Votre question

Resultats googles redirigés.

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Août 2009 00:08:27

Bonjour,

Depuis peu, lorsque je clique sur le lien d'un résultat google, je suis redirigés vers d'autres sites et même parfois, des ips...

Voici le rapport Hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:18:23, on 22/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\sySTEM32\SvchoSt.ExE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
E:\Logiciels\RocketDock\RocketDock.exe
E:\Logiciels\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\GigaTribe\gigatribe.exe
E:\Logiciels\Malwarebytes' Anti-Malware\mbam.exe
E:\Logiciels\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.cherche.us/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cherche.us/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "E:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "E:\Logiciels\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Logiciels\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9502 bytes

Merci d'avance.

Autres pages sur : resultats googles rediriges

a c 295 8 Sécurité
a b 9 Windows
22 Août 2009 00:19:39

Bonjour,

Le rapport HijackThis ne montre pas d'infection.

A mon avis, tu as des rootkits qui se cachent :

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    22 Août 2009 00:47:08

    ComboFix 09-08-20.07 - Vincent 22/08/2009 0:36.1.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.990.493 [GMT 2:00]
    Running from: c:\documents and settings\Vincent\Bureau\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090821-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\Vincent\LOCALS~1\Temp\1.wmv
    c:\documents and settings\Vincent\eula.txt
    c:\windows\010112010146120114.xe
    c:\windows\0101120101464949.xe
    c:\windows\Installer\20cf603.msi
    c:\windows\Installer\20cf604.msp
    c:\windows\Installer\20cf605.msp
    c:\windows\Installer\20cf606.msp
    c:\windows\Installer\20cf607.msp
    c:\windows\Installer\20cf608.msp
    c:\windows\Installer\20cf609.msp
    c:\windows\Installer\20cf60a.msp
    c:\windows\Installer\20cf60b.msp
    c:\windows\Installer\20cf60c.msp
    c:\windows\Installer\3d7785f.msi
    c:\windows\Installer\3d77860.msp
    c:\windows\Installer\3d77861.msp
    c:\windows\Installer\3d77862.msp
    c:\windows\Installer\3d77863.msp
    c:\windows\Installer\3d77864.msp
    c:\windows\Installer\3d77865.msp
    c:\windows\Installer\3d77866.msp
    c:\windows\Installer\3d77867.msp
    c:\windows\Installer\3d77868.msp
    c:\windows\pack.epk
    c:\windows\prxid93ps.dat
    c:\windows\system32\AutoRun.inf
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games
    -------\Service_SfX


    ((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
    .

