Une aide pour un rapport HijackThis ?
69underground
Messages postés
11
Statut
Membre
-
ebdaa -
ebdaa -
Bonjour,
Suite a toutes sortes de petits soucis, je viens d'effectuer une analyse HijackThis dont voici le rapport. Quelqu'un pour me dire comment me debarasser des intrus ?
Merci beaucoup !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:28, on 05/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.fr/webhp?sourceid=navclient&gws_rd=ssl
<https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8>=&gws_rd=ssl
&hl=fr&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = http://w3.jet.efda.org/htbin/setup_proxies.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4
Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -
C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class)
- http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler
(AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir
PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard
(AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir
PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel
Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Fichiers
communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel
Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) -
NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
Suite a toutes sortes de petits soucis, je viens d'effectuer une analyse HijackThis dont voici le rapport. Quelqu'un pour me dire comment me debarasser des intrus ?
Merci beaucoup !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:28, on 05/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.fr/webhp?sourceid=navclient&gws_rd=ssl
<https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8>=&gws_rd=ssl
&hl=fr&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = http://w3.jet.efda.org/htbin/setup_proxies.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4
Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -
C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class)
- http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler
(AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir
PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard
(AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir
PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel
Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Fichiers
communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel
Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) -
NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
A voir également:
- Une aide pour un rapport HijackThis ?
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Plan d'un rapport de stage - Guide
- Rapport de crash windows - Guide
- Acheter un rapport de stage - Forum Programmation
- Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport existant ✓ - Forum Excel
8 réponses
Bonjour,
Merci pour la reponse. J'ai installe AVG pour faire un scan avec un autre AV que Antivir. Il ne trouvent rien tous les deux. Je viens de desinstaller AVG et malheureusement les problemes sont toujours la (connexion fortement ralentie, redirection des pages webs et impossibilite d'acceder a des pages liees a la securite informatique).
Merci pour la reponse. J'ai installe AVG pour faire un scan avec un autre AV que Antivir. Il ne trouvent rien tous les deux. Je viens de desinstaller AVG et malheureusement les problemes sont toujours la (connexion fortement ralentie, redirection des pages webs et impossibilite d'acceder a des pages liees a la securite informatique).
# télécharger Hoster :
http://www.funkytoad.com/download/HostsXpert.zip
# Dézipper le dossier sur le bureau.
# Lancer Hoster et cliquer sur Restore Microsoft's Hosts File
____________
telecharge malwarebyte et colles un rapport avec et vires ce qui est trouvé
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________
telecharge smitfraudfix et choisi l'option 1 et colles le rapport
http://siri.urz.free.fr/Fix/SmitfraudFix.php
http://www.funkytoad.com/download/HostsXpert.zip
# Dézipper le dossier sur le bureau.
# Lancer Hoster et cliquer sur Restore Microsoft's Hosts File
____________
telecharge malwarebyte et colles un rapport avec et vires ce qui est trouvé
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________
telecharge smitfraudfix et choisi l'option 1 et colles le rapport
http://siri.urz.free.fr/Fix/SmitfraudFix.php
Merci beaucoup pour les recommandations.
