infection malwares
Forum Sécurité - Virus : infection malwares
Bonjour mon pc est infecté par je ne sait quel(s) malwares:
exemple system alert dans la zone de notification
j'ai scanner avec malwarebytes' anti malware il a trouvé des malwares je les ai supprimé mais ça continu je post un log hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37:59, on 14/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0F4FF575-F4C6-496C-A2D2-FA55DA5A2339} - C:\WINDOWS\system32\cl.dll
O2 - BHO: (no name) - {17D79270-FE65-4D20-BD08-E319B7EA2E1D} - C:\WINDOWS\system32\cl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B20978AE-3C3E-4DA6-AC3D-BB587AB8E0D1} - C:\WINDOWS\system32\cl.dll
O2 - BHO: (no name) - {D0A3B82A-1267-4BFF-AF40-2E135325CDC8} - C:\WINDOWS\system32\cl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 8725937546
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _0_3_0.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/ [...] 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
--
End of file - 5425 bytes
Bonjour,
Analyse le fichier suivant sur le site VirusTotal puis donne moi le rapport :
C:\WINDOWS\system32\cl.dll
Répondre à Angeldark
tu ve ce qui est dans info aditionelle?
Nan avant :
| Citation : Antivirus Version Dernière mise à jour Résultat
|
Répondre à Angeldark
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.9.13.0 2008.09.12 -
AntiVir 7.8.1.28 2008.09.12 -
Authentium 5.1.0.4 2008.09.14 -
Avast 4.8.1195.0 2008.09.13 Win32
odnuha-BJ
AVG 8.0.0.161 2008.09.14 BHO.O
BitDefender 7.2 2008.09.14 -
CAT-QuickHeal 9.50 2008.09.13 Rootkit.Podnuha.aab
ClamAV 0.93.1 2008.09.14 -
DrWeb 4.44.0.09170 2008.09.14 -
eSafe 7.0.17.0 2008.09.14 Suspicious File
eTrust-Vet 31.6.6086 2008.09.12 Win32/Kvol!generic
Ewido 4.0 2008.09.14 -
F-Prot 4.4.4.56 2008.09.14 W32/Podnuha.A.gen!Eldorado
F-Secure 8.0.14332.0 2008.09.14 -
Fortinet 3.113.0.0 2008.09.14 -
GData 19 2008.09.14 Win32odnuha-BJ
Ikarus T3.1.1.34.0 2008.09.14 Virus.Trojan.Win32.Pakes.cdw
K7AntiVirus 7.10.454 2008.09.13 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.09.14 -
McAfee 5383 2008.09.12 Boaxxe.dll
Microsoft 1.3903 2008.09.14 Trojan:Win32/Boaxxe.B
NOD32v2 3440 2008.09.13 -
Norman 5.80.02 2008.09.12 W32/Rootkit.OQD
Panda 9.0.0.4 2008.09.14 Suspicious file
PCTools 4.4.2.0 2008.09.14 Rootkit.Podnuha.Gen.2
Prevx1 V2 2008.09.14 Cloaked Malware
Rising 20.61.42.00 2008.09.12 RootKit.Win32.Podnuha.adc
Sophos 4.33.0 2008.09.14 -
Sunbelt 3.1.1633.1 2008.09.13 -
Symantec 10 2008.09.14 -
TheHacker 6.3.0.9.082 2008.09.14 -
TrendMicro 8.700.0.1004 2008.09.12 PAK_Generic.005
VBA32 3.12.8.5 2008.09.14 Trojan.Win32.Boaxxe
ViRobot 2008.9.12.1375 2008.09.12 -
VirusBuster 4.5.11.0 2008.09.14 Rootkit.Podnuha.Gen.2
Webwasher-Gateway 6.6.2 2008.09.14 -
Re,
Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
ComboFix 08-09-14.01 - Administrateur 2008-09-14 20:45:31.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1641 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Cookies\administrateur@clickintext[1].txt
C:\WINDOWS\system32\cl.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-14 au 2008-09-14 ))))))))))))))))))))))))))))))))))))
.
2008-09-14 16:42 . 2008-09-14 16:42 <REP> d-------- C:\Program Files\Enigma Software Group
2008-09-14 11:26 . 2008-09-14 11:26 <REP> d-------- C:\Program Files\IKEA HomePlanner
2008-09-14 11:26 . 2008-09-14 11:26 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-13 22:20 . 2008-09-13 22:20 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-13 16:12 . 2008-09-13 16:12 <REP> d-------- C:\Program Files\Avira
2008-09-13 15:08 . 2008-09-14 17:10 <REP> d-------- C:\Program Files\PremierOpinion
2008-09-12 23:30 . 2008-09-14 16:37 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-09-10 17:53 . 2008-09-10 17:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 17:53 . 2008-09-10 17:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 17:53 . 2008-09-10 17:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-10 17:53 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 17:53 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-10 14:03 . 2008-09-10 14:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-09-10 13:47 . 2008-09-13 15:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-09-10 13:44 . 2008-09-10 13:44 <REP> d-------- C:\WINDOWS\Sun
2008-09-10 13:44 . 2008-09-10 20:22 <REP> d-------- C:\Program Files\Google
2008-09-10 13:43 . 2008-09-10 13:43 <REP> d-------- C:\Program Files\Java
2008-09-10 13:43 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-10 13:41 . 2008-09-10 13:41 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-09-10 13:38 . 2008-09-10 13:39 <REP> d-------- C:\Program Files\LimeWire
2008-09-06 23:10 . 2008-09-06 23:10 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-09-06 23:10 . 2008-07-22 16:59 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-09-06 23:10 . 2008-07-22 16:59 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-09-06 23:10 . 2008-07-22 16:59 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-09-06 22:25 . 2008-09-06 22:25 <REP> d-------- C:\Program Files\DivX
2008-09-05 18:41 . 2008-09-05 18:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Go-Go Gourmet Chef of the Year
2008-09-05 17:40 . 2008-09-05 18:54 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-05 17:38 . 2008-09-14 16:34 <REP> d-------- C:\Program Files\Gamenext
2008-09-05 17:38 . 2008-09-05 17:38 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2008-09-03 19:14 . 2008-09-03 19:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ESET
2008-09-02 20:45 . 2008-09-03 19:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-01 19:14 . 2008-09-06 23:39 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-08-31 22:29 . 2005-12-21 10:16 470,048 --a------ C:\WINDOWS\system32\drivers\ar5211.sys
2008-08-31 22:29 . 2005-12-21 10:16 470,048 --a------ C:\WINDOWS\system32\ar5211.sys
2008-08-31 21:56 . 2005-06-06 17:51 11,264 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-08-31 21:56 . 2005-01-05 18:02 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-08-31 21:51 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-08-31 21:50 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-08-31 21:50 . 2008-04-13 20:46 19,200 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-08-31 21:50 . 2008-04-14 04:34 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-08-31 21:50 . 2008-04-13 20:46 15,232 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-08-31 21:50 . 2008-04-13 20:46 15,232 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2008-08-31 21:50 . 2008-04-13 20:46 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-08-31 21:50 . 2008-04-13 20:46 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-08-31 21:50 . 2008-04-13 20:39 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-08-31 21:49 . 2008-08-31 21:49 <REP> d-------- C:\Program Files\ASUS
2008-08-31 21:49 . 2008-04-13 20:46 85,248 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-08-31 21:49 . 2008-04-13 20:46 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-08-30 23:10 . 2008-08-30 23:10 268 --ah----- C:\sqmdata01.sqm
2008-08-30 23:10 . 2008-08-30 23:10 244 --ah----- C:\sqmnoopt01.sqm
2008-08-30 17:06 . 2008-08-30 17:06 268 --ah----- C:\sqmdata00.sqm
2008-08-30 17:06 . 2008-08-30 17:06 244 --ah----- C:\sqmnoopt00.sqm
2008-08-30 15:10 . 2008-08-30 17:05 <REP> d-------- C:\Program Files\Dofus
2008-08-30 13:20 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-30 13:20 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-30 13:20 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-15 21:33 . 2008-08-15 21:33 126,976 --a------ C:\WINDOWS\War3Unin.exe
2008-08-15 21:33 . 2008-08-15 21:35 23,563 --a------ C:\WINDOWS\War3Unin.dat
2008-08-15 21:33 . 2008-08-15 21:33 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-08-15 21:32 . 2008-09-07 00:07 <REP> d-------- C:\Program Files\Warcraft III
2008-08-15 19:53 . 2008-08-15 19:53 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-15 19:53 . 2008-08-15 20:49 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
2008-08-15 18:48 . 2008-08-15 19:53 <REP> d-------- C:\Program Files\Windows Live
2008-08-15 18:48 . 2008-08-15 19:52 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-15 18:48 . 2008-09-01 16:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-15 16:39 . 2006-04-03 10:00 42,940 --a------ C:\WINDOWS\system32\net5211.inf
2008-08-15 16:39 . 2005-12-21 10:15 26 --a------ C:\WINDOWS\system32\net5211.cat
2008-08-15 13:44 . 2008-08-15 18:29 <REP> d-------- C:\temp
2008-08-15 12:59 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-08-15 02:11 . 2008-08-15 02:11 109 --a------ C:\WINDOWS\GMouse.ini
2008-08-15 01:54 . 2008-08-15 01:54 <REP> d-------- C:\Program Files\MSXML 4.0
2008-08-15 01:53 . 2008-08-15 01:53 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-08-15 01:53 . 2008-04-13 20:45 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-08-15 01:53 . 2008-08-15 01:53 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-08-15 01:53 . 2008-04-13 20:45 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-08-15 01:52 . 2008-04-13 18:39 142,592 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-08-15 01:52 . 2008-04-13 20:45 56,576 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-08-15 01:52 . 2008-04-13 20:45 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-08-15 01:51 . 2008-04-13 21:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-08-15 01:51 . 2008-04-13 20:45 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-08-15 01:50 . 2008-08-15 01:50 <REP> d-------- C:\WINDOWS\system32\Lang
2008-08-15 01:50 . 2008-04-13 21:17 83,072 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-08-15 01:48 . 2006-10-18 23:22 9,216 -ra------ C:\WINDOWS\system32\drivers\videX32.sys
2008-08-15 01:47 . 2008-08-15 01:47 <REP> d-------- C:\Program Files\VIA
2008-08-15 01:44 . 2008-08-15 01:44 <REP> d-------- C:\WINDOWS\vnDrvBas
2008-08-15 01:44 . 2006-11-01 23:21 319,456 --a------ C:\WINDOWS\system32\difxapi.dll
2008-08-15 01:44 . 2006-10-27 08:26 69,632 --a------ C:\WINDOWS\system32\vuins32.dll
2008-08-15 01:44 . 2008-06-25 06:36 43,520 --a------ C:\WINDOWS\system32\drivers\fetnd5bv.sys
2008-08-15 01:44 . 2008-04-13 20:39 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-08-15 01:42 . 2008-08-15 01:42 <REP> d-------- C:\Program Files\Realtek
2008-08-15 01:42 . 2008-08-15 16:15 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-08-15 01:42 . 2007-01-13 18:54 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
2008-08-15 01:42 . 2008-08-15 01:42 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-08-15 01:42 . 2006-10-11 13:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-08-15 01:42 . 2008-08-15 01:42 9,617 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-08-15 01:42 . 2004-08-14 13:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-08-15 01:37 . 2008-09-13 21:23 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-15 00:55 . 2008-08-15 00:55 <REP> d-------- C:\Program Files\MSBuild
2008-08-15 00:55 . 2008-08-15 00:55 <REP> d-------- C:\Program Files\Microsoft Works
2008-08-15 00:52 . 2008-08-15 00:55 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-08-15 00:52 . 2008-09-10 17:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-15 00:51 . 2008-08-15 00:51 <REP> dr-h----- C:\MSOCache
2008-08-14 23:52 . 2008-09-13 15:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-14 23:49 . 2008-08-14 23:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-08-14 23:49 . 2008-09-13 16:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-14 23:47 . 2008-08-14 23:57 <REP> d-------- C:\Program Files\NOS
2008-08-14 23:47 . 2008-08-14 23:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-08-14 23:42 . 2008-08-14 23:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-14 23:41 . 2008-08-14 23:41 <REP> d-------- C:\Program Files\CCleaner
2008-08-14 23:36 . 2008-08-14 23:36 <REP> d-------- C:\Program Files\Alwil Software
2008-08-14 23:36 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-08-14 23:36 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-08-14 23:36 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-08-14 22:10 . 2008-08-14 22:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-14 22:00 . 2008-09-13 00:54 <REP> d-------- C:\Program Files\Opera
2008-08-14 21:28 . 2008-08-14 21:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-08-14 21:26 . 2008-08-14 21:26 <REP> d-------- C:\Program Files\Nero
2008-08-14 21:26 . 2008-08-14 21:27 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-08-14 21:26 . 2008-08-14 21:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-14 20:35 . 2008-08-14 20:35 <REP> d-------- C:\Program Files\Dial-a-fix-v0.60.0.24
2008-08-14 20:14 . 2008-08-14 20:14 <REP> d-------- C:\Program Files\ma-config.com
