Virus moteur de recherche

Question

Bonjour, depuis hier quand je fais une recherche sur google, quand je clique sur les liens je ne peux pas aller sur les site ou j'ai cliquer.
Ça me ramène le plus souvent vers ces site : 

https://encyclopedia.thefreedictionary.com

https://www.networksolutions.com/errors/404

http://findreallife.info/index.php

(il y en a d'autres) 

Je pense que j'ai attrapé un virus.
Pouvez-vous m'aider SVP!!

eZula · Answer

Bonjour, 

télécharge GenProc http://www.genproc.com/GenProc.exe 

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre

anonyme · Answer

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\**\locals~1\applic~1" * 



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\**\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\**\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\**\menudm~1\progra~1" *** 



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\**\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


omcxkqyrpz_navtmp.dat trouvé ! 
Copie omcxkqyrpz_navtmp.dat réalisée avec succès !
omcxkqyrpz_navtmp.dat supprimé !

znegaafjr_nav.dat trouvé ! 
Copie znegaafjr_nav.dat réalisée avec succès !
znegaafjr_nav.dat supprimé !

znegaafjr_navps.dat trouvé ! 
Copie znegaafjr_navps.dat réalisée avec succès !
znegaafjr_navps.dat supprimé !


* Dans "C:\Documents and Settings\**\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le 29/05/2009 à 17:14:50,82 ***






MSNFix 1.760  
 
C:\Documents and Settings\**\Bureau\MSNFix 
Fix exécuté le 29/05/2009 - 17:18:29,48 By **
mode sans échec           
    
************************ Recherche les fichiers présents      
    
... C:\autorun.inf 
... C:\Autorun.inf 
... C:\WINDOWS\install.exe 
 
************************ Recherche les dossiers présents       
 
Aucun dossier trouvé 
 
 
 
 
************************ Suppression des fichiers       
    
.. OK ... C:\WINDOWS\system32\avgvrark.exe 
.. OK ... C:\DOCUME~1\**\LOCALS~1\Temp\winlogon.exe 
.. OK ... C:\DOCUME~1\**\LOCALS~1\Temp\services.exe 
.. OK ... C:\WINDOWS\system32\cftmon.exe 
.. OK ... C:\autorun.inf  
.. OK ... C:\Autorun.inf  
.. OK ... C:\WINDOWS\install.exe  
 
 
 
************************ Nettoyage du registre 
 
 
 
************************ Hostsclean 
 
Cleanhosts v 0.1.0.7  By Laurent

-- Backup : C:\WINDOWS\system32\drivers\etc\hosts-20090529172538
-- original size 217.08 Kb / 7847 lines
-- Start cleaning Hosts file .... 

 /!\... antivirus.com .....  Found and removed
 /!\... avast.com .....  Found and removed
 /!\... ca.com .....  Found and removed
 /!\... mcafee.com .....  Found and removed
 /!\... spybot.info .....  Found and removed


-- final size 215.99 Kb / 7813 lines
-- entry Found : 5  /  Entry check : 310

End .............................. 120.43 Secondes 

 
 
 
 
Les fichiers encore présents seront supprimés au prochain redémarrage 



Voilà j'espere que c'est le bon truc

anonyme · Answer

up

eZula · Answer

Le rapport Hijackthis, le nouveau rapport GenPRoc ?
ça t'a forcément été demandé, tu ne le fais pas, en conséquence je considère que ce n'est pas terminé

anonyme · Answer

Je n'ai pas compris comment fonctionne GenProc.
Voici le rapport Hijackthis:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31:58, on 31/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Documents and Settings\**\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.8.30.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {da82d608-0a5b-439e-bb80-a68f73ab115c} - C:\WINDOWS\system32\yatodimi.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\**\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32evesele.dll,C:\WINDOWS\system32\jigefuwi.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9870a2e1a3724) (gupdate1c9870a2e1a3724) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe

anonyme · Answer

up

eZula · Answer

poste donc un nouveau rapport GenProc

anonyme · Answer

Rapport GenProc 2.572 [5]
@ 01/06/2009 à 10:52:55
@ Windows XP Service Pack 3
@ Mozilla Firefox (3.0.10) [Navigateur par défaut]

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante : 


Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :  
- C:\Program Files\EsetOnlineScanner\log.txt

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

eZula · Answer

suis la dernière procédure

anonyme · Answer

Ok merci je suis en train de faire mais c'est long.

anonyme · Answer

Est ce que c'est normal que l'analyse se bloque?
C'est toujours a 10% depuis tout a l'heure...

anonyme · Answer

L'analyse est finie mais je ne trouve pas le rapport ici C:\Program Files\EsetOnlineScanner\log.txt 
Ça ma détecter un fichier c'était Win 32

anonyme · Answer

Quelqu'un peut m'aider ? SVP !!

eZula · Answer

recommence le scan en mode sans échec/prise en charge réseau si nécessaire,

anonyme · Answer

J'ai finalement réussit hier a avoir le rapport:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=7.00.6000.16827 (vista_gdr.090226-1506)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=6c15ec3247f9a042bc17ecb19c47a9f8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-06-03 02:07:54
# local_time=2009-06-03 04:07:54 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1027 21 83 63 4239148750000
# scanned=139897
# found=0
# cleaned=0
# scan_time=8446

eZula · Answer

Où en sont tes problèmes ?

anonyme · Answer

Toujours pareille :/
Tu ne vois rien d'anormal dans les rapports?

eZula · Answer

si, maintenant que tu le dis

[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

DllD · Answer

Bonjour vous deux.

EDIT :: rien dit...

Oki.

anonyme · Answer

Voici le rapport combofix:



ComboFix 09-06-04.09 - 05/06/2009 17:31:26.1 - NTFSx86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1023.529 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\**\Bureau\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Core.dll
C:\WINDOWS\system32\drivers\kungsfyqknkuha.sys
C:\WINDOWS\system32\kungsfhsnbhodc.dat
C:\WINDOWS\system32\kungsfhswlamtd.dll
C:\WINDOWS\system32\kungsfoyrlmiuy.dat
C:\WINDOWS\system32\kungsfrinydljo.dll
C:\WINDOWS\system32\window.dll

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kungsftqqlavxw


(((((((((((((((((((((((((((((   Fichiers créés du 2009-05-05 au 2009-06-05  ))))))))))))))))))))))))))))))))))))
.

eZula · Answer

Incomplet

anonyme · Answer

Pourtant j'ai tout poster... 
Sinon le logiciel ma détecter des rootkits

eZula · Answer

relance-le

anonyme · Answer

Voilà normalement c'est le bon :


((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\PFLib.dll
.
---- Exécution préalable -------
.
c:\windows\system32\Core.dll
c:\windows\system32\drivers\kungsfyqknkuha.sys
c:\windows\system32\kungsfhsnbhodc.dat
c:\windows\system32\kungsfhswlamtd.dll
c:\windows\system32\kungsfoyrlmiuy.dat
c:\windows\system32\kungsfrinydljo.dll
c:\windows\system32\window.dll

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kungsftqqlavxw


(((((((((((((((((((((((((((((   Fichiers créés du 2009-05-05 au 2009-06-05  ))))))))))))))))))))))))))))))))))))
.

