Se connecter avec
S'enregistrer | Connectez-vous
Votre question

[RESOLU]Redirection Google

Tags :
  • Moteur de recherche
  • Sécurité
Dernière réponse : dans Sécurité et virus
Partagez
1 Octobre 2006 15:03:42

Bonjour depuis un moment lorsque je cliques sur les liens google je me retrouve sur d'autre moteur de recherche ou d'achat en ligne (et plus rarement un site de rencontre libertine ^^)

Un pote a trafiqué un peu le PC, mais a part avoir le net assez lent rien n'a changé :-/

J'ai utilisé ccleaner, spybot, et la réinstalation de windaube XP et de IE6 puis j'ai instalé le 7 et évidement mon anti-virus

J'ai toujours les mêmes problémes.

Voilou mon rapport Hijack en mode normal

Logfile of HijackThis v1.99.1
Scan saved at 14:55:57, on 01/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
H:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
H:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
H:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
H:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
H:\Program Files\Securitoo\av_fw\fswsclds.exe
H:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
H:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
H:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
H:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
H:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
H:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
H:\WINDOWS\System32\alg.exe
H:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
H:\WINDOWS\system32\sstray.exe
H:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
H:\WINDOWS\system32\LVCOMSX.EXE
H:\Program Files\Logitech\Video\LogiTray.exe
H:\Program Files\QuickTime\qttask.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\BitTorrent\bittorrent.exe
H:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
H:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
H:\Program Files\Logitech\Video\FxSvr2.exe
H:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
H:\WINDOWS\system32\ntvdm.exe
H:\WINDOWS\explorer.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Documents and Settings\carnero vincent\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ouifm.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "H:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "H:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "H:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] H:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] H:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "H:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = H:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://H:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBCFF607-4953-4948-97AB-16D2EDBAE91A}: NameServer = 85.255.116.67 85.255.112.71
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - H:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - H:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - H:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - H:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - H:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - H:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - H:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe




Ha oui j'ai aussi un probléme (peut être lié?) Lorsque je navigue dans certain de mes dossiers, bhin IE plante et envoie un rapport à microsoft...

Merci d'avance de me venir en aide :) 

Autres pages sur : resolu redirection google

1 Octobre 2006 16:11:13

Bonjour,

Tu as une infection wareout.

1/ Télécharge Fixwareout.exe
Lance-le. Clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le prog va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais-le. Ton système mettra un peu plus de temps au démarrage, c'est normal. Le bureau notamment mettra du temps à apparaître.

Quand ton système aura redémarré, suis les invites des messages.

Ensuite poste le rapport situé ici : C:\fixwareout\report.txt

2/ Lance HijackThis
puis --> Do a system scan only
coche la ligne indiquée ci-dessous
puis --> Fix checked
puis oui à la question de confirmation

O17 - HKLM\System\CCS\Services\Tcpip\..\{EBCFF607-4953-4948-97AB-16D2EDBAE91A}: NameServer = 85.255.116.67 85.255.112.71

3/ Enfin poste un nouveau rapport HJT.
1 Octobre 2006 17:45:08

Merci!

1/Alors le rapport de Fixwareout (A savoir que j'ai eu 2 méssage comme quoi on ne pouvais ecrire sur le c: aprés le reboot et le travail de fixwareout, j'espére que sa ira tout de même)

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4B0FE9A2583E-E618-E184-9CF5-4B1E858E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\gvcmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmcvg.exe"=-
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
H:\WINDOWS\SYSTEM32\CSPIK.EXE 51 788 2006-09-27
H:\WINDOWS\SYSTEM32\DMCVG.EXE 60 941 2004-08-05

Other suspects.
Directory of H:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

2/ Fait

3/ Voilou le rapport
Logfile of HijackThis v1.99.1
Scan saved at 17:44:34, on 01/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
H:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
H:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
H:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
H:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
H:\Program Files\Securitoo\av_fw\fswsclds.exe
H:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
H:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
H:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
H:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
H:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
H:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
H:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
H:\WINDOWS\system32\sstray.exe
H:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
H:\WINDOWS\system32\LVCOMSX.EXE
H:\Program Files\Logitech\Video\LogiTray.exe
H:\Program Files\QuickTime\qttask.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\BitTorrent\bittorrent.exe
H:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
H:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
H:\Program Files\Logitech\Video\FxSvr2.exe
H:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Documents and Settings\carnero vincent\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "H:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "H:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "H:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] H:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] H:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "H:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = H:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://H:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - H:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - H:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - H:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - H:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - H:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - H:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - H:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe


Merci

Contenus similaires
Pas de réponse à votre question ? Demandez !
1 Octobre 2006 21:54:22

re,

Ces fichiers sont à coup sûr infectieux mais on vérifie quand même avant de les suppr :
H:\WINDOWS\SYSTEM32\CSPIK.EXE
H:\WINDOWS\SYSTEM32\DMCVG.EXE

Analyse-les sur http://www.virustotal.com et poste les rapports.
2 Octobre 2006 20:27:18

