redirection googleRésolu/Fermé

Question

Bonjour,
j'ai un souci avec google comme d'autres post similaires a chaque rechercher puis validation de la recherche
je suis redirigée sur des sites de telechargements ou autres ...
donc c'est quasi impossible ou presque d'aler sur la page demandée 
je suis sous xp et mon antivirus est avira avec qui j'ai des problemes aussi il ne se met plus a jour ;j'ai telechargé avg free pour voir ce que ca donnais et c'est pareil aucun update de mise a jour
autre souci mon defragmenteur ne veux plus marché aussi(le defragmenteur de disque n'as pas pu demarrer)
je ne sais pas du tout si c'est lié j'ai ma fille de 9 ans qui est souvent sur l'ordi et je ne la surveille pas tjs elle va sur des sites de jeux en ligne je ne sais pas si elle a  pu chopé des virus en tout cas mon antivirus ne les a pas detecté et spybot non plus...
j'ai vraiment besoin d'aide... merci!!
 je vous joint le rapport hijackthis





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:48, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\JMRaidTool.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAKE.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\No-IP\DUC20.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Documents and Settings\a2\Mes documents\Mes fichiers reçus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {D776914F-A4AA-4B6C-AEB5-91B66DCD5B08} - C:\WINDOWS\system32\bidisp.dll (file missing)
O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {EF56413F-9398-4DF5-BC88-6FC3B227D5C5} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON PictureMate 100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAKE.EXE /P21 "EPSON PictureMate 100" /O6 "USB002" /M "PictureMate 100"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Xinek.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\a2\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file:///C:/Documents%20and%20Settings/a2/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2_fr.1.0.0.70.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - file:///C:/Documents%20and%20Settings/a2/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/ddfotg.1.0.0.37.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C6E9F0B8-AFEA-46F3-831B-612E97381ABA} (imvustreamer Control) - http://www.imvu.com/activex/imvustreamer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - file:///C:/Documents%20and%20Settings/a2/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash.1.0.0.98.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{171F54D1-6847-431D-9E14-100BE4571567}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8EE5C42-1098-4FC6-A65F-517CC729FAD9}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS1\Services\Tcpip\..\{171F54D1-6847-431D-9E14-100BE4571567}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{171F54D1-6847-431D-9E14-100BE4571567}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS3\Services\Tcpip\..\{171F54D1-6847-431D-9E14-100BE4571567}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: karna.dat ?u|C?\?Î
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Aarvepamek -  - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

jlpjlp · Answer

slt

vire AVG8


puis
_________________



scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­



_________________


télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

B-Oris · Answer

Salut olinkette
J'ai eu le même soucis avec le PC de mon chef
j'ai pas envie de te décourager la seule solution que j'ai trouver c'était de formater l'ensemble de la machine car aprés pleins d'analyse de logiciels d'anti spybot antivirus j'en passe et des meilleurs et ben rien n'avait changer.Désolé j'ai que ça à te proposer.

olinkette · Answer

merci de ta reponse tres rapide jlpjlp je suis en train de fairela verification avec malwarepuis apres je fais combo fix
merci encore!!!
et b-oris merci de ta reponse egalement; j'espere ne pas avoir a reformater !!

jlpjlp · Answer

ok . À plus

olinkette · Answer

re
 dsl ca a duré plus de 40mn la recherche :(
 je te met le rapport pour malware


Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1349
Windows 5.1.2600 Service Pack 3

18/02/2009 14:00:37
mbam-log-2009-02-18 (14-00-29).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 196804
Temps écoulé: 49 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{8B3C29A4-0194-4E61-82DF-CA402F64EA9F}\RP372\A0068043.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{8B3C29A4-0194-4E61-82DF-CA402F64EA9F}\RP373\A0068085.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{8B3C29A4-0194-4E61-82DF-CA402F64EA9F}\RP376\A0069578.sys (Rootkit.Agent) -> No action taken.

