Recherche google redirigé sur d'autre site.
Dernière réponse : dans Sécurité
Tout d'abord bonjours à tous,
Depuis 2 jours mes recherches google sont redirigé sur d'autre site, je dois copier coller le lien de la recherche à chaque fois pour que le site fonctionne sinon je me fais redirigé sur d'autre site. Je pense que j'ai chopé un virus, j'ai fait des analyses anti-virus mais l'anti-virus ne détecte rien...
Pouvez vous me dire quoi faire? Quels logiciels dois je utiliser pour vous fournir un rapport d'erreur. En gros, me donner toute la démarche à suivre car je suis vraiment nul à se niveau.
Merci beaucoup!
Je suis sous windoes XP, j'utilise Google Chrome, anti-virus: Bit Defender
Depuis 2 jours mes recherches google sont redirigé sur d'autre site, je dois copier coller le lien de la recherche à chaque fois pour que le site fonctionne sinon je me fais redirigé sur d'autre site. Je pense que j'ai chopé un virus, j'ai fait des analyses anti-virus mais l'anti-virus ne détecte rien...
Pouvez vous me dire quoi faire? Quels logiciels dois je utiliser pour vous fournir un rapport d'erreur. En gros, me donner toute la démarche à suivre car je suis vraiment nul à se niveau.
Merci beaucoup!
Je suis sous windoes XP, j'utilise Google Chrome, anti-virus: Bit Defender
Autres pages sur : recherche google redirige site
Lassé par la pub ? Créez un compte
Sur des sites à caractère sexuel le plus souvent, la premier page de redirection est "http://searchbenefits69.com/".
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
Pour me transmettre les rapports :
1/
Démarre Spybot, clique sur Mode, coche Mode avancé.
A gauche, clique sur Outils, puis sur Résident.
Décoche la case devant Résident "TeaTimer" :
![]()
Quitte Spybot.
2/
Télécharge Ad-Remover (de C_XX) sur ton Bureau.
Ferme toutes les applications en cours y compris le navigateur.
Double-clique sur AD-R situé sur ton Bureau pour le lancer.
Choisis Nettoyer puis valide.
Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
2/
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 29/01/11 à 16:00
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 22:37:59 le 02/02/2011, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
zad@ZAD-J07 ( )
============== ACTION(S) ==============
Fichier supprimé: C:\WINDOWS\system32\ConduitEngine.tmp
Dossier supprimé: C:\Documents and Settings\zad\Application Data\Mozilla\FireFox\Profiles\sd5nnrak.default\conduit
Dossier supprimé: C:\Documents and Settings\zad\Application Data\Mozilla\FireFox\Profiles\sd5nnrak.default\ConduitEngine
Dossier supprimé: C:\Documents and Settings\zad\Application Data\Mozilla\FireFox\Profiles\sd5nnrak.default\extensions\engine@conduit.com
Fichier supprimé: C:\Documents and Settings\zad\Menu Démarrer\Pacific Poker.lnk
Dossier supprimé: C:\Program Files\Everest Casino
Dossier supprimé: C:\Documents and Settings\zad\Menu Démarrer\Programmes\Pacific Poker
Dossier supprimé: C:\Program Files\PacificPoker4
Dossier supprimé: C:\Documents and Settings\zad\Local Settings\Application Data\Conduit
Dossier supprimé: C:\Program Files\Conduit
Dossier supprimé: C:\Documents and Settings\zad\Local Settings\Application Data\ConduitEngine
Dossier supprimé: C:\Program Files\ConduitEngine
Dossier supprimé: C:\Program Files\Trymedia
Dossier supprimé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer
Dossier supprimé: C:\Documents and Settings\zad\Application Data\EoRezo
(!) -- Fichiers temporaires supprimés.