Complete scanning result of "DMCVG.EXE", received in VirusTotal at 10.02.2006, 18:22:30 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.22 10.02.2006 no virus found
Authentium 4.93.8 09.29.2006 could be a corrupted executable file
Avast 4.7.892.0 10.02.2006 no virus found
AVG 386 10.01.2006 no virus found
BitDefender 7.2 10.02.2006 no virus found
CAT-QuickHeal 8.00 09.30.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.02.2006 no virus found
eTrust-InoculateIT 23.73.10 09.30.2006 no virus found
eTrust-Vet 30.3.3111 10.02.2006 Win32/Alureon!generic
DrWeb 4.33 10.02.2006 no virus found
Ewido 4.0 10.02.2006 no virus found
Fortinet 2.82.0.0 10.02.2006 suspicious
F-Prot 3.16f 09.29.2006 no virus found
F-Prot4 4.2.1.29 09.29.2006 no virus found
Ikarus 0.2.65.0 10.02.2006 no virus found
Kaspersky 4.0.2.24 10.02.2006 no virus found
McAfee 4863 09.29.2006 no virus found
Microsoft 1.1603 10.02.2006 no virus found
NOD32v2 1.1786 10.02.2006 a variant of Win32/Small.FB
Norman 5.80.02 10.02.2006 no virus found
Panda 9.0.0.4 10.01.2006 Suspicious file
Sophos 4.10.0 10.02.2006 no virus found
Symantec 8.0 10.02.2006 no virus found
TheHacker 6.0.1.089 10.02.2006 no virus found
UNA 1.83 10.02.2006 no virus found
VBA32 3.11.1 10.01.2006 suspected of Malware.Agent.11
VirusBuster 4.3.7:9 10.02.2006 no virus found


Complete scanning result of "CSPIK.EXE_", received in VirusTotal at 10.02.2006, 18:21:58 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.22 10.02.2006 no virus found
Authentium 4.93.8 09.29.2006 could be a corrupted executable file
Avast 4.7.892.0 10.02.2006 no virus found
AVG 386 10.01.2006 no virus found
BitDefender 7.2 10.02.2006 no virus found
CAT-QuickHeal 8.00 09.30.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.02.2006 no virus found
DrWeb 4.33 10.02.2006 no virus found
eTrust-InoculateIT 23.73.10 09.30.2006 no virus found
eTrust-Vet 30.3.3111 10.02.2006 no virus found
Ewido 4.0 10.02.2006 no virus found
Fortinet 2.82.0.0 10.02.2006 suspicious
F-Prot 3.16f 09.29.2006 no virus found
F-Prot4 4.2.1.29 09.29.2006 Possibly a new unknown PE_Virus!Maximus
Ikarus 0.2.65.0 10.02.2006 no virus found
Kaspersky 4.0.2.24 10.02.2006 no virus found
McAfee 4863 09.29.2006 no virus found
Microsoft 1.1603 10.02.2006 no virus found
NOD32v2 1.1786 10.02.2006 a variant of Win32/Small.FB
Norman 5.90.23 10.02.2006 no virus found
Panda 9.0.0.4 10.01.2006 Suspicious file
Sophos 4.10.0 10.02.2006 no virus found
Symantec 8.0 10.02.2006 no virus found
TheHacker 6.0.1.089 10.02.2006 no virus found
UNA 1.83 10.02.2006 no virus found
VBA32 3.11.1 10.01.2006 suspected of Trojan-Downloader.Agent.32
VirusBuster 4.3.7:9 10.02.2006 no virus found


voilou

Par contre j'ai toujours la méga lenteur du net, ca peut avoir un rapport?
a b 8 Sécurité
2 Octobre 2006 20:57:11

Tu epux supprimer ces fichiers.
3 Octobre 2006 18:13:29

Voilou c'est fait.

Pour les lenteur du net j'ai compris d'ou cela venait donc rien de grave ;) 

Probléme résolus donc!:) 

Merci bien tout le monde! :) 
9 Octobre 2006 21:31:55

Bonjour,

moi aussi j'ai des pbs de redirection à partir de google, sur pleins de sites : casinos, jeux et sites de luc....

Voici mon HijackThis.
Merci de m'aider,


Logfile of HijackThis v1.99.1
Scan saved at 21:29:45, on 09/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVGANT~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVGANT~1\avgamsvr.exe
C:\PROGRA~1\AVGANT~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {75D86354-543B-5E5E-8417-8B6D12EA7778} - ExchangeMaster.dll (file missing)
R3 - URLSearchHook: (no name) - {D08A1E32-679A-A6F0-B837-FE647E87525B} - iesetupdll.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SpyBot\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVGANT~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [MNTP] Shaitan1678.exe
O4 - HKLM\..\Run: [DTOURS] powerdll.exe
O4 - HKLM\..\Run: [xsetup] jopplerg.exe
O4 - HKLM\..\Run: [MONITER] runload32.exe
O4 - HKLM\..\Run: [wgyvq.exe] C:\WINDOWS\system32\wgyvq.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DCC_send] TRPT.exe
O4 - HKCU\..\Run: [Uint32] SAPSTR.exe
O4 - HKCU\..\Run: [backorif] bhoserv.exe
O4 - HKCU\..\Run: [browsebar] MONITER.exe
O4 - HKCU\..\Run: [new32] slamm.exe
O4 - HKCU\..\Run: [zantu] MSTCPDLL.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{761A8190-8159-4D7E-9A9E-5E98CBEA0CFA}: NameServer = 85.255.114.198,85.255.112.176
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFD192B8-9C3E-4820-BE30-E3DA20F987D0}: NameServer = 85.255.114.198,85.255.112.176
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.198 85.255.112.176
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.198 85.255.112.176
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.198 85.255.112.176
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGANT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGANT~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS