Se connecter / S'enregistrer
Votre question

quand je clik sur les liens de google j'me retrouve sur des sites X..

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
15 Décembre 2007 15:16:43

Salut; je me permet de mettre mon rapport HijajackThis, parce qu'en faite j'ai un probleme assez gênant! Google marche bien, il affiche ses résultats, sur internet explorer ou mozilla, et quand je clique sur les liens, 1 fois sur 2, je tombe sur le même site de cul,relou... Ad-awar, et spybot ne trouvent rien..
voila mon rapport ;

Logfile of HijackThis v1.99.1
Scan saved at 14:08:27, on 15/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Thomas\Bureau\Thomas.bureau\De tout\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://web.univ-lemans.fr/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Odebit Multimedia V2] C:\Program Files\Odebit Multimédia\V2\Odebit.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {1F831FA7-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Fra\InstFred.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Contrôle d'AcDcToday) - file://C:\Program Files\AutoCAD 2002 Fra\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {AE563727-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Fra\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Gestion d'AcPreview) - file://C:\Program Files\AutoCAD 2002 Fra\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D4248AB-AC48-4924-83DD-DC5393B52C68}: NameServer = 85.255.115.61,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{C081FBAF-1DBF-4956-AEB1-F9DBDC353F63}: NameServer = 85.255.115.61,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3B605BA-13EE-4733-8317-3D4C687C6915}: NameServer = 85.255.115.61,85.255.112.115
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe



ça a une bonne tête tout ça?

Autres pages sur : clik liens google retrouve sites

15 Décembre 2007 19:01:53

Bonjour

Télécharge FixWareout de l'un de ces deux liens :
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.e...

Sauvegarde-le sur ton Bureau, puis lance-le.
Clique Next, puis Install, et assure-toi que "Run fixit" soit coché, puis clique Finish.
Suis les directives à l'écran.
L'outil va te demander de redémarrer ton PC; fais-le s'il te plaît.
Le redémarrage risque de prendre un peu plus de temps; ceci est normal.

Poste le contenu du rapport C:\fixwareout\report.txt avec un nouveau rapport HijackThis.
15 Décembre 2007 20:31:40

merci de ton aide!
voila mon rapport hijackthis;

Logfile of HijackThis v1.99.1
Scan saved at 20:34:53, on 15/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Thomas\Bureau\Thomas.bureau\De tout\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://web.univ-lemans.fr/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Odebit Multimedia V2] C:\Program Files\Odebit Multimédia\V2\Odebit.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1F831FA7-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Fra\InstFred.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Contrôle d'AcDcToday) - file://C:\Program Files\AutoCAD 2002 Fra\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AE563727-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Fra\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Gestion d'AcPreview) - file://C:\Program Files\AutoCAD 2002 Fra\AcPreview.ocx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe



et voici mon rapport le rapport fixwareout;

Username "Thomas" - 15/12/2007 20:26:33 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdshr.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0D4248AB-AC48-4924-83DD-DC5393B52C68}
"nameserver"="85.255.115.61,85.255.112.115" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C081FBAF-1DBF-4956-AEB1-F9DBDC353F63}
"nameserver"="85.255.115.61,85.255.112.115" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D3B605BA-13EE-4733-8317-3D4C687C6915}
"nameserver"="85.255.115.61,85.255.112.115" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0D4248AB-AC48-4924-83DD-DC5393B52C68}
"DhcpNameServer"="85.255.115.61,85.255.112.115" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D3B605BA-13EE-4733-8317-3D4C687C6915}
"DhcpNameServer"="85.255.115.61,85.255.112.115" <Value cleared.

Cache de résolution DNS vidé.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdshr.ren 72249 19/08/2004

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"EoEngine"=""
"EoWeather"=""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"Odebit Multimedia V2"="C:\\Program Files\\Odebit Multimédia\\V2\\Odebit.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


15 Décembre 2007 21:24:08

Bien.
Cela doit déja aller mieux.

Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse
16 Décembre 2007 02:22:22

voici mon rapport de combofix;
(il à l'aire bien balèze ce logiciel quand même!)

ComboFix 07-12-15.5 - Thomas 2007-12-16 2:17:01.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.592 [GMT 1:00]
Running from: C:\Documents and Settings\Thomas\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Thomas\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\Thomas\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\Thomas\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\WINDOWS\system32\urlmsnlink.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-16 to 2007-12-16 ))))))))))))))))))))))))))))))))))))
.

