Redirection Windows Update ----> Google
Forum Sécurité - Virus : Redirection Windows Update ----> Google
Bonjour et bonsoir à tous , comme indiqué dans le titre j'ai un problème lorsque je veux allé faire les updates de Windows . J'ai fait quelques recherches sur le net mais je ne voulais pas faire tout planté ! Donc je fait appelle à vous en espérant réglez mon problème 
.
Avant tout , voici un image dans connexion réseau :
http://img8.imageshack.us/img8/319/connexionreseau.jpg
Pourtant je n'est jamais demandé à avoir cette IP DNS . Si je coche "Obtenir les adresses des serveurs DNS automatiquement" si je quitte il sera de nouveau sur "Utilisé l'adresse de serveur DNS suivant" . Avec ça je ne peux pas navigué avec http://google.ca car cela m'amène sur des sites erronés ou aucun rapport , et encore plus de problème .
Ensuite il y a mon problème avec la redirection de Windows Update sur Google ...
Voici un rapport Hitjackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:43:49, on 2009-05-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svcadmin.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vsnpstd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Common\RaUI.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Documents and Settings\Adminstrateur\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Adminstrateur\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\wamp\wampmanager.exe
c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
C:\Program Files\Teamspeak2_RC2\server_windows.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Super macro\super_macro.exe
C:\Program Files\Teamspeak2_RC22\TeamSpeak.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Adminstrateur\Bureau\World of Warcraft 2.4.3\vmapextract_v2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BroadCamRun] "C:\Program Files\NCH Software\BroadCam\broadCam.exe" -logon
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BudgetSip] "C:\Program Files\BudgetSip.com\BudgetSip\BudgetSip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [AlerteD] C:\Program Files\Alerte Dolphin\Alerte.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutoClick.lnk = C:\Program Files\AutoClick\AutoClick.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Adminstrateur\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: DYNDNSCLIENT.lnk = C:\Program Files\darweb-dyndnsclient\dyndnsclient.exe
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 8007643195
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmana [...] .2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D14DB62-4C4B-4FCB-818E-71F7A6CCC65D}: NameServer = 85.255.115.50,85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB9B6678-7026-496E-A217-02C92839C38A}: NameServer = 85.255.115.50,85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\..\{C050E60A-B913-43A4-A110-8127A2997EC5}: NameServer = 85.255.113.117;85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCF7B429-5E33-4EDD-92D4-1BDE435448E1}: NameServer = 85.255.115.50,85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA785A41-A335-45C4-98C1-FC005A45215F}: NameServer = 85.255.115.50,85.255.112.154
O17 - HKLM\System\CS12\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154
O17 - HKLM\System\CS13\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154
O17 - HKLM\System\CS14\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadCam.exe
O23 - Service: Client32 - Unknown owner - C:\Program Files\NetSupport\NetSupport Manager\client32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9bbf4ad401b26) (gupdate1c9bbf4ad401b26) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
--
End of file - 13129 bytes
En espérant une âme généreuse capable de m'aidé
Cordialement
Pomax
Message édité par pomax le 14-05-2009 à 07:48:21
Un petit U.p. s'il vous plaît .
Certains trucs me parraisse étrange dans mon log de Hitjackthis . Mais je ne veux pas trop m'avancé .
Cordialement
Pomax
"Télécharge MalwareByte's Anti-Malware sur ton Bureau." Si j'essaie de download par MajorGeek j'ai ça :
Firefox ne peut trouver le serveur à l'adresse store.malwarebytes.org.
Si j'essaie avec l'autre lien :
Firefox ne peut trouver le serveur à l'adresse www.malwarebytes.org.
Est-ce que la dernière version est 1.36 ? Si oui , je les téléchargé hier ... ( coup de chance ... ) donc je vais faire un scan avec celui là et je vous envoie le rapport .
Merci de ton aide
Cordialement
Pomax
Message édité par pomax le 14-05-2009 à 19:28:53
Fais ça oui 
Répondre à Angeldark
Voici le rapport
ComboFix 09-05-15.01 - Adminstrateur 2009-05-15 22:03.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1023.451 [GMT -4:00]
Lancé depuis: c:\documents and settings\Adminstrateur\Bureau\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-16 au 2009-05-16 ))))))))))))))))))))))))))))))))))))
.