-- Fichier ouvert: C:\Documents and Settings\zad\Application Data\Mozilla\FireFox\Profiles\sd5nnrak.default\Prefs.js --
/!\ Impossible d'ouvrir le fichier, nettoyage interrompu /!\
-- Fichier Fermé --
Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
Clé supprimée: HKLM\Software\Classes\CLSID\{CA029C1F-87E0-419F-AFB9-29F9F925CAE5}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CA029C1F-87E0-419F-AFB9-29F9F925CAE5}
Clé supprimée: HKLM\Software\Classes\CLSID\{EADAFD65-68F4-4E9B-B963-810EBC79BC14}
Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\OfferBox.OfferBoxServer
Clé supprimée: HKLM\Software\Classes\OfferBox.OfferBoxServer.1
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2776682
Clé supprimée: HKLM\Software\Classes\AppID\EoRezoBHO.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
Clé supprimée: HKLM\Software\OfferBox
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\conduitEngine
Clé supprimée: HKCU\Software\OfferBox
Clé supprimée: HKCU\Software\Conduit
Clé supprimée: HKCU\Software\conduitEngine
Clé supprimée: HKCU\Software\Lanconfig
Clé supprimée: HKCU\Software\pacificpoker
Clé supprimée: HKCU\Software\pokerinstaller
Clé supprimée: HKCU\Software\WebMediaPlayer
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Pacific Poker
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\WebMediaPlayer
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C00A711F-4E83-42A9-9281-3E04FDD51F4F}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pacific Poker
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
Clé supprimée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc
Valeur supprimée: HKLM\Software\Mozilla\Firefox\Extensions|offerboxffx@offerbox.com
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.13 (fr)] **
-- C:\Documents and Settings\zad\Application Data\Mozilla\FireFox\Profiles\sd5nnrak.default\Prefs.js --
browser.download.dir, E:\\Telechargement
browser.download.lastDir, C:\\Documents and Settings\\zad\\Bureau
browser.search.defaultenginename, Bing
browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=
browser.search.selectedEngine, Google
browser.startup.homepage, hxxp://www.google.fr/
browser.startup.homepage_override.mstone, rv:1.9.2.13
========================================
** Internet Explorer Version [7.0.5730.13] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 5960 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 02/02/2011 (5043 Octet(s))
Fin à: 22:39:36, 02/02/2011
============== E.O.F ==============
Mis à jour par TeamXscript le 29/01/11 à 16:00
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 22:37:59 le 02/02/2011, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
zad@ZAD-J07 ( )
============== ACTION(S) ==============
Fichier supprimé: C:\WINDOWS\system32\ConduitEngine.tmp
Dossier supprimé: C:\Documents and Settings\zad\Application Data\Mozilla\FireFox\Profiles\sd5nnrak.default\conduit
Dossier supprimé: C:\Documents and Settings\zad\Application Data\Mozilla\FireFox\Profiles\sd5nnrak.default\ConduitEngine
Dossier supprimé: C:\Documents and Settings\zad\Application Data\Mozilla\FireFox\Profiles\sd5nnrak.default\extensions\engine@conduit.com
Fichier supprimé: C:\Documents and Settings\zad\Menu Démarrer\Pacific Poker.lnk
Dossier supprimé: C:\Program Files\Everest Casino
Dossier supprimé: C:\Documents and Settings\zad\Menu Démarrer\Programmes\Pacific Poker
Dossier supprimé: C:\Program Files\PacificPoker4
Dossier supprimé: C:\Documents and Settings\zad\Local Settings\Application Data\Conduit
Dossier supprimé: C:\Program Files\Conduit
Dossier supprimé: C:\Documents and Settings\zad\Local Settings\Application Data\ConduitEngine
Dossier supprimé: C:\Program Files\ConduitEngine
Dossier supprimé: C:\Program Files\Trymedia
Dossier supprimé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer
Dossier supprimé: C:\Documents and Settings\zad\Application Data\EoRezo
(!) -- Fichiers temporaires supprimés.