2009-06-03 11:18 . 2009-06-03 11:18	--------	d-----w-	c:\program files\ESET
2009-06-01 14:02 . 2009-06-01 14:02	299352	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update	hreatwork.exe
2009-06-01 14:02 . 2009-06-01 14:02	25440	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-06-01 14:02 . 2009-06-01 14:02	15688	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-06-01 14:02 . 2009-06-01 14:02	165728	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-06-01 14:01 . 2009-06-01 14:01	343888	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-06-01 14:01 . 2009-06-01 14:01	289632	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-06-01 14:01 . 2009-06-01 14:01	82784	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-06-01 13:53 . 2009-06-01 13:53	1630048	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-06-01 13:51 . 2009-06-01 13:51	212848	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-06-01 13:50 . 2009-06-01 13:50	40288	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-06-01 13:50 . 2009-06-01 13:50	632680	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-06-01 13:48 . 2009-06-01 13:48	539512	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-06-01 13:47 . 2009-06-01 13:47	552808	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-06-01 13:45 . 2009-06-01 13:45	2324808	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-06-01 13:44 . 2009-06-01 13:45	626000	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-06-01 13:43 . 2009-06-01 13:43	516440	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-01 13:42 . 2009-06-01 13:42	953168	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-05-29 14:51 . 2009-06-01 10:47	--------	d-----w-	c:\program files\Navilog1
2009-05-29 11:09 . 2009-05-29 11:09	--------	d-----w-	C:\GenProc
2009-05-27 13:38 . 2009-05-27 13:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\Electronic Arts
2009-05-27 13:38 . 2009-05-27 13:38	--------	d-----w-	C:\ProgramData
2009-05-27 13:35 . 2008-09-05 01:22	447752	----a-w-	c:\windows\system32\vp6vfw.dll
2009-05-27 13:35 . 2009-05-27 13:35	10134	----a-r-	c:\documents and settings\Famechon\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-05-27 13:35 . 2009-05-27 13:35	--------	d-----w-	c:\program files\Microsoft WSE
2009-05-27 13:33 . 2006-09-28 14:05	2414360	----a-w-	c:\windows\system32\d3dx9_31.dll
2009-05-27 13:32 . 2009-05-27 13:32	--------	d-----w-	c:\windows\Logs
2009-05-23 11:47 . 2009-05-24 00:21	--------	d-----w-	c:\documents and settings\Famechon\Application Data	eamspeak2
2009-05-23 11:44 . 2009-05-23 11:47	--------	d-----w-	c:\program files\Teamspeak2_RC2
2009-05-22 12:50 . 2009-05-27 13:36	--------	d-----w-	c:\program files\Electronic Arts
2009-05-22 10:22 . 2009-05-22 10:48	--------	d-----w-	c:\documents and settings\Famechon\Application Data\IcoFX
2009-05-22 10:21 . 2009-05-22 10:21	--------	d-----w-	c:\program files\IcoFX 1.6
2009-05-21 18:38 . 2009-05-21 21:37	--------	d-----w-	c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-21 18:02 . 2009-05-21 18:02	--------	d-----w-	c:\program files\Adobe Media Player
2009-05-21 17:57 . 2009-05-21 17:57	--------	d-----w-	c:\program files\Fichiers communs\Adobe AIR
2009-05-21 17:48 . 2009-05-21 17:48	--------	d-----w-	c:\program files\Fichiers communs\Macrovision Shared
2009-05-20 05:28 . 2009-05-20 05:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\Adobe Systems
2009-05-20 05:28 . 2009-05-20 05:28	--------	d-----w-	c:\program files\Fichiers communs\Adobe Systems Shared
2009-05-13 08:18 . 2009-05-13 08:18	2051864	----a-w-	c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-10 12:54 . 2009-05-17 20:36	--------	d-----w-	c:\program files\RocketDock

