Virus de redirection google

lillyt Messages postés 40 Statut Membre -  
lillyt Messages postés 40 Statut Membre -
Bonjour,
C'est l'horreur depuis 2 jours, à chaque recherche sur google, le site me redirige vers d'autres sites de pub que je sois sur firefox ou internet explorer.
J'ai desinstallé antivirA et firefox, puis réinstallés, le problème avait disparu, puis quelques heures plus tard idem, le virus était de nouveau là.
Que faire?
Merci d'avance pour votre aide précieuse je galère!!!
Configuration: Windows Vista Internet Explorer 7.0

78 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Des redirections vers des sites publicitaires surviennent lors des recherches Google sur un PC équipé de Windows Vista, malgré la désinstallation et la réinstallation d’antivirus et du navigateur Firefox, indiquant une infection persistante par malware. Des solutions techniques évoquées incluent le démarrage en mode sans échec et l’exécution d’outils de nettoyage comme RSIT ou des scripts spécifiques, voire l’utilisation de Combofix et la suppression de fichiers rootkits. En parallèle, la restauration du système et des scans supplémentaires (RSIT, redirection réseau) sont recommandées pour éliminer les traces de logiciels malveillants et rétablir les paramètres réseau. Certaines infections résistent à la restauration et nécessitent une réinstallation du système ou l’emploi d’un outil antivirus/anti‑rootkit plus puissant pour éviter de futures redirections potentielles.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Bonjour,

    --> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

    --> Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

    --> Clique sur Continue à l'écran Disclaimer.

    --> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    --> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    0
  2. lillyt Messages postés 40 Statut Membre
     
    Merci pour ta rapidité!!

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Rico et Elisa at 2009-08-10 17:40:25
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 77 GB (38%) free of 205 GB
    Total RAM: 2046 MB (48% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:40:43, on 10/08/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\jureg.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\vVX1000.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\HomePlayer\HomePlayer.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\Rico et Elisa\Program Files\DNA\btdna.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Rico et Elisa\Desktop\RSIT.exe
    C:\Program Files\trend micro\Rico et Elisa.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HomePlayer] C:\Program Files\HomePlayer\HomePlayer.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LanceurEasyBox] "C:\Program Files\EasyBox\EasyBox.exe" -AutoStart
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Rico et Elisa\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{54D04015-2CD2-47B7-91DF-313983537154}: NameServer = 85.255.112.62,85.255.112.231
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B1538D73-BDF9-4C40-83E5-0A2355020309}: NameServer = 85.255.112.62,85.255.112.231
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.62,85.255.112.231
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.62,85.255.112.231
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service Google Update (gupdate1ca054080fb1e16) (gupdate1ca054080fb1e16) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    0
  3. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    --> Désactive l'UAC le temps de la désinfection.

    /!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

    --> Télécharge ComboFix (de sUBs) sur ton Bureau.
    --> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
    --> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    0
  4. lillyt Messages postés 40 Statut Membre
     
    Maintenant gros probleme je n'ai plus de connexion internet avec free sur mon ordi ou il y a la proble de virus!

    Voici le résultat que j'ai réussi à avoir.

    ComboFix 09-08-09.04 - Rico et Elisa 10/08/2009 18:14.1.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1138 [GMT 2:00]
    Running from: c:\users\Rico et Elisa\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-192345369-2729201545-2745846667-1000
    c:\$recycle.bin\S-1-5-21-2116334112-247094141-3965621804-500
    c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
    c:\$recycle.bin\S-1-5-21-4222770921-1905918573-2343490481-500
    C:\install.exe
    c:\windows\Installer\cf80.msi
    c:\windows\Installer\cf86.msi
    c:\windows\Installer\cf8d.msi
    c:\windows\Installer\d11a.msi
    c:\windows\system32\drivers\ESQULeemjvdetqiibssfxmmxyxkoptqreruvt.sys
    c:\windows\System32\ESQULiinuvqpdyctpgwkdiytypwnxcyupytop.dll
    c:\windows\system32\ESQULwgcaudkbcwpbqhvmucphrjxaxrsvqekn.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_ESQULserv.sys
    -------\Legacy_ESQULserv.sys
    -------\Service_ESQULserv.sys

    ((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
    .

    2009-08-10 16:23 . 2009-08-10 16:25 -------- d-----w- c:\users\Rico et Elisa\AppData\Local\temp
    2009-08-10 16:23 . 2009-08-10 16:23 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-08-10 15:55 . 2009-08-10 15:55 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2009-08-10 15:40 . 2009-08-10 15:40 -------- d-----w- c:\program files\trend micro
    2009-08-10 15:40 . 2009-08-10 15:40 -------- d-----w- C:\rsit
    2009-08-09 16:28 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-08-05 12:49 . 2009-08-05 12:49 -------- d-----w- c:\program files\HTDivx
    2009-08-03 08:47 . 2009-08-03 08:47 -------- d-----w- c:\program files\MSN Messenger
    2009-08-03 07:15 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
    2009-08-03 07:15 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2009-08-03 07:15 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-08-03 07:15 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
    2009-08-03 07:15 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
    2009-08-03 07:15 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2009-08-03 07:15 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
    2009-08-03 07:09 . 2009-07-21 21:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-08-03 07:09 . 2009-07-21 20:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-07-15 18:37 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-15 18:37 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-15 18:37 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-07-15 18:37 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-07-15 17:08 . 2009-07-15 17:44 -------- d-----r- C:\Photos
    2009-07-15 11:35 . 2009-07-15 11:36 -------- d-----w- c:\progra~2\Google Updater

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-10 16:29 . 2008-02-23 00:04 -------- d-----w- c:\users\Rico et Elisa\AppData\Roaming\Skype
    2009-08-10 16:25 . 2008-03-21 00:09 -------- d-----w- c:\users\Rico et Elisa\AppData\Roaming\DNA
    2009-08-10 16:25 . 2008-03-21 00:09 -------- d-----w- c:\program files\DNA
    2009-08-10 16:20 . 2007-09-07 06:25 669328 ----a-w- c:\windows\system32\perfh00C.dat
    2009-08-10 16:20 . 2007-09-07 06:25 123350 ----a-w- c:\windows\system32\perfc00C.dat
    2009-08-10 15:55 . 2008-11-19 15:57 -------- d-----w- c:\users\Rico et Elisa\AppData\Roaming\skypePM
    2009-08-09 10:01 . 2009-01-20 08:07 1 ----a-w- c:\users\Rico et Elisa\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-08-05 15:12 . 2007-09-06 21:12 -------- d-----w- c:\program files\Java
    2009-08-04 11:17 . 2008-03-21 00:09 -------- d-----w- c:\users\Rico et Elisa\AppData\Roaming\BitTorrent
    2009-08-03 13:40 . 2008-10-02 20:53 -------- d-----w- c:\program files\HomePlayer
    2009-08-03 07:36 . 2008-02-22 14:31 96192 ----a-w- c:\users\Rico et Elisa\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-08-03 07:33 . 2009-04-24 11:08 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-08-03 07:29 . 2008-02-23 09:59 -------- d-----w- c:\progra~2\Microsoft Help
    2009-08-03 07:28 . 2007-09-06 21:14 -------- d-----w- c:\program files\Microsoft Works
    2009-07-25 03:23 . 2009-01-11 21:28 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-21 21:52 . 2009-08-03 07:10 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-07-21 21:47 . 2009-08-03 07:10 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-07-16 01:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-07-15 11:36 . 2007-09-06 21:20 -------- d-----w- c:\program files\Google
    2009-07-13 17:02 . 2008-10-26 13:24 680 ----a-w- c:\users\Rico et Elisa\AppData\Local\d3d9caps.dat
    2009-07-13 09:02 . 2008-02-23 10:46 -------- d-----w- c:\program files\Windows Live
    2009-06-18 20:11 . 2009-06-18 20:11 -------- d-----w- c:\program files\mp3DirectCut
    2009-06-16 20:36 . 2009-06-16 20:36 -------- d-----w- c:\program files\Photo Story 3 for Windows
    2009-06-14 21:49 . 2009-06-14 19:47 -------- d-----w- c:\users\Rico et Elisa\AppData\Roaming\Photodex
    2009-06-14 19:51 . 2009-06-14 19:51 -------- d-----w- c:\program files\Photodex Presenter
    2009-06-14 19:51 . 2009-06-14 19:51 -------- d-----w- c:\users\Rico et Elisa\AppData\Roaming\Netscape
    2009-06-14 19:51 . 2009-06-14 19:51 131072 ----a-w- c:\users\Rico et Elisa\AppData\Roaming\Netscape\Plugins\npPxPlay.dll
    2009-06-14 19:51 . 2009-06-14 19:51 131072 ----a-w- c:\users\Rico et Elisa\AppData\Roaming\Mozilla\Plugins\npPxPlay.dll
    2009-06-14 19:51 . 2009-06-14 19:51 -------- d-----w- c:\program files\Photodex
    2008-04-15 20:30 . 2008-04-15 20:30 22 --sha-w- c:\windows\SMINST\HPCD.sys
    2007-09-07 06:42 . 2007-09-07 06:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 1783400]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-08-10 318272]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2008-02-22 54672]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
    "VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "HomePlayer"="c:\program files\HomePlayer\HomePlayer.exe" [2007-11-06 294912]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "AntiSpywareOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{44FA8FD9-BD7D-44BA-98CF-6E16B6369737}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{B7625DD8-C46D-415A-9EA6-82627301965D}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "{E7868B87-0E05-4CEC-8362-163A95E885A1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{2800015F-F4BA-499A-BFCE-E973107174DA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{E5737258-FC74-4766-8CE7-333582604E99}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{DAFC7AFC-9F4E-4DDF-986E-409193995F98}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "TCP Query User{921339D3-0299-4A3C-97B5-4335E71DB2B3}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{E3B0E598-FEB9-4403-9385-F3259E196B2E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{65F3B194-2532-4EAD-B366-29CBA56437FA}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{87E15B8D-8CC6-4D20-AE37-91DD35C652C5}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "{4C05BF34-1CC3-470A-8C8E-FA962DE9CC84}"= UDP:c:\program files\DNA\btdna.exe:DNA
    "{3B7B6795-4053-4EF0-99EC-CE9D77239122}"= TCP:c:\program files\DNA\btdna.exe:DNA
    "{FD62F285-873F-4FC9-B0F7-5A3AB8EA9FF1}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
    "{EB53905B-B7ED-4A51-8B2D-F98BF99DFC14}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
    "TCP Query User{5F7C63D5-DB87-4C07-92BA-AA93A47E8620}c:\\users\\rico et elisa\\program files\\dna\\btdna.exe"= UDP:c:\users\rico et elisa\program files\dna\btdna.exe:btdna.exe
    "UDP Query User{94896BE2-4AA2-432B-BCF9-4497BFF59DE7}c:\\users\\rico et elisa\\program files\\dna\\btdna.exe"= TCP:c:\users\rico et elisa\program files\dna\btdna.exe:btdna.exe
    "TCP Query User{78AE453E-D813-40C7-8598-99A988A4FCF6}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
    "UDP Query User{BE8737CC-BA4E-473F-B3F6-6DF149758019}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
    "{B5C5FBC9-EDEC-4022-9446-B62F0C7961D8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{04BB57CB-CCC6-4959-9D63-335982FF3155}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "TCP Query User{62DF05A0-28C7-4CAF-A712-ECA79BA5C54D}c:\\program files\\freeplayer\\vlc\\vlc.exe"= UDP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
    "UDP Query User{173736D5-80E0-4C2C-A592-E3F21422FF58}c:\\program files\\freeplayer\\vlc\\vlc.exe"= TCP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
    "TCP Query User{8E5AD12F-9FE3-4BE3-A82D-9050CBE05FD4}c:\\program files\\easybox\\vlc\\vlc.exe"= UDP:c:\program files\easybox\vlc\vlc.exe:VLC media player
    "UDP Query User{4D4F02B5-A279-465E-90C5-5A3C80A8D60D}c:\\program files\\easybox\\vlc\\vlc.exe"= TCP:c:\program files\easybox\vlc\vlc.exe:VLC media player
    "{50BEB13F-24AB-4256-A71C-34922A337F3A}"= UDP:8080:freeplayer TCP
    "{16ADDE4C-1270-413C-8F5B-396F10DDDA3A}"= TCP:1234:freeplayer udp
    "TCP Query User{FC0A212A-943F-4CEF-BAFF-C15181BAAE4F}c:\\program files\\homeplayer\\homeplayer.exe"= UDP:c:\program files\homeplayer\homeplayer.exe:HomePlayer
    "UDP Query User{B004D508-E256-4859-ADA6-78F145596640}c:\\program files\\homeplayer\\homeplayer.exe"= TCP:c:\program files\homeplayer\homeplayer.exe:HomePlayer
    "{4845C1DC-C020-48C7-BB26-A65A5FB088DD}"= UDP:c:\program files\adslTV\adsltv.exe:adsl TV
    "{B1E1CAC1-AD4B-4293-9080-CD59D5D6FFC4}"= TCP:c:\program files\adslTV\adsltv.exe:adsl TV
    "TCP Query User{119D8188-A0E5-4FEA-9FFE-98CC1D3E680A}c:\\program files\\adsltv\\vlc.exe"= UDP:c:\program files\adsltv\vlc.exe:VLC media player
    "UDP Query User{2004378A-950B-4AE8-B5DD-558792BACEE2}c:\\program files\\adsltv\\vlc.exe"= TCP:c:\program files\adsltv\vlc.exe:VLC media player
    "{7A1303F2-2D81-4B1D-B257-BAB39E1F3BB6}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{ECF9E2DD-3CEE-438B-8E09-BA83D550F290}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
    "{8BFF94FA-BAF6-4285-8D23-8DF540023545}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
    "{F6B4E3CF-10F2-475E-8119-59133E034977}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
    "{386E4061-E248-4627-BE84-5D9942F72660}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
    "{DEBCF6A0-0577-409B-838F-854D402B175B}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
    "{7C7B3412-F255-4020-8FB9-D1F8FDD08F33}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
    "TCP Query User{5510A2F9-9025-458C-A389-A194BDF3E8A4}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{88C3D014-AA0E-47C4-A7D4-DBF6EFC7029A}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "TCP Query User{3C623D1F-053B-4850-9DEC-8A94BCE91FF9}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
    "UDP Query User{D062FFF3-D262-4CC9-A638-A2B2CB8BB074}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
    "{15D94B50-2952-4FCE-9616-8CE3019CA389}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{836F86B0-886D-497A-BF75-901AD7AD3849}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{A0B19E7E-B157-4738-B2B0-E9CD07EC5C63}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{6A221AD6-B3AB-49D4-B65B-7221DBC23BBB}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{9B6B1295-6501-4102-9A3A-6334B0A38F1A}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{2B326AA6-7604-453D-8648-66468BF1ADE6}"= UDP:c:\program files\HomePlayer\HomePlayer.exe:HomePlayer
    "{5FB94956-4703-460C-8B2B-3281B9D6832F}"= TCP:c:\program files\HomePlayer\HomePlayer.exe:HomePlayer
    "{D0DC3DF1-D5DD-4FDA-9C59-08CB7FD90777}"= UDP:c:\program files\HomePlayer\VLC\vlc.exe:VLC HomePlayer
    "{0B40D752-44BA-442B-BBAF-0901FA6A243C}"= TCP:c:\program files\HomePlayer\VLC\vlc.exe:VLC HomePlayer
    "{820D179E-5E6A-4FA2-AA1F-9FCFBBAAB80D}"= UDP:c:\program files\Avira\AntiVir PersonalEdition Classic\avcenter.exe:Start AntiVir PersonalEdition Classic
    "{C4B1B865-1C56-4072-9525-5B788F1F19B0}"= TCP:c:\program files\Avira\AntiVir PersonalEdition Classic\avcenter.exe:Start AntiVir PersonalEdition Classic
    "{8F9DED8D-83C1-46A9-A9ED-64AFFB54DA18}"= UDP:c:\program files\DNA\btdna.exe:DNA
    "{792981B8-A79C-4287-B8DE-35FD3A3B134C}"= TCP:c:\program files\DNA\btdna.exe:DNA
    "{4904CA5E-5F30-46C1-A593-668C74D58AFF}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
    "{8646F0BB-563C-4CAA-8442-851E7E21CEC3}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    S2 gupdate1ca054080fb1e16;Service Google Update (gupdate1ca054080fb1e16);c:\program files\Google\Update\GoogleUpdate.exe [15/07/2009 13:36 133104]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-LanceurEasyBox - c:\program files\EasyBox\EasyBox.exe

    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.fr/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=Presario&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-10 18:25
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\Ati2evxx.exe
    c:\windows\System32\audiodg.exe
    c:\windows\System32\Ati2evxx.exe
    c:\windows\System32\conime.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\windows\System32\WUDFHost.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\windows\System32\schtasks.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-10 18:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-10 16:34

    Pre-Run: 80 808 443 904 octets libres
    Post-Run: 80 807 407 616 octets libres

    260 --- E O F --- 2009-08-05 01:00
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Le PC infecté est connecté en wifi ou par câble ?
    0
  7. lillyt Messages postés 40 Statut Membre
     
    Cable ethernet mais la connexion fonctionne sur l'autre ordi relié en wifi
    0
  8. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    http://www.guwiv.com/portal/forums/permalink/596/596/ShowThread.aspx#596
    0
  9. lillyt Messages postés 40 Statut Membre
     
    c'est pour rétablir ma connexion?
    0
  10. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Oui.
    0
  11. lillyt Messages postés 40 Statut Membre
     
    est ce que je laisse l'uac desactivé?
    0
  12. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Pour l'instant, oui.
    0
  13. lillyt Messages postés 40 Statut Membre
     
    g fait la manip, je n'ai toujours pas de reseau:
    accès: connectivité limitée
    connectivité IPv4 : limité
    connectivité IPv6 : limité
    etat du média: activé
    0
  14. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Marque et modèle du PC ?
    0
  15. lillyt Messages postés 40 Statut Membre
     
    HP compaq, SR5204 FR
    0
  16. lillyt Messages postés 40 Statut Membre
     
    c'est fait, après je dois faire quoi?
    0
  17. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Toujours pas de connexion ?
    0
  18. lillyt Messages postés 40 Statut Membre
     
    non toujours rien?
    c quoi le probleme?
    fo que j'appelle free?
    0
  19. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Non, ça n'a rien à voir avec Free.

    Menu Démarrer > Tous les programmes > Accessoires > Outils système > Restauration du système.

    Restaure ton PC avant ce souci.
    0
  20. lillyt Messages postés 40 Statut Membre
     
    ok et apres tu penses que je pourrais toujours virer ce virus!
    0
  • 1
  • 2
  • 3
  • 4