J'ai restore le fichier Host et lance une analyse Malwarebytes. J'en avais deja lance une hier et rien n'avait ete trouve. En attendant le rapport Malwarebytes voici le rapport SmitFraudFix, ont dirait bien que le soucis vient de la :
SmitFraudFix v2.345
Rapport fait à 15:59:47,10, 05/09/2008
Executé à partir de C:\Program Files\Smitfraud\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix
Description: Broadcom NetXtreme Gigabit Ethernet - Miniport d'ordonnancement
de paquets
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport
d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB91B991-0B8A-409D-BE78-56BA887619B4}:
DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F15516CD-F84B-4FD9-BCC8-A58DDB601AC0}:
DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB91B991-0B8A-409D-BE78-56BA887619B4}:
DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F15516CD-F84B-4FD9-BCC8-A58DDB601AC0}:
DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB91B991-0B8A-409D-BE78-56BA887619B4}:
DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F15516CD-F84B-4FD9-BCC8-A58DDB601AC0}:
DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252
212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252
212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252
212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix
Description: Broadcom NetXtreme Gigabit Ethernet - Miniport d'ordonnancement
de paquets
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport
d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB91B991-0B8A-409D-BE78-56BA887619B4}:
DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F15516CD-F84B-4FD9-BCC8-A58DDB601AC0}:
DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB91B991-0B8A-409D-BE78-56BA887619B4}:
DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F15516CD-F84B-4FD9-BCC8-A58DDB601AC0}:
DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB91B991-0B8A-409D-BE78-56BA887619B4}:
DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F15516CD-F84B-4FD9-BCC8-A58DDB601AC0}:
DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252
212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252
212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252
212.27.53.252
J'ai restore le fichier Host et lance une analyse Malwarebytes. J'en avais deja lance une hier et rien n'avait ete trouve. En attendant le rapport Malwarebytes voici le rapport SmitFraudFix, ont dirait bien que le soucis vient de la :
SmitFraudFix v2.345
Rapport fait à 15:59:47,10, 05/09/2008
Executé à partir de C:\Program Files\Smitfraud\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix
Description: Broadcom NetXtreme Gigabit Ethernet - Miniport d'ordonnancement
de paquets
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport
d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB91B991-0B8A-409D-BE78-56BA887619B4}:
DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F15516CD-F84B-4FD9-BCC8-A58DDB601AC0}:
DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB91B991-0B8A-409D-BE78-56BA887619B4}:
DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F15516CD-F84B-4FD9-BCC8-A58DDB601AC0}:
DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB91B991-0B8A-409D-BE78-56BA887619B4}:
DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F15516CD-F84B-4FD9-BCC8-A58DDB601AC0}:
DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252
212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252
212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252
212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix
Description: Broadcom NetXtreme Gigabit Ethernet - Miniport d'ordonnancement
de paquets
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport
d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB91B991-0B8A-409D-BE78-56BA887619B4}:
DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F15516CD-F84B-4FD9-BCC8-A58DDB601AC0}:
DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB91B991-0B8A-409D-BE78-56BA887619B4}:
DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F15516CD-F84B-4FD9-BCC8-A58DDB601AC0}:
DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB91B991-0B8A-409D-BE78-56BA887619B4}:
DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F15516CD-F84B-4FD9-BCC8-A58DDB601AC0}:
DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252
212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252
212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252
212.27.53.252
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
rien d'infectieux alors pour l'instant
une dernière verif:
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofix-t121.htm
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
une dernière verif:
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofix-t121.htm
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Ah, tres bien vu, je n'ai plus de redirections ! Merci !
Voici le rapport Copmbofix :
ComboFix 08-09-04.09 - Lolo 2008-09-05 19:45:31.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.916 [GMT 2:00]
Endroit: F:\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
/wow section - STAGE 40
pv: No matching processes found
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))))))))
.
2008-09-05 18:42 . 2008-09-05 19:11 250 --a------ C:\WINDOWS\gmer.ini
2008-09-05 15:19 . 2008-09-05 15:19 <REP> d-------- C:\Program Files\HostXperts
2008-09-05 09:52 . 2008-09-05 09:52 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-04 17:52 . 2008-09-04 17:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Conceptworld
2008-09-04 17:42 . 2008-09-04 17:59 2,138 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-04 17:40 . 2008-09-04 17:41 <REP> d-------- C:\Program Files\Smitfraud
2008-09-04 11:36 . 2008-09-04 11:36 <REP> d--h----- C:\$AVG8.VAULT$
2008-09-04 10:43 . 2005-01-04 21:30 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-04 10:43 . 2005-01-04 21:38 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-04 10:43 . 2005-01-04 21:14 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-04 10:43 . 2005-01-04 21:38 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-09-04 10:43 . 2008-09-05 18:51 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-04 10:43 . 2005-01-04 21:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2008-09-04 10:43 . 2008-09-04 10:43 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-04 10:34 . 2008-09-04 10:34 <REP> d-------- C:\Program Files\AVG
2008-09-04 10:34 . 2008-09-05 15:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-03 13:51 . 2008-09-03 13:51 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
2008-08-25 09:43 . 2008-06-23 18:28 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-25 09:43 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-25 09:43 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-25 09:43 . 2008-06-23 18:28 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-25 09:43 . 2008-06-23 18:28 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-25 09:43 . 2008-06-23 18:28 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-25 09:43 . 2008-06-23 18:28 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-25 09:43 . 2008-06-23 18:28 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-25 09:43 . 2008-06-23 11:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 13:19 . 2008-08-23 13:57 <REP> d-------- C:\Program Files\Sketchup
2008-08-10 15:21 . 2008-09-05 08:24 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2008-08-10 15:21 . 2008-08-10 15:22 <REP> d-------- C:\Documents and Settings\Lolo\Application Data\Thunderbird
2008-08-10 15:19 . 2008-08-10 23:44 <REP> d-------- C:\Program Files\Thunderbird
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 07:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-04 15:13 --------- d-----w C:\Program Files\Ad-aware 6
2008-09-04 09:36 --------- d-----w C:\Program Files\Alcohol 120%
2008-09-04 08:30 --------- d-----w C:\Program Files\AVG Anti-spy
2008-09-03 13:56 --------- d-----w C:\Program Files\Zoom Player
2008-08-27 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-08-23 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 14:44 --------- d-----w C:\Program Files\eMule
2008-07-29 18:05 --------- d-----w C:\Program Files\FastStone Image Viewer
2008-07-29 17:15 --------- d-----w C:\Documents and Settings\Lolo\Application Data\foobar2000
2008-07-29 14:10 --------- d-----w C:\Program Files\Malwarebytes
2008-07-29 14:10 --------- d-----w C:\Documents and Settings\Lolo\Application Data\Malwarebytes
2008-07-29 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 10:41 --------- d-----w C:\Program Files\Citrix
2008-07-29 10:33 --------- d-----w C:\Program Files\BSplayer
2008-07-23 18:09 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-23 18:09 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-21 07:24 --------- d-----w C:\Documents and Settings\Lolo\Application Data\Skype
2008-07-18 11:30 --------- d-----w C:\Documents and Settings\Lolo\Application Data\ICAClient
2008-07-10 19:27 --------- d-----w C:\Program Files\Antivir
2008-07-10 14:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-10 14:29 --------- d-----w C:\Program Files\Yahoo!
2008-07-10 07:31 --------- d-----w C:\Program Files\pdf995
2008-07-09 18:18 --------- d-----w C:\Program Files\Avira
2008-07-09 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2007-09-11 19:30 61,480 ----a-w C:\Documents and Settings\Lolo\GoToAssistDownloadHelper.exe
2006-05-27 09:54 124 ----a-w C:\Program Files\Panneau de configuration.lnk
2008-02-07 20:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 20:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-02-07 20:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-02-07 20:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 20:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 20:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-02-07 20:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-03-16 16:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 16:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 16:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 11:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 20:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-14 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-01-19 65536]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-24 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-24 618496]
"ATIPTA"="C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-25 335872]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
"ATIModeChange"="Ati2mdxx.exe" [2004-04-01 C:\WINDOWS\system32\Ati2mdxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.I263"= I263_32.drv
"vidc.ptev"= ptevideo.dll
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bitmeter2.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bitmeter2.lnk
backup=C:\WINDOWS\pss\Bitmeter2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BT Broadband Desktop Help.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BT Broadband Desktop Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Lolo^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Lolo\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
--a------ 2006-04-14 11:56 569413 C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2006-04-14 11:51 667718 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 23:18 443968 C:\Program Files\Picasa\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 01:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 05:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-14 06:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"matlabserver"=3 (0x3)
"EPGService"=2 (0x2)
"CachemanXPService"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"SPTISRV"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"SNDSrvc"=2 (0x2)
"DJSNETCN"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"NPFMntor"=2 (0x2)
"navapsvc"=2 (0x2)
"LiveUpdate"=3 (0x3)
"gusvc"=3 (0x3)
"avg8wd"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Asus\\ASUS Live Update\\LiveUpdt.exe"=
"D:\\cygwin\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"C:\\Program Files\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\Xming\\Xming.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule tcp
"4672:UDP"= 4672:UDP:emule udp
R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-02-18 65664]
R2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys [2003-01-09 21264]
R3 tap0801co;TAP-Win32 Adapter V8 (coLinux);C:\WINDOWS\system32\DRIVERS\tap0801co.sys [2004-07-10 24576]
S2 CoLinuxDriver;CoLinuxDriver;D:\coLinux\linux.sys [ ]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-29 361728]
S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-29 39680]
S4 CachemanXPService;CachemanXP;C:\PROGRA~1\Cacheman\CachemanXP.exe [2008-04-30 243200]
S4 EPGService;EPGService;C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2006-11-28 361984]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff547df5-8ca4-11dc-ad32-000e359f3faf}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff547df6-8ca4-11dc-ad32-000e359f3faf}]
\Shell\1\Command - RUNAUT~1\autorun.pif
\Shell\2\Command - RUNAUT~1\autorun.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1\autorun.pif
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\AVG Anti-spy\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-AVG8_TRAY - C:\PROGRA~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-BitTorrent - C:\Program Files\Bittorrent\bittorrent.exe
MSConfigStartUp-btbb_wcm_McciTrayApp - C:\Program Files\btbb_wcm\McciTrayApp.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Lolo\Application Data\Mozilla\Firefox\Profiles\y9aur99i.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdrmv2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdsplay.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npvirtools.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npwmsdrm.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 20:06:23
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-05 20:11:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-05 18:11:42
Pre-Run: 3,644,800,000 octets libres
Post-Run: 3,557,127,680 octets libres
261 --- E O F --- 2008-08-27 07:44:05
Voici le rapport Copmbofix :
ComboFix 08-09-04.09 - Lolo 2008-09-05 19:45:31.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.916 [GMT 2:00]
Endroit: F:\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
/wow section - STAGE 40
pv: No matching processes found
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))))))))
.