olinkette · Answer

arrrf dsl je t'ai mis le premier rapport

voila celui la

merci de ton aide !!!
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{8B3C29A4-0194-4E61-82DF-CA402F64EA9F}\RP372\A0068043.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B3C29A4-0194-4E61-82DF-CA402F64EA9F}\RP373\A0068085.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B3C29A4-0194-4E61-82DF-CA402F64EA9F}\RP376\A0069578.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

olinkette · Answer

voici le resultat combofix et apparement je n'ai plus de redirection... re merci de ton aide jpljpl ComboFix 09-02-17.02 - a2 2009-02-18 14:23:38.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1022.684 [GMT 1:00] Lancé depuis: c:\documents and settings\a2\Mes documents\Mes fichiers reçus\combofix.exe AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) FW: Norton Internet Worm Protection *disabled* AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\documents and settings\a2\Menu Démarrer\Programmes\XP_AntiSpyware c:\documents and settings\a2\Menu Démarrer\Programmes\XP_AntiSpyware\Uninstall.lnk c:\documents and settings\a2\Menu Démarrer\Programmes\XP_AntiSpyware\XP_AntiSpyware.lnk c:\recycler\S-0-0-65-100015048-100005539-100002907-6976.com c:\windows\cdmxtras c:\windows\cdmxtras\uninst.exe c:\windows\system\oeminfo.ini c:\windows\system32\cache329 c:\windows\system32\drivers\TDSSrvdc.sys c:\windows\system32\gaopdxqciuqeop.dll c:\windows\system32\P2P Networking v126.cpl c:\windows\system32\P2P Networking c:\windows\system32\P2P Networking\Cache\Database\index256.dbb c:\windows\system32\TDSSbeat.dat c:\windows\system32\TDSSkfkl.dll c:\windows\system32\TDSSnmxh.log c:\windows\system32\TDSSoaba.dll c:\windows\system32\TDSSoxum.dll c:\windows\system32\TDSSqkhc.dll c:\windows\system32\TDSSshkx.dll c:\windows\system32\TDSSurkv.dll c:\windows\system32\TDSSxnpr.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gaopdxserv.sys -------\Service_TDSSSERV -------\Legacy_TDSSSERV -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-18 au 2009-02-18 )))))))))))))))))))))))))))))))))))) . 2009-02-14 01:14 . 2009-02-14 01:14 d-------- c:\documents and settings\All Users\Application Data\Avira 2009-02-14 00:58 . 2009-02-14 00:58 921 --a------ c:\windows\QSFVExit.bat 2009-02-13 13:10 . 2009-02-13 13:10 d-------- c:\documents and settings\All Users\Application Data\DivoGames 2009-02-13 13:05 . 2009-02-13 13:05 d-------- c:\windows\Be Rich 2009-02-13 13:05 . 2009-02-13 13:07 d-------- c:\program files\Be Rich 2009-02-09 15:10 . 2009-02-09 15:10 d-------- c:\windows\Farm Craft 2009-02-09 15:10 . 2009-02-09 15:10 d-------- c:\program files\Farm Craft 2009-02-09 15:10 . 2009-02-09 15:10 d-------- c:\documents and settings\All Users\Application Data\NevoSoft Games 2009-02-05 14:11 . 2009-02-05 14:11 d-------- c:\program files\Microsoft Works 2009-02-05 14:11 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-02-05 14:10 . 2009-02-05 14:10 d-------- c:\program files\Microsoft.NET 2009-02-05 14:08 . 2009-02-05 14:08 d-------- c:\windows\SHELLNEW 2009-02-05 14:08 . 2009-02-05 14:12 d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-05 14:07 . 2009-02-05 14:07 dr-h----- C:\MSOCache 2009-02-04 17:45 . 2009-02-04 17:45 44 --a------ c:\windows\liveup.ini 2009-01-29 15:43 . 2009-01-29 15:44 d-------- c:\documents and settings\a2\Application Data\Go-Go Gourmet Chef of the Year 2009-01-29 14:03 . 2009-02-12 15:16 d-------- C:\games 2009-01-29 14:02 . 2009-01-29 14:02 d-------- c:\windows\Go-Go Gourmet 2 - Chef of the Year 2009-01-29 14:02 . 2009-01-29 14:02 d-------- c:\windows\Cooking Dash 2009-01-29 14:02 . 2009-01-29 14:02 d-------- c:\program files\Go-Go Gourmet 2 - Chef of the Year 2009-01-29 14:02 . 2009-01-29 14:02 d-------- c:\program files\Cooking Dash 2009-01-29 11:31 . 2009-01-29 11:31 d-------- c:\documents and settings\a2\Application Data\Application Data 2009-01-27 12:21 . 2009-01-27 12:21 d-------- c:\program files\Turbo Pizza 2009-01-24 18:57 . 2009-01-24 18:57 d-------- c:\program files\Alawar 2009-01-24 14:33 . 2009-01-24 14:33 d-------- c:\windows\Turbo Fiesta 2009-01-24 14:33 . 2009-01-24 14:34 d-------- c:\program files\Turbo Fiesta 2009-01-22 00:08 . 2009-01-22 00:08 d-------- c:\documents and settings\a2\Application Data\vlc 2009-01-19 10:46 . 2009-01-19 16:06 d-------- c:\documents and settings\a2\Application Data\skypePM 2009-01-19 10:46 . 2009-01-19 10:46 56 --ah----- c:\windows\system32\ezsidmv.dat 2009-01-19 10:42 . 