2008-08-14 20:14 . 2008-08-14 20:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-08-14 17:59 . 2006-08-10 04:02 75,264 --a------ C:\WINDOWS\system32\E_FLBBVE.DLL
2008-08-14 17:59 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BBVE.DLL
2008-08-14 17:57 . 2006-08-10 04:02 75,264 --a------ C:\WINDOWS\system32\E_FLBBIE.DLL
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 14:51 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-14 14:49 --------- d-----w C:\Program Files\Services en ligne
2008-08-14 14:45 --------- d-----w C:\Program Files\Windows Plus
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 15:35 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 04:04 59392 C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX6000 Series]
--a------ 2006-09-22 06:01 139264 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBIE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 04:34 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2006-02-14 14:09 69632 C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-04 20:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-01-31 20:54 16116224 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-17 20:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus DX6000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_S56B.tmp" /EF "HKCU"
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\french\\setup.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-18 9216]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-11 2829696]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-06-25 43520]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{0F4FF575-F4C6-496C-A2D2-FA55DA5A2339} - C:\WINDOWS\system32\cl.dll
BHO-{17D79270-FE65-4D20-BD08-E319B7EA2E1D} - C:\WINDOWS\system32\cl.dll
BHO-{B20978AE-3C3E-4DA6-AC3D-BB587AB8E0D1} - C:\WINDOWS\system32\cl.dll
BHO-{D0A3B82A-1267-4BFF-AF40-2E135325CDC8} - C:\WINDOWS\system32\cl.dll
Notify-!SASWinLogon - (no file)
.
------- Examen suppl‚mentaire -------
.
R0 -: HKCU-Main,Start Page = google.fr/
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_0.cab
C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 20:48:16
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cach‚s ...
Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...
Recherche de fichiers cach‚s ...
Scan termin‚ avec succŠs
Fichiers cach‚s: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2008-09-14 20:49:55 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-14 18:49:52
Avant-CF: 184,961,232,896 octets libres
AprŠs-CF: 185,084,526,592 octets libres
268 --- E O F --- 2008-09-10 15:51:43
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:50, on 15/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\utilman.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 8725937546
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _0_3_0.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/ [...] 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
--
End of file - 4874 bytes
Tu as encore des soucis ?
Répondre à Angeldark
pr linstant non je revien si jen ai
je vous envoie mon raport hijack;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33, on 2008-09-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\windows\hffext\hffsrv.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\user\Application Data\Map Maker\MMManager.exe
C:\WINDOWS\SYSTEM32\Explorer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.252:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;192.168.0.252
F2 - REG:system.ini: Shell=Explorer.exe usbhelp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe, explorer.exe,
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=091608 serial=DR12CUX-9009316-YHF lang=EN
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [System64] C:\WINDOWS\system32\ne0kS.dll.wsf
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Barsaka] explorer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [E06FDXRC_6617505] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [PC Suite Tray] "C:\documents and settings\user\my documents\nokia n70\nokia pc suite 6\pcsuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\user\Local Settings\Application Data\smss.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Documents and Settings\user\My Documents\NOKIA N70\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Documents and Settings\user\My Documents\NOKIA N70\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: SunClock5.lnk = C:\Documents and Settings\user\Application Data\Map Maker\MMManager.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: D6A4ECB - Unknown owner - C:\WINDOWS\system32\1CBC09C8.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 7323 bytes
Chacun son sujet.
Répondre à Angeldark
Il y a 1536 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
