raport hijack thisRésolu/Fermé

Question

bonjour voici mon rapport hijack this je shouaiterez avoir votre opinion ou bien me donner un site ou je peu analizer seul mon rapport .... merci d avance Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:28:31, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
C:\progra~1\steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dnse] "C:\Program Files\Fichiers communs\DriveCleaner Free\dnse.exe" -c
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin
pjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin
pjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {E1D20694-74D9-472D-AF03-08C26173A67F} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1063_em_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E6FA5D5-5800-45EE-8D31-0ABB850F636E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AE9FC70-CC53-4435-879A-28D0C87869D7}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD5C1D7B-31B3-42AC-BD19-C6DC7FFC387E}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS3\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

nardino · Answer

Bonjour, Examen de ton rapport en cours...

nardino · Answer

Bonjour,

1-Télécharge Smitfraud.fix de S!Ri Balltrap et Moe :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Toujours charger avant l'utilisation pour profiter des dernières mises à jour.
Lance-le en cliquant sur SmitfraudFix.exe

	[*]Dans la fenêtre bleue, choisis l'option 1] et Entrée
	[*]Fais un copier coller du rapport qui s'ouvre dans ta prochaine réponse.
	[*]Ce rapport sera enregistré comme suit : C:\rapport.txt

2-Télécharge Combofix de sUBs : 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

	[*]Ferme toutes les fenêtres
	[*]Double-clique sur combofix.exe (ne clique pas sur la fenêtre qui s'ouvre)
	[*]Appuie sur Y pour lancer le scan
	[*]A la fin du scan (cela peut prendre du temps), un rapport sera créé.
	[*]Poste ce rapport dans ton prochain message.

A suivre...

