Problem google probablement un virus

ap -  
 Hager -
probleme qvec google qui ne fais pas suivre les liens correctement (il redirige sur le bon lien apres trois essais) est ce que qqun a une idee. par avance merci bcp!!
Configuration: Windows XP
Internet Explorer 6.0

7 réponses

  1. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    télécharge HijackThis ici:
    http://telechargement.zebulon.fr/138-hijackthis-1991.html

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Bon courage

    A+
    0
    1. Aura
       
      Salut Régis,

      voila le log comme demandé... merci pour l'info

      Logfile of HijackThis v1.99.1
      Scan saved at 14:03:54, on 26/12/2006
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\System32\drivers\CDAC11BA.EXE
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\wdfmgr.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\igfxtray.exe
      C:\WINDOWS\System32\hkcmd.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
      C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
      C:\Program Files\ltmoh\Ltmoh.exe
      C:\WINDOWS\System32\ezSP_Px.exe
      C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
      C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
      C:\toshiba\ivp\ism\pinger.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE
      C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Arescom\Adaptador ADSL ARESCOM USB\dslmon.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\Documents and Settings\All Users\Start Menu\Programs\Startup\update.exe
      C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\Windows Media Player\wmplayer.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE
      C:\WINDOWS\system32\ntvdm.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*https://br.search.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.toshiba.com/tai/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://br.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://br.search.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.ig.com.br/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*https://br.search.yahoo.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://br.search.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer par NUMERICABLE
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
      O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
      O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
      O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
      O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
      O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
      O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
      O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
      O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
      O4 - HKLM\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P23 "EPSON Stylus C63 Series" /O6 "USB001" /M "Stylus C63"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [update] C:\Arquivos de programas\update.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - Startup: PowerReg Scheduler.exe
      O4 - Global Startup: DSLMON.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: update.exe
      O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesbr.dll
      O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesbr.dll
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O14 - IERESET.INF: START_PAGE_URL=https://www.toshiba.com/tai/
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{1C505AC8-5394-44AE-9A0E-F88F37591265}: NameServer = 85.255.113.122,85.255.112.169
      O17 - HKLM\System\CCS\Services\Tcpip\..\{35416BAD-17C7-4CB6-9EFF-C08D8B0D2A6E}: NameServer = 85.255.113.122,85.255.112.169
      O17 - HKLM\System\CCS\Services\Tcpip\..\{373DCFF7-95DB-4CC6-82E1-6A860C36A7BC}: NameServer = 85.255.113.122,85.255.112.169
      O17 - HKLM\System\CCS\Services\Tcpip\..\{72F91B3C-902C-4DAF-A43C-3F581C07F693}: NameServer = 85.255.113.122,85.255.112.169
      O17 - HKLM\System\CCS\Services\Tcpip\..\{75D3CDDE-25B5-4287-A152-0117E173CC6C}: NameServer = 85.255.113.122,85.255.112.169
      O17 - HKLM\System\CCS\Services\Tcpip\..\{E9058AA5-619D-4944-ABB7-31728B3785F4}: NameServer = 85.255.113.122,85.255.112.169
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.169
      O17 - HKLM\System\CS1\Services\Tcpip\..\{1C505AC8-5394-44AE-9A0E-F88F37591265}: NameServer = 85.255.113.122,85.255.112.169
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.169
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)
      0
  2. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    Télécharge le FixWareout d'un de ces deux sites sur le bureau:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

    Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:

    O17 - HKLM\System\CCS\Services\Tcpip\..\{1C505AC8-5394-44AE-9A0E-F88F37591265}: NameServer = 85.255.113.122,85.255.112.169

    O17 - HKLM\System\CCS\Services\Tcpip\..\{35416BAD-17C7-4CB6-9EFF-C08D8B0D2A6E}: NameServer = 85.255.113.122,85.255.112.169

    O17 - HKLM\System\CCS\Services\Tcpip\..\{373DCFF7-95DB-4CC6-82E1-6A860C36A7BC}: NameServer = 85.255.113.122,85.255.112.169

    O17 - HKLM\System\CCS\Services\Tcpip\..\{72F91B3C-902C-4DAF-A43C-3F581C07F693}: NameServer = 85.255.113.122,85.255.112.169

    O17 - HKLM\System\CCS\Services\Tcpip\..\{75D3CDDE-25B5-4287-A152-0117E173CC6C}: NameServer = 85.255.113.122,85.255.112.169

    O17 - HKLM\System\CCS\Services\Tcpip\..\{E9058AA5-619D-4944-ABB7-31728B3785F4}: NameServer = 85.255.113.122,85.255.112.169

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.169

    O17 - HKLM\System\CS1\Services\Tcpip\..\{1C505AC8-5394-44AE-9A0E-F88F37591265}: NameServer = 85.255.113.122,85.255.112.169

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.169

    Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.

    A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

    Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.

    A+
    0
  3. Aura Parmentier
     
    Salut Régis.

    Voici les logs.
    Merci beaucoup!

    Fixwareout
    Last edited 12/06/2006
    Post this report in the forums please
    ...
    Prerun check
    [HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "system"=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "dmouz.exe"="C:\\WINDOWS\\System32\\dmouz.exe"

    ...
    ...
    Reg Entries that were deleted
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F5C52170CF82-ACC8-5F74-9576-FF7AC3BA{
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\zuomd
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm
    ...

    Random Runs removed from HKLM
    "dmouz.exe"=-
    ...
    ...

    PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

    »»»»» Searching by size/names...

    »»»»»
    Search five digit cs, dm kd and jb files.
    This WILL/CAN also list Legit Files, Submit them at Virustotal
    C:\WINDOWS\SYSTEM32\CSVEW.EXE 51.772 2006-12-01
    C:\WINDOWS\SYSTEM32\DMOUZ.EXE 60.472 2002-08-29

    Other suspects.

    »»»»» Misc files.

    »»»»» Checking for older varients covered by the Rem3 tool.
    ...
    Postrun check
    [HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "system"=""

    ...

    Logfile of HijackThis v1.99.1
    Scan saved at 18:59:45, on 27/12/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\toshiba\ivp\ism\pinger.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Arescom\Adaptador ADSL ARESCOM USB\dslmon.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\update.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.ig.com.br/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://br.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer par NUMERICABLE
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P23 "EPSON Stylus C63 Series" /O6 "USB001" /M "Stylus C63"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [update] C:\Arquivos de programas\update.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: DSLMON.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: update.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesbr.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesbr.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=https://www.toshiba.com/tai/
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)
    0
  4. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    Rend toi sur ce site :
    http://www.virustotal.com/xhtml/virustotal_en.html
    Clik sur parcourir
    Recherche ceci :
    C:\WINDOWS\SYSTEM32\CSVEW.EXE

    et aussi celui ci:
    C:\WINDOWS\SYSTEM32\DMOUZ.EXE

    Clik send et colle le rapport stp

    A+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Aura Parmentier
     
    Salut Régis, voici le resultat sur virustotal

    Merci beaucoup!

    STATUS: FINISHEDComplete scanning result of "CSVEW.EXE", received in VirusTotal at 12.27.2006, 23:58:18 (CET).

    Antivirus Version Update Result
    AntiVir 7.3.0.21 12.27.2006 TR/Dldr.Mohbpork.A.127
    Authentium 4.93.8 12.27.2006 could be a corrupted executable file
    Avast 4.7.892.0 12.21.2006 no virus found
    AVG 386 12.27.2006 no virus found
    BitDefender 7.2 12.27.2006 Trojan.Downloader.Mohbpork.A
    CAT-QuickHeal 8.00 12.27.2006 TrojanDownloader.Agent.uj
    ClamAV devel-20060426 12.27.2006 no virus found
    DrWeb 4.33 12.27.2006 Trojan.DnsChange
    eSafe 7.0.14.0 12.26.2006 Win32.Polipos.sus
    eTrust-InoculateIT 23.73.99 12.27.2006 no virus found
    eTrust-Vet 30.3.3283 12.27.2006 Win32/Alureon!generic
    Ewido 4.0 12.27.2006 Downloader.Agent.uj
    Fortinet 2.82.0.0 12.27.2006 PossibleThreat
    F-Prot 3.16f 12.22.2006 Possibly a new variant of W32/new-malware!Maximus
    F-Prot4 4.2.1.29 12.22.2006 W32/new-malware!Maximus
    Ikarus T3.1.0.27 12.27.2006 Trojan-Downloader.Win32.Agent.uj
    Kaspersky 4.0.2.24 12.27.2006 Trojan-Downloader.Win32.Agent.uj
    McAfee 4927 12.27.2006 no virus found
    Microsoft 1.1904 12.27.2006 Win32/Alureon.gen
    NOD32v2 1940 12.27.2006 a variant of Win32/Small.FB
    Norman 5.80.02 12.27.2006 W32/Agent.AUMV
    Panda 9.0.0.4 12.27.2006 Trj/Ruins.CJ
    Prevx1 V2 12.28.2006 Dropper.Payload
    Sophos 4.13.0 12.26.2006 Troj/RuinDl-W
    Sunbelt 2.2.907.0 12.18.2006 VIPRE.Suspicious
    TheHacker 6.0.3.137 12.27.2006 no virus found
    UNA 1.83 12.27.2006 no virus found
    VBA32 3.11.1 12.27.2006 Trojan.DnsChange
    VirusBuster 4.3.19:9 12.27.2006 novirus:Packed/PolyCrypt

