VIRUS google

VIRUS google - Sécurité - Virus

Recherche Recherche
Règles Règles
Aide Aide

TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !

Se connecter | Inscription

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : VIRUS google

AmbrionX

Profil : IDNaute

Plus d'informations

15-09-2008 à 18:49:07

Bonjour ,
Voila mon probleme :

J'ai un virus qui me redirige vers une page publicitaire a chaque fois que je clique sur un lien de google quand j'ai fais une recherche. c'est assez voir
très embêtant. et je voudrais savoir si vous aviez une solution s'il vous plait .

j'ai fais un scan hijackthis et un fixwareout

Voici les rapports

HIJACK:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:28, on 15/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\HPZipm12.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\wscntfy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\windows\vVX3000.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\RTHDCPL.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_ [...] TbId=66027
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsec [...] rf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: XBTP05231 Class - {031F120A-BBAF-45d8-B306-375F2A6B9398} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A944F455-E460-479C-85C2-FB165E5931AB} - C:\windows\system32\pmnno.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C9284271-BBEB-4D42-933D-D95E9F47D0A3} - C:\windows\system32\pmnonnOi.dll (file missing)
O2 - BHO: (no name) - {F9C44C0B-D269-4746-894B-912E3CE1CEE6} - (no file)
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [VX3000] C:\windows\vVX3000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Dart trust] C:\DOCUME~1\JULIEN~1\APPLIC~1\MP3GRE~1\ball inter bows.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKCU\..\Policies\Explorer\Run: [{3C52FB74-07DA-1036-1110-051026040021}] "C:\Program Files\Fichiers communs\{3C52FB74-07DA-1036-1110-051026040021}\Update.exe" mc-110-12-0000272
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Julien²\Menu Démarrer\Programmes\CarbonPoker\CarbonPoker.lnk (HKCU)
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mi [...] 2961930953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 2961922812
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - Z:\Program Files\NFS p\PB\PnkBstrA.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\windows\SYSTEM32\VundoFixSVC.exe
O24 - Desktop Component 0: (no name) - file:///CDOCUME~1/JULIEN~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

et FIXWAREOUT ;

Username "Juliený" - 15/09/2008 18:34:43 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Cache de résolution DNS vidé.

PC crashed or was not allowed to reboot.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\windows\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"ICQ Lite"="C:\\Program Files\\ICQLite\\ICQLite.exe -minimize"
"Wspn"=""
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"VX3000"="C:\\windows\\vVX3000.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime Alternative\\qttask.exe\" -atboottime"
"ppmate"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe -autoplay"
"LifeCam"="\"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe\""
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe -expressboot"
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\windows\\system32\\NvMcTray.dll,NvTaskbarInit"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="\"c:\\program files\\steam\\steam.exe\" -silent"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Dart trust"="C:\\DOCUME~1\\JULIEN~1\\APPLIC~1\\MP3GRE~1\\ball inter bows.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ctfmon.exe"="C:\\windows\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Message édité par AmbrionX le 16-09-2008 à 23:12:08

Liens sponsorisés

Inscrivez-vous ou connectez-vous pour masquer ceci.

Angeldark

Profil : Helper

Plus d'informations

15-09-2008 à 19:02:07

Masquer

Bonjour,

Télécharge Catchme (Gmer) sur ton Bureau.
Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse.

---------------
Prévention & Protection||Vous m'aimez ? Cliquez :o

AmbrionX

Profil : IDNaute

Plus d'informations

15-09-2008 à 20:43:32

Masquer

Voila le rapport

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

HKLM\SYSTEM\CurrentControlSet\Services\TDTCPerv

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\Julien¦\Local Settings\Temp\TDSSf66b.tmp 688128 bytes
C:\WINDOWS\system32\drivers\tdssserv.sys 36864 bytes
C:\WINDOWS\system32\tdssadw.dll 32768 bytes
C:\WINDOWS\system32\tdssinit.dll 61440 bytes
C:\WINDOWS\system32\tdssl.dll 20480 bytes
C:\WINDOWS\system32\tdsslog.dll 12288 bytes
C:\WINDOWS\system32\tdssmain.dll 12288 bytes
C:\WINDOWS\system32\tdssserf.dll 12288 bytes
C:\WINDOWS\system32\tdssservers.dat 176 bytes
C:\WINDOWS\Temp\TDSS968e.tmp 384 bytes

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 10

Angeldark

Profil : Helper

Plus d'informations

15-09-2008 à 21:47:36

Masquer

Re,

http://toolbarsd.googlepages.com/KillTD.zip
Dézippe-le sur ton Bureau, lance kill.cmd.

---------------
Prévention & Protection||Vous m'aimez ? Cliquez :o

AmbrionX

Profil : IDNaute

Plus d'informations

15-09-2008 à 22:20:50

Masquer

j'ai fait cela mais il ne c'est rien passé , il ya eu une fenetre cmd disant qu'il y avait de fichier i,trouvable et elle a disparue apres

Angeldark

Profil : Helper

Plus d'informations

16-09-2008 à 12:25:04

Masquer

Refais un scan Catchme.

---------------
Prévention & Protection||Vous m'aimez ? Cliquez :o

AmbrionX

Profil : IDNaute

Plus d'informations

16-09-2008 à 19:21:02

Masquer

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

HKLM\SYSTEM\CurrentControlSet\Services\TDTCPerv

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\Julien²\Local Settings\Temp\TDSSf66b.tmp 688128 bytes
C:\WINDOWS\system32\drivers\tdssserv.sys 36864 bytes
C:\WINDOWS\system32\tdssadw.dll 32768 bytes
C:\WINDOWS\system32\tdssinit.dll 61440 bytes
C:\WINDOWS\system32\tdssl.dll 20480 bytes
C:\WINDOWS\system32\tdsslog.dll 12288 bytes
C:\WINDOWS\system32\tdssmain.dll 12288 bytes
C:\WINDOWS\system32\tdssserf.dll 12288 bytes
C:\WINDOWS\system32\tdssservers.dat 176 bytes
C:\WINDOWS\Temp\TDSS968e.tmp 384 bytes

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 10

AmbrionX

Profil : IDNaute

Plus d'informations

16-09-2008 à 19:26:11

Masquer

desolé je me suis trompé :

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

HKLM\SYSTEM\CurrentControlSet\Services\TDTCPerv

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\Julien▓\Local Settings\Temp\TDSSf66b.tmp 688128 bytes

Angeldark

Profil : Helper

Plus d'informations

16-09-2008 à 20:08:31

Masquer

Reposte un rapport Hijackthis.

---------------
Prévention & Protection||Vous m'aimez ? Cliquez :o

AmbrionX

Profil : IDNaute

Plus d'informations

16-09-2008 à 23:11:00

Masquer

et voici le rapport hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:10:50, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\windows\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ICQLite\ICQLite.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\vVX3000.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\HPZipm12.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\windows\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\RTHDCPL.EXE
C:\windows\system32\wscntfy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\windows\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_ [...] TbId=66027
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsec [...] rf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: XBTP05231 Class - {031F120A-BBAF-45d8-B306-375F2A6B9398} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A944F455-E460-479C-85C2-FB165E5931AB} - C:\windows\system32\pmnno.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C9284271-BBEB-4D42-933D-D95E9F47D0A3} - C:\windows\system32\pmnonnOi.dll (file missing)
O2 - BHO: (no name) - {F9C44C0B-D269-4746-894B-912E3CE1CEE6} - (no file)
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [VX3000] C:\windows\vVX3000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Dart trust] C:\DOCUME~1\JULIEN~1\APPLIC~1\MP3GRE~1\ball inter bows.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKCU\..\Policies\Explorer\Run: [{3C52FB74-07DA-1036-1110-051026040021}] "C:\Program Files\Fichiers communs\{3C52FB74-07DA-1036-1110-051026040021}\Update.exe" mc-110-12-0000272
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Julien²\Menu Démarrer\Programmes\CarbonPoker\CarbonPoker.lnk (HKCU)
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mi [...] 2961930953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 2961922812
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - Z:\Program Files\NFS p\PB\PnkBstrA.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - At

Dans l'actualité

Le Kama Sutra se propage dans Google

Google sécurise les mails des entreprises

Atak : le virus intelligent ?

Quand un ver se prend pour Google

Les téléchargements

Ressources relatives

Albums

Les derniers dossiers

Le comparatif des casques antibruit de 2008

7 jours avec Windows 7 : nos impressions

Ces entreprises high-tech au passé étonnant

TouchSmart : test des PC tactiles HP

Les offres partenaires