bolchevsky · Answer

bonjour voila mes rapport 1.er smitfraudix.. SmitFraudFix v2.274 Rapport fait à 23:45:38,21, 11/01/2008 Executé à partir de C:\Documents and Settings\Compaq_Propriétaire\Bureau\Nouveau dossier\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\windows\system\hpsysdrv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\cmd.exe 2.eme..combofix ComboFix 08-01-11.1 - Compaq_Propriétaire 2008-01-11 23:31:55.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.379 [GMT 1:00] Running from: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data.\salesmonitor C:\Documents and Settings\Compaq_Propriétaire\Application Data\DriveCleaner Free C:\Documents and Settings\Compaq_Propriétaire\Application Data\DriveCleaner Free\Logs\update.log C:\Program Files\winupdates C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M1009NetInstaller.exe C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\cmd.com C:\WINDOWS\system32\ping.com C:\WINDOWS\system32 asklist.com C:\WINDOWS\system32 racert.com C:\WINDOWS mlpcert2007 D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NWSAPAGENT -------\NwSapAgent ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))))))) . 2008-01-11 23:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-11 08:05 . 2008-01-11 08:05 d-------- C:\Program Files\CCleaner 2008-01-11 07:56 . 2008-01-11 07:59 4,170 --a------ C:\WINDOWS\system32 mp.reg 2008-01-11 07:55 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-11 07:55 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-11 07:55 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-11 07:55 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-11 07:55 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-11 07:55 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-10 08:54 . 2008-01-10 08:56 d-------- C:\WINDOWS\system32\NtmsData 2008-01-10 08:12 . 2008-01-10 08:12 d-------- C:\Program Files\PrevxCSI 2008-01-10 08:10 . 2008-01-10 08:10 d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2008-01-10 05:02 . 2008-01-10 05:02 d-------- C:\Program Files\Trend Micro 2008-01-08 02:42 . 2008-01-09 03:01 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-12-31 06:52 . 2007-12-31 06:52 679 --a------ C:\WINDOWS\mozver.dat 2007-12-28 05:18 . 2007-12-28 05:19 d-------- C:\Program Files\MessenPass 2007-12-28 05:18 . 2007-12-28 05:18 39,424 --a------ C:\WINDOWS\zipinst.exe 2007-12-20 07:17 . 2007-12-31 00:26 62 --a------ C:\WINDOWS\cssource_script_generator.INI 2007-12-19 19:22 . 2008-01-11 23:39 d-------- C:\Program Files\Steam 2007-12-11 02:28 . 2007-12-11 02:28 d-------- C:\Program Files\Notepad++ . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-11 22:39 --------- d-----w C:\Program Files\Wanadoo 2008-01-11 22:12 --------- d-----w C:\Program Files\FlashGet 2008-01-11 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-01-10 12:08 --------- d-----w C:\Program Files\eMule 2008-01-10 08:29 --------- d-----w C:\Program Files\free-downloads.net 2008-01-10 07:55 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys 2008-01-10 05:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-10 03:31 --------- d-----w C:\Program Files\RamBoost XP 2008-01-08 18:55 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-01-04 01:53 --------- d-----w C:\Program Files\DivX 2007-12-25 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-10 22:02 --------- d-----w C:\Program Files\Player Metaboli 2007-12-10 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Exetender 2007-12-09 23:01 --------- d-----w C:\Program Files\Web Media Player 2007-12-07 22:10 --------- d-----w C:\Program Files\PC Wizard 2007 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-03 08:46 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-03 08:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-01 10:42 --------- d-----w C:\Program Files\Windows Live 2007-11-24 23:37 --------- d-----w C:\Program Files\AviSynth 2.5 2007-11-24 23:36 --------- d-----w C:\Program Files\eRightSoft 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR 2006-07-18 07:56 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe 2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe 2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe 2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll 2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll 2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe 2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "License Manager"="C:\Program Files\License_Manager\license_manager.exe" [ ] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 09:07 40960] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 21:01 68856] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] "Steam"="c:\progra~1\steam\steam.exe" [2007-12-19 19:38 1266936] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10 787696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-04 03:10 344064] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE] "PS2"="C:\WINDOWS\system32\ps2.exe" [ ] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 09:07 40960] "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-08-24 20:06 53248] "PhilipsRemote"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe" [2003-08-21 13:44 745472] "QveCtl2Tray"="C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe" [2003-09-20 10:41 720896] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "EoWeather"="" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720] "Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 09:10 2007088] "PrevxCSI"="C:\Program Files\PrevxCSI\prevxcsi.exe" [2008-01-10 08:10 92160] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "System"="lsass.exe" R2 UacFlt;Philips Composite Class Filter Driver;C:\WINDOWS\system32\DRIVERS\uacbflt.sys [2003-07-16 15:30] R2 X4HSX32;X4HSX32;C:\Program Files\Player Metaboli\X4HSX32.Sys [2006-12-13 09:34] R3 psa500;Sound Agent 2 for Audio Set (WDM);C:\WINDOWS\system32\drivers\psa500.sys [2003-09-20 10:22] R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;C:\WINDOWS\system32\DRIVERS\QsndEnum.sys [2003-08-02 15:00] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 05:08] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-07-26 21:22] S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-10 06:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-11 21:06:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-11 23:39:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-11 23:42:35 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-11 22:42:29 . 2008-01-10 02:03:47 --- E O F --- ............................................................................................................................. ComboFix-quarantined-files 2004-04-30 23:01 53 --a------ C:\Qoobox\Quarantine\D\Autorun.inf.vir 2006-06-21 20:35 6990 --a--c-t- C:\Qoobox\Quarantine\C\WINDOWS mlpcert2007.vir 2006-06-30 02:20 62464 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\bszip.dll.vir 2006-07-07 14:45 2 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\ping.com.vir 2006-07-07 14:45 2 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32 racert.com.vir 2006-07-07 14:46 2 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\cmd.com.vir 2006-07-07 14:46 2 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32 asklist.com.vir 2007-09-10 17:01 147968 --a------ C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M1009NetInstaller.exe.vir 2007-10-29 18:37 1113 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Propri‚taire\Application Data\DriveCleaner Free\Logs\update.log.vir 2008-01-11 23:36 1060 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NWSAPAGENT.reg.dat 2008-01-11 23:36 3634 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NwSapAgent.reg.dat 2008-01-11 23:36 3825 --a------ C:\Qoobox\Quarantine\C\ComboFix\errdbg.dat.vir

nardino · Answer

Bonjour.