    Aditional Information
    File size: 51772 bytes
    MD5: 675c050e05ca75465c38b18cba956b15
    SHA1: 5b09a9a49bf004817d25ffa314471cf5e03112ec
    packers: PECRYPT
    Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=4d1d43611436
    Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
    -x-x-
    STATUS: FINISHEDComplete scanning result of "DMOUZ.EXE_", received in VirusTotal at 12.28.2006, 00:04:43 (CET).

    Antivirus Version Update Result
    AntiVir 7.3.0.21 12.27.2006 TR/Dldr.DNSChanger.Gen
    Authentium 4.93.8 12.27.2006 could be a corrupted executable file
    Avast 4.7.892.0 12.21.2006 no virus found
    AVG 386 12.27.2006 Generic2.NJH
    BitDefender 7.2 12.27.2006 MemScan:Trojan.Agent.AER
    CAT-QuickHeal 8.00 12.27.2006 (Suspicious) - DNAScan
    ClamAV devel-20060426 12.27.2006 no virus found
    DrWeb 4.33 12.27.2006 Trojan.DnsChange
    eSafe 7.0.14.0 12.26.2006 Win32.Polipos.sus
    eTrust-InoculateIT 23.73.99 12.27.2006 no virus found
    eTrust-Vet 30.3.3283 12.27.2006 Win32/Alureon!generic
    Ewido 4.0 12.27.2006 Trojan.Small.fb
    Fortinet 2.82.0.0 12.27.2006 W32/RuinDl.FB!tr
    F-Prot 3.16f 12.22.2006 Possibly a new variant of W32/new-malware!Maximus
    F-Prot4 4.2.1.29 12.22.2006 W32/new-malware!Maximus
    Ikarus T3.1.0.27 12.27.2006 Trojan.Win32.Small.fb
    Kaspersky 4.0.2.24 12.27.2006 Trojan.Win32.Small.fb
    McAfee 4927 12.27.2006 no virus found
    Microsoft 1.1904 12.27.2006 Win32/Alureon.gen
    NOD32v2 1940 12.27.2006 a variant of Win32/Small.FB
    Norman 5.80.02 12.27.2006 no virus found
    Panda 9.0.0.4 12.27.2006 Trj/Ruins.MB
    Prevx1 V2 12.28.2006 Covert.Sys.Exec
    Sophos 4.13.0 12.26.2006 Troj/RuinDl-Gen
    Sunbelt 2.2.907.0 12.18.2006 VIPRE.Suspicious
    TheHacker 6.0.3.137 12.27.2006 no virus found
    UNA 1.83 12.27.2006 no virus found
    VBA32 3.11.1 12.27.2006 Trojan.DnsChange
    VirusBuster 4.3.19:9 12.27.2006 novirus:Packed/PolyCrypt
    0
  7. Hager
     
    [09/23/2008, 13:35:24] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\hajer\Bureau\VirtumundoBeGone.exe" )
    [09/23/2008, 13:36:43] - Detected System Information:
    [09/23/2008, 13:36:43] - Windows Version: 5.1.2600, Service Pack 2
    [09/23/2008, 13:36:43] - Current Username: hajer (Admin)
    [09/23/2008, 13:36:43] - Windows is in NORMAL mode.
    [09/23/2008, 13:36:43] - Searching for Browser Helper Objects:
    [09/23/2008, 13:36:43] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [09/23/2008, 13:36:43] - BHO 2: {72A128E0-2240-40c8-9E92-5387D64F839E} (XMLDP Class)
    [09/23/2008, 13:36:43] - Finished Searching Browser Helper Objects
    [09/23/2008, 13:36:43] - Finishing up...
    [09/23/2008, 13:36:43] - Nothing found! Exiting...
    0