Rien dans favoris reseau nigestionnaire de periphérique
ness_47
Nouveau membre
j'ai pu afficher dans favoris réseaux a la carte réseaux , le gestionnaire des tache et les port usb en activant plug and play dans services (proprieté de poste de travail)
mais le problème j'arrive pas a configurer la connexion a internet la case se connecté en utilisant une connection large bande est desactivé
mais le problème j'arrive pas a configurer la connexion a internet la case se connecté en utilisant une connection large bande est desactivé
ness_47
Nouveau membre
voila le raport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:29, on 30/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.172\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\S-1-5-21-1547161642-1647877149-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4697 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:29, on 30/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.172\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
Vous devez être connecté pour voir les liens.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Vous devez être connecté pour voir les liens.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Vous devez être connecté pour voir les liens.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\S-1-5-21-1547161642-1647877149-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4697 bytes
thor37230
Grand Maître
faut que tu fasse un copier-coller du rapport ici
ness_47
Nouveau membre
ok le voila merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:29, on 30/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.172\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
Vous devez être connecté pour voir les liens.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Vous devez être connecté pour voir les liens.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Vous devez être connecté pour voir les liens.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\S-1-5-21-1547161642-1647877149-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4697 bytes
thor37230
Grand Maître
télécharge
redémarre en mode sans échec et scan ton pc avec ces 2 antispywares(scan complet pour malwarebytes)
Redémarre en mode normal et scan ton pc avec
re-post un rapport hijackThis
Vous devez être connecté pour voir les liens.
et
Vous devez être connecté pour voir les liens.
, mets-les à jourredémarre en mode sans échec et scan ton pc avec ces 2 antispywares(scan complet pour malwarebytes)
Redémarre en mode normal et scan ton pc avec
Vous devez être connecté pour voir les liens.
re-post un rapport hijackThis
ness_47
Nouveau membre
bjr
je peux les telecharge mais pas les mettre a jour puisque je n'ai pas pu configurer la connexion a internet (la case seconnecter en utilisant une connexion large bande.. est grisé)
esqu'ilya un moyen de l'activer pour que je puisse utilisé le net et mettre ajour les antispuware?
merci
je peux les telecharge mais pas les mettre a jour puisque je n'ai pas pu configurer la connexion a internet (la case seconnecter en utilisant une connexion large bande.. est grisé)
esqu'ilya un moyen de l'activer pour que je puisse utilisé le net et mettre ajour les antispuware?
merci
thor37230
Grand Maître
c'est quoi ta box?
comment est tu connecté? usb, ethernet, wifi, CPL?
comment est tu connecté? usb, ethernet, wifi, CPL?
ness_47
Nouveau membre
voila le raport apres le scan des deux spywere avec la mise a jour j'ai pu fair un reseau entre les deux pc
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:05, on 01/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.875\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
Vous devez être connecté pour voir les liens.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Vous devez être connecté pour voir les liens.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Vous devez être connecté pour voir les liens.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\S-1-5-21-1547161642-1647877149-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE5B006C-C76F-4CA9-B135-42F788DC22A3}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5596 bytes
merci
thor37230
Grand Maître
relance HijackThis
clic sur "Do a system scan only"
coche les lignes suivantes :
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
et clic sur "Fix Checked"
ensuite redémarre ton pc et regarde si c'est mieux
ps : quand t'auras solutionner tout ça mets à jour XP(SP3)
clic sur "Do a system scan only"
coche les lignes suivantes :
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
et clic sur "Fix Checked"
ensuite redémarre ton pc et regarde si c'est mieux
ps : quand t'auras solutionner tout ça mets à jour XP(SP3)
t1cable: 
dextermat
Grand Maître
Télécharge combofix sur majorgeek.com
suit les instructions et post le .txt a la fin.
On va voir si ya pas des choses cacher
[:_sebastien_:5]
suit les instructions et post le .txt a la fin.
On va voir si ya pas des choses cacher
[:_sebastien_:5]
ness_47
Nouveau membre
bsr
j'ai suivis les instruction de combofix et voila le rappor
ComboFix 09-05-02.3 - Administrateur 01/05/2009 23:43.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.741 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-01 au 2009-05-01 ))))))))))))))))))))))))))))))))))))
.