2008-09-05 18:42 . 2008-09-05 19:11 250 --a------ C:\WINDOWS\gmer.ini
2008-09-05 15:19 . 2008-09-05 15:19 <REP> d-------- C:\Program Files\HostXperts
2008-09-05 09:52 . 2008-09-05 09:52 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-04 17:52 . 2008-09-04 17:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Conceptworld
2008-09-04 17:42 . 2008-09-04 17:59 2,138 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-04 17:40 . 2008-09-04 17:41 <REP> d-------- C:\Program Files\Smitfraud
2008-09-04 11:36 . 2008-09-04 11:36 <REP> d--h----- C:\$AVG8.VAULT$
2008-09-04 10:43 . 2005-01-04 21:30 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-04 10:43 . 2005-01-04 21:38 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-04 10:43 . 2005-01-04 21:14 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-04 10:43 . 2005-01-04 21:38 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-09-04 10:43 . 2008-09-05 18:51 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-04 10:43 . 2005-01-04 21:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2008-09-04 10:43 . 2008-09-04 10:43 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-04 10:34 . 2008-09-04 10:34 <REP> d-------- C:\Program Files\AVG
2008-09-04 10:34 . 2008-09-05 15:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-03 13:51 . 2008-09-03 13:51 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
2008-08-25 09:43 . 2008-06-23 18:28 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-25 09:43 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-25 09:43 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-25 09:43 . 2008-06-23 18:28 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-25 09:43 . 2008-06-23 18:28 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-25 09:43 . 2008-06-23 18:28 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-25 09:43 . 2008-06-23 18:28 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-25 09:43 . 2008-06-23 18:28 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-25 09:43 . 2008-06-23 11:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 13:19 . 2008-08-23 13:57 <REP> d-------- C:\Program Files\Sketchup
2008-08-10 15:21 . 2008-09-05 08:24 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2008-08-10 15:21 . 2008-08-10 15:22 <REP> d-------- C:\Documents and Settings\Lolo\Application Data\Thunderbird
2008-08-10 15:19 . 2008-08-10 23:44 <REP> d-------- C:\Program Files\Thunderbird
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 07:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-04 15:13 --------- d-----w C:\Program Files\Ad-aware 6
2008-09-04 09:36 --------- d-----w C:\Program Files\Alcohol 120%
2008-09-04 08:30 --------- d-----w C:\Program Files\AVG Anti-spy
2008-09-03 13:56 --------- d-----w C:\Program Files\Zoom Player
2008-08-27 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-08-23 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 14:44 --------- d-----w C:\Program Files\eMule
2008-07-29 18:05 --------- d-----w C:\Program Files\FastStone Image Viewer
2008-07-29 17:15 --------- d-----w C:\Documents and Settings\Lolo\Application Data\foobar2000
2008-07-29 14:10 --------- d-----w C:\Program Files\Malwarebytes
2008-07-29 14:10 --------- d-----w C:\Documents and Settings\Lolo\Application Data\Malwarebytes
2008-07-29 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 10:41 --------- d-----w C:\Program Files\Citrix
2008-07-29 10:33 --------- d-----w C:\Program Files\BSplayer
2008-07-23 18:09 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-23 18:09 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-21 07:24 --------- d-----w C:\Documents and Settings\Lolo\Application Data\Skype
2008-07-18 11:30 --------- d-----w C:\Documents and Settings\Lolo\Application Data\ICAClient
2008-07-10 19:27 --------- d-----w C:\Program Files\Antivir
2008-07-10 14:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-10 14:29 --------- d-----w C:\Program Files\Yahoo!
2008-07-10 07:31 --------- d-----w C:\Program Files\pdf995
2008-07-09 18:18 --------- d-----w C:\Program Files\Avira
2008-07-09 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2007-09-11 19:30 61,480 ----a-w C:\Documents and Settings\Lolo\GoToAssistDownloadHelper.exe
2006-05-27 09:54 124 ----a-w C:\Program Files\Panneau de configuration.lnk
2008-02-07 20:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 20:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-02-07 20:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-02-07 20:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 20:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 20:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-02-07 20:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-03-16 16:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 16:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 16:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 11:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 20:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-14 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-01-19 65536]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-24 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-24 618496]
"ATIPTA"="C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-25 335872]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
"ATIModeChange"="Ati2mdxx.exe" [2004-04-01 C:\WINDOWS\system32\Ati2mdxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.I263"= I263_32.drv
"vidc.ptev"= ptevideo.dll
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bitmeter2.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bitmeter2.lnk
backup=C:\WINDOWS\pss\Bitmeter2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BT Broadband Desktop Help.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BT Broadband Desktop Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Lolo^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Lolo\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
--a------ 2006-04-14 11:56 569413 C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2006-04-14 11:51 667718 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 23:18 443968 C:\Program Files\Picasa\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 01:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 05:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-14 06:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"matlabserver"=3 (0x3)
"EPGService"=2 (0x2)
"CachemanXPService"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"SPTISRV"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"SNDSrvc"=2 (0x2)
"DJSNETCN"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"NPFMntor"=2 (0x2)
"navapsvc"=2 (0x2)
"LiveUpdate"=3 (0x3)
"gusvc"=3 (0x3)
"avg8wd"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Asus\\ASUS Live Update\\LiveUpdt.exe"=
"D:\\cygwin\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"C:\\Program Files\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\Xming\\Xming.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule tcp
"4672:UDP"= 4672:UDP:emule udp
R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-02-18 65664]
R2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys [2003-01-09 21264]
R3 tap0801co;TAP-Win32 Adapter V8 (coLinux);C:\WINDOWS\system32\DRIVERS\tap0801co.sys [2004-07-10 24576]
S2 CoLinuxDriver;CoLinuxDriver;D:\coLinux\linux.sys [ ]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-29 361728]
S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-29 39680]
S4 CachemanXPService;CachemanXP;C:\PROGRA~1\Cacheman\CachemanXP.exe [2008-04-30 243200]
S4 EPGService;EPGService;C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2006-11-28 361984]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff547df5-8ca4-11dc-ad32-000e359f3faf}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff547df6-8ca4-11dc-ad32-000e359f3faf}]
\Shell\1\Command - RUNAUT~1\autorun.pif
\Shell\2\Command - RUNAUT~1\autorun.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1\autorun.pif
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\AVG Anti-spy\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-AVG8_TRAY - C:\PROGRA~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-BitTorrent - C:\Program Files\Bittorrent\bittorrent.exe
MSConfigStartUp-btbb_wcm_McciTrayApp - C:\Program Files\btbb_wcm\McciTrayApp.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Lolo\Application Data\Mozilla\Firefox\Profiles\y9aur99i.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdrmv2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdsplay.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npvirtools.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npwmsdrm.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 20:06:23
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-05 20:11:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-05 18:11:42
Pre-Run: 3,644,800,000 octets libres
Post-Run: 3,557,127,680 octets libres
261 --- E O F --- 2008-08-27 07:44:05
ok parfait
je comprend mieux tu n'avais mis qu'a moitié le rapport smitfraudfix
lance ccleaner pour finir le nettoyage:
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
tu peux virer ce que l'on a utilisé , garde toutefois malwarebyte et ccleaner dans tes protections
je comprend mieux tu n'avais mis qu'a moitié le rapport smitfraudfix
lance ccleaner pour finir le nettoyage:
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
tu peux virer ce que l'on a utilisé , garde toutefois malwarebyte et ccleaner dans tes protections