-- Fichier ouvert: C:\Documents and Settings\zad\Application Data\Mozilla\FireFox\Profiles\sd5nnrak.default\Prefs.js --
/!\ Impossible d'ouvrir le fichier, nettoyage interrompu /!\
-- Fichier Fermé --
Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
Clé supprimée: HKLM\Software\Classes\CLSID\{CA029C1F-87E0-419F-AFB9-29F9F925CAE5}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CA029C1F-87E0-419F-AFB9-29F9F925CAE5}
Clé supprimée: HKLM\Software\Classes\CLSID\{EADAFD65-68F4-4E9B-B963-810EBC79BC14}
Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\OfferBox.OfferBoxServer
Clé supprimée: HKLM\Software\Classes\OfferBox.OfferBoxServer.1
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2776682
Clé supprimée: HKLM\Software\Classes\AppID\EoRezoBHO.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
Clé supprimée: HKLM\Software\OfferBox
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\conduitEngine
Clé supprimée: HKCU\Software\OfferBox
Clé supprimée: HKCU\Software\Conduit
Clé supprimée: HKCU\Software\conduitEngine
Clé supprimée: HKCU\Software\Lanconfig
Clé supprimée: HKCU\Software\pacificpoker
Clé supprimée: HKCU\Software\pokerinstaller
Clé supprimée: HKCU\Software\WebMediaPlayer
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Pacific Poker
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\WebMediaPlayer
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C00A711F-4E83-42A9-9281-3E04FDD51F4F}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pacific Poker
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
Clé supprimée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc
Valeur supprimée: HKLM\Software\Mozilla\Firefox\Extensions|offerboxffx@offerbox.com
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.13 (fr)] **
-- C:\Documents and Settings\zad\Application Data\Mozilla\FireFox\Profiles\sd5nnrak.default\Prefs.js --
browser.download.dir, E:\\Telechargement
browser.download.lastDir, C:\\Documents and Settings\\zad\\Bureau
browser.search.defaultenginename, Bing
browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=
browser.search.selectedEngine, Google
browser.startup.homepage, hxxp://www.google.fr/
browser.startup.homepage_override.mstone, rv:1.9.2.13
========================================
** Internet Explorer Version [7.0.5730.13] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 5960 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 02/02/2011 (5043 Octet(s))
Fin à: 22:39:36, 02/02/2011
============== E.O.F ==============
[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
ComboFix 11-01-31.02 - zad 02/02/2011 23:15:19.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1224 [GMT 1:00]
Lancé depuis: c:\documents and settings\zad\Bureau\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Pare-feu *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\zad\Application Data\cacaoweb
c:\documents and settings\zad\Application Data\cacaoweb\adstorage.db
c:\documents and settings\zad\Application Data\cacaoweb\replicating0C9D0C7F61F049497873311CB62BE999.cacao
c:\documents and settings\zad\Application Data\cacaoweb\replicating3CF458EBC40F4F89B381494991F01304.cacao
c:\documents and settings\zad\Application Data\cacaoweb\replicating4C2CB4E1E490D7F6679333036BB1D1A4.cacao
c:\documents and settings\zad\Application Data\cacaoweb\replicating539552A823B30250A988198FDADFA2DA.cacao
c:\documents and settings\zad\Application Data\cacaoweb\replicating5D38F8A21A9C9CA86370337BC437E6B0.cacao
c:\documents and settings\zad\Application Data\cacaoweb\replicating7BFEEE0E93A9F44DAE92B23F8517DD6E.cacao
c:\documents and settings\zad\Application Data\cacaoweb\storage.db
c:\windows\ojycenyvy.dll
c:\windows\system32\tmp.reg
c:\windows\system32\twunk_32.exe
c:\windows\wpe pro.INI
E:\install.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-01-02 au 2011-02-02 ))))))))))))))))))))))))))))))))))))
.
2011-01-28 21:18 . 2011-01-28 21:18 -------- d-----w- c:\documents and settings\zad\Local Settings\Application Data\EA Games
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-12 07:17 . 2009-08-10 14:28 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-12 07:16 . 2009-07-07 11:39 233960 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-12 07:16 . 2008-03-07 19:33 233960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-27 16:18 . 2008-03-07 19:33 270904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-12-16 19:29 . 2008-08-14 03:08 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-16 19:29 . 2008-08-14 03:08 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-13 19:53 . 2008-03-07 19:33 75136 ------w- c:\windows\system32\PnkBstrA.exe
2010-12-03 09:04 . 2010-12-03 09:04 40960 ----a-r- c:\documents and settings\zad\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-12-03 09:04 . 2010-12-03 09:04 40960 ----a-r- c:\documents and settings\zad\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-11-18 18:12 . 2008-02-21 23:21 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-14 18:13 . 2010-11-14 18:13 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-11-14 18:13 . 2010-11-14 18:13 361288 ------w- c:\windows\system32\TuneUpDefragService.exe
2010-11-09 14:52 . 2006-03-02 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-07 15:49 . 2008-10-30 02:39 138056 ----a-w- c:\documents and settings\zad\Application Data\PnkBstrK.sys
2010-11-06 00:28 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:28 . 2006-03-02 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:28 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:28 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
.
------- Sigcheck -------
[-] 2008-04-14 . 3EFE912DD25D2586E6A0341DB0A66F69 . 979968 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 3EFE912DD25D2586E6A0341DB0A66F69 . 979968 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2006-03-02 . 2A7BD330924252A2FD80344FC949BB72 . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\tbBro1.dll" [2011-01-08 3911776]
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
2011-01-08 19:40 3911776 ----a-w- c:\program files\BrotherSoft_Extreme\tbBro1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\tbBro1.dll" [2011-01-08 3911776]
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{51A86BB3-6602-4C85-92A5-130EE4864F13}"= "c:\program files\BrotherSoft_Extreme\tbBro1.dll" [2011-01-08 3911776]
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Octoshape Streaming Services"="c:\documents and settings\zad\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"cacaoweb"="c:\program files\cacaoweb\cacaoweb.exe" [2011-02-01 353520]
"RayV"="c:\program files\RayV\RayV\RayV.exe" [2010-10-21 2839848]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"QuickGammaLoader"="c:\program files\QuickGamma\QuickGammaLoader.exe" [2009-08-14 98816]
"CGFLoader"="c:\program files\Calibrize\CalibrizeLoader.exe" [2007-11-26 1961984]
"CalibrizeResume"="c:\program files\Calibrize\CalibrizeResume.exe" [2007-11-26 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-07-01 198160]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi Go\Console Launcher\CTAPR2.exe" [2008-07-02 61546]
"Creative KSRun Persistence Module"="KSRun.dll" [2008-06-24 16896]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-10-28 237693]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-03-18 1123360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-06 74752]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\zad\Menu D‚marrer\Programmes\D‚marrage\
CurseClientStartup.ccip [2010-4-25 0]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-11 805392]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^zad^Menu Démarrer^Programmes^Démarrage^Need for Speed™ Undercover Registration.lnk]
backup=c:\windows\pss\Need for Speed™ Undercover Registration.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^zad^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\zad\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^zad^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
backup=c:\windows\pss\UberIcon.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^zad^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
backup=c:\windows\pss\Y'z Shadow.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2002-07-17 10:00 204863 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ------w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-09-22 15:10 1871872 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-10-16 11:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 11:05 110696 ------w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2009-08-13 02:24 306088 ------w- e:\steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 19:02 1242448 ----a-w- e:\steam\steam.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"UpdReg"=c:\windows\UpdReg.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"e:\\Civilization4.exe"=