2009-05-01 22:16 . 2006-06-29 12:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-05-01 22:14 . 2009-05-01 22:16 -------- d-----w c:\windows\system32\XPSViewer
2009-05-01 22:14 . 2009-05-01 22:14 -------- d-----w c:\program files\MSBuild
2009-05-01 22:14 . 2009-05-01 22:14 -------- d-----w c:\program files\Reference Assemblies
2009-05-01 22:13 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-01 22:13 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-01 22:13 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-01 22:13 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-01 22:13 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-01 22:13 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-01 22:13 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-01 22:13 . 2009-05-01 22:13 -------- d-----w C:\a4f9d9f034bd12460ec78e5a9c
2009-05-01 19:14 . 2009-05-01 20:16 -------- d-----w c:\windows\system32\NtmsData
2009-05-01 09:39 . 2009-05-01 20:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-01 09:39 . 2009-05-01 16:39 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-01 09:01 . 2009-05-01 09:01 -------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-05-01 09:01 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 09:01 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 09:01 . 2009-05-01 09:01 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 09:01 . 2009-05-01 09:01 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Avira
2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-30 12:07 . 2009-04-30 12:07 -------- d-----w c:\program files\Lavasoft
2009-04-30 12:07 . 2009-04-30 12:07 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-30 09:43 . 2009-04-30 15:25 -------- d-----w c:\windows\LastGood
2009-04-29 20:15 . 2009-04-29 20:16 -------- d-----w c:\windows\LastGood.Tmp
2009-04-29 19:34 . 2009-04-29 19:34 -------- d-----w c:\documents and settings\All Users\Application Data\Martau
2009-04-29 19:33 . 2009-04-29 19:33 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Martau
2009-04-29 19:33 . 2009-04-29 19:33 -------- d-----w c:\program files\Total Uninstall 4
2009-04-29 16:59 . 2009-04-29 16:59 -------- d-----w c:\windows\srchasst
2009-04-29 16:59 . 2009-04-29 16:59 -------- d-----w c:\windows\system32\xircom
2009-04-29 16:59 . 2009-04-29 16:59 -------- d-----w c:\program files\microsoft frontpage
2009-04-29 16:55 . 2009-04-29 16:55 -------- d-----w c:\windows\ServicePackFiles
2009-04-29 16:44 . 2009-04-29 16:44 -------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2009-04-28 16:44 . 2008-08-02 10:58 44544 ----a-w c:\windows\system32\msxml4a.dll
2009-04-26 20:44 . 2007-11-30 11:18 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-26 20:44 . 2009-04-26 20:44 -------- d-----w c:\program files\MSXML 6.0
2009-04-26 16:35 . 2009-04-26 16:35 -------- d-----w c:\program files\WinEdt Team
2009-04-26 16:25 . 2009-04-26 20:50 -------- d-----w C:\a6a85916e420d51a50e17516f31662
2009-04-26 15:50 . 2009-04-26 16:23 -------- d-----w C:\2cdf034a13e4531fb5940a082f
2009-04-23 19:36 . 2009-04-23 19:36 -------- d-----w C:\RMD
2009-04-23 11:32 . 2001-08-17 20:56 7552 ----a-w c:\windows\system32\drivers\SONYPVU1.SYS
2009-04-16 18:29 . 2009-04-16 18:29 -------- d-----w c:\program files\Fichiers communs\Adobe Systems Shared
2009-04-16 18:20 . 2009-04-16 18:20 -------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-04-10 10:07 . 2001-08-23 16:47 8192 ----a-w c:\windows\system32\kbdkor.dll
2009-04-10 10:07 . 2001-08-23 16:47 8704 ----a-w c:\windows\system32\kbdjpn.dll
2009-04-10 10:07 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\kbd106.dll
2009-04-10 10:07 . 2001-08-17 21:55 5632 ----a-w c:\windows\system32\kbd103.dll
2009-04-10 10:07 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\kbd101c.dll
2009-04-10 10:07 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-04-09 23:05 . 2009-04-09 23:05 -------- d-----w c:\program files\Fichiers communs\Skype
2009-04-09 10:00 . 2009-04-09 10:02 -------- d-----w c:\program files\EPSON
2009-04-08 12:02 . 2000-06-06 11:01 34304 ----a-w c:\windows\system32\EBPCHP.DLL
2009-04-08 12:02 . 2003-05-20 12:27 64000 ----a-w c:\windows\system32\ECBTEG.DLL
2009-04-08 11:36 . 2009-04-08 11:36 -------- d-----w c:\documents and settings\All Users\Application Data\UDL
2009-04-08 11:36 . 2003-07-02 00:00 131072 ----a-r c:\windows\system32\Epcmlib.dll
2009-04-06 20:41 . 2009-04-06 20:41 -------- d-----w C:\TreeTagger
2009-04-06 18:55 . 2003-07-15 23:14 31744 ----a-w c:\windows\system32\E_DCINST.DLL
2009-04-06 18:55 . 2001-09-03 12:04 182 ----a-w c:\windows\system32\EBPPORT4.DAT
2009-04-06 18:55 . 2003-09-25 11:12 76045 ----a-w c:\windows\system32\EBPMON24.DLL
2009-04-04 15:54 . 2009-04-29 21:46 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-04-03 12:56 . 2009-04-03 12:57 -------- d-----w c:\documents and settings\Administrateur\Application Data\XnView
2009-04-03 10:20 . 2004-06-14 12:56 427864 ----a-w c:\windows\system32\XceedZip.dll
2009-04-03 08:35 . 2009-04-03 08:35 -------- d-----w c:\documents and settings\Administrateur\Application Data\Search Settings
2009-04-03 08:35 . 2009-04-03 08:36 -------- d-----w c:\documents and settings\Administrateur\Application Data\pdfforge
2009-04-02 23:29 . 2009-05-01 20:15 -------- d-----w c:\program files\pdfforge Toolbar
2009-04-02 23:24 . 2001-10-28 14:42 116224 ----a-w c:\windows\system32\pdfcmnnt.dll
2009-04-02 23:24 . 1998-07-12 23:08 119568 ----a-w c:\windows\system32\VB6FR.DLL
2009-04-02 23:24 . 1998-07-12 23:08 141312 ----a-w c:\windows\system32\MSCMCFR.DLL
2009-04-02 23:24 . 1998-07-12 23:08 59904 ----a-w c:\windows\system32\MSCC2FR.DLL
2009-04-02 23:24 . 1998-07-05 22:00 23552 ----a-w c:\windows\system32\MSMPIDE.DLL
2009-04-02 23:24 . 2009-04-02 23:29 -------- d-----w c:\program files\PDFCreator
2009-04-02 21:26 . 2009-04-02 21:26 -------- d-----w c:\program files\Ghostgum
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 22:15 . 2002-09-07 00:00 79930 ----a-w c:\windows\system32\perfc00C.dat
2009-05-01 22:15 . 2002-09-07 00:00 500790 ----a-w c:\windows\system32\perfh00C.dat
2009-04-30 13:45 . 2009-03-29 11:18 45488 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-29 07:25 . 2009-03-29 11:00 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-16 18:32 . 2009-03-29 11:02 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-04-09 23:05 . 2009-03-30 16:26 -------- d-----r c:\program files\Skype
2009-04-08 22:01 . 2009-03-30 16:28 -------- d-----w c:\program files\EasyPHP1-8
2009-04-08 12:03 . 2009-03-29 11:08 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 12:10 . 2009-04-01 12:10 -------- d-----w c:\program files\CCleaner
2009-03-31 18:28 . 2009-03-31 10:59 -------- d-----w c:\program files\LimeWire
2009-03-31 18:28 . 2009-03-31 10:50 -------- d-----w c:\program files\eMule
2009-03-31 12:57 . 2009-03-31 12:57 -------- d-----w c:\program files\Smallvideosoft
2009-03-31 12:54 . 2009-03-31 12:54 -------- d-----w c:\program files\BenQ
2009-03-31 12:48 . 2009-03-31 12:48 -------- d-----w c:\program files\ScanDrv6
2009-03-31 12:48 . 2009-03-29 11:08 -------- d-----w c:\program files\Fichiers communs\InstallShield
2009-03-31 11:16 . 2009-03-29 11:09 -------- d-----w c:\program files\QuickTime Alternative
2009-03-31 11:11 . 2009-03-31 11:11 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-03-31 11:11 . 2009-03-31 11:10 -------- d-----w c:\program files\Fichiers communs\Real
2009-03-31 11:10 . 2009-03-31 11:10 -------- d-----w c:\program files\Real
2009-03-30 21:26 . 2009-03-30 21:24 -------- d-----w c:\program files\madkit 3.1b4
2009-03-30 16:32 . 2009-03-30 16:30 -------- d-----w c:\program files\Weka-3-6
2009-03-30 16:32 . 2009-03-29 11:06 -------- d-----w c:\program files\Java
2009-03-30 16:29 . 2009-03-30 16:29 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-03-30 16:18 . 2009-03-30 15:55 -------- d--h--w c:\program files\Zero G Registry
2009-03-30 13:07 . 2009-03-29 11:10 -------- d-----w c:\program files\Winamp
2009-03-30 09:19 . 2009-03-29 10:57 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-29 21:27 . 2009-03-29 21:26 -------- d-----w c:\program files\Ontrack
2009-03-29 19:57 . 2009-03-29 11:08 -------- d-----w c:\program files\CyberLink
2009-03-29 19:56 . 2009-03-29 11:03 -------- d-----w c:\program files\SlySoft
2009-03-29 19:56 . 2009-03-29 11:02 -------- d-----w c:\program files\Fichiers communs\ACD Systems
2009-03-29 19:45 . 2009-03-29 19:44 26 ----a-w c:\windows\system32\drivers\adidsl.cfg
2009-03-29 19:44 . 2009-03-29 19:44 -------- d-----w c:\program files\Huawei Technologies
2009-03-29 11:45 . 2009-03-29 11:45 -------- d-----w c:\program files\Alwil Software
2009-03-29 11:14 . 2009-03-29 11:14 -------- d-----w c:\program files\Microsoft Works
2009-03-29 11:13 . 2009-03-29 11:13 -------- d-----w c:\program files\Microsoft.NET
2009-03-29 11:10 . 2009-03-29 11:10 -------- d-----w c:\program files\Media Player Classic
2009-03-29 11:09 . 2009-03-29 11:09 -------- d-----w c:\program files\Real Alternative
2009-03-29 11:06 . 2009-03-29 11:06 -------- d-----w c:\program files\Fichiers communs\Java
2009-03-29 11:04 . 2009-03-29 11:04 -------- d-----w c:\program files\MSN Messenger
2009-03-29 11:03 . 2009-03-29 11:03 -------- d-----w c:\program files\Nero
2009-03-29 11:03 . 2009-03-29 11:03 -------- d-----w c:\program files\Fichiers communs\Ahead
2009-03-29 11:02 . 2009-03-29 11:02 10368 ----a-w c:\windows\system32\drivers\pfc.sys
2009-03-29 10:58 . 2009-03-29 10:58 685816 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-29 10:57 . 2002-09-07 00:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-29 10:57 . 2009-03-29 10:57 -------- d-----w c:\program files\Services en ligne
2009-03-29 10:55 . 2009-03-29 10:55 21892 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-29 10:55 . 2009-03-29 10:55 -------- d-----w c:\program files\Desktop
2009-03-29 10:54 . 2009-03-29 10:54 -------- d-----w c:\program files\Windows Media Connect 2
.
------- Sigcheck -------
[7] 2004-08-03 22:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-06-26 20:18 360576 C7BE59B07C6EB74BEA6FD67C1B164015 c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-19 15:09 1227264 FB535EC44E40469149A18BC55D6A8587 c:\windows\explorer.exe
[-] 2004-08-19 15:09 1227264 FB535EC44E40469149A18BC55D6A8587 c:\windows\icon_TMP\explorer.exe
[-] 2004-08-19 15:09 1227264 FB535EC44E40469149A18BC55D6A8587 c:\windows\LastGood.Tmp\explorer.exe
[-] 2004-08-19 15:09 1227264 FB535EC44E40469149A18BC55D6A8587 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 04:54 1036288 4C33E5B9A6197B6ED215F6CFBA0A2DAA c:\windows\system_backup\explorer.exe
[-] 2007-06-14 14:31 80216 C7BCEA1533BE5C9E15884D6C39B667F1 c:\windows\icon_TMP\wuauclt.exe
[-] 2007-06-14 14:31 80216 C7BCEA1533BE5C9E15884D6C39B667F1 c:\windows\LastGood.Tmp\system32\wuauclt.exe
[-] 2007-06-14 14:31 80216 C7BCEA1533BE5C9E15884D6C39B667F1 c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2007-06-14 14:31 80216 C7BCEA1533BE5C9E15884D6C39B667F1 c:\windows\system32\wuauclt.exe
[7] 2007-06-14 14:31 53080 3A83A45E7DD5276315AA20245E7C32BF c:\windows\system_backup\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-06-26 124928]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys [2003-12-01 117785]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - FONTCACHE3.0.0.0
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2005c73f-25b6-11de-801a-007304445857}]
\Shell\AutoRun\command - sasyg1y8.com
\Shell\explore\Command - sasyg1y8.com
\Shell\open\Command - sasyg1y8.com
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {EE5B006C-C76F-4CA9-B135-42F788DC22A3} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-05-01 23:45
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6D786AE-0BAD-5981-8AF6-8A48DE8BC981}\InProcServer32*]
"oaggneeplefabdmbegkegedfmnjleg"=hex:6a,61,61,6c,67,68,68,64,6d,69,67,64,6b,67,
6e,61,65,66,68,65,00,00
"nagghfmjnlglkcokajkbkhefjepm"=hex:6a,61,61,6c,67,68,68,64,6d,69,67,64,6b,67,
6e,61,65,66,68,65,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2792)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
.
Heure de fin: 2009-05-01 23:47
ComboFix-quarantined-files.txt 2009-05-01 22:46
Avant-CF: 76 638 576 640 octets libres
Après-CF: 76 733 755 392 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
237
merci
j'ai suivis les instruction de combofix et voila le rappor
ComboFix 09-05-02.3 - Administrateur 01/05/2009 23:43.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.741 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-01 au 2009-05-01 ))))))))))))))))))))))))))))))))))))
.
2009-05-01 22:16 . 2006-06-29 12:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-05-01 22:14 . 2009-05-01 22:16 -------- d-----w c:\windows\system32\XPSViewer
2009-05-01 22:14 . 2009-05-01 22:14 -------- d-----w c:\program files\MSBuild
2009-05-01 22:14 . 2009-05-01 22:14 -------- d-----w c:\program files\Reference Assemblies
2009-05-01 22:13 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-01 22:13 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-01 22:13 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-01 22:13 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-01 22:13 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-01 22:13 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-01 22:13 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-01 22:13 . 2009-05-01 22:13 -------- d-----w C:\a4f9d9f034bd12460ec78e5a9c
2009-05-01 19:14 . 2009-05-01 20:16 -------- d-----w c:\windows\system32\NtmsData
2009-05-01 09:39 . 2009-05-01 20:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-01 09:39 . 2009-05-01 16:39 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-01 09:01 . 2009-05-01 09:01 -------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-05-01 09:01 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 09:01 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 09:01 . 2009-05-01 09:01 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 09:01 . 2009-05-01 09:01 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Avira
2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-30 12:07 . 2009-04-30 12:07 -------- d-----w c:\program files\Lavasoft