2009-05-16 01:10 . 2009-05-16 01:10 -------- d-----w c:\documents and settings\Adminstrateur\Application Data\AVG8
2009-05-15 16:06 . 2009-03-11 02:26 1438080 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-05-15 16:06 . 2009-03-11 02:18 454024 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-05-15 16:06 . 2009-05-15 16:06 -------- d-----w c:\windows\system32\KB905474
2009-05-15 05:48 . 2009-05-15 05:48 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-05-15 02:26 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-15 02:26 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll
2009-05-15 02:26 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-05-15 02:26 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-05-15 02:26 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-05-15 02:26 . 2009-02-09 10:53 685568 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-05-15 02:26 . 2009-02-09 10:53 735744 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-05-15 02:26 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-15 02:26 . 2009-02-09 10:53 739840 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-05-15 02:24 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll
2009-05-15 02:24 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-05-14 17:29 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-14 17:29 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-14 15:08 . 2009-05-14 15:08 -------- d-----w c:\documents and settings\Adminstrateur\Application Data\Thinstall
2009-05-14 06:46 . 2009-05-14 06:47 -------- d-----w c:\documents and settings\Adminstrateur\Application Data\gtk-2.0
2009-05-14 06:46 . 2009-05-14 06:49 -------- d-----w c:\documents and settings\Adminstrateur\Application Data\TortoiseHg
2009-05-14 05:24 . 2009-05-14 17:29 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-14 04:48 . 2009-05-14 04:48 -------- d-----w c:\program files\TortoiseHg
2009-05-10 02:06 . 2009-05-10 02:07 -------- d-----w c:\program files\Hamachi
2009-05-06 04:09 . 2009-05-06 04:09 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-27 22:33 . 2009-04-27 22:33 -------- d-----w c:\program files\Guitar Pro 5
2009-04-25 05:15 . 2009-05-15 05:51 -------- d-----w c:\program files\Super macro
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 01:55 . 2008-07-18 03:58 -------- d-----w c:\program files\Teamspeak2_RC2
2009-05-15 16:12 . 2008-07-20 06:28 -------- d-----w c:\program files\Microsoft Silverlight
2009-05-15 05:48 . 2008-12-28 17:04 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-15 05:48 . 2008-12-28 17:04 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-14 04:55 . 2009-04-02 11:51 -------- d-----w c:\program files\World of Warcraft
2009-05-14 04:55 . 2009-04-10 03:17 -------- d-----w c:\program files\Warcraft III
2009-05-12 23:25 . 2009-04-13 04:59 -------- d-----w c:\program files\Google
2009-05-10 19:20 . 2008-05-20 23:37 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-04-27 22:37 . 2008-04-16 22:09 457672 ----a-w c:\documents and settings\Adminstrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-25 05:29 . 2009-04-13 06:50 -------- d-----w c:\program files\NCH Software
2009-04-25 01:18 . 2009-02-05 00:48 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-19 02:01 . 2008-05-03 14:42 -------- d-----w c:\program files\Valve
2009-04-14 03:27 . 2009-04-14 01:27 -------- d-----w c:\program files\Alerte Dolphin
2009-04-13 19:07 . 2009-04-13 19:06 -------- d-----w c:\program files\LimeWire
2009-04-13 18:08 . 2009-04-13 18:07 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-13 06:51 . 2009-04-13 06:51 -------- d-----w c:\program files\NCH Swift Sound
2009-04-13 01:53 . 2009-04-13 01:53 -------- d-----w c:\program files\AutoIt3
2009-04-10 00:36 . 2009-04-09 23:39 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-04-05 03:41 . 2009-02-05 01:00 -------- d-----w c:\program files\Warcraft III autres fichiers
2009-04-03 03:59 . 2009-03-30 23:55 -------- d-----w c:\program files\Xfire
2009-04-02 01:15 . 2008-04-13 15:31 -------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2009-03-28 06:19 . 2009-03-28 06:19 3120 ----a-w c:\windows\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
2009-03-26 20:42 . 2009-02-04 23:19 552 ----a-w c:\windows\system32\d3d8caps.dat
2009-03-23 22:32 . 2008-11-06 22:08 -------- d-----w c:\program files\Dyyno
2009-03-22 06:22 . 2009-03-22 06:20 -------- d-----w c:\program files\Webcam and Screen Recorder
2009-03-22 06:18 . 2009-03-22 06:18 -------- d-----w c:\program files\Wisdom-soft AutoScreenRecorder 3 Pro
2009-03-21 21:56 . 2009-03-21 21:53 -------- d-----w c:\program files\VentSrv
2009-03-21 21:52 . 2009-03-21 06:17 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-21 06:18 . 2008-04-26 23:47 -------- d-----w c:\program files\VentSrv2
2009-03-21 06:17 . 2009-03-21 06:17 -------- d-----w c:\program files\Ventrilo
2009-03-20 22:26 . 2009-03-20 22:26 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-03-20 22:15 . 2008-04-12 18:35 -------- d-----w c:\program files\Notepad++
2009-03-06 14:20 . 2006-01-05 14:32 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2006-01-05 14:32 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 18:10 . 2009-04-13 18:07 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-28 03:47 . 2009-01-15 17:16 0 ----a-w c:\documents and settings\Adminstrateur\Local Settings\Application Data\prvlcl.dat
2009-02-20 17:10 . 2006-01-05 14:32 78336 ----a-w c:\windows\system32\ieencode.dll
2008-05-18 23:14 . 2008-05-18 23:14 8238080 ----a-w c:\program files\HTML Guardian 7.msi
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"FreeCall"="c:\program files\FreeCall.com\FreeCall\FreeCall.exe" [2008-09-01 9109296]
"AlerteD"="c:\program files\Alerte Dolphin\Alerte.exe" [2006-06-29 768000]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-04-19 1410296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-01-05 40960]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-15 1947928]
"BroadCamRun"="c:\program files\NCH Software\BroadCam\broadCam.exe" [2009-04-13 368644]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-15 05:48 11952 ----a-w c:\windows\system32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\games\\Paintball2\\paintball2.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8767:TCP"= 8767:TCP:TS
"8767:UDP"= 8767:UDP:TS
"14534:TCP"= 14534:TCP:TS
"14534:UDP"= 14534:UDP:TS
"3389:TCP"= 3389:TCP:*
isabled:@xpsp2res.dll,-22009
"8085:TCP"= 8085:TCP:wow1
"8085:UDP"= 8085:UDP:wow2
"3724:TCP"= 3724:TCP:wow3
"3724:UDP"= 3724:UDP:wow5
"3306:TCP"= 3306:TCP:wow6
"3306:UDP"= 3306:UDP:wow7
"80:UDP"= 80:UDP:wow9
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-28 325896]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-01-10 160792]
R2 Anyplace Control Security;Anyplace Control Security;c:\windows\svcadmin.exe [2008-06-15 104960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-05-15 298776]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S2 BroadCamService;BroadCam Service;c:\program files\NCH Software\BroadCam\broadCam.exe [2009-04-13 368644]
S2 gupdate1c9bbf4ad401b26;Google Update Service (gupdate1c9bbf4ad401b26);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 133104]
S3 cpuz131;cpuz131;\??\c:\docume~1\ADMINS~1\LOCALS~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\ADMINS~1\LOCALS~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 DBKDRVR54;DBKDRVR54;\??\c:\program files\Cheat Engine\dbk32.sys --> c:\program files\Cheat Engine\dbk32.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 uwshcbq;uwshcbq;\??\c:\documents and settings\Adminstrateur\Bureau\Nouveau dossier\uwshcbq.sys --> c:\documents and settings\Adminstrateur\Bureau\Nouveau dossier\uwshcbq.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34256ec4-7650-11dd-99ad-001d921c0b0b}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34256ec5-7650-11dd-99ad-001d921c0b0b}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com h:
\Shell\Open\command - g:\resycled\boot.com h:
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2CF0B1C5-A00D-46F6-3742-B1B8E7C02113}]
c:\program files\Outlook Express\msinm.exe s
.
Contenu du dossier 'Tâches planifiées'
2009-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]
2009-05-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 04:59]
2009-05-16 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-15 02:18]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-BudgetSip - c:\program files\BudgetSip.com\BudgetSip\BudgetSip.exe
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Fichiers communs\PC Tools\LSP\PCTLsp.dll
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
FF - ProfilePath - c:\documents and settings\Adminstrateur\Application Data\Mozilla\Firefox\Profiles\7yk32vma.default\
FF - prefs.js: browser.startup.homepage - hxxp://pulsegaming.fr/site
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\documents and settings\Adminstrateur\Application Data\Mozilla\Firefox\Profiles\7yk32vma.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\Adminstrateur\Application Data\Mozilla\Firefox\Profiles\7yk32vma.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 22:05
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet015\Services\PSSdk21]
"ImagePath"="\??\c:\windows\system32\Drivers\HNPsSdk.drv"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-583907252-162531612-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{897E1E23-E7B5-CF88-083D-15051AC1039C}*]
"iajkkniklckippjlhn"=hex:6a,61,67,64,61,67,69,6a,6b,64,68,65,69,62,62,66,6e,61,
68,6b,00,13
"hadlameefhfeelmo"=hex:6a,61,67,64,61,67,69,6a,6b,64,68,65,69,62,62,66,6e,61,
68,6b,00,00
"haipcgopeglnmogk"=hex:66,61,65,64,6a,67,6b,6a,63,6d,68,64,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(860)
c:\program files\Fichiers communs\PC Tools\LSP\PCTLsp.dll
.
Heure de fin: 2009-05-16 22:07
ComboFix-quarantined-files.txt 2009-05-16 02:07
ComboFix2.txt 2008-12-27 23:58
Avant-CF: 5 978 095 616 octets libres
Après-CF: 6 193 270 784 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
Current=15 Default=15 Failed=14 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
275 --- E O F --- 2009-05-15 16:06
Rebonjour , désolé du temps de réponse 
Voici le LOG
apaSmitFraudFix v2.368
Rapport fait à 16:57:18,99, 2009-05-27
Executé à partir de C:\Documents and Settings\Adminstrateur\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix
Description: Broadcom NetXtreme Gigabit Ethernet for hp - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CCF7B429-5E33-4EDD-92D4-1BDE435448E1}: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix
Description: Broadcom NetXtreme Gigabit Ethernet for hp - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CCF7B429-5E33-4EDD-92D4-1BDE435448E1}: DhcpNameServer=192.168.0.1
Bon surf
Répondre à Angeldark