"e:\\fm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Zattoo\\zattood.exe"=
"c:\\Program Files\\Zattoo\\Zattoo2.exe"=
"e:\\STEAM\\Steam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"e:\\STEAM\\steamapps\\cybertoph42\\day of defeat\\hl.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"e:\\STEAM\\steamapps\\sleeper_compt\\counter-strike\\hl.exe"=
"e:\\Mirror\\Binaries\\MirrorsEdge.exe"=
"e:\\Warcraft III\\Warcraft III.exe"=
"c:\\Games\\DotA Allstars\\DotA Allstars.exe"=
"e:\\lord2\\Overlord2.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\STEAM\\steamapps\\common\\grand theft auto iv\\RGSC\\RGSCLauncher.exe"=
"e:\\STEAM\\steamapps\\zak42100\\counter-strike\\hl.exe"=
"c:\\Program Files\\DMV\\MaxTV4\\core\\maxtv_xul.exe"=
"c:\\Program Files\\DMV\\MaxTV4\\maxtv.exe"=
"c:\\Program Files\\DMV\\MaxTV4\\recorder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\STEAM\\steamapps\\common\\left 4 dead 2 demo\\left4dead2.exe"=
"e:\\World of Warcraft\\WoW-3.2.0-frFR-downloader.exe"=
"e:\\World of Warcraft\\Launcher.exe"=
"e:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"=
"e:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"=
"e:\\World of Warcraft\\BackgroundDownloader.exe"=
"e:\\Battlefield bad company 2\\BFBC2Updater.exe"=
"e:\\Battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\zad\\Local Settings\\Apps\\2.0\\VP0C760O.HXV\\78KLXJY6.KOQ\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=
"e:\\StarCraft II\\StarCraft II.exe"=
"e:\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"e:\\HoN\\hon.exe"=
"e:\\Dead Rising 2\\deadrising2.exe"=
"e:\\STEAM\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
"e:\\STEAM\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\cacaoweb\\cacaoweb.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.dll"=
"e:\\STEAM\\steamapps\\common\\call of duty world at war\\CoDWaW.exe"=
"e:\\STEAM\\steamapps\\common\\call of duty world at war\\CoDWaWmp.exe"=
"e:\\STEAM\\steamapps\\common\\battlefield 2\\BF2.exe"=
"e:\\STEAM\\steamapps\\common\\battlefield 2\\support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"e:\\STEAM\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"e:\\STEAM\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"e:\\STEAM\\steamapps\\common\\alien swarm\\swarm.exe"=
"e:\\STEAM\\steamapps\\common\\call of duty black ops rcon\\BlackOpsRcon.exe"=
"e:\\NFS HOT pursuit\\Launcher.exe"=
"e:\\BATMAN\\Binaries\\ShippingPC-BmGame.exe"=
"e:\\STEAM\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"e:\\STEAM\\steamapps\\common\\call of duty black ops\\BlackOps.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"e:\\invictus\\Vindictus\\en-US\\NMService.exe"=
"e:\\STF4\\StreetFighterIV.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"e:\\LOL US\\air\\LolClient.exe"=
"e:\\LOL US\\game\\League of Legends.exe"=
"e:\\LOL FR\\air\\LolClient.exe"=
"e:\\LOL FR\\game\\League of Legends.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\STEAM\\steamapps\\cybertoph42\\counter-strike\\hl.exe"=
"e:\\STEAM\\steamapps\\cybertoph42\\counter-strike source\\hl2.exe"=
"e:\\LOL FR\\lol.launcher.exe"=
"e:\\STEAM\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7240:TCP"= 7240:TCP:BitComet 7240 TCP
"7240:UDP"= 7240:UDP:BitComet 7240 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"58092:TCP"= 58092:TCP
ando Media Booster"58092:UDP"= 58092:UDP
ando Media Booster"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher
"58081:TCP"= 58081:TCP
ando Media Booster"58081:UDP"= 58081:UDP
ando Media Booster"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"6905:TCP"= 6905:TCP:League of Legends Launcher
"6905:UDP"= 6905:UDP:League of Legends Launcher
"6962:TCP"= 6962:TCP:League of Legends Launcher
"6962:UDP"= 6962:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"6957:TCP"= 6957:TCP:League of Legends Launcher
"6957:UDP"= 6957:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"6994:TCP"= 6994:TCP:League of Legends Launcher
"6994:UDP"= 6994:UDP:League of Legends Launcher
"6892:TCP"= 6892:TCP:League of Legends Launcher
"6892:UDP"= 6892:UDP:League of Legends Launcher
"6913:TCP"= 6913:TCP:League of Legends Launcher
"6913:UDP"= 6913:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6884:TCP"= 6884:TCP:League of Legends Launcher
"6884:UDP"= 6884:UDP:League of Legends Launcher
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/24/2008 18:20 721904]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [1/19/2010 18:32 85128]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [11/15/2010 18:44 20328]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/19/2008 14:36 304464]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [10/28/2010 14:31 1483072]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2/22/2008 0:44 38656]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2/3/2010 12:57 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [1/4/2010 18:41 111312]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [12/1/2008 9:33 453376]
R3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [10/24/2008 9:27 1824384]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [10/24/2008 18:05 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/19/2008 14:36 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 13:34 10064]
S2 gupdate1cac24be8b429dc;Service Google Update (gupdate1cac24be8b429dc);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2010 2:24 133104]
S3 Arrakis3;BitDefender Serveur Arrakis;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [10/19/2009 16:06 183880]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe [7/7/2009 18:18 79360]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\zad\LOCALS~1\Temp\STL2A1.tmp --> c:\docume~1\zad\LOCALS~1\Temp\STL2A1.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/15/2008 9:00 356920]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [10/27/2008 16:46 27904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2011-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 01:24]
2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 01:24]
2011-02-02 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 09:00]
2011-02-02 c:\windows\Tasks\Norton Security Scan for zad.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-20 07:48]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
TCP: {9C26DC32-B697-4D76-B491-349C4B4165B5} = 212.27.40.220,212.27.40.221
FF - ProfilePath - c:\documents and settings\zad\Application Data\Mozilla\Firefox\Profiles\sd5nnrak.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org
FF - Ext: Virtus Search Opt-in: extension@virtusdesigns.com - %profile%\extensions\extension@virtusdesigns.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: LoL Strategy Builds Community Toolbar: {1d09b5e5-973b-47d3-b9da-5579bda6eb62} - %profile%\extensions\{1d09b5e5-973b-47d3-b9da-5579bda6eb62}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Mega Manager Integration: {40a1f5d7-afc2-498f-b264-02668d616ff6} - %profile%\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
FF - Ext: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - %profile%\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
FF - Ext: DPStream Toolbar: {8d0e4687-02fa-460f-a530-e999413b9fba} - %profile%\extensions\{8d0e4687-02fa-460f-a530-e999413b9fba}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: MidnightFoxy: {dc961bb0-dfb2-11dc-95ff-0800200c9a66} - %profile%\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: BitDefender Antiphishing Toolbar: FFToolbar@bitdefender.com - c:\program files\BitDefender\BitDefender 2010\bdaphffext
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-avast5 - e:\avast\avastUI.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-02 23:20
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
cacaoweb = "c:\program files\cacaoweb\cacaoweb.exe" -noplayer?abled:cacaoweb?es??????????????????O?????????????h?O???O???????????O???O? ??|`??|????????????????( ??????Service Pack 3?????????????????????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\zad\LOCALS~1\Temp\STL2A1.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
DUMPHIVE0.003 (REGF)
[HKEY_USERS\S-1-5-21-2000478354-1229272821-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:33,3c,9c,fa,4c,7c,46,23,d2,21,0e,e1,0a,b1,59,9a,7f,9e,b2,c0,05,
4a,f0,88,6e,b2,f1,ae,52,3f,d5,55,3d,cd,2a,38,ac,79,f6,7f,54,ea,85,9e,19,16,\
"rkeysecu"=hex:67,22,bd,31,fb,60,55,b8,b8,71,8b,1b,c4,f2,5c,f2
.
Heure de fin: 2011-02-02 23:23:47
ComboFix-quarantined-files.txt 2011-02-02 22:23
Avant-CF: 17,978,802,176 octets libres
Après-CF: 18,347,204,608 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 59BC67257C0D389F3C1FFF0DB2CAE19C
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumBarre recherche google sur google site
- articlesSite de recherche autre que google
- ForumBarre recherche google sur son site
- ForumBarre de recherche google dans son site
- ForumIntegrer mon site dans des recherche google
- articlesMettre une recherche google sur son site
- articlesRecherche google sur mon site
- solutionsBarre recherche google site
- articlesBarre de recherche google sur site
- ForumBarre de recherche google sur son site
- Voir plus