2009-04-30 12:07 . 2009-04-30 12:07 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-30 09:43 . 2009-04-30 15:25 -------- d-----w c:\windows\LastGood
2009-04-29 20:15 . 2009-04-29 20:16 -------- d-----w c:\windows\LastGood.Tmp
2009-04-29 19:34 . 2009-04-29 19:34 -------- d-----w c:\documents and settings\All Users\Application Data\Martau
2009-04-29 19:33 . 2009-04-29 19:33 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Martau
2009-04-29 19:33 . 2009-04-29 19:33 -------- d-----w c:\program files\Total Uninstall 4
2009-04-29 16:59 . 2009-04-29 16:59 -------- d-----w c:\windows\srchasst
2009-04-29 16:59 . 2009-04-29 16:59 -------- d-----w c:\windows\system32\xircom
2009-04-29 16:59 . 2009-04-29 16:59 -------- d-----w c:\program files\microsoft frontpage
2009-04-29 16:55 . 2009-04-29 16:55 -------- d-----w c:\windows\ServicePackFiles
2009-04-29 16:44 . 2009-04-29 16:44 -------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2009-04-28 16:44 . 2008-08-02 10:58 44544 ----a-w c:\windows\system32\msxml4a.dll
2009-04-26 20:44 . 2007-11-30 11:18 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-26 20:44 . 2009-04-26 20:44 -------- d-----w c:\program files\MSXML 6.0
2009-04-26 16:35 . 2009-04-26 16:35 -------- d-----w c:\program files\WinEdt Team
2009-04-26 16:25 . 2009-04-26 20:50 -------- d-----w C:\a6a85916e420d51a50e17516f31662
2009-04-26 15:50 . 2009-04-26 16:23 -------- d-----w C:\2cdf034a13e4531fb5940a082f
2009-04-23 19:36 . 2009-04-23 19:36 -------- d-----w C:\RMD
2009-04-23 11:32 . 2001-08-17 20:56 7552 ----a-w c:\windows\system32\drivers\SONYPVU1.SYS
2009-04-16 18:29 . 2009-04-16 18:29 -------- d-----w c:\program files\Fichiers communs\Adobe Systems Shared
2009-04-16 18:20 . 2009-04-16 18:20 -------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-04-10 10:07 . 2001-08-23 16:47 8192 ----a-w c:\windows\system32\kbdkor.dll
2009-04-10 10:07 . 2001-08-23 16:47 8704 ----a-w c:\windows\system32\kbdjpn.dll
2009-04-10 10:07 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\kbd106.dll
2009-04-10 10:07 . 2001-08-17 21:55 5632 ----a-w c:\windows\system32\kbd103.dll
2009-04-10 10:07 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\kbd101c.dll
2009-04-10 10:07 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-04-09 23:05 . 2009-04-09 23:05 -------- d-----w c:\program files\Fichiers communs\Skype
2009-04-09 10:00 . 2009-04-09 10:02 -------- d-----w c:\program files\EPSON
2009-04-08 12:02 . 2000-06-06 11:01 34304 ----a-w c:\windows\system32\EBPCHP.DLL
2009-04-08 12:02 . 2003-05-20 12:27 64000 ----a-w c:\windows\system32\ECBTEG.DLL
2009-04-08 11:36 . 2009-04-08 11:36 -------- d-----w c:\documents and settings\All Users\Application Data\UDL
2009-04-08 11:36 . 2003-07-02 00:00 131072 ----a-r c:\windows\system32\Epcmlib.dll
2009-04-06 20:41 . 2009-04-06 20:41 -------- d-----w C:\TreeTagger
2009-04-06 18:55 . 2003-07-15 23:14 31744 ----a-w c:\windows\system32\E_DCINST.DLL
2009-04-06 18:55 . 2001-09-03 12:04 182 ----a-w c:\windows\system32\EBPPORT4.DAT
2009-04-06 18:55 . 2003-09-25 11:12 76045 ----a-w c:\windows\system32\EBPMON24.DLL
2009-04-04 15:54 . 2009-04-29 21:46 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-04-03 12:56 . 2009-04-03 12:57 -------- d-----w c:\documents and settings\Administrateur\Application Data\XnView
2009-04-03 10:20 . 2004-06-14 12:56 427864 ----a-w c:\windows\system32\XceedZip.dll
2009-04-03 08:35 . 2009-04-03 08:35 -------- d-----w c:\documents and settings\Administrateur\Application Data\Search Settings
2009-04-03 08:35 . 2009-04-03 08:36 -------- d-----w c:\documents and settings\Administrateur\Application Data\pdfforge
2009-04-02 23:29 . 2009-05-01 20:15 -------- d-----w c:\program files\pdfforge Toolbar
2009-04-02 23:24 . 2001-10-28 14:42 116224 ----a-w c:\windows\system32\pdfcmnnt.dll
2009-04-02 23:24 . 1998-07-12 23:08 119568 ----a-w c:\windows\system32\VB6FR.DLL
2009-04-02 23:24 . 1998-07-12 23:08 141312 ----a-w c:\windows\system32\MSCMCFR.DLL
2009-04-02 23:24 . 1998-07-12 23:08 59904 ----a-w c:\windows\system32\MSCC2FR.DLL
2009-04-02 23:24 . 1998-07-05 22:00 23552 ----a-w c:\windows\system32\MSMPIDE.DLL
2009-04-02 23:24 . 2009-04-02 23:29 -------- d-----w c:\program files\PDFCreator
2009-04-02 21:26 . 2009-04-02 21:26 -------- d-----w c:\program files\Ghostgum
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 22:15 . 2002-09-07 00:00 79930 ----a-w c:\windows\system32\perfc00C.dat
2009-05-01 22:15 . 2002-09-07 00:00 500790 ----a-w c:\windows\system32\perfh00C.dat
2009-04-30 13:45 . 2009-03-29 11:18 45488 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-29 07:25 . 2009-03-29 11:00 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-16 18:32 . 2009-03-29 11:02 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-04-09 23:05 . 2009-03-30 16:26 -------- d-----r c:\program files\Skype
2009-04-08 22:01 . 2009-03-30 16:28 -------- d-----w c:\program files\EasyPHP1-8
2009-04-08 12:03 . 2009-03-29 11:08 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 12:10 . 2009-04-01 12:10 -------- d-----w c:\program files\CCleaner
2009-03-31 18:28 . 2009-03-31 10:59 -------- d-----w c:\program files\LimeWire
2009-03-31 18:28 . 2009-03-31 10:50 -------- d-----w c:\program files\eMule
2009-03-31 12:57 . 2009-03-31 12:57 -------- d-----w c:\program files\Smallvideosoft
2009-03-31 12:54 . 2009-03-31 12:54 -------- d-----w c:\program files\BenQ
2009-03-31 12:48 . 2009-03-31 12:48 -------- d-----w c:\program files\ScanDrv6
2009-03-31 12:48 . 2009-03-29 11:08 -------- d-----w c:\program files\Fichiers communs\InstallShield
2009-03-31 11:16 . 2009-03-29 11:09 -------- d-----w c:\program files\QuickTime Alternative
2009-03-31 11:11 . 2009-03-31 11:11 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-03-31 11:11 . 2009-03-31 11:10 -------- d-----w c:\program files\Fichiers communs\Real
2009-03-31 11:10 . 2009-03-31 11:10 -------- d-----w c:\program files\Real
2009-03-30 21:26 . 2009-03-30 21:24 -------- d-----w c:\program files\madkit 3.1b4
2009-03-30 16:32 . 2009-03-30 16:30 -------- d-----w c:\program files\Weka-3-6
2009-03-30 16:32 . 2009-03-29 11:06 -------- d-----w c:\program files\Java
2009-03-30 16:29 . 2009-03-30 16:29 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-03-30 16:18 . 2009-03-30 15:55 -------- d--h--w c:\program files\Zero G Registry
2009-03-30 13:07 . 2009-03-29 11:10 -------- d-----w c:\program files\Winamp
2009-03-30 09:19 . 2009-03-29 10:57 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-29 21:27 . 2009-03-29 21:26 -------- d-----w c:\program files\Ontrack
2009-03-29 19:57 . 2009-03-29 11:08 -------- d-----w c:\program files\CyberLink
2009-03-29 19:56 . 2009-03-29 11:03 -------- d-----w c:\program files\SlySoft
2009-03-29 19:56 . 2009-03-29 11:02 -------- d-----w c:\program files\Fichiers communs\ACD Systems
2009-03-29 19:45 . 2009-03-29 19:44 26 ----a-w c:\windows\system32\drivers\adidsl.cfg
2009-03-29 19:44 . 2009-03-29 19:44 -------- d-----w c:\program files\Huawei Technologies
2009-03-29 11:45 . 2009-03-29 11:45 -------- d-----w c:\program files\Alwil Software
2009-03-29 11:14 . 2009-03-29 11:14 -------- d-----w c:\program files\Microsoft Works
2009-03-29 11:13 . 2009-03-29 11:13 -------- d-----w c:\program files\Microsoft.NET
2009-03-29 11:10 . 2009-03-29 11:10 -------- d-----w c:\program files\Media Player Classic
2009-03-29 11:09 . 2009-03-29 11:09 -------- d-----w c:\program files\Real Alternative
2009-03-29 11:06 . 2009-03-29 11:06 -------- d-----w c:\program files\Fichiers communs\Java
2009-03-29 11:04 . 2009-03-29 11:04 -------- d-----w c:\program files\MSN Messenger
2009-03-29 11:03 . 2009-03-29 11:03 -------- d-----w c:\program files\Nero
2009-03-29 11:03 . 2009-03-29 11:03 -------- d-----w c:\program files\Fichiers communs\Ahead
2009-03-29 11:02 . 2009-03-29 11:02 10368 ----a-w c:\windows\system32\drivers\pfc.sys
2009-03-29 10:58 . 2009-03-29 10:58 685816 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-29 10:57 . 2002-09-07 00:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-29 10:57 . 2009-03-29 10:57 -------- d-----w c:\program files\Services en ligne
2009-03-29 10:55 . 2009-03-29 10:55 21892 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-29 10:55 . 2009-03-29 10:55 -------- d-----w c:\program files\Desktop
2009-03-29 10:54 . 2009-03-29 10:54 -------- d-----w c:\program files\Windows Media Connect 2
.
------- Sigcheck -------
[7] 2004-08-03 22:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-06-26 20:18 360576 C7BE59B07C6EB74BEA6FD67C1B164015 c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-19 15:09 1227264 FB535EC44E40469149A18BC55D6A8587 c:\windows\explorer.exe
[-] 2004-08-19 15:09 1227264 FB535EC44E40469149A18BC55D6A8587 c:\windows\icon_TMP\explorer.exe
[-] 2004-08-19 15:09 1227264 FB535EC44E40469149A18BC55D6A8587 c:\windows\LastGood.Tmp\explorer.exe
[-] 2004-08-19 15:09 1227264 FB535EC44E40469149A18BC55D6A8587 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 04:54 1036288 4C33E5B9A6197B6ED215F6CFBA0A2DAA c:\windows\system_backup\explorer.exe
[-] 2007-06-14 14:31 80216 C7BCEA1533BE5C9E15884D6C39B667F1 c:\windows\icon_TMP\wuauclt.exe
[-] 2007-06-14 14:31 80216 C7BCEA1533BE5C9E15884D6C39B667F1 c:\windows\LastGood.Tmp\system32\wuauclt.exe
[-] 2007-06-14 14:31 80216 C7BCEA1533BE5C9E15884D6C39B667F1 c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2007-06-14 14:31 80216 C7BCEA1533BE5C9E15884D6C39B667F1 c:\windows\system32\wuauclt.exe
[7] 2007-06-14 14:31 53080 3A83A45E7DD5276315AA20245E7C32BF c:\windows\system_backup\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-06-26 124928]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys [2003-12-01 117785]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - FONTCACHE3.0.0.0
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2005c73f-25b6-11de-801a-007304445857}]
\Shell\AutoRun\command - sasyg1y8.com
\Shell\explore\Command - sasyg1y8.com
\Shell\open\Command - sasyg1y8.com
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {EE5B006C-C76F-4CA9-B135-42F788DC22A3} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Vous devez être connecté pour voir les liens.
Rootkit scan 2009-05-01 23:45
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6D786AE-0BAD-5981-8AF6-8A48DE8BC981}\InProcServer32*]
"oaggneeplefabdmbegkegedfmnjleg"=hex:6a,61,61,6c,67,68,68,64,6d,69,67,64,6b,67,
6e,61,65,66,68,65,00,00
"nagghfmjnlglkcokajkbkhefjepm"=hex:6a,61,61,6c,67,68,68,64,6d,69,67,64,6b,67,
6e,61,65,66,68,65,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2792)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
.
Heure de fin: 2009-05-01 23:47
ComboFix-quarantined-files.txt 2009-05-01 22:46
Avant-CF: 76 638 576 640 octets libres
Après-CF: 76 733 755 392 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
237
merci
Dernières actus
-
Unreal Engine 5.4 est disponible, la barre des 60 FPS en ligne de mire
24/04/2024 19:09
-
HP abandonne Intel et équipe désormais ses PC portables gamer Omen 17 de processeurs AMD
24/04/2024 17:21
-
Datés, les Galaxy S9 et Note 9 vont pourtant recevoir cette fonctionnalité des S24
24/04/2024 14:52
-
PS5 : cette nouvelle fonctionnalité va simplifier votre progression dans les jeux
24/04/2024 14:30
-
Réparer son smartphone ou sa TV : l’UE veut que ce soit un droit
24/04/2024 13:38
-
La publicité envahit Windows 11, le menu Démarrer va accueillir des apps sponsorisées
24/04/2024 11:05
Derniers messages publiés
Statistiques globales
- Discussions
- 730 132
- Membres
- 1 586 387
- Dernier membre
- ouistititouille
Partager cette page