    2009-08-20 20:28 . 2009-08-20 20:28 -------- d-----w- c:\documents and settings\Nadine Claude\Application Data\Malwarebytes
    2009-08-20 10:17 . 2009-08-20 10:17 -------- d-----w- c:\documents and settings\Vincent\Application Data\Malwarebytes
    2009-08-20 10:17 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-20 10:17 . 2009-08-20 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-08-20 10:17 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-19 20:19 . 2009-08-19 20:19 38016 ----a-w- c:\windows\system32\drivers\DnsFilter.sys
    2009-08-19 20:19 . 2009-08-19 20:19 -------- d-----w- c:\program files\DDnsFilter
    2009-08-15 18:44 . 2009-08-15 18:44 152576 ----a-w- c:\documents and settings\Vincent\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
    2009-08-13 02:16 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
    2009-07-23 17:29 . 2009-07-23 18:28 -------- d-----w- c:\windows\system32\Adobe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-20 09:45 . 2009-03-25 19:38 1 ----a-w- c:\documents and settings\Vincent\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-08-19 17:57 . 2009-04-25 18:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-08-15 18:45 . 2007-05-02 15:54 -------- d-----w- c:\program files\Java
    2009-08-05 09:00 . 2004-08-03 22:54 205312 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-01 07:09 . 2008-12-17 14:44 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-07-25 03:23 . 2008-12-21 08:09 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-19 14:51 . 2009-01-28 17:25 -------- d-----w- c:\program files\LG PC Suite II
    2009-07-19 14:05 . 2009-03-08 12:44 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
    2009-07-19 14:04 . 2009-03-08 12:42 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
    2009-07-18 19:08 . 2007-08-09 19:09 -------- d-----w- c:\program files\Messenger Plus! Live
    2009-07-17 19:03 . 2004-08-03 22:54 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-13 21:43 . 2004-08-03 22:54 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-06 15:36 . 2008-08-06 06:42 -------- d-----w- c:\documents and settings\Vincent\Application Data\GigaTribe
    2009-06-29 16:15 . 2009-06-29 16:11 -------- d-----w- c:\documents and settings\Vincent\Application Data\eMule
    2009-06-29 16:15 . 2007-04-21 16:55 -------- d-----w- c:\program files\eMule
    2009-06-26 16:50 . 2004-08-03 22:54 670720 ----a-w- c:\windows\system32\wininet.dll
    2009-06-26 16:50 . 2004-08-03 22:54 81920 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-25 08:26 . 2004-08-03 22:54 54272 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:26 . 2004-08-03 22:54 56832 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:26 . 2004-08-03 22:54 147456 ----a-w- c:\windows\system32\schannel.dll
    2009-06-25 08:26 . 2004-08-03 22:54 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-25 08:26 . 2004-08-03 22:54 736768 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:26 . 2004-08-03 22:54 301568 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-24 11:18 . 2004-08-03 20:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-06-19 15:26 . 2009-06-19 15:22 0 ----a-w- c:\documents and settings\Vincent\errorlog.tmp
    2009-06-16 14:40 . 2004-08-03 22:54 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:40 . 2002-09-07 00:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-15 10:44 . 2004-08-03 22:55 78848 ----a-w- c:\windows\system32\telnet.exe
    2009-06-15 10:44 . 2004-08-03 22:55 82944 ----a-w- c:\windows\system32\tlntsess.exe
    2009-06-13 09:47 . 2007-04-21 16:50 82760 ----a-w- c:\documents and settings\Nadine Claude\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-06-13 06:54 . 2007-04-22 17:13 82760 ----a-w- c:\documents and settings\Vincent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-06-10 14:14 . 2004-08-03 22:54 85504 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 07:21 . 2007-04-21 15:27 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-06-10 06:15 . 2004-08-03 22:54 132096 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-03 19:10 . 2004-08-03 22:54 1297408 ----a-w- c:\windows\system32\quartz.dll
    2009-06-01 15:07 . 2009-06-01 15:07 30544 ----a-w- c:\windows\dirdib.drv
    2009-06-01 15:07 . 2009-06-01 15:07 30272 ----a-w- c:\windows\macromix.dll
    2008-09-24 05:30 . 2007-04-22 15:03 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "RocketDock"="e:\logiciels\RocketDock\RocketDock.exe" [2007-03-18 630784]
    "DAEMON Tools"="e:\logiciels\DAEMON Tools\daemon.exe" [2007-08-16 167368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-28 86016]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-09-26 35328]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-24 29744]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
    "MsgCenterExe"="c:\program files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2009-01-05 69632]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-28 7573504]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Nadine Claude\Menu D‚marrer\Programmes\D‚marrage\
    GigaTribe.lnk - c:\program files\GigaTribe\gigatribe.exe [2008-8-6 1070592]
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
    Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-5-4 2913840]

    c:\documents and settings\Vincent\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
    Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-5-4 2913840]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\mcoinstall.exe"=
    "e:\\Vincent\\Jeux\\ET\\ET.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "e:\\Vincent\\Jeux\\SCDA\\SCDA-Offline\\System\\SplinterCell4.exe"=
    "e:\\Vincent\\Jeux\\MoH Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
    "e:\\Vincent\\Jeux\\SCDA\\SCDA-Online\\System\\SCDA_Online.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
    "e:\\Vincent\\Jeux\\Jeux gratuits\\CS2D\\CounterStrike2D.exe"=
    "c:\\Program Files\\GigaTribe\\gigatribe.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "e:\\Logiciels\\realplay.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "8085:TCP"= 8085:TCP:D dnsfilter

    R?2 ddnsfilter;ddnsfilter;c:\windows\sySTEM32\SvchoSt.ExE -k ddnsfilter [04/08/2004 00:55 14336]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/04/2008 09:52 114768]
    R1 DnsFilter;DnsFilter;c:\windows\system32\drivers\DnsFilter.sys [19/08/2009 22:19 38016]
    R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [09/02/2009 20:35 19572]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/04/2008 09:52 20560]
    S1 soqwx32;soqwx32;\??\c:\windows\system32\drivers\soqwx32.sys --> c:\windows\system32\drivers\soqwx32.sys [?]
    S3 f0c4d720-6651-423d-994c-a92e07bbd311;f0c4d720-6651-423d-994c-a92e07bbd311;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22/04/2007 17:03 29744]
    S3 Lbrteidsd;Lbrteidsd; [x]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    ddnsfilter REG_MULTI_SZ ddnsfilter
    .
    Contents of the 'Scheduled Tasks' folder

    2007-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]

    2009-08-20 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-21 20:18]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-DAEMON Tools - e:\daemon tools\daemon.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.cherche.us/
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    Trusted Zone: chat-land.org
    FF - ProfilePath - c:\documents and settings\Vincent\Application Data\Mozilla\Firefox\Profiles\znf49akl.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)
    FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:o fficial
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA3&q=
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npSton3D.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: e:\logiciels\Netscape6\nppl3260.dll
    FF - plugin: e:\logiciels\Netscape6\nprjplug.dll
    FF - plugin: e:\logiciels\Netscape6\nprpjplug.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-22 00:45
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1659004503-329068152-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:aa,a5,c3,d5,00,7d,79,cd,fe,44,80,c6,bf,1f,b3,fd,d6,fa,4f,8f,7a,ae,21,
    cf,d0,27,4d,2f,eb,65,de,6b,9e,a3,49,2a,68,9c,7a,b9,a2,55,7f,4e,5b,45,62,6a,\
    "??"=hex:8c,f2,20,ec,36,39,b9,15,1e,98,95,cc,4f,3c,42,3c

    [HKEY_USERS\S-1-5-21-1659004503-329068152-839522115-1004\Software\SecuROM\License information*]
    "datasecu"=hex:56,c3,c3,6b,b8,04,af,25,1d,e4,1b,99,be,14,23,22,44,09,b4,68,4d,
    69,0a,79,a9,84,6e,69,76,52,7a,27,b1,be,6a,12,dc,2a,99,6c,51,72,f7,5b,da,4f,\
    "rkeysecu"=hex:64,95,f4,76,bf,69,0f,9e,1b,16,fb,3d,58,55,9f,6b
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3844)
    e:\logiciels\RocketDock\RocketDock.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\program files\HP\Digital Imaging\bin\hpqste08.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-21 0:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-21 22:49

    Pre-Run: 19 819 380 736 octets libres
    Post-Run: 21 765 283 840 octets libres

    Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    307 --- E O F --- 2009-08-20 07:17


    Voilà !
    Contenus similaires
    a c 295 8 Sécurité
    a b 9 Windows
    22 Août 2009 00:56:18

    Malwarebytes' Anti-Malware a trouvé des infections ?
    22 Août 2009 00:58:15

    Non. Rien malgré des essais récurrents.
    a c 295 8 Sécurité
    a b 9 Windows
    22 Août 2009 01:13:34

    Je pense qu'il n'est pas à jour.
    22 Août 2009 01:17:11

    Lorsque j'essaie de le mettre à jour il me met le message d'erreur suivant :

    "Une erreur est survenue. Veuillez transmettre au support de Malwarebytes'Anti-Malware le code d'erreur ci dessous.

    Error Code : 730 (0, 0)"
    a c 295 8 Sécurité
    a b 9 Windows
    22 Août 2009 01:26:19

    /!\ Seul Eliod peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    Driver::
    ddnsfilter
    DnsFilter
    soqwx32
    f0c4d720-6651-423d-994c-a92e07bbd311
    Lbrteidsd

    File::
    c:\windows\system32\drivers\DnsFilter.sys
    c:\windows\system32\drivers\soqwx32.sys

    Folder::
    c:\program files\DDnsFilter

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    "ddnsfilter"=-

    ---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    22 Août 2009 01:45:04

    Combofix a trouvé et supprimé les problèmes ! Merci, je te met quand même le rapport au cas où mais mes résultats google s'affichent sans problèmes maintenant !

