------ C:\nmat.exe 2009-01-27 19:39 . 2009-01-27 19:39 136,704 --a------ c:\windows\amabopevube.dll 2009-01-27 19:27 . 2009-01-27 19:27 41,472 --a------ c:\windows\system32\chert6-303369.exe 2009-01-27 12:39 . 2009-01-27 12:39 <DIR> d-------- c:\windows\system32\LogFiles 2009-01-26 10:01 . 2009-01-26 10:01 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-26 10:01 . 2009-01-26 10:01 1,409 --a------ c:\windows\QTFont.for 2009-01-26 07:51 . 2009-01-28 15:24 22,066 --a------ C:\pps.exe 2009-01-17 14:51 . 2008-04-13 14:45 6,272 --a------ c:\windows\system32\drivers\splitter.sys 2009-01-17 14:51 . 2008-04-13 14:45 6,272 --a--c--- c:\windows\system32\dllcache\splitter.sys 2009-01-11 22:43 . 2009-01-11 22:43 <DIR> d-------- c:\program files\QuickTime 2009-01-11 22:43 . 2009-01-11 22:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-11 22:42 . 2009-01-11 22:42 <DIR> d-------- c:\program files\OLYMPUS 2009-01-11 22:41 . 2009-01-11 22:41 <DIR> d-------- c:\program files\MSXML 4.0 2009-01-10 02:39 . 2009-01-10 02:39 <DIR> d-------- c:\windows\system32\IOSUBSYS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-03 17:44 --------- d-----w c:\program files\Symantec AntiVirus 2009-02-03 17:44 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-03 17:44 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-01-11 22:18 --------- d-----w c:\program files\Google 2008-12-23 13:59 --------- d-----w c:\program files\PokerStars 2008-12-12 22:43 --------- d-----w c:\program files\Java 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-18 23:59 21,840 ----atw c:\windows\system32\SIntfNT.dll 2008-11-18 23:59 17,212 ----atw c:\windows\system32\SIntf32.dll 2008-11-18 23:59 12,067 ----atw c:\windows\system32\SIntf16.dll 2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr 2008-11-17 01:15 94,208 ----a-w c:\windows\DIIUnin.exe 2008-11-17 01:15 2,829 ----a-w c:\windows\DIIUnin.pif 2008-11-10 10:43 410,984 ----a-w c:\windows\system32\deploytk.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}] 2009-02-03 11:26 35328 --a------ c:\windows\system32\wvUkLDTn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-09 68856] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Lgebugahopiranoh"="c:\windows\amabopevube.dll" [2009-01-27 136704] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\wvUkLDTn.dll" [2009-02-03 35328] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUkLDTn] 2009-02-03 11:26 35328 c:\windows\system32\wvUkLDTn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=ilknmj.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2004-02-10 10:51 118784 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2004-02-10 10:55 155648 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lgebugahopiranoh] --a------ 2009-01-27 19:39 136704 c:\windows\amabopevube.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] --a------ 2007-09-04 14:52 54576 c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-09-01 15:57 282624 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-10-09 15:08 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [2008-09-18 79616] . Contents of the 'Scheduled Tasks' folder 2009-02-04 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . - - - - ORPHANS REMOVED - - - - BHO-{15421B84-3488-49A7-AD18-CBF84A3EFAF6} - c:\program files\WebShow\WebShow.dll BHO-{D88E1558-7C2D-407A-953A-C044F5607CEA} - c:\program files\Mjcore\Mjcore.dll BHO-{def7cea4-4468-43a1-b642-8c9e3a79da52} - c:\windows\system32\xzpmfs.dll HKCU-Run-cogad - c:\documents and settings\Audrey\Application Data\cogad\cogad.exe HKCU-Run-VnrPack23 - c:\program files\VnrPack\VnrPack23.exe HKLM-Run-Hmicegukog - c:\windows\Nheyoyuce.dll Notify-NavLogon - (no file) MSConfigStartUp-Application Layer Gateway Service - c:\windows\system32\algs.exe MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe MSConfigStartUp-Hmicegukog - c:\windows\Nheyoyuce.dll MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe MSConfigStartUp-win system - c:\windows\winav.exe MSConfigStartUp-Framework Windows - frmwrk32.exe MSConfigStartUp-Windows UDP Control Center - fxstaller.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-03 19:28:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(672) c:\windows\system32\wvUkLDTn.