Pb connexion internet aprè désinfection Bagle
GreenMyosotis
Messages postés
15
Statut
Membre
-
GreenMyosotis Messages postés 15 Statut Membre -
GreenMyosotis Messages postés 15 Statut Membre -
Bonjour à tous,
La semaine dernière j'ai été infecté par le ver Bagle en téléchargeant simplement flash player pour pouvoir visualiser mes fichiers .swf.
J'ai lu pas mal de conversations sur divers forum pour désinfecter mon pc, je pense avoir réussi.
Voici le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:54, on 23/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\dldocoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RD1000\Service\RDXmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: dldoCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe
O23 - Service: dldo_device - - C:\WINDOWS\system32\dldocoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RDXmon 1.12 (RDXmon) - Unknown owner - C:\Program Files\RD1000\Service\RDXmon.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe
La semaine dernière j'ai été infecté par le ver Bagle en téléchargeant simplement flash player pour pouvoir visualiser mes fichiers .swf.
J'ai lu pas mal de conversations sur divers forum pour désinfecter mon pc, je pense avoir réussi.
Voici le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:54, on 23/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\dldocoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RD1000\Service\RDXmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: dldoCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe
O23 - Service: dldo_device - - C:\WINDOWS\system32\dldocoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RDXmon 1.12 (RDXmon) - Unknown owner - C:\Program Files\RD1000\Service\RDXmon.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe
A voir également:
- Pb connexion internet aprè désinfection Bagle
- Gmail connexion - Guide
- D'où peut venir un problème de connexion internet sur un ordinateur ? - Guide
- Arcep ma connexion internet - Accueil - Box & Connexion Internet
- Comment savoir si quelqu'un utilise ma connexion internet - Guide
- Gps sans internet - Guide
4 réponses
Salut
Juste au cas ou, le fait de redémarrer le pc ( si ce n'est pas fait ) devrait réparer la connexion
Sinon, essaye cette manip'
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix#restore
Juste au cas ou, le fait de redémarrer le pc ( si ce n'est pas fait ) devrait réparer la connexion
Sinon, essaye cette manip'
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix#restore
Merci pour ta réponse et pour ton aide jorginho67.
J'ai redémarré mon pc plusieurs fois, toujours pareil. La connexion fonctionne et coupe au bout de 5 minutes. Le plus bizarre, c'est que je reçois des mails sur Outlook. Firefox et Internet explorer affichent "Délai d'attente dépassé..." ou "Impossible d'afficher la page ..."
J'ai essayé Comfix et suivi la manipulation décrite dans ton lien, voici le rapport qui en ressort :
Log COMBOFIX :
_____________________________________________________
ComboFix 09-04-23.A1 - Green 23/04/2009 14:55.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1583 [GMT 2:00]
Lancé depuis: c:\documents and settings\Green\Bureau\ComboFix.exe
FW: ZoneAlarm Firewall *enabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\InfoSat.txt
c:\windows\IE4 Error Log.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-23 au 2009-4-23 ))))))))))))))))))))))))))))))))))))
.
2009-04-22 11:57 . 2009-04-22 11:57 -------- d-----w c:\windows\system32\Kaspersky Lab
2009-04-22 11:52 . 2009-04-22 08:01 59915 ----a-w C:\mdelk.exe
2009-04-22 09:15 . 2009-04-22 09:22 -------- d-----w C:\CCM
2009-04-22 09:02 . 2009-04-22 09:12 -------- d-----w C:\FindyKill
2009-04-21 12:42 . 2009-04-21 12:42 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-21 12:42 . 2009-04-21 12:42 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-21 12:38 . 2009-04-21 12:38 -------- d-----w c:\documents and settings\Green\Application Data\Malwarebytes
2009-04-21 12:38 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-21 12:38 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-21 12:38 . 2009-04-21 12:38 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-06 09:21 . 2009-04-06 09:21 -------- d--h--w c:\windows\PIF
2009-04-06 07:40 . 2009-04-06 07:40 -------- d-----w C:\My Lockbox
2009-04-06 07:40 . 2008-10-23 09:36 73344 ----a-w c:\windows\system32\fsproflt.exe
2009-04-06 07:40 . 2008-06-05 16:37 43792 ----a-w c:\windows\system32\drivers\FSPFltd.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 12:41 . 2009-04-21 09:59 4700 ----a-w C:\aaw7boot.log
2009-04-22 13:18 . 2009-01-30 16:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-22 13:17 . 2009-04-21 12:44 -------- d-----w c:\program files\Panda Security
2009-04-22 09:50 . 2009-04-21 12:38 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-22 09:10 . 2004-08-05 12:00 49494 ----a-w c:\windows\system32\perfc00C.dat
2009-04-22 09:10 . 2004-08-05 12:00 370414 ----a-w c:\windows\system32\perfh00C.dat
2009-04-21 12:42 . 2009-04-21 12:42 -------- d-----w c:\program files\Java