    Voilà :

    ComboFix 09-08-20.07 - Vincent 22/08/2009 1:39.2.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.990.580 [GMT 2:00]
    Running from: c:\documents and settings\Vincent\Bureau\ComboFix.exe
    Command switches used :: c:\documents and settings\Vincent\Bureau\CFScript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090821-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    "c:\windows\system32\drivers\DnsFilter.sys"
    "c:\windows\system32\drivers\soqwx32.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\DDnsFilter
    c:\program files\DDnsFilter\DDnsFilter.dll
    c:\windows\system32\drivers\DnsFilter.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DDNSFILTER
    -------\Legacy_DNSFILTER
    -------\Service_ddnsfilter
    -------\Service_DnsFilter
    -------\Service_f0c4d720-6651-423d-994c-a92e07bbd311
    -------\Service_Lbrteidsd
    -------\Service_SfX
    -------\Service_soqwx32


    ((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
    .

    2009-08-20 20:28 . 2009-08-20 20:28 -------- d-----w- c:\documents and settings\Nadine Claude\Application Data\Malwarebytes
    2009-08-20 10:17 . 2009-08-20 10:17 -------- d-----w- c:\documents and settings\Vincent\Application Data\Malwarebytes
    2009-08-20 10:17 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-20 10:17 . 2009-08-20 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-08-20 10:17 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-15 18:44 . 2009-08-15 18:44 152576 ----a-w- c:\documents and settings\Vincent\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
    2009-08-13 02:16 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
    2009-07-23 17:29 . 2009-07-23 18:28 -------- d-----w- c:\windows\system32\Adobe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-20 09:45 . 2009-03-25 19:38 1 ----a-w- c:\documents and settings\Vincent\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-08-19 17:57 . 2009-04-25 18:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-08-15 18:45 . 2007-05-02 15:54 -------- d-----w- c:\program files\Java
    2009-08-05 09:00 . 2004-08-03 22:54 205312 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-01 07:09 . 2008-12-17 14:44 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-07-25 03:23 . 2008-12-21 08:09 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-19 14:51 . 2009-01-28 17:25 -------- d-----w- c:\program files\LG PC Suite II
    2009-07-19 14:05 . 2009-03-08 12:44 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
    2009-07-19 14:04 . 2009-03-08 12:42 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
    2009-07-18 19:08 . 2007-08-09 19:09 -------- d-----w- c:\program files\Messenger Plus! Live
    2009-07-17 19:03 . 2004-08-03 22:54 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-13 21:43 . 2004-08-03 22:54 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-06 15:36 . 2008-08-06 06:42 -------- d-----w- c:\documents and settings\Vincent\Application Data\GigaTribe
    2009-06-29 16:15 . 2009-06-29 16:11 -------- d-----w- c:\documents and settings\Vincent\Application Data\eMule
    2009-06-29 16:15 . 2007-04-21 16:55 -------- d-----w- c:\program files\eMule
    2009-06-26 16:50 . 2004-08-03 22:54 670720 ------w- c:\windows\system32\wininet.dll
    2009-06-26 16:50 . 2004-08-03 22:54 81920 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-25 08:26 . 2004-08-03 22:54 54272 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:26 . 2004-08-03 22:54 56832 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:26 . 2004-08-03 22:54 147456 ----a-w- c:\windows\system32\schannel.dll
    2009-06-25 08:26 . 2004-08-03 22:54 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-25 08:26 . 2004-08-03 22:54 736768 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:26 . 2004-08-03 22:54 301568 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-24 11:18 . 2004-08-03 20:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-06-19 15:26 . 2009-06-19 15:22 0 ----a-w- c:\documents and settings\Vincent\errorlog.tmp
    2009-06-16 14:40 . 2004-08-03 22:54 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:40 . 2002-09-07 00:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-15 10:44 . 2004-08-03 22:55 78848 ----a-w- c:\windows\system32\telnet.exe
    2009-06-15 10:44 . 2004-08-03 22:55 82944 ----a-w- c:\windows\system32\tlntsess.exe
    2009-06-13 09:47 . 2007-04-21 16:50 82760 ----a-w- c:\documents and settings\Nadine Claude\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-06-13 06:54 . 2007-04-22 17:13 82760 ----a-w- c:\documents and settings\Vincent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-06-10 14:14 . 2004-08-03 22:54 85504 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 07:21 . 2007-04-21 15:27 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-06-10 06:15 . 2004-08-03 22:54 132096 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-03 19:10 . 2004-08-03 22:54 1297408 ----a-w- c:\windows\system32\quartz.dll
    2009-06-01 15:07 . 2009-06-01 15:07 30544 ----a-w- c:\windows\dirdib.drv
    2009-06-01 15:07 . 2009-06-01 15:07 30272 ----a-w- c:\windows\macromix.dll
    2008-09-24 05:30 . 2007-04-22 15:03 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-08-21_22.45.38 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-08-21 23:44 . 2009-08-21 23:44 16384 c:\windows\Temp\Perflib_Perfdata_f4.dat
    + 2009-08-21 23:44 . 2009-08-21 23:44 16384 c:\windows\Temp\Perflib_Perfdata_66c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "RocketDock"="e:\logiciels\RocketDock\RocketDock.exe" [2007-03-18 630784]
    "DAEMON Tools"="e:\logiciels\DAEMON Tools\daemon.exe" [2007-08-16 167368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-28 86016]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-09-26 35328]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-24 29744]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
    "MsgCenterExe"="c:\program files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2009-01-05 69632]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-28 7573504]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Nadine Claude\Menu D‚marrer\Programmes\D‚marrage\
    GigaTribe.lnk - c:\program files\GigaTribe\gigatribe.exe [2008-8-6 1070592]
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
    Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-5-4 2913840]