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe c:\program files\Windows Live\Messenger\usnsvc.exe . ************************************************************************** . Completion time: 2009-02-03 19:31:20 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-04 00:31:17 Pre-Run: 30,974,337,024 bytes free Post-Run: 30,939,156,480 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 244 --- E O F --- 2009-01-14 23:02:31 j'ai aussi le complet d'aujourd'hui exécuté après... ça va être long hein ? désolée... ComboFix 09-02-02.04 - Audrey 2009-02-05 15:51:17.2 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.377 [GMT -5:00] Running from: c:\documents and settings\Audrey\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\opnmLfFv.dll c:\windows\system32\pkbhyg.dll c:\windows\system32\xxyxWqrq.dll . ((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 ))))))))))))))))))))))))))))))) . 2009-02-05 15:09 . 2009-02-05 15:09 <DIR> d-------- C:\VundoFix Backups 2009-02-05 15:07 . 2009-02-05 15:45 <DIR> d-------- c:\documents and settings\Audrey\Application Data\Memorex 2009-02-03 14:22 . 2009-02-04 11:07 <DIR> d-------- c:\documents and settings\Audrey\Application Data\Twain 2009-02-03 14:19 . 2009-02-03 14:19 <DIR> d-------- c:\program files\Trend Micro 2009-02-03 14:17 . 2009-02-04 11:07 <DIR> d-------- c:\program files\WebShow 2009-02-03 13:52 . 2009-02-03 13:52 444 --a------ c:\windows\system32\d3d8caps.dat 2009-02-03 12:40 . 2009-02-03 12:40 22,148,280 --a------ c:\program files\antivir_workstation_winu_fr_h.exe 2009-02-03 12:17 . 2009-02-03 12:17 <DIR> d-------- c:\program files\CCleaner 2009-02-03 12:16 . 2009-02-03 12:16 3,171,208 --a------ c:\program files\ccsetup216.exe 2009-02-03 12:11 . 2009-02-03 12:11 812,344 --a------ c:\program files\HJTInstall.exe 2009-02-03 11:25 . 2009-02-03 11:25 45,568 --------- c:\windows\system32\clickfile.exe 2009-02-02 17:40 . 2009-02-04 11:07 <DIR> d-------- c:\documents and settings\Audrey\Application Data\cogad 2009-01-29 18:59 . 2009-01-29 18:59 <DIR> d--hs---- c:\windows\system32\twain32 2009-01-29 18:59 . 2009-01-29 18:59 94,208 --a------ c:\windows\system32\winlogon2.exe 2009-01-28 15:17 . 2009-01-28 15:24 102,912 --a------ C:\po.exe 2009-01-28 15:16 . 2009-01-28 15:24 102,912 --a------ C:\ukf.exe 2009-01-28 15:05 . 2009-01-28 15:05 102,912 --a------ C:\neee.exe 2009-01-28 15:05 . 2009-01-28 15:05 102,912 --a------ C:\evvvve.exe 2009-01-28 15:00 . 2009-01-28 15:03 102,912 --a------ C:\efe.exe 2009-01-28 14:16 . 2009-01-28 15:14 102,912 --a------ C:\nina.exe 2009-01-28 14:12 . 2009-01-28 14:20 102,912 --a------ C:\xhe.exe 2009-01-28 13:44 . 2009-01-28 13:49 102,912 --a------ C:\ofof.exe 2009-01-28 13:41 . 2009-01-28 13:41 102,912 --a------ C:\efffffff.exe 2009-01-27 20:52 . 2009-01-28 15:31 101,888 --a------ C:\nmat.exe 2009-01-27 19:39 . 2009-01-27 19:39 136,704 --a------ c:\windows\amabopevube.dll 2009-01-27 19:27 . 2009-01-27 19:27 41,472 --a------ c:\windows\system32\chert6-303369.exe 2009-01-27 19:12 . 2008-04-13 19:12 26,112 --a--c--- c:\windows\system32\dllcache\userinit.exe 2009-01-27 12:39 . 2009-01-27 12:39 <DIR> d-------- c:\windows\system32\LogFiles 2009-01-26 10:01 . 2009-01-26 10:01 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-26 10:01 . 2009-01-26 10:01 1,409 --a------ c:\windows\QTFont.for 2009-01-26 07:51 . 2009-01-28 15:24 22,066 --a------ C:\pps.exe 2009-01-17 14:51 . 2008-04-13 14:45 6,272 --a------ c:\windows\system32\drivers\splitter.sys 2009-01-17 14:51 . 2008-04-13 14:45 6,272 --a--c--- c:\windows\system32\dllcache\splitter.sys 2009-01-11 22:43 . 2009-01-11 22:43 <DIR> d-------- c:\program files\QuickTime 2009-01-11 22:43 . 2009-01-11 22:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-11 22:42 . 2009-01-11 22:42 <DIR> d-------- c:\program files\OLYMPUS 2009-01-11 22:41 . 2009-01-11 22:41 <DIR> d-------- c:\program files\MSXML 4.0 2009-01-10 02:39 . 2009-01-10 02:39 <DIR> d-------- c:\windows\system32\IOSUBSYS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-03 17:44 --------- d-----w c:\program files\Symantec AntiVirus 2009-02-03 17:44 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-03 17:44 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-01-11 22:18 --------- d-----w c:\program files\Google 2008-12-23 13:59 --------- d-----w c:\program files\PokerStars 2008-12-12 22:43 --------- d-----w c:\program files\Java 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-17 01:15 94,208 ----a-w c:\windows\DIIUnin.exe 2008-11-17 01:15 2,829 ----a-w c:\windows\DIIUnin.pif . ((((((((((((((((((((((((((((( snapshot@2009-02-03_19.30.29.09 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-04 16:07:28 273,092 ----a-w c:\windows\system32\Restore\rstrlog.dat + 2009-02-05 20:54:08 16,384 ----atw c:\windows\temp\Perflib_Perfdata_56c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=pkbhyg.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2004-02-10 10:51 118784 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2004-02-10 10:55 155648 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lgebugahopiranoh] --a------ 2009-01-27 19:39 136704 c:\windows\amabopevube.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] --a------ 2007-09-04 14:52 54576 c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-09-01 15:57 282624 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-10-09 15:08 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [2008-09-18 79616] . Contents of the 'Scheduled Tasks' folder 2009-02-05 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . - - - - ORPHANS REMOVED - - - - BHO-{3ddb8cba-e625-4e7b-9e2d-47035dba4db4} - c:\windows\system32\pkbhyg.dll Notify-wvUkLDTn - wvUkLDTn.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-05 15:58:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-02-05 16:00:26 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-05 21:00:23 ComboFix2.txt 2009-02-04 00:31:24 Pre-Run: 31 078 469 632 bytes free Post-Run: 31,067,840,512 bytes free 151 --- E O F --- 2009-01-14 23:02:31
  8. tiklenbibi
    salut toi.... bon je vais te répondre du mieux que je peux... je suis capable d'ouvrir ma session, c'est après que tout se gache..... j'ai l'image de mon bureau, mais des dizaines de fenêtres d'Antivir s'ouvrent en me disant qu'un virus ou programme indésirable à été trouvé sur votre ordi..... et là j'ai plusieurs options du genre mettre en quarantaine, supprimer, refuser l'accés etc.. mais même en répondant ça reviens toujours... et je ne peux absoluement rien ouvrir même pas Démarrer !!! oui j'ai mon cd d'installation de windows Xp voilà... j'attends de tes nouvelles bon....ya p-être espoir...lolll à force de supprimer... je peux arriver à aller dans démarrer..... on sait jamais ! et merci
  9. tiklenbibi
    coucou toi..... j'ai réussi avec beaucoup de patience à faire partir combofix.... mais impossible de le terminer tout pleins de fenêtres s'ouvrait , y compris celle de mon Antivir que j'avait désactiver.... et là..... plus rien ! même plus capable de l'ouvrir en mode sans échec ! ( merci à mon amie pour son ordi... afin de communiquer avec vous..) je vais surement devoir formater hein ? comment je fait si je dois le faire ? merci j'attends quand même ton ok avant de faire quoi que ce soit
  10. tiklenbibi
    salut à vous......qui serez peut-être mes sauveurs ! alors voilà mon problème, ou plutôt MES problèmes...... - en démarrant mon ordi , au lieu d'avoir mon fond d'écran sur mon bureau, c'est une très grande fenêtre WARNING VOTRE MACHINE A UN VIRUS qui apparait... - quand j'essaie d'aller naviguer ou faire des recherches sur google, ça revient toujours à ma page de démarrage google... à part quelques fois ou je réussis...c'est d'ailleurs avec de la chance que j'ai pu aller télécharger HIJACKTHIS pour vous l'envoyer.... je suis également aller télécharger Antivir pour faire un scan mais il s'est arrêté après 80 % de scan de fait , en faisant fermer mon ordi pour ensuite la faire redémarrer.... voici mon rapport: ( que je dois vous envoyer de chez une amie au cas ou... ) : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:19:17, on 2009-02-03 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Audrey\Application Data\cogad\cogad.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe, O2 - BHO: {477f16e9-73eb-8e9a-c234-3bbee053e5e0} - {0e5e350e-ebb3-432c-a9e8-be379e61f774} - C:\WINDOWS\system32\tszjuf.dll O2 - BHO: CPV - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\WebShow\WebShow.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\wvUkLDTn.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Lgebugahopiranoh] rundll32.exe "C:\WINDOWS\amabopevube.dll",e O4 - HKLM\..\Run: [Hmicegukog] rundll32.exe "C:\WINDOWS\Nheyoyuce.dll",e O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Audrey\Application Data\cogad\cogad.exe" 61A847B5BBF72810359A3E466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221853253000 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1221853356656 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O20 - AppInit_DLLs: tszjuf.dll O20 - Winlogon Notify: wvUkLDTn - C:\WINDOWS\SYSTEM32\wvUkLDTn.dll O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 7089 bytes merci à l'avance
×
×
  • Créer...