2009-04-21 12:32 . 2009-04-21 12:30 -------- d-----w c:\program files\a-squared Free
2009-04-21 12:29 . 2009-01-30 09:32 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-21 10:40 . 2009-04-21 10:40 -------- d-----w c:\program files\Trend Micro
2009-04-21 10:31 . 2009-04-21 10:31 -------- d-----w c:\program files\ToniArts
2009-04-21 10:31 . 2009-01-28 16:23 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-21 10:19 . 2009-04-21 10:19 -------- d-----w c:\program files\Sophos
2009-04-21 09:54 . 2009-04-21 09:54 -------- d-----w c:\program files\CCleaner
2009-04-21 09:46 . 2009-04-21 09:46 -------- d-----w c:\program files\AxBx
2009-04-21 09:29 . 2009-01-30 17:02 211316 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-21 09:29 . 2009-01-30 17:02 17940512 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-10 07:47 . 2009-01-28 15:30 80344 ----a-w c:\documents and settings\Green\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-09 11:52 . 2009-02-02 12:03 -------- d-----w c:\documents and settings\Green\Application Data\Winamp
2009-04-08 14:37 . 2009-02-02 12:03 -------- d-----w c:\program files\Winamp
2009-03-12 17:02 . 2009-03-12 14:03 -------- d-----w c:\documents and settings\Green\Application Data\FileZilla
2009-03-12 14:04 . 2009-03-12 14:02 -------- d-----w c:\program files\FileZilla FTP Client
2009-03-12 13:49 . 2009-01-30 09:06 -------- d-----w c:\program files\free-downloads.net
2009-03-09 16:35 . 2009-02-02 11:21 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-09 16:35 . 2009-01-28 16:36 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-02-27 16:33 . 2009-02-27 16:33 -------- d-----w c:\program files\TagRename
2009-02-27 13:40 . 2009-02-27 13:06 -------- d-----w c:\program files\PhotoFiltre
2009-02-26 09:49 . 2009-02-11 17:07 -------- d-----w c:\documents and settings\Green\Application Data\968 Series
2009-02-26 09:49 . 2009-02-11 15:37 -------- d-----w c:\program files\Dell 968 AIO Printer
2009-02-26 09:04 . 2009-02-17 14:57 -------- d-----w c:\program files\Fichiers communs\Sonic Shared
2009-02-24 08:57 . 2009-02-17 14:57 -------- d-----w c:\program files\Roxio
2009-02-23 08:39 . 2009-02-23 08:38 -------- d-----w c:\program files\Windows Media Connect 2
2009-02-23 08:37 . 2009-02-16 17:05 -------- d-----w c:\documents and settings\Green\Application Data\dvdcss
2009-01-30 16:47 . 2009-01-30 16:46 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-01-28 16:23 . 2009-01-28 16:23 409600 ----a-w c:\windows\system32\wrap_oal.dll
2009-01-28 16:23 . 2009-01-28 16:23 114688 ----a-w c:\windows\system32\OpenAL32.dll
2009-01-28 15:48 . 2009-01-28 13:07 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-28 13:05 . 2009-01-28 13:05 21892 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-22_09.21.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-23 12:42 . 2009-04-23 12:42 16384 c:\windows\Temp\Perflib_Perfdata_17c.dat
+ 2009-01-28 13:04 . 2004-08-05 12:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2008-08-13 13:03 . 2008-08-13 13:03 65536 c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 13:03 . 2008-08-13 13:03 798720 c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2005-05-16 17:34 . 2005-05-16 17:34 213048 c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-01-30 14:12 650752 ----a-w c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2009-03-12 13:49 1883672 ----a-w c:\program files\free-downloads.net\tbfre0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2009-03-12 1883672]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2009-03-12 1883672]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-04-21 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"VirusKeeper"="c:\program files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe" [2009-04-21 3824512]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-21 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Green^Menu Démarrer^Programmes^Démarrage^Raccourci vers Courrier électronique.lnk]
path=c:\documents and settings\Green\Menu Démarrer\Programmes\Démarrage\Raccourci vers Courrier électronique.lnk
backup=c:\windows\pss\Raccourci vers Courrier électronique.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\system32\\dldocoms.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 pavboot;pavboot; [x]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 99568]
R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-21 951632]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2007-06-20 79168]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 595184]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-12-11 3575808]
S2 RDXmon;RDXmon 1.12;c:\program files\RD1000\Service\RDXmon.exe [2006-09-13 45056]
S2 vkservice;VirusKeeper antivirus/antispyware;c:\program files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe [2008-09-26 1119584]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fbb3c3e-eeb0-11dd-ae8b-d848b2d2b192}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8e4d9b6-1dce-11de-8f6b-0022190afae8}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
.