2009-02-14 00:49 d-------- c:\documents and settings\All Users\Application Data\Skype 2009-01-18 02:12 . 2009-01-18 02:12 d-------- c:\program files\Smart-Shopper 2009-01-18 02:12 . 2009-02-13 11:05 d-------- c:\documents and settings\a2\Application Data\Smart-Shopper . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-18 13:32 --------- d-----w c:\program files\Wanadoo 2009-02-18 13:31 --------- d-----w c:\program files\eMule 2009-02-18 12:23 --------- d-----w c:\program files\InstantTouch 2009-02-15 11:08 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-14 01:26 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-02-14 01:24 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-24 13:34 --------- d-----w c:\documents and settings\All Users\Application Data\Oberon Games 2009-01-24 13:34 --------- d-----w c:\documents and settings\a2\Application Data\Oberon Games 2008-12-21 12:31 --------- d-----w c:\documents and settings\All Users\Application Data\HipSoft 2008-10-20 12:52 19,610 ----a-w c:\documents and settings\a2\Application Data\usynyboz.exe 2008-10-20 12:52 13,326 ----a-w c:\documents and settings\a2\Application Data\nedamatuqi.bin 2008-10-20 09:40 18,557 ----a-w c:\program files\Fichiers communs\ijisesovof.exe 2008-10-20 09:40 18,366 ----a-w c:\documents and settings\All Users\Application Data\equk.sys 2008-10-20 09:40 18,149 ----a-w c:\program files\Fichiers communs\poxaho.com 2008-10-20 09:40 14,928 ----a-w c:\documents and settings\All Users\Application Data\qaquha.bin 2008-10-20 09:18 16,161 ----a-w c:\program files\Fichiers communs\dejesusoxu.bin 2008-10-20 09:18 15,333 ----a-w c:\documents and settings\a2\Application Data\vyhyv.vbs 2008-10-20 09:18 11,584 ----a-w c:\program files\Fichiers communs\mymig.dat 2008-10-20 09:18 10,516 ----a-w c:\documents and settings\All Users\Application Data\yvukujocin.exe 2008-10-20 09:12 18,959 ----a-w c:\program files\Fichiers communs\igew.bin 2008-10-20 09:12 16,569 ----a-w c:\documents and settings\All Users\Application Data\axygybu.pif 2008-10-20 09:12 16,467 ----a-w c:\program files\Fichiers communs\onejujav._sy 2008-10-20 09:12 13,376 ----a-w c:\program files\Fichiers communs\sudy.pif 2008-10-20 09:12 12,668 ----a-w c:\documents and settings\All Users\Application Data\odukacadoz.vbs 2008-10-20 09:12 12,410 ----a-w c:\program files\Fichiers communs\toto.reg 2008-10-20 09:12 11,986 ----a-w c:\documents and settings\a2\Application Data\awysuz.bat 2008-10-20 09:12 11,460 ----a-w c:\documents and settings\a2\Application Data\upiv.exe 2005-12-31 22:42 18,180 ----a-w c:\documents and settings\All Users\Application Data\ahivecy.pif 2005-12-31 22:42 18,051 ----a-w c:\documents and settings\All Users\Application Data\enowa.dll 2005-12-31 22:42 16,144 ----a-w c:\documents and settings\a2\Application Data\zigetif.bat 2005-12-31 22:42 10,976 ----a-w c:\documents and settings\a2\Application Data\ikit.com 2005-12-31 23:25 0 -csha-w c:\windows\SMINST\HPCD.sys 2008-03-28 09:58 328 -csh--r c:\windows\system32\[u]0/uD5636B84E.sys 2008-03-28 09:58 8,354 -csha-w c:\windows\system32\KGyGaAvL.sys 2008-10-20 09:07 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008102020081021\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}] 2008-10-07 16:50 1172952 --a------ c:\program files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304] "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] "eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-02 5484544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-04-06 385024] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "EPSON PictureMate 100"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAKE.EXE" [2005-05-06 98304] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-19 185896] "AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 c:\windows\RTHDCPL.exe] "NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-02 113664] Hyperappel du Petit Larousse 2008.lnk - c:\program files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe [2006-01-01 237568] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2007-11-15 18:46 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\Program Files\InstantTouch\bin\CmCenterV2.exe"= "c:\Program Files\Real\RealPlayer\realplay.exe"= "c:\Program Files\eMule\emule.