2007-12-14 19:42 . 2007-12-15 13:43 <REP> d-------- C:\Program Files\Google
2007-12-06 17:33 . 2007-12-06 17:33 <REP> d-------- C:\Program Files\Sierra
2007-12-06 17:30 . 2007-12-06 17:30 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\InstallShield
2007-12-01 12:39 . 2007-12-01 12:39 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Autodesk
2007-11-27 20:15 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-11-27 20:15 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-11-26 16:11 . 2007-11-26 16:30 <REP> d-------- C:\Program Files\PDF Editeur 2
2007-11-26 16:11 . 2007-11-26 16:12 73,216 --a------ C:\WINDOWS\cadkasdeinst01f.exe
2007-11-24 17:49 . 2007-11-24 17:49 <REP> d-------- C:\Program Files\WexTech
2007-11-24 17:49 . 2007-11-24 17:49 <REP> d-------- C:\Program Files\Fichiers communs\LHSPF
2007-11-24 17:49 . 2007-11-24 17:49 <REP> d--h----- C:\C_DILLA
2007-11-24 17:49 . 2000-05-02 10:03 225,280 --a------ C:\WINDOWS\system32\awrtl30.dll
2007-11-24 17:49 . 1998-08-04 11:22 111,616 --------- C:\WINDOWS\system32\Ltih30tb.dll
2007-11-24 17:48 . 2007-11-24 17:48 <REP> d-------- C:\Program Files\Volo View Express
2007-11-24 17:48 . 2000-10-20 22:25 487,184 --a------ C:\WINDOWS\system32\Mrt7enu.dll
2007-11-24 17:48 . 2000-10-20 22:25 446,464 --a------ C:\WINDOWS\system32\hhactivex.dll
2007-11-24 17:48 . 2000-10-20 22:25 79,360 --a------ C:\WINDOWS\system32\acdbres.dll
2007-11-24 17:48 . 2000-10-20 22:25 31,744 --a------ C:\WINDOWS\system32\Hlp95en.dll
2007-11-24 17:48 . 2000-10-20 22:25 25,872 --a------ C:\WINDOWS\system32\Fm20ENU.dll
2007-11-24 17:46 . 2007-11-24 17:49 <REP> d-------- C:\Program Files\Fichiers communs\Wextech Shared
2007-11-24 17:45 . 2007-11-24 17:48 <REP> d-------- C:\Program Files\Fichiers communs\Autodesk Shared
2007-11-24 17:45 . 2007-11-25 21:23 <REP> d-------- C:\Program Files\AutoCAD 2002 Fra

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-15 17:21 --------- d-----w C:\Program Files\Warcraft III
2007-12-07 11:39 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-06 16:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 16:56 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Image Zone Express
2007-11-23 11:35 --------- d-----w C:\Program Files\Everest Poker
2007-11-16 00:14 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Hamachi
2007-10-18 13:02 --------- d-----w C:\Program Files\Java
2005-09-29 09:51 976,020 ----a-w C:\Program Files\BDAXP.cab
2005-09-29 09:51 916,815 ----a-w C:\Program Files\Oct2005_MDX_x86.cab
2005-09-29 09:51 86,784 ----a-w C:\Program Files\Oct2005_xinput_x64.cab
2005-09-29 09:51 74,448 ----a-w C:\Program Files\DSETUP.dll
2005-09-29 09:51 74,430 ----a-w C:\Program Files\dxupdate.cab
2005-09-29 09:51 703,080 ----a-w C:\Program Files\BDA.cab
2005-09-29 09:51 488,656 ----a-w C:\Program Files\DXSETUP.exe
2005-09-29 09:51 46,085 ----a-w C:\Program Files\Oct2005_xinput_x86.cab
2005-09-29 09:51 41,888 ----a-w C:\Program Files\dxdllreg_x86.cab
2005-09-29 09:51 2,245,840 ----a-w C:\Program Files\dsetup32.dll
2005-09-29 09:51 15,493,481 ----a-w C:\Program Files\DirectX.cab
2005-09-29 09:51 13,265,040 ----a-w C:\Program Files\dxnt.cab
2005-09-29 09:51 1,351,430 ----a-w C:\Program Files\Aug2005_d3dx9_27_x64.cab
2005-09-29 09:51 1,156,363 ----a-w C:\Program Files\BDANT.cab
2005-09-29 09:51 1,078,532 ----a-w C:\Program Files\Aug2005_d3dx9_27_x86.cab
2005-01-24 14:51 5,636,184 ----a-w C:\Documents and Settings\Thomas\Application Data\DPSLib.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"Odebit Multimedia V2"="C:\Program Files\Odebit Multimédia\V2\Odebit.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-11-23 09:12]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 06:22 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 10:35]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-05 01:39]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 18:58]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-24 15:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-08 13:41]
"EoEngine"="" []
"EoWeather"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 02:22:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2007-12-16 2:23:23
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS