Se connecter / S'enregistrer
Votre question

Problème de lien google

Tags :
  • google
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Novembre 2008 13:10:13

Bonjour,

Depuis quelque temps, j'ai des petits problèmes avec google. Si je fais une recherche, google me sors bien des résultats cohérents. Cependant, une fois que j'essaie de cliquer sur un lien il ouvre un nouvel onglet et me redirige vers une page qui n'a rien a voir avec ma recherche.

Je voudrais donc savoir si quelqu'un pourrait m'aider à résoudre ce problème.
D'avance merci

Configuration: Windows XP
Firefox 3.0.4

PS : Je copie colle déjà le rapport généré par hijackthis en espérant que ce soit utile

Logfile of HijackThis v1.99.1
Scan saved at 12:14:27, on 2008-11-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\CCM.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = novilco.local
O17 - HKLM\Software\..\Telephony: DomainName = novilco.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = novilco.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = novilco.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: karna.dat_
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe

Autres pages sur : probleme lien google

a b 8 Sécurité
24 Novembre 2008 18:53:19

Bonjour,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    25 Novembre 2008 16:01:05

    Bonjour,

    Merci pour la réponse.
    Voici le rapport généré par combofix :

    ComboFix 08-11-24.01 - JM portable 2008-11-25 14:02:50.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.708 [GMT 1:00]

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\TDSSmhct.sys
    c:\windows\system32\karna.dat
    c:\windows\system32\TDSScfum.dll
    c:\windows\system32\TDSSfxwp.dll
    c:\windows\system32\TDSSnmxh.log
    c:\windows\system32\TDSSnrsr.dll
    c:\windows\system32\TDSSofxh.dll
    c:\windows\system32\TDSSosvd.dat
    c:\windows\system32\TDSSrhym.log
    c:\windows\system32\TDSSriqp.dll
    c:\windows\system32\TDSSsbhc.dll
    c:\windows\system32\TDSStkdv.log
    c:\windows\system32\wini10891.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_TDSSSERV.SYS
    -------\Legacy_TDSSSERV.SYS


    ((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))
    .

    2008-11-23 12:02 . 2008-11-23 12:13 <DIR> d-------- C:\hijackthis
    2008-11-23 11:52 . 2008-11-23 11:52 <DIR> d-------- c:\program files\Lavasoft
    2008-11-23 11:52 . 2008-11-23 11:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2008-11-23 11:51 . 2008-11-23 11:51 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
    2008-11-22 22:01 . 2008-11-22 22:01 <DIR> d-------- c:\program files\Uniblue
    2008-11-22 22:01 . 2008-11-22 22:01 <DIR> d-------- c:\documents and settings\JM portable\Application Data\Uniblue
    2008-11-22 22:00 . 2008-11-22 22:01 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2008-11-17 15:14 . 2008-11-17 15:14 <DIR> d-------- c:\program files\Common Files\NSV
    2008-11-17 02:47 . 2004-08-03 22:59 43,136 --a------ c:\windows\system32\drivers\sbp2port.sys
    2008-11-17 02:47 . 2004-08-03 22:59 43,136 --a--c--- c:\windows\system32\dllcache\sbp2port.sys
    2008-11-12 00:56 . 2008-11-12 00:56 <DIR> d-------- c:\program files\Avira
    2008-11-12 00:56 . 2008-11-12 00:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
    2008-11-11 20:47 . 2008-11-11 20:47 <DIR> d-------- c:\documents and settings\JM portable\Application Data\Malwarebytes
    2008-11-11 20:45 . 2008-11-11 20:47 <DIR> d-------- c:\program files\Anti-Malware
    2008-11-11 20:45 . 2008-11-11 20:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-11 20:45 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-11 20:45 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-11 19:46 . 2008-11-11 20:21 2,514 --a------ c:\windows\system32\tmp.reg
    2008-11-11 19:45 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
    2008-11-11 19:45 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
    2008-11-11 19:45 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
    2008-11-11 19:45 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
    2008-11-11 19:45 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
    2008-11-11 19:45 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
    2008-11-11 19:45 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
    2008-11-11 19:45 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
    2008-11-11 19:45 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
    2008-11-11 19:45 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
    2008-11-11 17:44 . 2008-11-11 17:44 31,232 --a------ c:\windows\Sysvxd.exe
    2008-11-11 15:57 . 2008-11-12 00:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
    2008-11-09 02:10 . 2008-11-09 02:10 <DIR> d-------- c:\windows\system32\Adobe
    2008-11-08 13:11 . 2008-11-08 13:11 <DIR> d-------- c:\program files\PowerQuest
    2008-11-06 23:43 . 2008-11-17 13:04 149 --a------ c:\windows\Antidote.ini
    2008-10-29 22:24 . 2008-10-29 22:24 <DIR> d-------- c:\documents and settings\JM portable\Application Data\Media Player Classic

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-20 23:51 --------- d-----w c:\program files\Hewlett-Packard
    2008-11-14 11:31 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-14 11:25 --------- d-----w c:\program files\Common Files\Rockwell
    2008-11-13 15:39 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-11-06 22:48 --------- d-----w c:\program files\Druide
    2008-11-06 09:06 --------- d-----w c:\program files\Ubisoft
    2008-10-29 21:07 --------- d-----w c:\documents and settings\JM portable\Application Data\Skype
    2008-10-29 15:03 --------- d-----w c:\documents and settings\JM portable\Application Data\skypePM
    2008-10-24 12:09 --------- d-----w c:\documents and settings\JM portable\Application Data\Druide
    2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-21 11:14 --------- d-----w c:\program files\Interior Designer 7.0
    2008-10-21 10:19 --------- d-----w c:\program files\Microsoft Silverlight
    2008-10-21 09:29 --------- d-----w c:\program files\MagicISO
    2008-10-13 14:04 --------- d-----w c:\program files\Google
    2008-10-11 19:19 --------- d-----w c:\program files\Furnish
    2008-10-11 17:03 --------- d-----w c:\documents and settings\JM portable\Application Data\Apple Computer
    2008-10-11 16:59 --------- d-----w c:\program files\QuickTime
    2008-10-11 16:58 --------- d-----w c:\program files\Common Files\Apple
    2008-10-11 16:57 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
    2008-10-11 16:55 --------- d-----w c:\program files\Apple Software Update
    2008-10-11 16:55 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
    2008-10-08 13:25 --------- d-----w c:\program files\PartyGaming
    2008-10-07 22:30 --------- d-----w c:\program files\ATI Technologies
    2008-10-07 18:17 --------- d-----w c:\program files\Mobistar
    2008-10-03 13:39 --------- d-----w c:\documents and settings\JM portable\Application Data\CyberLink
    2008-10-03 13:38 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
    2008-10-03 13:36 --------- d-----w c:\program files\CyberLink
    2008-09-29 19:36 --------- d-----w c:\documents and settings\JM portable\Application Data\DivX
    2008-09-27 09:23 --------- d-----w c:\program files\Xvid
    2008-09-27 09:22 --------- d-----w c:\program files\DivX
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "SENTINEL"= snti386.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1286375625-234500597-690254245-1150\Scripts\Logon\0\0]
    "Script"=\\svrnovilco\netlogon\script.vbs
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brastk

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    --a------ 2007-07-02 11:29 220544 c:\program files\Alcohol 120\AxCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --------- 2006-12-06 17:37 69216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "avast! Web Scanner"=3 (0x3)
    "avast! Mail Scanner"=3 (0x3)
    "avast! Antivirus"=2 (0x2)
    "Autodesk Licensing Service"=3 (0x3)
    "hpqwmiex"=2 (0x2)
    "mnmsrvc"=3 (0x3)
    "Irmon"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9674:TCP"= 9674:TCP:BitComet 9674 TCP
    "9674:UDP"= 9674:UDP:BitComet 9674 UDP

    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2008-10-03 14:34:49 13560]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2008-04-05 88192]
    S1 aswSP;avast! Self Protection; []
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\Mobistar.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{398b5d1f-0323-11dd-b587-d4a444975632}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - c:\documents and settings\JM portable\Application Data\Mozilla\Firefox\Profiles\cyh201cb.default\
    FF -: plugin - c:\documents and settings\JM portable\Application Data\Mozilla\Firefox\Profiles\cyh201cb.default\extensions\{0FFCC8D1-8198-4b2f-9A96-2B4D4A65ECC9}\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-25 14:14:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1048)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\windows\system32\scardsvr.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\Common Files\Rockwell\RNADiagnosticsSrv.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\windows\system32\ati2evxx.exe
    .
    **************************************************************************
    .
    Completion time: 2008-11-25 14:20:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-11-25 13:20:14

    Pre-Run: 3,092,791,296 bytes free
    Post-Run: 3,581,218,816 bytes free

    207 --- E O F --- 2008-11-12 12:42:05
    Contenus similaires
    a b 8 Sécurité
    25 Novembre 2008 17:13:42

    Reposte un rapport Hijackthis.
    25 Novembre 2008 20:44:32

    Et voilà le nouveau rapport :

    Logfile of HijackThis v1.99.1
    Scan saved at 20:42:34, on 2008-11-25
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\hijackthis\CCM.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = novilco.local
    O17 - HKLM\Software\..\Telephony: DomainName = novilco.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = novilco.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = novilco.local
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe

    a b 8 Sécurité
    26 Novembre 2008 12:21:46

    Tu as encore des problèmes ?
    27 Novembre 2008 08:43:04

    Non, ça à l'air d'aller nettement mieux.
    Merci beaucoup pour ton aide.
    a b 8 Sécurité
    27 Novembre 2008 18:17:35

    Bon surf.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS