Raport hijack this

Résolu
bolchevsky Messages postés 202 Statut Membre -  
bolchevsky Messages postés 202 Statut Membre -
bonjour voici mon rapport hijack this je shouaiterez avoir votre opinion ou bien me donner un site ou je peu analizer seul mon rapport .... merci d avance Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:28:31, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
C:\progra~1\steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dnse] "C:\Program Files\Fichiers communs\DriveCleaner Free\dnse.exe" -c
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {E1D20694-74D9-472D-AF03-08C26173A67F} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1063_em_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E6FA5D5-5800-45EE-8D31-0ABB850F636E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AE9FC70-CC53-4435-879A-28D0C87869D7}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD5C1D7B-31B3-42AC-BD19-C6DC7FFC387E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 11402 bytes

11 réponses

  1. nardino Messages postés 1634 Date d'inscription   Statut Membre Dernière intervention   119
     
    Bonjour, Examen de ton rapport en cours...
    0
  2. nardino Messages postés 1634 Date d'inscription   Statut Membre Dernière intervention   119
     
    Bonjour,

    1-Télécharge Smitfraud.fix de S!Ri Balltrap et Moe :
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe
    Toujours charger avant l'utilisation pour profiter des dernières mises à jour.
    Lance-le en cliquant sur SmitfraudFix.exe

    [*]Dans la fenêtre bleue, choisis l'option 1] et Entrée
    [*]Fais un copier coller du rapport qui s'ouvre dans ta prochaine réponse.
    [*]Ce rapport sera enregistré comme suit : C:\rapport.txt

    2-Télécharge Combofix de sUBs :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    [*]Ferme toutes les fenêtres
    [*]Double-clique sur combofix.exe (ne clique pas sur la fenêtre qui s'ouvre)
    [*]Appuie sur Y pour lancer le scan
    [*]A la fin du scan (cela peut prendre du temps), un rapport sera créé.
    [*]Poste ce rapport dans ton prochain message.

    A suivre...
    0
  3. bolchevsky Messages postés 202 Statut Membre 21
     
    bonjour voila mes rapport

    1.er smitfraudix..

    SmitFraudFix v2.274

    Rapport fait à 23:45:38,21, 11/01/2008
    Executé à partir de C:\Documents and Settings\Compaq_Propriétaire\Bureau\Nouveau dossier\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\cmd.exe

    2.eme..combofix

    ComboFix 08-01-11.1 - Compaq_Propriétaire 2008-01-11 23:31:55.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.379 [GMT 1:00]
    Running from: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\salesmonitor
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\DriveCleaner Free
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\DriveCleaner Free\Logs\update.log
    C:\Program Files\winupdates
    C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M1009NetInstaller.exe
    C:\WINDOWS\system32\bszip.dll
    C:\WINDOWS\system32\cmd.com
    C:\WINDOWS\system32\ping.com
    C:\WINDOWS\system32\tasklist.com
    C:\WINDOWS\system32\tracert.com
    C:\WINDOWS\tmlpcert2007
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_NWSAPAGENT
    -------\NwSapAgent

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-11 23:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-11 08:05 . 2008-01-11 08:05 <REP> d-------- C:\Program Files\CCleaner
    2008-01-11 07:56 . 2008-01-11 07:59 4,170 --a------ C:\WINDOWS\system32\tmp.reg
    2008-01-11 07:55 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-01-11 07:55 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-01-11 07:55 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-01-11 07:55 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-01-11 07:55 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-01-11 07:55 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-01-10 08:54 . 2008-01-10 08:56 <REP> d-------- C:\WINDOWS\system32\NtmsData
    2008-01-10 08:12 . 2008-01-10 08:12 <REP> d-------- C:\Program Files\PrevxCSI
    2008-01-10 08:10 . 2008-01-10 08:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
    2008-01-10 05:02 . 2008-01-10 05:02 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-08 02:42 . 2008-01-09 03:01 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2007-12-31 06:52 . 2007-12-31 06:52 679 --a------ C:\WINDOWS\mozver.dat
    2007-12-28 05:18 . 2007-12-28 05:19 <REP> d-------- C:\Program Files\MessenPass
    2007-12-28 05:18 . 2007-12-28 05:18 39,424 --a------ C:\WINDOWS\zipinst.exe
    2007-12-20 07:17 . 2007-12-31 00:26 62 --a------ C:\WINDOWS\cssource_script_generator.INI
    2007-12-19 19:22 . 2008-01-11 23:39 <REP> d-------- C:\Program Files\Steam
    2007-12-11 02:28 . 2007-12-11 02:28 <REP> d-------- C:\Program Files\Notepad++

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-11 22:39 --------- d-----w C:\Program Files\Wanadoo
    2008-01-11 22:12 --------- d-----w C:\Program Files\FlashGet
    2008-01-11 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-10 12:08 --------- d-----w C:\Program Files\eMule
    2008-01-10 08:29 --------- d-----w C:\Program Files\free-downloads.net
    2008-01-10 07:55 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
    2008-01-10 05:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-10 03:31 --------- d-----w C:\Program Files\RamBoost XP
    2008-01-08 18:55 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-01-04 01:53 --------- d-----w C:\Program Files\DivX
    2007-12-25 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-10 22:02 --------- d-----w C:\Program Files\Player Metaboli
    2007-12-10 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Exetender
    2007-12-09 23:01 --------- d-----w C:\Program Files\Web Media Player
    2007-12-07 22:10 --------- d-----w C:\Program Files\PC Wizard 2007
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-03 08:46 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-03 08:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-01 10:42 --------- d-----w C:\Program Files\Windows Live
    2007-11-24 23:37 --------- d-----w C:\Program Files\AviSynth 2.5
    2007-11-24 23:36 --------- d-----w C:\Program Files\eRightSoft
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2006-07-18 07:56 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
    2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
    2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
    2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
    2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
    2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
    2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
    2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "License Manager"="C:\Program Files\License_Manager\license_manager.exe" [ ]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 09:07 40960]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 21:01 68856]
    "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
    "Steam"="c:\progra~1\steam\steam.exe" [2007-12-19 19:38 1266936]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
    "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10 787696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-04 03:10 344064]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 09:07 40960]
    "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-08-24 20:06 53248]
    "PhilipsRemote"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe" [2003-08-21 13:44 745472]
    "QveCtl2Tray"="C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe" [2003-09-20 10:41 720896]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "EoWeather"="" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
    "Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 09:10 2007088]
    "PrevxCSI"="C:\Program Files\PrevxCSI\prevxcsi.exe" [2008-01-10 08:10 92160]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "System"="lsass.exe"

    R2 UacFlt;Philips Composite Class Filter Driver;C:\WINDOWS\system32\DRIVERS\uacbflt.sys [2003-07-16 15:30]
    R2 X4HSX32;X4HSX32;C:\Program Files\Player Metaboli\X4HSX32.Sys [2006-12-13 09:34]
    R3 psa500;Sound Agent 2 for Audio Set (WDM);C:\WINDOWS\system32\drivers\psa500.sys [2003-09-20 10:22]
    R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;C:\WINDOWS\system32\DRIVERS\QsndEnum.sys [2003-08-02 15:00]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 05:08]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-07-26 21:22]
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-10 06:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-01-11 21:06:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-11 23:39:10
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-11 23:42:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-11 22:42:29
    .
    2008-01-10 02:03:47 --- E O F ---
    .............................................................................................................................

    ComboFix-quarantined-files

    2004-04-30 23:01 53 --a------ C:\Qoobox\Quarantine\D\Autorun.inf.vir
    2006-06-21 20:35 6990 --a--c-t- C:\Qoobox\Quarantine\C\WINDOWS\tmlpcert2007.vir
    2006-06-30 02:20 62464 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\bszip.dll.vir
    2006-07-07 14:45 2 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\ping.com.vir
    2006-07-07 14:45 2 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\tracert.com.vir
    2006-07-07 14:46 2 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\cmd.com.vir
    2006-07-07 14:46 2 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\tasklist.com.vir
    2007-09-10 17:01 147968 --a------ C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M1009NetInstaller.exe.vir
    2007-10-29 18:37 1113 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Propri‚taire\Application Data\DriveCleaner Free\Logs\update.log.vir
    2008-01-11 23:36 1060 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NWSAPAGENT.reg.dat
    2008-01-11 23:36 3634 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NwSapAgent.reg.dat
    2008-01-11 23:36 3825 --a------ C:\Qoobox\Quarantine\C\ComboFix\errdbg.dat.vir
    0
  4. nardino Messages postés 1634 Date d'inscription   Statut Membre Dernière intervention   119
     
    Bonjour.

    Combofix a bien nettoyé, mais le rapport Smitfraudfix est tronqué, peux-tu me le poster en totalité.
    Merci
    Tu y joindra un nouveau rapport Hijackthis et des informations sur l'évolution des tes problèmes.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. bolchevsky Messages postés 202 Statut Membre 21
     
    SmitFraudFix v2.274

    Rapport fait à 11:21:50,25, 12/01/2008
    Executé à partir de C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
    C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propriétaire

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propriétaire\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix.exe by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"="lsass.exe"

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: SiS 900-Based PCI Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 208.67.220.220
    DNS Server Search Order: 208.67.222.222

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{3E6FA5D5-5800-45EE-8D31-0ABB850F636E}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{3E6FA5D5-5800-45EE-8D31-0ABB850F636E}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{8AE9FC70-CC53-4435-879A-28D0C87869D7}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{8AE9FC70-CC53-4435-879A-28D0C87869D7}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{CD5C1D7B-31B3-42AC-BD19-C6DC7FFC387E}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{CD5C1D7B-31B3-42AC-BD19-C6DC7FFC387E}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{3E6FA5D5-5800-45EE-8D31-0ABB850F636E}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{3E6FA5D5-5800-45EE-8D31-0ABB850F636E}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{8AE9FC70-CC53-4435-879A-28D0C87869D7}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{8AE9FC70-CC53-4435-879A-28D0C87869D7}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{CD5C1D7B-31B3-42AC-BD19-C6DC7FFC387E}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{CD5C1D7B-31B3-42AC-BD19-C6DC7FFC387E}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{3E6FA5D5-5800-45EE-8D31-0ABB850F636E}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{3E6FA5D5-5800-45EE-8D31-0ABB850F636E}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{8AE9FC70-CC53-4435-879A-28D0C87869D7}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{8AE9FC70-CC53-4435-879A-28D0C87869D7}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{CD5C1D7B-31B3-42AC-BD19-C6DC7FFC387E}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{CD5C1D7B-31B3-42AC-BD19-C6DC7FFC387E}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    mais probleme sont fini sa rame plus. plus rien a l horison plus de truc bizzare
    0
  7. nardino Messages postés 1634 Date d'inscription   Statut Membre Dernière intervention   119
     
    Bonjour,

    Va dans Démarrer - Panneau de configuration - Connexions, clic droit sur la connexion - Propriétés - onglet Gestion de réseau
    Mets en surbrillance Protocole Internet (TCP/IP) puis clique sur le bouton Propriétés.
    Coche : "Obtenir les adresses des serveurs DNS automatiquement" puis cliquer 2 fois sur"Ok" et redémarrer le PC.
    Poste un nouveau rapport Hijackthis.

    Supprime Combofix et Smitfraudfix.
    0
  8. bolchevsky Messages postés 202 Statut Membre 21
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:38:25, on 12/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
    C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
    O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3E6FA5D5-5800-45EE-8D31-0ABB850F636E}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CD5C1D7B-31B3-42AC-BD19-C6DC7FFC387E}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS3\Services\Tcpip\..\{3D724650-D23A-469F-BD6C-A8B592ABF36F}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
    0
  9. nardino Messages postés 1634 Date d'inscription   Statut Membre Dernière intervention   119
     
    Bonjour,
    As-tu appliquér ceci:
    Va dans Démarrer - Panneau de configuration - Connexions, clic droit sur la connexion - Propriétés - onglet Gestion de réseau
    Mets en surbrillance Protocole Internet (TCP/IP) puis clique sur le bouton Propriétés.
    Coche : "Obtenir les adresses des serveurs DNS automatiquement" puis cliquer 2 fois sur"Ok" et redémarrer le PC.


    Dans Démarrer, Exécuter, tape services.msc et arrête celui-ci:
    Boonty Games - BOONTY
    Puis double-clique dessus et dans Type de démarrage, désactives-le.

    Télécharge OTMoveIt : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe Sur ton bureau. Important.

    Tu le lances, il ne nécessite pas d'installation.

    Tu inscris (ou tu colles) le chemin du fichier/dossier à supprimer (C'est à dire ce qui suit)dans la fenêtre de gauche (Paste List of Files/Folders to be moved) et tu cliques sur MoveIt!.
    (La case Unregister Dll's and OCX's doit être cochée.)
    C:\Program Files\Macrogaming
    C:\Program Files\Fichiers communs\BOONTY Shared

    Le fichier passe alors dans la fenêtre de droite.
    Et tu obtiendras à la racine du système un dossier C:\_OTMoveIt
    Dans ce dernier un sous-dossier Moved Files dans lequel il y aura une sauvegarde du/des fichier(s) supprimé(s) et un fichier de ce type
    ********_******.log (mm/jj/aaaa_hh/mm/ss = date et horaire de la suppression).
    Tu le posteras par copier-coller pour contrôle.

    Si un redémarrage est demandé, accepte-le après avoir fermé tes applications en cours

    Poste le rapport OtMoveIt et un nouveau hiajckthis.

    0
  10. bolchevsky Messages postés 202 Statut Membre 21
     
    j ai poster les meme rapport au deux pour avoir deux analise d expert donc voila dsl si ses pas bien dsl
    0
  11. bolchevsky Messages postés 202 Statut Membre 21
     
    j ai poster les meme rapport au deux pour avoir deux analise d expert donc voila dsl si ses pas bien dsl
    0