Sujet Précédent Sujet Suivant

Google ne marche pas.

Résolu/Fermé
glow - 16 juin 2008 à 10:37
nono1er Messages postés 1419 Date d'inscription vendredi 11 janvier 2008 Statut Membre Dernière intervention 28 février 2011 - 16 juin 2008 à 18:02
bonjour j'ai un probleme de moteur de recherche.

La recherche de google ne marche pas (contrairement au bouton j'ai de la chance)

Et l'acces a cetain site (yahoo.fr, msn.fr) ne marche pas.

De meme j'ai eu des probleme pour poster sur certain forum.

J'ai suivi la demarche de marie(http://www.commentcamarche.net/forum/affich 6798933 google ne marche plus) , mais aucun changement.
Voila mon loghijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:28:19, on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14EA15A9-30CD-4944-A248-BD1C416B5D39} - (no file)
O2 - BHO: (no name) - {33CCA584-E3F6-4A1C-A150-51B654B34C06} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {63742141-C650-4A35-A2C3-0B51A61AC83D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {f8687926-2a34-4a78-8998-a3d754e5fb27} - C:\WINDOWS\system32\gvpdrixn.dll
O2 - BHO: (no name) - {FCADA985-8D64-408A-B511-F538CD6080D9} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [55ea4f49] rundll32.exe "C:\WINDOWS\system32\eaqpstte.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BM56d97cd5] Rundll32.exe "C:\WINDOWS\system32\vyhxeulu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u6-windows-i586-jc.cab&AuthParam=1580964179_948ce1dd250aac19afc416e1e34a3af9&ext=.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:

8 réponses

Réponse 1 / 8
nono1er Messages postés 1419 Date d'inscription vendredi 11 janvier 2008 Statut Membre Dernière intervention 28 février 2011 136
16 juin 2008 à 10:47
salut
Tu peut fixer ca déja: tu as bien un malware en gras, crée un point de restauration avant de fixer, on ne sait jamais.

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) => Yahoo Companion!
O2 - BHO: (no name) - {14EA15A9-30CD-4944-A248-BD1C416B5D39} - (no file)
O2 - BHO: (no name) - {33CCA584-E3F6-4A1C-A150-51B654B34C06} - (no file)
O2 - BHO: (no name) - {63742141-C650-4A35-A2C3-0B51A61AC83D} - (no file)
O2 - BHO: (no name) - {FCADA985-8D64-408A-B511-F538CD6080D9} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE => Realtek Pilotes AC97
O4 - HKLM\..\Run: [55ea4f49] rundll32.exe "C:\WINDOWS\system32\eaqpstte.dll",b => Infection Combo ()
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') => Microsoft Windows NT
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') => Microsoft Windows NT
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') => Microsoft Windows NT
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') => Microsoft Windows NT
0
Réponse 2 / 8
maitairoa
16 juin 2008 à 10:59
La page Google s'affiche, mais la recherche se s'effectue pas... ça mouline sans trouver une page.

Autre problème : la page Lemonde.fr ne veut pas s'afficher (comme avant), mais les sous pages du monde s'affiche...

Merci
0
Réponse 3 / 8
nono1er Messages postés 1419 Date d'inscription vendredi 11 janvier 2008 Statut Membre Dernière intervention 28 février 2011 136
16 juin 2008 à 11:16
re
http://www.commentcamarche.net/faq/sujet 9889 comment supprimer le virus beagle bagle#3eme methode combofix

passe combofix

nettoie ton internet explorer/outil/ option internet/ supprimer /tout supprimer/tu coches et ok

Passe Cclenear que tu trouvera la avec le mode d'emploi: https://www.01net.com/actualites/


si t'as encore des prob avec internet explorer tu fais: /outil/ option internet/onglet avancé/ réinitialiser
0
Réponse 4 / 8
glow
16 juin 2008 à 11:19
J'utilise Firefox, mais je vais m'en sortir quand meme :p
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
glow
16 juin 2008 à 11:52
Merci nono.

Combofix as resolu le probleme.:
ComboFix 08-06-15.4 - GloW 2008-06-16 11:29:26.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.553 [GMT 2:00]
Endroit: D:\Donwloads\Software\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM56d97cd5.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cdxoikpo.ini
C:\WINDOWS\system32\eaqpstte.dll
C:\WINDOWS\system32\ettspqae.ini
C:\WINDOWS\system32\fOXbayxx.ini
C:\WINDOWS\system32\fOXbayxx.ini2
C:\WINDOWS\system32\gvfhgmqa.dll
C:\WINDOWS\system32\gvpdrixn.dll
C:\WINDOWS\system32\hqbkygej.dll
C:\WINDOWS\system32\jegykbqh.ini
C:\WINDOWS\system32\JPVycMoq.ini
C:\WINDOWS\system32\JPVycMoq.ini2
C:\WINDOWS\system32\klnooUvw.ini
C:\WINDOWS\system32\klnooUvw.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ocvwfqch.ini
C:\WINDOWS\system32\vyhxeulu.dll
C:\WINDOWS\system32\ydgcrvec.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))))))))
.

2008-06-16 11:26 . 2008-06-16 11:26 <REP> d-------- C:\backups
2008-06-16 10:40 . 2008-06-16 10:40 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-16 01:27 . 2007-06-28 14:36 401,720 --a------ C:\HijackThis.exe
2008-06-16 00:33 . 2008-06-16 00:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2008-06-16 00:00 . 2008-06-16 00:00 <REP> d-------- C:\Documents and Settings\GloW\Application Data\Grisoft
2008-06-16 00:00 . 2008-06-16 00:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-16 00:00 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-15 23:55 . 2008-06-16 01:17 <REP> d-------- C:\Program Files\Yahoo!
2008-06-15 23:55 . 2008-06-15 23:55 <REP> d-------- C:\Program Files\CCleaner
2008-06-15 14:53 . 2008-06-15 14:53 <REP> d-------- C:\VundoFix Backups
2008-06-13 22:08 . 2008-06-13 22:08 <REP> d-------- C:\Documents and Settings\GloW\Application Data\vlc
2008-06-13 22:03 . 2008-06-13 22:24 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-13 22:03 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-13 22:03 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-13 22:03 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-13 22:02 . 2008-06-13 22:02 <REP> d-------- C:\Program Files\Windows Live
2008-06-13 21:31 . 2008-06-13 21:31 <REP> d-------- C:\WINDOWS\Sun
2008-06-13 21:30 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-13 21:29 . 2008-06-13 21:30 <REP> d-------- C:\Program Files\Java
2008-06-13 21:28 . 2008-06-13 21:28 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-06-13 17:48 . 2008-06-13 17:48 <REP> d-------- C:\Documents and Settings\GloW\dwhelper
2008-06-13 17:42 . 2008-06-15 14:47 327 --a------ C:\WINDOWS\wininit.ini
2008-06-13 16:57 . 2008-06-13 16:57 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-06-13 15:47 . 2008-06-13 16:49 <REP> d-------- C:\Program Files\a-squared Free
2008-06-13 15:47 . 2008-06-13 22:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-13 15:34 . 2008-06-13 15:34 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-13 15:34 . 2008-06-13 17:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-13 14:54 . 2008-06-13 14:54 <REP> d-------- C:\Program Files\Notepad++
2008-06-13 14:54 . 2008-06-13 15:38 <REP> d-------- C:\Documents and Settings\GloW\Application Data\Notepad++
2008-06-13 00:46 . 2008-06-13 00:46 <REP> d-------- C:\Program Files\VideoLAN
2008-06-13 00:26 . 2008-06-13 00:26 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-06-12 12:07 . 2008-06-13 13:36 <REP> d-------- C:\Documents and Settings\GloW\Application Data\X-Chat 2
2008-06-12 12:06 . 2008-06-12 12:06 <REP> d-------- C:\Program Files\X-Chat 2
2008-06-12 11:42 . 2008-06-11 16:26 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-12 11:42 . 2008-06-11 16:26 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-12 11:42 . 2008-06-11 14:36 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-06-12 11:42 . 2008-06-11 16:26 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-12 11:42 . 2008-06-11 16:26 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-12 11:42 . 2008-06-11 16:26 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-06-12 11:42 . 2008-06-11 16:26 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-12 11:42 . 2008-06-11 21:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-06-12 11:42 . 2008-06-16 00:31 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-12 11:25 . 2008-06-12 11:25 <REP> d-------- C:\Program Files\MSXML 4.0
2008-06-12 11:10 . 2008-06-12 11:35 <REP> d-------- C:\Downloads
2008-06-12 11:09 . 2008-06-13 15:39 <REP> d-------- C:\Program Files\BitComet
2008-06-12 10:57 . 2008-06-12 10:57 24,576 --a------ C:\WINDOWS\system32\khfFXrRJ.dll.vir
2008-06-12 00:56 . 2008-06-12 00:56 <REP> d-------- C:\WINDOWS\system32\Lang
2008-06-12 00:56 . 2008-06-12 00:56 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-06-12 00:56 . 2008-06-12 00:56 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-06-12 00:55 . 2008-06-16 11:36 2,332,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-12 00:55 . 2008-06-16 11:33 29,408 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-12 00:25 . 2008-06-12 00:25 <REP> d-------- C:\Program Files\Fichiers communs\SWF Studio
2008-06-11 22:43 . 2008-06-14 18:56 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2008-06-11 22:43 . 2008-06-11 22:43 <REP> d-------- C:\Documents and Settings\GloW\Application Data\Thunderbird
2008-06-11 22:19 . 2008-06-11 22:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-11 22:18 . 2008-06-11 22:19 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-06-11 22:18 . 2008-06-11 22:18 <REP> d-------- C:\Program Files\Zone Labs
2008-06-11 22:18 . 2008-06-11 22:18 <REP> d-------- C:\Program Files\Realtek
2008-06-11 22:17 . 2008-06-16 11:27 <REP> d-------- C:\WINDOWS\Internet Logs
2008-06-11 22:17 . 2005-04-16 22:20 487,424 --a------ C:\WINDOWS\RtlExUpd.dll
2008-06-11 22:17 . 2006-06-14 11:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-06-11 22:17 . 2006-06-14 11:00 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-06-11 22:17 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-06-11 22:17 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys
2008-06-11 22:17 . 2006-06-14 10:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-06-11 22:17 . 2006-06-14 10:47 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-06-11 22:16 . 2008-06-11 22:16 <REP> d-------- C:\Program Files\CONEXANT
2008-06-11 22:03 . 2008-06-11 22:03 <REP> d-------- C:\Program Files\Avira
2008-06-11 22:03 . 2008-06-11 22:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-11 21:55 . 2008-06-11 21:55 <REP> d-------- C:\Program Files\Intel Desktop Board
2008-06-11 21:48 . 2008-06-11 21:48 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-06-11 21:48 . 2008-06-11 21:48 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-06-11 21:48 . 2008-06-11 21:48 <REP> d-------- C:\Documents and Settings\GloW\Application Data\Intel
2008-06-11 21:48 . 2008-06-11 21:48 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-06-11 21:47 . 2008-06-11 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-06-11 21:46 . 2008-06-11 21:46 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-11 21:46 . 2008-06-11 21:46 <REP> d-------- C:\Program Files\DIFX
2008-06-11 21:46 . 2006-06-29 19:27 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll
2008-06-11 21:46 . 2006-06-29 19:49 2,206,720 --a------ C:\WINDOWS\system32\drivers\w29n51.sys
2008-06-11 21:46 . 2006-06-29 19:26 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll
2008-06-11 19:33 . 2008-06-11 19:33 <REP> d-------- C:\Team17
2008-06-11 19:10 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-11 19:09 . 2008-06-12 11:26 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-06-11 19:08 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 19:08 . 2008-04-14 17:52 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 17:08 . 1998-02-09 03:00 1,455,736 --------- C:\WINDOWS\system32\VCL35.BPL
2008-06-11 17:08 . 1998-02-08 19:00 996,872 --------- C:\WINDOWS\system32\CP3240MT.DLL
2008-06-11 17:08 . 1998-02-09 03:00 245,912 --------- C:\WINDOWS\system32\VCLX35.BPL
2008-06-11 17:08 . 1998-02-09 03:00 187,392 --------- C:\WINDOWS\system32\BCBSMP35.BPL
2008-06-11 17:08 . 2000-01-31 05:00 25,600 --------- C:\WINDOWS\system32\BORLNDMM.DLL
2008-06-11 17:08 . 1997-04-22 18:16 6,272 --------- C:\WINDOWS\system32\drivers\ASLM75.SYS
2008-06-11 17:08 . 1997-04-22 18:16 6,272 --------- C:\WINDOWS\system32\ASLM75.SYS
2008-06-11 17:07 . 2008-06-11 17:07 0 --a------ C:\WINDOWS\system32\drivers\1043_ASUSTeK_A6VM.alu
2008-06-11 17:04 . 2008-06-11 17:04 <REP> d-------- C:\Documents and Settings\GloW\WINDOWS
2008-06-11 17:04 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-11 17:01 . 2008-06-11 17:01 <REP> d-------- C:\Program Files\Synaptics
2008-06-11 17:01 . 2008-06-11 22:21 <REP> d-------- C:\Program Files\ASUS
2008-06-11 17:01 . 2004-12-22 14:23 186,240 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-06-11 17:01 . 2004-12-22 14:23 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-06-11 17:01 . 2004-12-22 14:23 90,202 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-06-11 17:01 . 2004-12-22 14:23 82,013 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-06-11 17:01 . 2004-12-22 14:23 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2008-06-11 17:01 . 2004-12-22 14:23 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2008-06-11 17:00 . 2008-06-11 21:47 <REP> d-------- C:\Program Files\Intel
2008-06-11 15:53 . 2008-06-11 15:53 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-11 15:38 . 2005-01-17 22:48 1,036,928 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys
2008-06-11 15:38 . 2005-01-17 22:48 702,592 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2008-06-11 15:38 . 2005-01-17 22:48 163,328 --a------ C:\WINDOWS\system32\drivers\HSFHWAZL.sys
2008-06-11 15:38 . 2005-01-17 22:48 129,045 --a------ C:\WINDOWS\system32\drivers\HSFProf.cty
2008-06-11 15:38 . 2005-01-17 22:48 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2008-06-11 15:38 . 2005-01-17 22:48 39,018 --a------ C:\WINDOWS\system32\hsfci011.dll
2008-06-11 15:38 . 2005-01-17 22:48 13,059 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 12:59 1,421,312 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-06-14 17:01 1,415,680 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-06-11 20:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-11 15:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-11 12:56 --------- d-----w C:\Documents and Settings\GloW\Application Data\Talkback
2008-06-11 12:41 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-11 12:39 --------- d-----w C:\Program Files\Services en ligne
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-02 19:08 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
2008-04-02 19:08 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
2008-04-02 19:08 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-02 19:08 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-02 19:07 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-04-02 19:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14EA15A9-30CD-4944-A248-BD1C416B5D39}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33CCA584-E3F6-4A1C-A150-51B654B34C06}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63742141-C650-4A35-A2C3-0B51A61AC83D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f8687926-2a34-4a78-8998-a3d754e5fb27}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCADA985-8D64-408A-B511-F538CD6080D9}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-04 17:33 7340032]
"nwiz"="nwiz.exe" [2005-12-04 17:33 1519616 C:\WINDOWS\system32\nwiz.exe]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-10 16:10 110592]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-22 14:23 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-22 14:23 688218]
"Wireless Console"="C:\Program Files\ASUS\Wireless Console\wcourier.exe" [2005-07-22 14:36 57344]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2005-06-16 15:48 86016]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 17:01 16010752 C:\WINDOWS\RTHDCPL.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ASUS Live Update"=C:\Program Files\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15136:TCP"= 15136:TCP:BitComet 15136 TCP
"15136:UDP"= 15136:UDP:BitComet 15136 UDP

R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys [2004-07-05 16:14]
R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys [2004-09-17 00:42]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-14 17:06:20 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 11:35:29
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wpabaln.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-16 11:38:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 09:38:07

Pre-Run: 34,966,917,120 octets libres
Post-Run: 34,997,133,312 octets libres

254 --- E O F --- 2008-06-15 00:38:20


J'avai lancé avant kaspersky qui m'as trouvé d'antre trucs:


[06/15/2008, 14:55:05] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\GloW\Local Settings\Temporary Internet Files\Content.IE5\EKA6PZAA\VirtumundoBeGone[1].exe" )
[06/15/2008, 14:55:11] - Detected System Information:
[06/15/2008, 14:55:11] - Windows Version: 5.1.2600, Service Pack 2
[06/15/2008, 14:55:11] - Current Username: GloW (Admin)
[06/15/2008, 14:55:11] - Windows is in NORMAL mode.
[06/15/2008, 14:55:11] - Searching for Browser Helper Objects:
[06/15/2008, 14:55:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/15/2008, 14:55:11] - BHO 2: {14EA15A9-30CD-4944-A248-BD1C416B5D39} ()
[06/15/2008, 14:55:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/15/2008, 14:55:11] - Checking for HKLM\...\Winlogon\Notify\qoMcyVPJ
[06/15/2008, 14:55:11] - Key not found: HKLM\...\Winlogon\Notify\qoMcyVPJ, continuing.
[06/15/2008, 14:55:11] - BHO 3: {33CCA584-E3F6-4A1C-A150-51B654B34C06} ()
[06/15/2008, 14:55:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/15/2008, 14:55:11] - No filename found. Continuing.
[06/15/2008, 14:55:11] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/15/2008, 14:55:11] - BHO 5: {63742141-C650-4A35-A2C3-0B51A61AC83D} ()
[06/15/2008, 14:55:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/15/2008, 14:55:11] - Checking for HKLM\...\Winlogon\Notify\wvUoonlk
[06/15/2008, 14:55:11] - Key not found: HKLM\...\Winlogon\Notify\wvUoonlk, continuing.
[06/15/2008, 14:55:11] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/15/2008, 14:55:11] - BHO 7: {8710FC9F-0816-49D7-AE14-4BA5269E838C} ()
[06/15/2008, 14:55:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/15/2008, 14:55:12] - Checking for HKLM\...\Winlogon\Notify\khfFXrRJ
[06/15/2008, 14:55:12] - Found: HKLM\...\Winlogon\Notify\khfFXrRJ - This is probably Virtumundo.
[06/15/2008, 14:55:12] - Assigning {8710FC9F-0816-49D7-AE14-4BA5269E838C} MSEvents Object
[06/15/2008, 14:55:12] - BHO list has been changed! Starting over...
[06/15/2008, 14:55:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/15/2008, 14:55:12] - BHO 2: {14EA15A9-30CD-4944-A248-BD1C416B5D39} ()
[06/15/2008, 14:55:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/15/2008, 14:55:12] - Checking for HKLM\...\Winlogon\Notify\qoMcyVPJ
[06/15/2008, 14:55:12] - Key not found: HKLM\...\Winlogon\Notify\qoMcyVPJ, continuing.
[06/15/2008, 14:55:12] - BHO 3: {33CCA584-E3F6-4A1C-A150-51B654B34C06} ()
[06/15/2008, 14:55:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/15/2008, 14:55:12] - No filename found. Continuing.
[06/15/2008, 14:55:12] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/15/2008, 14:55:12] - BHO 5: {63742141-C650-4A35-A2C3-0B51A61AC83D} ()
[06/15/2008, 14:55:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/15/2008, 14:55:12] - Checking for HKLM\...\Winlogon\Notify\wvUoonlk
[06/15/2008, 14:55:12] - Key not found: HKLM\...\Winlogon\Notify\wvUoonlk, continuing.
[06/15/2008, 14:55:12] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/15/2008, 14:55:12] - BHO 7: {8710FC9F-0816-49D7-AE14-4BA5269E838C} (MSEvents Object)
[06/15/2008, 14:55:12] - ALERT: Found MSEvents Object!
[06/15/2008, 14:55:12] - BHO 8: {f8687926-2a34-4a78-8998-a3d754e5fb27} ()
[06/15/2008, 14:55:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/15/2008, 14:55:12] - Checking for HKLM\...\Winlogon\Notify\gvpdrixn
[06/15/2008, 14:55:12] - Key not found: HKLM\...\Winlogon\Notify\gvpdrixn, continuing.
[06/15/2008, 14:55:12] - BHO 9: {FCADA985-8D64-408A-B511-F538CD6080D9} ()
[06/15/2008, 14:55:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/15/2008, 14:55:12] - Checking for HKLM\...\Winlogon\Notify\xxyabXOf
[06/15/2008, 14:55:12] - Key not found: HKLM\...\Winlogon\Notify\xxyabXOf, continuing.
[06/15/2008, 14:55:12] - Finished Searching Browser Helper Objects
[06/15/2008, 14:55:12] - *** Detected MSEvents Object
[06/15/2008, 14:55:12] - Trying to remove MSEvents Object...
[06/15/2008, 14:55:13] - Terminating Process: IEXPLORE.EXE
[06/15/2008, 14:55:14] - Terminating Process: RUNDLL32.EXE
[06/15/2008, 14:55:14] - Disabling Automatic Shell Restart
[06/15/2008, 14:55:15] - Terminating Process: EXPLORER.EXE
[06/15/2008, 14:55:16] - Suspending the NT Session Manager System Service
[06/15/2008, 14:55:16] - Terminating Windows NT Logon/Logoff Manager
[06/15/2008, 14:55:16] - Re-enabling Automatic Shell Restart
[06/15/2008, 14:55:16] - File to disable: C:\WINDOWS\system32\khfFXrRJ.dll
[06/15/2008, 14:55:16] - Renaming C:\WINDOWS\system32\khfFXrRJ.dll -> C:\WINDOWS\system32\khfFXrRJ.dll.vir
[06/15/2008, 14:55:16] - File successfully renamed!
[06/15/2008, 14:55:16] - Removing HKLM\...\Browser Helper Objects\{8710FC9F-0816-49D7-AE14-4BA5269E838C}
[06/15/2008, 14:55:16] - Removing HKCR\CLSID\{8710FC9F-0816-49D7-AE14-4BA5269E838C}
[06/15/2008, 14:55:16] - Adding Kill Bit for ActiveX for GUID: {8710FC9F-0816-49D7-AE14-4BA5269E838C}
[06/15/2008, 14:55:16] - Deleting ATLEvents/MSEvents Registry entries
[06/15/2008, 14:55:16] - Removing HKLM\...\Winlogon\Notify\khfFXrRJ
[06/15/2008, 14:55:17] - Searching for Browser Helper Objects:
[06/15/2008, 14:55:17] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/15/2008, 14:55:17] - BHO 2: {14EA15A9-30CD-4944-A248-BD1C416B5D39} ()
[06/15/2008, 14:55:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/15/2008, 14:55:17] - Checking for HKLM\...\Winlogon\Notify\qoMcyVPJ
[06/15/2008, 14:55:17] - Key not found: HKLM\...\Winlogon\Notify\qoMcyVPJ, continuing.
[06/15/2008, 14:55:17] - BHO 3: {33CCA584-E3F6-4A1C-A150-51B654B34C06} ()
[06/15/2008, 14:55:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/15/2008, 14:55:17] - No filename found. Continuing.
[06/15/2008, 14:55:17] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/15/2008, 14:55:17] - BHO 5: {63742141-C650-4A35-A2C3-0B51A61AC83D} ()
[06/15/2008, 14:55:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/15/2008, 14:55:17] - Checking for HKLM\...\Winlogon\Notify\wvUoonlk
[06/15/2008, 14:55:17] - Key not found: HKLM\...\Winlogon\Notify\wvUoonlk, continuing.
[06/15/2008, 14:55:17] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/15/2008, 14:55:17] - BHO 7: {f8687926-2a34-4a78-8998-a3d754e5fb27} ()
[06/15/2008, 14:55:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/15/2008, 14:55:17] - Checking for HKLM\...\Winlogon\Notify\gvpdrixn
[06/15/2008, 14:55:17] - Key not found: HKLM\...\Winlogon\Notify\gvpdrixn, continuing.
[06/15/2008, 14:55:17] - BHO 8: {FCADA985-8D64-408A-B511-F538CD6080D9} ()
[06/15/2008, 14:55:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/15/2008, 14:55:17] - Checking for HKLM\...\Winlogon\Notify\xxyabXOf
[06/15/2008, 14:55:17] - Key not found: HKLM\...\Winlogon\Notify\xxyabXOf, continuing.
[06/15/2008, 14:55:17] - Finished Searching Browser Helper Objects
[06/15/2008, 14:55:17] - Finishing up...


Et voila mon hijackthis new version:

<Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:04, on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Notepad++\notepad++.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u6-windows-i586-jc.cab&AuthParam=1580964179_948ce1dd250aac19afc416e1e34a3af9&ext=.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 6 / 8
nono1er Messages postés 1419 Date d'inscription vendredi 11 janvier 2008 Statut Membre Dernière intervention 28 février 2011 136
16 juin 2008 à 12:15
ton rapport hijac est bon,
passe ccleaner et ca devrait rouler
si tout fonctionne met le post en résolu
0
Réponse 7 / 8
glow
16 juin 2008 à 13:48
Ca roule tout nickel...
Plus qu'a trouver comment faire pour passer le topic en résolu....
0
Réponse 8 / 8
nono1er Messages postés 1419 Date d'inscription vendredi 11 janvier 2008 Statut Membre Dernière intervention 28 février 2011 136
16 juin 2008 à 18:02
dans le mail que tu recoit , je crois que c'est la pour le "resolu"
0