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "%windir%\system32\sessmgr.exe"= "c:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe"= "c:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "c:\Program Files\Windows Live\Messenger\livecall.exe"= "c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= "c:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe"= "c:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "4673:UDP"= 4673:UDP:emule_udp "4663:TCP"= 4663:TCP:emule_tcp "5353:TCP"= 5353:TCP:Adobe CSI CS4 "56370:TCP"= 56370:TCP:Pando P2P TCP Listening Port "56370:UDP"= 56370:UDP:Pando P2P UDP Listening Port [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) R0 ufpwegnw;ufpwegnw;c:\windows\system32\drivers\ibzcbwcm.dat --> c:\windows\system32\drivers\ibzcbwcm.dat [?] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-03-23 46112] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?] S3 Aarvepamek;Aarvepamek; [x] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-01-25 25088] S4 LMIRfsClientNP;LMIRfsClientNP; [x] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cd0efc1-20c8-11db-9f78-806d6172696f}] \Shell\AutoRun\command - D:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff0b4618-7a92-11da-8f73-001558536931}] \Shell\AutoRun\command - F:\ClickMe.exe . - - - - ORPHELINS SUPPRIMES - - - - BHO-{D776914F-A4AA-4B6C-AEB5-91B66DCD5B08} - c:\windows\system32\bidisp.dll SafeBoot-TDSSrvdc.sys . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: { - c:\program files\Messenger\msmsgs.exe IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\a2\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {6FAC4823-815E-4361-836E-46D65ED2550B} - c:\program files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {4CF088BD-BE95-40a5-BE9B-677F8683EDEA} - c:\program files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll Trusted Zone: canalplay.com Trusted Zone: canalplusactive.com TCP: {171F54D1-6847-431D-9E14-100BE4571567} = 192.168.1.1 TCP: {C8EE5C42-1098-4FC6-A65F-517CC729FAD9} = 208.67.220.220,208.67.222.222 DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - hxxp://data.jeuxclassiques.com/npwwg.cab DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} - file:///C:/Documents%20and%20Settings/a2/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2_fr.1.0.0.70.cab DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://config.zebulon.fr/plugins/hardwaredetection.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game11.zylom.com/activex/zylomgamesplayer.cab DPF: {C6E9F0B8-AFEA-46F3-831B-612E97381ABA} - hxxp://www.imvu.com/activex/imvustreamer.cab DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - file:///C:/Documents%20and%20Settings/a2/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash.1.0.0.98.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-18 14:32:39 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ufpwegnw] "ImagePath"="system32\drivers\ibzcbwcm.dat" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Local AppWizard-Generated Applications\JMRaidTool] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Local AppWizard-Generated Applications\JMRaidTool\Recent File List] @DACL=(02 0000) [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Microsoft\MediaPlayer\Preferences\EqualizerSettings] @DACL=(02 0000) @SACL= "Bypass"=dword:00000000 "Preset"=dword:00000000 "Level1"=hex:d2,37,5b,40 "Level2"=hex:17,01,1b,40 "Level3"=hex:b1,5c,f7,3f "Level4"=hex:32,8d,23,40 "Level5"=hex:50,31,87,40 "Level6"=hex:c9,a1,89,40 "Level7"=hex:0f,04,53,40 "Level8"=hex:f5,a7,c8,3f "Level9"=hex:56,92,37,3f "Level10"=hex:55,55,15,40 "EnhancedAudio"=dword:00000000 "SpeakerSize"=dword:00000001 "TruBassLevel"=hex:00,00,a0,40 "WowLevel"=hex:00,00,d0,40 "Normalization"=dword:00000000 "CrossFade"=dword:00000000 "CrossFadeWindow"=dword:00000000 [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Microsoft\MediaPlayer\Preferences\Library] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Microsoft\MediaPlayer\Preferences\Library\mlAlbum] @DACL=(02 0000) "SaveLaunchIndex"=dword:00000110 "SortOrder"="DisplayArtist" "SortAscending"=dword:00000001 [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Microsoft\MediaPlayer\Preferences\Library\mlAllClips] @DACL=(02 0000) "SaveLaunchIndex"=dword:000000aa "SortOrder"="" "SortAscending"=dword:00000001 [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Microsoft\MediaPlayer\Preferences\Library\mlAllTV] @DACL=(02 0000) "SaveLaunchIndex"=dword:000000aa "SortOrder"="" "SortAscending"=dword:00000001 [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Microsoft\MediaPlayer\Preferences\Library\mlArtist] @DACL=(02 0000) "SaveLaunchIndex"=dword:0000012c "SortOrder"="DisplayArtist" "SortAscending"=dword:00000001 [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Microsoft\MediaPlayer\Preferences\Library\mlDisplayArtist] @DACL=(02 0000) "SaveLaunchIndex"=dword:00000112 "SortOrder"="DisplayArtist" "SortAscending"=dword:00000001 [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Microsoft\MediaPlayer\Preferences\Library\mlGenre] @DACL=(02 0000) "SaveLaunchIndex"=dword:00000111 "SortOrder"="DisplayArtist" "SortAscending"=dword:00000001 [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Microsoft\MediaPlayer\Preferences\Library\mlMusicUserRatings] @DACL=(02 0000) "SaveLaunchIndex"=dword:0000004a "SortOrder"="DisplayArtist" "SortAscending"=dword:00000001 [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Microsoft\MediaPlayer\Preferences\Library\mlNewItems] @DACL=(02 0000) "SaveLaunchIndex"=dword:000000aa "SortOrder"="" "SortAscending"=dword:00000001 [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Microsoft\MediaPlayer\Preferences\Library\mlNowPlaying] @DACL=(02 0000) "SaveLaunchIndex"=dword:000000ab "SortOrder"="" "SortAscending"=dword:00000001 [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Microsoft\MediaPlayer\Preferences\Library\mlOther] @DACL=(02 0000) "SaveLaunchIndex"=dword:00000006 "SortOrder"="" "SortAscending"=dword:00000001 [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Microsoft\MediaPlayer\Preferences\Library\mlPlaylist] @DACL=(02 0000) "SaveLaunchIndex"=dword:000001e9 "SortOrder"="" "SortAscending"=dword:00000001 [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Microsoft\MediaPlayer\Preferences\Library\mlSearch] @DACL=(02 0000) "SaveLaunchIndex"=dword:000001f4 "SortOrder"="DisplayArtist" "SortAscending"=dword:00000001 [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Microsoft\MediaPlayer\Preferences\Library\mlSubAlbum] @DACL=(02 0000) "SaveLaunchIndex"=dword:0000012c "SortOrder"="DisplayArtist" "SortAscending"=dword:00000001 [HKEY_USERS\S-1-5-21-203540520-682203195-3668217833-1007\Software\Microsoft\MediaPlayer\Preferences\ProxySettings] @DACL=(02 0000) @SACL= [HKEY_LOCAL_MACHINE\software\JMICRON Technologies, Inc.\JRAID] @DACL=(02 0000) @SACL= [HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup] @DACL=(02 0000) @SACL= [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0] @DACL=(02 0000) @SACL= [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services] @DACL=(02 0000) @SACL= "NoServices"=dword:00000000 [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings] @DACL=(02 0000) @SACL= [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{B3FBFCF3-DAE7-4B60-B632-FFFCBDD262A8}] @DACL=(02 0000) @SACL= "FriendlyName"="res://mswmccpl.dll/RT_STRING/#101" "Description"="res://mswmccpl.dll/RT_STRING/#102" "Capabilities"=dword:00000002 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Connect\Devices] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Connect\MAC Access Control] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Connect\Setup] @DACL=(02 0000) @SACL= "Uninstall"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS] @DACL=(02 0000) @SACL= "ProgID"="MsScp.SCPTRANS.1" [HKEY_LOCAL_MACHINE\software\mpDRM\LicenseStore*] @DACL= [HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek High Definition Audio Driver] @DACL=(02 0000) @SACL= . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(716) c:\windows\system32\LMIinit.dll c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\windows\system32\FTRTSVC.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PSIService.exe c:\windows\system32\rundll32.exe c:\program files\Wanadoo\TaskBarIcon.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\No-IP\DUC20.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-02-18 14:35:19 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-18 13:35:16 Avant-CF: 59,974,885,376 octets libres Après-CF: 60,229,685,248 octets libres 406 --- E O F --- 2009-01-15 02:05:30

olinkette · Answer

au passage   avira a reussi a update !!!

 et mon defragmenteur remarche !!!  merci infiniment !!

est ce que tu sais d'ou tout ces prob ont survenus ?

 merci encore !!!

jlpjlp · Answer

cela venait d'une infection tdss . Désactive ta restauration système puis redémarre ton ordi puis réactive la . Ensuite colle un rapport avec antivir après activation de la recherche des rootkits dans les options . Et remets ensuite un rapport rsit    . À plus

Redirection google

9 réponses

Discussions similaires

Newsletters