    c:\documents and settings\Vincent\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
    Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-5-4 2913840]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\mcoinstall.exe"=
    "e:\\Vincent\\Jeux\\ET\\ET.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "e:\\Vincent\\Jeux\\SCDA\\SCDA-Offline\\System\\SplinterCell4.exe"=
    "e:\\Vincent\\Jeux\\MoH Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
    "e:\\Vincent\\Jeux\\SCDA\\SCDA-Online\\System\\SCDA_Online.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
    "e:\\Vincent\\Jeux\\Jeux gratuits\\CS2D\\CounterStrike2D.exe"=
    "c:\\Program Files\\GigaTribe\\gigatribe.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "e:\\Logiciels\\realplay.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "8085:TCP"= 8085:TCP:D dnsfilter

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/04/2008 09:52 114768]
    R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [09/02/2009 20:35 19572]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/04/2008 09:52 20560]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22/04/2007 17:03 29744]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2007-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]

    2009-08-20 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-21 20:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.cherche.us/
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    Trusted Zone: chat-land.org
    FF - ProfilePath - c:\documents and settings\Vincent\Application Data\Mozilla\Firefox\Profiles\znf49akl.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)
    FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:o fficial
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA3&q=
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npSton3D.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: e:\logiciels\Netscape6\nppl3260.dll
    FF - plugin: e:\logiciels\Netscape6\nprjplug.dll
    FF - plugin: e:\logiciels\Netscape6\nprpjplug.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-22 01:45
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1659004503-329068152-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:aa,a5,c3,d5,00,7d,79,cd,fe,44,80,c6,bf,1f,b3,fd,d6,fa,4f,8f,7a,ae,21,
    cf,d0,27,4d,2f,eb,65,de,6b,9e,a3,49,2a,68,9c,7a,b9,a2,55,7f,4e,5b,45,62,6a,\
    "??"=hex:8c,f2,20,ec,36,39,b9,15,1e,98,95,cc,4f,3c,42,3c

    [HKEY_USERS\S-1-5-21-1659004503-329068152-839522115-1004\Software\SecuROM\License information*]
    "datasecu"=hex:56,c3,c3,6b,b8,04,af,25,1d,e4,1b,99,be,14,23,22,44,09,b4,68,4d,
    69,0a,79,a9,84,6e,69,76,52,7a,27,b1,be,6a,12,dc,2a,99,6c,51,72,f7,5b,da,4f,\
    "rkeysecu"=hex:64,95,f4,76,bf,69,0f,9e,1b,16,fb,3d,58,55,9f,6b
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2120)
    e:\logiciels\RocketDock\RocketDock.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    c:\program files\HP\Digital Imaging\bin\hpqste08.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-21 1:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-21 23:50
    ComboFix2.txt 2009-08-21 22:49

    Pre-Run: 21 782 671 360 octets libres
    Post-Run: 21 657 366 528 octets libres

    Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    280 --- E O F --- 2009-08-20 07:17
    a c 295 8 Sécurité
    a b 9 Windows
    22 Août 2009 01:55:16

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Réessaie de mettre à jour Malwarebytes' Anti-Malware puis fais un scan rapide.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS