Sujet Précédent Sujet Suivant

Virus de redirection google

lillyt Messages postés 40 Statut Membre -  
lillyt Messages postés 40 Statut Membre -
Bonjour,
C'est l'horreur depuis 2 jours, à chaque recherche sur google, le site me redirige vers d'autres sites de pub que je sois sur firefox ou internet explorer.
J'ai desinstallé antivirA et firefox, puis réinstallés, le problème avait disparu, puis quelques heures plus tard idem, le virus était de nouveau là.
Que faire?
Merci d'avance pour votre aide précieuse je galère!!!
A voir également:

78 réponses

Réponse 1 / 78
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Bonjour,

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 2 / 78
lillyt Messages postés 40 Statut Membre
 
Merci pour ta rapidité!!

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rico et Elisa at 2009-08-10 17:40:25
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 77 GB (38%) free of 205 GB
Total RAM: 2046 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:40:43, on 10/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\vVX1000.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HomePlayer\HomePlayer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Rico et Elisa\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rico et Elisa\Desktop\RSIT.exe
C:\Program Files\trend micro\Rico et Elisa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HomePlayer] C:\Program Files\HomePlayer\HomePlayer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LanceurEasyBox] "C:\Program Files\EasyBox\EasyBox.exe" -AutoStart
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Rico et Elisa\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{54D04015-2CD2-47B7-91DF-313983537154}: NameServer = 85.255.112.62,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1538D73-BDF9-4C40-83E5-0A2355020309}: NameServer = 85.255.112.62,85.255.112.231
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.62,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.62,85.255.112.231
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate1ca054080fb1e16) (gupdate1ca054080fb1e16) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 3 / 78
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
--> Désactive l'UAC le temps de la désinfection.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
0
Réponse 4 / 78
lillyt Messages postés 40 Statut Membre
 
Maintenant gros probleme je n'ai plus de connexion internet avec free sur mon ordi ou il y a la proble de virus!

Voici le résultat que j'ai réussi à avoir.

ComboFix 09-08-09.04 - Rico et Elisa 10/08/2009 18:14.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1138 [GMT 2:00]
Running from: c:\users\Rico et Elisa\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-192345369-2729201545-2745846667-1000
c:\$recycle.bin\S-1-5-21-2116334112-247094141-3965621804-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-4222770921-1905918573-2343490481-500
C:\install.exe
c:\windows\Installer\cf80.msi
c:\windows\Installer\cf86.msi
c:\windows\Installer\cf8d.msi
c:\windows\Installer\d11a.msi
c:\windows\system32\drivers\ESQULeemjvdetqiibssfxmmxyxkoptqreruvt.sys
c:\windows\System32\ESQULiinuvqpdyctpgwkdiytypwnxcyupytop.dll
c:\windows\system32\ESQULwgcaudkbcwpbqhvmucphrjxaxrsvqekn.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys

((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 16:23 . 2009-08-10 16:25 -------- d-----w- c:\users\Rico et Elisa\AppData\Local\temp
2009-08-10 16:23 . 2009-08-10 16:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-10 15:55 . 2009-08-10 15:55 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-10 15:40 . 2009-08-10 15:40 -------- d-----w- c:\program files\trend micro
2009-08-10 15:40 . 2009-08-10 15:40 -------- d-----w- C:\rsit
2009-08-09 16:28 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 12:49 . 2009-08-05 12:49 -------- d-----w- c:\program files\HTDivx
2009-08-03 08:47 . 2009-08-03 08:47 -------- d-----w- c:\program files\MSN Messenger
2009-08-03 07:15 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-03 07:15 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-03 07:15 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-03 07:15 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-03 07:15 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-03 07:15 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-03 07:15 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-03 07:09 . 2009-07-21 21:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-03 07:09 . 2009-07-21 20:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 18:37 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 18:37 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 18:37 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 18:37 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 17:08 . 2009-07-15 17:44 -------- d-----r- C:\Photos
2009-07-15 11:35 . 2009-07-15 11:36 -------- d-----w- c:\progra~2\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 16:29 . 2008-02-23 00:04 -------- d-----w- c:\users\Rico et Elisa\AppData\Roaming\Skype
2009-08-10 16:25 . 2008-03-21 00:09 -------- d-----w- c:\users\Rico et Elisa\AppData\Roaming\DNA
2009-08-10 16:25 . 2008-03-21 00:09 -------- d-----w- c:\program files\DNA
2009-08-10 16:20 . 2007-09-07 06:25 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-10 16:20 . 2007-09-07 06:25 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-10 15:55 . 2008-11-19 15:57 -------- d-----w- c:\users\Rico et Elisa\AppData\Roaming\skypePM
2009-08-09 10:01 . 2009-01-20 08:07 1 ----a-w- c:\users\Rico et Elisa\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-05 15:12 . 2007-09-06 21:12 -------- d-----w- c:\program files\Java
2009-08-04 11:17 . 2008-03-21 00:09 -------- d-----w- c:\users\Rico et Elisa\AppData\Roaming\BitTorrent
2009-08-03 13:40 . 2008-10-02 20:53 -------- d-----w- c:\program files\HomePlayer
2009-08-03 07:36 . 2008-02-22 14:31 96192 ----a-w- c:\users\Rico et Elisa\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-03 07:33 . 2009-04-24 11:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-03 07:29 . 2008-02-23 09:59 -------- d-----w- c:\progra~2\Microsoft Help
2009-08-03 07:28 . 2007-09-06 21:14 -------- d-----w- c:\program files\Microsoft Works
2009-07-25 03:23 . 2009-01-11 21:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-08-03 07:10 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-03 07:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-16 01:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 11:36 . 2007-09-06 21:20 -------- d-----w- c:\program files\Google
2009-07-13 17:02 . 2008-10-26 13:24 680 ----a-w- c:\users\Rico et Elisa\AppData\Local\d3d9caps.dat
2009-07-13 09:02 . 2008-02-23 10:46 -------- d-----w- c:\program files\Windows Live
2009-06-18 20:11 . 2009-06-18 20:11 -------- d-----w- c:\program files\mp3DirectCut
2009-06-16 20:36 . 2009-06-16 20:36 -------- d-----w- c:\program files\Photo Story 3 for Windows
2009-06-14 21:49 . 2009-06-14 19:47 -------- d-----w- c:\users\Rico et Elisa\AppData\Roaming\Photodex
2009-06-14 19:51 . 2009-06-14 19:51 -------- d-----w- c:\program files\Photodex Presenter
2009-06-14 19:51 . 2009-06-14 19:51 -------- d-----w- c:\users\Rico et Elisa\AppData\Roaming\Netscape
2009-06-14 19:51 . 2009-06-14 19:51 131072 ----a-w- c:\users\Rico et Elisa\AppData\Roaming\Netscape\Plugins\npPxPlay.dll
2009-06-14 19:51 . 2009-06-14 19:51 131072 ----a-w- c:\users\Rico et Elisa\AppData\Roaming\Mozilla\Plugins\npPxPlay.dll
2009-06-14 19:51 . 2009-06-14 19:51 -------- d-----w- c:\program files\Photodex
2008-04-15 20:30 . 2008-04-15 20:30 22 --sha-w- c:\windows\SMINST\HPCD.sys
2007-09-07 06:42 . 2007-09-07 06:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 1783400]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-08-10 318272]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2008-02-22 54672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HomePlayer"="c:\program files\HomePlayer\HomePlayer.exe" [2007-11-06 294912]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{44FA8FD9-BD7D-44BA-98CF-6E16B6369737}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{B7625DD8-C46D-415A-9EA6-82627301965D}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E7868B87-0E05-4CEC-8362-163A95E885A1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2800015F-F4BA-499A-BFCE-E973107174DA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E5737258-FC74-4766-8CE7-333582604E99}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DAFC7AFC-9F4E-4DDF-986E-409193995F98}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{921339D3-0299-4A3C-97B5-4335E71DB2B3}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E3B0E598-FEB9-4403-9385-F3259E196B2E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{65F3B194-2532-4EAD-B366-29CBA56437FA}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{87E15B8D-8CC6-4D20-AE37-91DD35C652C5}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{4C05BF34-1CC3-470A-8C8E-FA962DE9CC84}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{3B7B6795-4053-4EF0-99EC-CE9D77239122}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{FD62F285-873F-4FC9-B0F7-5A3AB8EA9FF1}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{EB53905B-B7ED-4A51-8B2D-F98BF99DFC14}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{5F7C63D5-DB87-4C07-92BA-AA93A47E8620}c:\\users\\rico et elisa\\program files\\dna\\btdna.exe"= UDP:c:\users\rico et elisa\program files\dna\btdna.exe:btdna.exe
"UDP Query User{94896BE2-4AA2-432B-BCF9-4497BFF59DE7}c:\\users\\rico et elisa\\program files\\dna\\btdna.exe"= TCP:c:\users\rico et elisa\program files\dna\btdna.exe:btdna.exe
"TCP Query User{78AE453E-D813-40C7-8598-99A988A4FCF6}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{BE8737CC-BA4E-473F-B3F6-6DF149758019}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"{B5C5FBC9-EDEC-4022-9446-B62F0C7961D8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{04BB57CB-CCC6-4959-9D63-335982FF3155}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{62DF05A0-28C7-4CAF-A712-ECA79BA5C54D}c:\\program files\\freeplayer\\vlc\\vlc.exe"= UDP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
"UDP Query User{173736D5-80E0-4C2C-A592-E3F21422FF58}c:\\program files\\freeplayer\\vlc\\vlc.exe"= TCP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
"TCP Query User{8E5AD12F-9FE3-4BE3-A82D-9050CBE05FD4}c:\\program files\\easybox\\vlc\\vlc.exe"= UDP:c:\program files\easybox\vlc\vlc.exe:VLC media player
"UDP Query User{4D4F02B5-A279-465E-90C5-5A3C80A8D60D}c:\\program files\\easybox\\vlc\\vlc.exe"= TCP:c:\program files\easybox\vlc\vlc.exe:VLC media player
"{50BEB13F-24AB-4256-A71C-34922A337F3A}"= UDP:8080:freeplayer TCP
"{16ADDE4C-1270-413C-8F5B-396F10DDDA3A}"= TCP:1234:freeplayer udp
"TCP Query User{FC0A212A-943F-4CEF-BAFF-C15181BAAE4F}c:\\program files\\homeplayer\\homeplayer.exe"= UDP:c:\program files\homeplayer\homeplayer.exe:HomePlayer
"UDP Query User{B004D508-E256-4859-ADA6-78F145596640}c:\\program files\\homeplayer\\homeplayer.exe"= TCP:c:\program files\homeplayer\homeplayer.exe:HomePlayer
"{4845C1DC-C020-48C7-BB26-A65A5FB088DD}"= UDP:c:\program files\adslTV\adsltv.exe:adsl TV
"{B1E1CAC1-AD4B-4293-9080-CD59D5D6FFC4}"= TCP:c:\program files\adslTV\adsltv.exe:adsl TV
"TCP Query User{119D8188-A0E5-4FEA-9FFE-98CC1D3E680A}c:\\program files\\adsltv\\vlc.exe"= UDP:c:\program files\adsltv\vlc.exe:VLC media player
"UDP Query User{2004378A-950B-4AE8-B5DD-558792BACEE2}c:\\program files\\adsltv\\vlc.exe"= TCP:c:\program files\adsltv\vlc.exe:VLC media player
"{7A1303F2-2D81-4B1D-B257-BAB39E1F3BB6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{ECF9E2DD-3CEE-438B-8E09-BA83D550F290}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{8BFF94FA-BAF6-4285-8D23-8DF540023545}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"{F6B4E3CF-10F2-475E-8119-59133E034977}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{386E4061-E248-4627-BE84-5D9942F72660}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{DEBCF6A0-0577-409B-838F-854D402B175B}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{7C7B3412-F255-4020-8FB9-D1F8FDD08F33}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{5510A2F9-9025-458C-A389-A194BDF3E8A4}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{88C3D014-AA0E-47C4-A7D4-DBF6EFC7029A}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{3C623D1F-053B-4850-9DEC-8A94BCE91FF9}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{D062FFF3-D262-4CC9-A638-A2B2CB8BB074}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{15D94B50-2952-4FCE-9616-8CE3019CA389}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{836F86B0-886D-497A-BF75-901AD7AD3849}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{A0B19E7E-B157-4738-B2B0-E9CD07EC5C63}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{6A221AD6-B3AB-49D4-B65B-7221DBC23BBB}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{9B6B1295-6501-4102-9A3A-6334B0A38F1A}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{2B326AA6-7604-453D-8648-66468BF1ADE6}"= UDP:c:\program files\HomePlayer\HomePlayer.exe:HomePlayer
"{5FB94956-4703-460C-8B2B-3281B9D6832F}"= TCP:c:\program files\HomePlayer\HomePlayer.exe:HomePlayer
"{D0DC3DF1-D5DD-4FDA-9C59-08CB7FD90777}"= UDP:c:\program files\HomePlayer\VLC\vlc.exe:VLC HomePlayer
"{0B40D752-44BA-442B-BBAF-0901FA6A243C}"= TCP:c:\program files\HomePlayer\VLC\vlc.exe:VLC HomePlayer
"{820D179E-5E6A-4FA2-AA1F-9FCFBBAAB80D}"= UDP:c:\program files\Avira\AntiVir PersonalEdition Classic\avcenter.exe:Start AntiVir PersonalEdition Classic
"{C4B1B865-1C56-4072-9525-5B788F1F19B0}"= TCP:c:\program files\Avira\AntiVir PersonalEdition Classic\avcenter.exe:Start AntiVir PersonalEdition Classic
"{8F9DED8D-83C1-46A9-A9ED-64AFFB54DA18}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{792981B8-A79C-4287-B8DE-35FD3A3B134C}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{4904CA5E-5F30-46C1-A593-668C74D58AFF}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{8646F0BB-563C-4CAA-8442-851E7E21CEC3}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

S2 gupdate1ca054080fb1e16;Service Google Update (gupdate1ca054080fb1e16);c:\program files\Google\Update\GoogleUpdate.exe [15/07/2009 13:36 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-LanceurEasyBox - c:\program files\EasyBox\EasyBox.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.fr/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 18:25
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\System32\WUDFHost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\System32\schtasks.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2009-08-10 18:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-10 16:34

Pre-Run: 80 808 443 904 octets libres
Post-Run: 80 807 407 616 octets libres

260 --- E O F --- 2009-08-05 01:00
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 78
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Le PC infecté est connecté en wifi ou par câble ?
0
Réponse 6 / 78
lillyt Messages postés 40 Statut Membre
 
Cable ethernet mais la connexion fonctionne sur l'autre ordi relié en wifi
0
Réponse 7 / 78
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
http://www.guwiv.com/portal/forums/permalink/596/596/ShowThread.aspx#596
0
Réponse 8 / 78
lillyt Messages postés 40 Statut Membre
 
c'est pour rétablir ma connexion?
0
Réponse 9 / 78
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Oui.
0
Réponse 10 / 78
lillyt Messages postés 40 Statut Membre
 
est ce que je laisse l'uac desactivé?
0
Réponse 11 / 78
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Pour l'instant, oui.
0
Réponse 12 / 78
lillyt Messages postés 40 Statut Membre
 
g fait la manip, je n'ai toujours pas de reseau:
accès: connectivité limitée
connectivité IPv4 : limité
connectivité IPv6 : limité
etat du média: activé
0
Réponse 13 / 78
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Marque et modèle du PC ?
0
Réponse 14 / 78
lillyt Messages postés 40 Statut Membre
 
HP compaq, SR5204 FR
0
Réponse 15 / 78
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Installe ceci :
https://www.nvidia.fr/object/nforce_vista_15.26_fr.html

N'installe pas le Network Management Tools s'il te propose de l'installer.
0
Réponse 16 / 78
lillyt Messages postés 40 Statut Membre
 
c'est fait, après je dois faire quoi?
0
Réponse 17 / 78
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Toujours pas de connexion ?
0
Réponse 18 / 78
lillyt Messages postés 40 Statut Membre
 
non toujours rien?
c quoi le probleme?
fo que j'appelle free?
0
Réponse 19 / 78
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Non, ça n'a rien à voir avec Free.

Menu Démarrer > Tous les programmes > Accessoires > Outils système > Restauration du système.

Restaure ton PC avant ce souci.
0
Réponse 20 / 78
lillyt Messages postés 40 Statut Membre
 
ok et apres tu penses que je pourrais toujours virer ce virus!
0