Combofix a bien nettoyé, mais le rapport Smitfraudfix est tronqué, peux-tu me le poster en totalité.
Merci
Tu y joindra un nouveau rapport Hijackthis et des informations sur l'évolution des tes problèmes.

bolchevsky · Answer

SmitFraudFix v2.274

Rapport fait à 11:21:50,25, 12/01/2008
Executé à partir de C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propriétaire


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propriétaire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="lsass.exe"


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS 900-Based PCI Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 208.67.220.220
DNS Server Search Order: 208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3E6FA5D5-5800-45EE-8D31-0ABB850F636E}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3E6FA5D5-5800-45EE-8D31-0ABB850F636E}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8AE9FC70-CC53-4435-879A-28D0C87869D7}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8AE9FC70-CC53-4435-879A-28D0C87869D7}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CD5C1D7B-31B3-42AC-BD19-C6DC7FFC387E}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CD5C1D7B-31B3-42AC-BD19-C6DC7FFC387E}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3E6FA5D5-5800-45EE-8D31-0ABB850F636E}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3E6FA5D5-5800-45EE-8D31-0ABB850F636E}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8AE9FC70-CC53-4435-879A-28D0C87869D7}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8AE9FC70-CC53-4435-879A-28D0C87869D7}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CD5C1D7B-31B3-42AC-BD19-C6DC7FFC387E}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CD5C1D7B-31B3-42AC-BD19-C6DC7FFC387E}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3E6FA5D5-5800-45EE-8D31-0ABB850F636E}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3E6FA5D5-5800-45EE-8D31-0ABB850F636E}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8AE9FC70-CC53-4435-879A-28D0C87869D7}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8AE9FC70-CC53-4435-879A-28D0C87869D7}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CD5C1D7B-31B3-42AC-BD19-C6DC7FFC387E}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CD5C1D7B-31B3-42AC-BD19-C6DC7FFC387E}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

mais probleme sont fini sa rame plus. plus rien a l horison plus de truc bizzare

nardino · Answer

Bonjour,

Va dans Démarrer - Panneau de configuration - Connexions, clic droit sur la connexion - Propriétés - onglet Gestion de réseau
Mets en surbrillance Protocole Internet (TCP/IP) puis clique sur le bouton Propriétés.
Coche : "Obtenir les adresses des serveurs DNS automatiquement" puis cliquer 2 fois sur"Ok" et redémarrer le PC.
Poste un nouveau rapport Hijackthis.

Supprime Combofix et Smitfraudfix.

bolchevsky · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:25, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin
pjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin
pjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E6FA5D5-5800-45EE-8D31-0ABB850F636E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD5C1D7B-31B3-42AC-BD19-C6DC7FFC387E}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS3\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

nardino · Answer

Bonjour,
As-tu appliquér ceci:
Va dans Démarrer - Panneau de configuration - Connexions, clic droit sur la connexion - Propriétés - onglet Gestion de réseau
Mets en surbrillance Protocole Internet (TCP/IP) puis clique sur le bouton Propriétés.
Coche : "Obtenir les adresses des serveurs DNS automatiquement" puis cliquer 2 fois sur"Ok" et redémarrer le PC. 

Dans Démarrer, Exécuter, tape services.msc et arrête celui-ci:
Boonty Games - BOONTY 
Puis double-clique dessus et dans Type de démarrage, désactives-le.

Télécharge OTMoveIt : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe Sur ton bureau. Important.

Tu le lances, il ne nécessite pas d'installation.

Tu inscris (ou tu colles) le chemin du fichier/dossier à supprimer (C'est à dire ce qui suit)dans la fenêtre de gauche (Paste List of Files/Folders to be moved) et tu cliques sur MoveIt!.
(La case Unregister Dll's and OCX's doit être cochée.)
C:\Program Files\Macrogaming
C:\Program Files\Fichiers communs\BOONTY Shared
Le fichier passe alors dans la fenêtre de droite.
Et tu obtiendras à la racine du système un dossier C:\_OTMoveIt
Dans ce dernier un sous-dossier Moved Files dans lequel il y aura une sauvegarde du/des fichier(s) supprimé(s) et un fichier de ce type
 ********_******.log (mm/jj/aaaa_hh/mm/ss = date et horaire de la suppression).
Tu le posteras par copier-coller pour contrôle.

Si un redémarrage est demandé, accepte-le après avoir fermé tes applications en cours

Poste le rapport OtMoveIt et un nouveau hiajckthis.

nardino · Answer

Bonjour.

Pourquoi avoir ouvert deux sujets ?
C'est le meilleur moyen de tout rater.
Oups !
http://www.commentcamarche.net/forum/affich 4598653 rapport hijack est il bon#dernier

Salut Marie. ;-)

bolchevsky · Answer

j ai poster les meme rapport au deux pour avoir deux analise d expert donc voila dsl si ses pas bien dsl

bolchevsky · Answer

j ai poster les meme rapport au deux pour avoir deux analise d expert donc voila dsl si ses pas bien dsl

Raport hijack this

11 réponses

Discussions similaires

Newsletters