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 15:50 . 2007-11-03 19:30	169936	----a-w-	c:\documents and settings\Famechon\Application Data\Mozilla\Firefox\Profiles\3fdq7c1l.default\FlashGot.exe
2009-06-05 15:48 . 2006-11-09 17:30	--------	d-----w-	c:\documents and settings\Famechon\Application Data\OpenOffice.org2
2009-06-05 15:41 . 2007-09-28 20:10	--------	d-----w-	c:\program files\BitComet
2009-05-31 18:41 . 2006-11-09 16:38	78256	----a-w-	c:\documents and settings\Famechon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-31 17:51 . 2009-03-28 13:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\avg8
2009-05-29 16:01 . 2009-05-01 13:00	--------	d-----w-	c:\program files\a-squared Free
2009-05-28 16:20 . 2006-12-14 16:24	--------	d-----w-	c:\program files\Google
2009-05-27 13:10 . 2009-01-27 16:45	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-05-27 13:00 . 2009-01-31 14:11	--------	d-----w-	c:\program files\Postal2STP
2009-05-27 12:13 . 2009-04-27 16:19	--------	d-----w-	c:\documents and settings\Famechon\Application Data\Azureus
2009-05-23 13:16 . 2009-01-25 22:25	--------	d-----w-	c:\documents and settings\Famechon\Application Data\Xfire
2009-05-23 09:20 . 2009-04-11 13:37	--------	d-----w-	c:\documents and settings\Famechon\Application Data\AVGTOOLBAR
2009-05-21 18:04 . 2006-11-09 17:30	--------	d-----w-	c:\program files\Fichiers communs\Adobe
2009-05-17 00:17 . 2009-05-04 16:06	--------	d-----w-	c:\program files\adslTV
2009-05-12 20:54 . 2008-03-28 23:06	1	----a-w-	c:\documents and settings\Famechon\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-05 07:12 . 2009-05-04 16:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\ExtraFilm
2009-05-04 16:08 . 2009-05-04 16:08	--------	d-----w-	c:\documents and settings\Famechon\Application Data\ExtraFilm
2009-05-01 13:37 . 2009-05-01 13:38	64160	----a-w-	c:\windows\system32\drivers\Lbd.sys
2009-05-01 13:37 . 2009-05-01 13:37	64160	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-05-01 13:37 . 2009-05-01 13:37	73064	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-05-01 13:14 . 2009-05-01 13:14	--------	dc-h--w-	c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-01 13:12 . 2009-05-01 13:12	--------	d-----w-	c:\program files\Lavasoft
2009-04-30 17:18 . 2009-04-10 22:01	--------	d-----w-	c:\program files\Stardock
2009-04-30 11:15 . 2009-03-28 13:14	11952	----a-w-	c:\windows\system32\avgrsstx.dll
2009-04-30 11:15 . 2009-03-28 13:13	325896	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2009-04-30 11:15 . 2009-03-28 13:13	27784	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2009-04-30 11:15 . 2009-03-28 13:13	108552	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2009-04-30 11:14 . 2009-03-28 13:14	12552	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2009-04-29 21:19 . 2009-04-29 21:19	41808	----a-w-	c:\windows\system32\xfcodec.dll
2009-04-27 16:20 . 2009-04-27 16:20	--------	d-----w-	c:\documents and settings\All Users\Application Data\Azureus
2009-04-27 16:19 . 2009-04-27 16:19	--------	d-----w-	c:\program files\Vuze
2009-04-26 12:35 . 2006-11-12 11:16	--------	d-----w-	c:\program files\Messenger Plus! Live
2009-04-24 20:12 . 2008-12-23 14:30	--------	d-----w-	c:\program files\GOA
2009-04-24 20:04 . 2006-11-09 16:53	--------	d-----w-	c:\program files\Ahead
2009-04-24 20:02 . 2009-02-25 15:28	--------	d-----w-	c:\program files\Fichiers communs\AVSMedia
2009-04-24 09:53 . 2009-04-24 09:53	4968	----a-w-	c:\windows\system32\PerfStringBackup.TMP
2009-04-24 09:53 . 2006-03-02 13:00	86366	----a-w-	c:\windows\system32\perfc00C.dat
2009-04-24 09:53 . 2006-03-02 13:00	513458	----a-w-	c:\windows\system32\perfh00C.dat
2009-04-19 18:38 . 2009-04-19 18:38	--------	d-----w-	c:\program files\BestGameEver
2009-04-19 10:07 . 2009-04-10 22:01	--------	d-----w-	c:\program files\Fichiers communs\Stardock
2009-04-16 21:13 . 2009-04-16 21:12	--------	d-----w-	c:\documents and settings\Famechon\Application Data\MessengerDiscovery 2
2009-04-16 20:52 . 2009-04-16 20:52	--------	d-----w-	c:\program files\Microsoft
2009-04-16 20:51 . 2007-06-10 14:25	--------	d-----w-	c:\program files\Windows Live
2009-04-11 21:30 . 2009-04-11 21:30	--------	d-----w-	c:\program files\WinHTTrack
2009-04-10 21:40 . 2008-01-20 21:59	--------	d-----w-	c:\program files\FLV Player
2009-04-10 20:36 . 2009-04-10 20:30	--------	d-----w-	c:\program files\Yahoo!
2009-04-01 11:04 . 2009-04-01 11:04	152576	----a-w-	c:\documents and settings\Famechon\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-09 03:19 . 2008-12-18 18:37	410984	----a-w-	c:\windows\system32\deploytk.dll
2006-09-27 13:13 . 2008-08-06 21:21	1694208	--sha-w-	c:\windows\VistaMizer\old\msmsgs.exe
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2007-09-10 6338360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 3587120]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Famechon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-22 133104]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WireLessMouse"="c:\program files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe" [2005-08-30 303104]
"WireLessKeyboard"="c:\program files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe" [2005-08-30 319488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OBealsched.exe" [2008-05-06 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-30 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-17 16143872]
"nwiz"="nwiz.exe" - c:\windows\system32
wiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Famechon\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\avgrsstarter]
2009-04-30 11:15	11952	----a-w-	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6V_Check

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"NVSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\WINDOWS\system32\rtcshare.exe"=
"c:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"=
"c:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"=
"c:\Program Files\Mozilla Firefox\firefox.exe"=
"c:\Program Files\adslTV\adsltv.exe"=
"c:\Program Files\BitComet\BitComet.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Veoh Networks\Veoh\VeohClient.exe"=
"c:\Program Files\SecondLifeReleaseCandidate\SLVoice.exe"=
"c:\Program Files\LimeWire\LimeWire.exe"=
"c:\Program Files\Postal2STP\System\Postal2.exe"=
"c:\Program Files\DNA\btdna.exe"=
"c:\Program Files\Softnyx\WolfTeam\Wolfteam.bin"=
"c:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"=
"c:\Program Files\Java\jre6\bin\java.exe"=
"d:\sauvegarde\Famechon\Program Files\eMule\emule.exe"=
"d:\sauvegarde\Famechon\Program Files\Xfire\Xfire.exe"=
"d:\sauvegarde\Famechon\Program Files\Postal2STP2\System\Postal2MP.exe"=
"d:\sauvegarde\Famechon\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe"=
"d:\sauvegarde\Famechon\Program Files\EA GAMES\Battlefield 2\BF2.exe"=
"c:\Program Files\AVG\AVG8\avgam.exe"=
"c:\Program Files\AVG\AVG8\avgdiag.exe"=
"c:\Program Files\AVG\AVG8\avgdiagex.exe"=
"c:\Program Files\AVG\AVG8\avgupd.exe"=
"c:\Program Files\AVG\AVG8\avgnsx.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Vuze\Azureus.exe"=
"d:\sauvegarde\Famechon\Program Files\World of Warcraft\Launcher.exe"=
"c:\Program Files\SecondLifeReleaseCandidate\SecondLifeReleaseCandidate.exe"=
"c:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"=
"c:\WINDOWS\system32\java.exe"=
"c:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe"=
"c:\Program Files\Electronic Arts\EADM\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13094:TCP"= 13094:TCP:BitComet 13094 TCP
"13094:UDP"= 13094:UDP:BitComet 13094 UDP
"6112:TCP"= 6112:TCP:Blizzard dowloader
"6881:TCP"= 6881:TCP:Blizzard download
"6882:TCP"= 6882:TCP:Blizzard download
"6883:TCP"= 6883:TCP:Blizzard download
"6999:TCP"= 6999:TCP:Blizzard download
"3724:UDP"= 3724:UDP:Blizzard Downloader
"6113:TCP"= 6113:TCP:Blizzard Downloader
"6884:TCP"= 6884:TCP:Blizzard Downloader
"6885:TCP"= 6885:TCP:Blizzard Downloader
"6886:TCP"= 6886:TCP:Blizzard Downloader
"6887:TCP"= 6887:TCP:Blizzard Downloader
"6888:TCP"= 6888:TCP:Blizzard Downloader
"6889:TCP"= 6889:TCP:Blizzard Downloader
"6990:TCP"= 6990:TCP:Blizzard Downloader
"6991:TCP"= 6991:TCP:Blizzard Downloader
"6992:TCP"= 6992:TCP:Blizzard Downloader
"6993:TCP"= 6993:TCP:Blizzard Downloader
"6994:TCP"= 6994:TCP:Blizzard Downloader
"6995:TCP"= 6995:TCP:Blizzard Downloader
"6996:TCP"= 6996:TCP:Blizzard Downloader
"6696:TCP"= 6696:TCP:Blizzard Downloader
"6997:TCP"= 6997:TCP:Blizzard Downloader
"6998:TCP"= 6998:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [28/03/2009 15:14 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/05/2009 15:38 64160]
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [09/11/2006 18:59 61184]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/03/2009 15:13 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28/03/2009 15:13 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/04/2009 15:58 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 953168]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21/04/2006 08:22 70912]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [09/11/2006 18:40 31104]
S2 gupdate1c9870a2e1a3724;Google Update Service (gupdate1c9870a2e1a3724);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2009 22:50 133104]
S3 PentaxUsb;PENTAX Optio 50L on USB;c:\windows\system32\drivers\CoachUsb.sys [24/11/2004 14:34 50976]
S3 PentaxVc;PENTAX Optio 50L Video Capture;c:\windows\system32\drivers\CoachVc.sys [24/11/2004 14:36 44256]
.
Contenu du dossier 'Tâches planifiées'

2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:36]

2009-06-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 20:50]

2009-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1770027372-839522115-1004.job
- c:\documents and settings\Famechon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 10:53]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{da82d608-0a5b-439e-bb80-a68f73ab115c} - (no file)
SafeBoot-procexp90.Sys


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game11.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Famechon\Application Data\Mozilla\Firefox\Profiles\3fdq7c1l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer
pzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Famechon\Local Settings\Application Data\Google\Update\1.2.145.5
pGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth Plugin
pgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5
pGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
p-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
pyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
pzylomgamesplayer.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer
pWebPlayerVideoPluginATL.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 18:50
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 


**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-06-05 18:56
ComboFix-quarantined-files.txt  2009-06-05 16:54

Avant-CF: 7 966 744 576 octets libres
Après-CF: 7 948 267 520 octets libres

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
315	--- E O F ---	2009-05-14 01:05

Virus moteur de recherche - Page 2

Discussions similaires

Newsletters