Contenu du dossier 'Tâches planifiées'
2009-04-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-19 16:35]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Green\Application Data\Mozilla\Firefox\Profiles\nelfxylc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 14:56
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-04-23 14:56
ComboFix-quarantined-files.txt 2009-04-23 12:56
ComboFix2.txt 2009-04-22 09:22
Avant-CF: 179 443 605 504 octets libres
Après-CF: 179 549 782 016 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
188 --- E O F --- 2009-02-11 17:03
J'ai redémarré mon pc plusieurs fois, toujours pareil. La connexion fonctionne et coupe au bout de 5 minutes. Le plus bizarre, c'est que je reçois des mails sur Outlook. Firefox et Internet explorer affichent "Délai d'attente dépassé..." ou "Impossible d'afficher la page ..."
J'ai essayé Comfix et suivi la manipulation décrite dans ton lien, voici le rapport qui en ressort :
Log COMBOFIX :
_____________________________________________________
ComboFix 09-04-23.A1 - Green 23/04/2009 14:55.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1583 [GMT 2:00]
Lancé depuis: c:\documents and settings\Green\Bureau\ComboFix.exe
FW: ZoneAlarm Firewall *enabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\InfoSat.txt
c:\windows\IE4 Error Log.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-23 au 2009-4-23 ))))))))))))))))))))))))))))))))))))
.
2009-04-22 11:57 . 2009-04-22 11:57 -------- d-----w c:\windows\system32\Kaspersky Lab
2009-04-22 11:52 . 2009-04-22 08:01 59915 ----a-w C:\mdelk.exe
2009-04-22 09:15 . 2009-04-22 09:22 -------- d-----w C:\CCM
2009-04-22 09:02 . 2009-04-22 09:12 -------- d-----w C:\FindyKill
2009-04-21 12:42 . 2009-04-21 12:42 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-21 12:42 . 2009-04-21 12:42 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-21 12:38 . 2009-04-21 12:38 -------- d-----w c:\documents and settings\Green\Application Data\Malwarebytes
2009-04-21 12:38 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-21 12:38 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-21 12:38 . 2009-04-21 12:38 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-06 09:21 . 2009-04-06 09:21 -------- d--h--w c:\windows\PIF
2009-04-06 07:40 . 2009-04-06 07:40 -------- d-----w C:\My Lockbox
2009-04-06 07:40 . 2008-10-23 09:36 73344 ----a-w c:\windows\system32\fsproflt.exe
2009-04-06 07:40 . 2008-06-05 16:37 43792 ----a-w c:\windows\system32\drivers\FSPFltd.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 12:41 . 2009-04-21 09:59 4700 ----a-w C:\aaw7boot.log
2009-04-22 13:18 . 2009-01-30 16:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-22 13:17 . 2009-04-21 12:44 -------- d-----w c:\program files\Panda Security
2009-04-22 09:50 . 2009-04-21 12:38 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-22 09:10 . 2004-08-05 12:00 49494 ----a-w c:\windows\system32\perfc00C.dat
2009-04-22 09:10 . 2004-08-05 12:00 370414 ----a-w c:\windows\system32\perfh00C.dat
2009-04-21 12:42 . 2009-04-21 12:42 -------- d-----w c:\program files\Java
2009-04-21 12:32 . 2009-04-21 12:30 -------- d-----w c:\program files\a-squared Free
2009-04-21 12:29 . 2009-01-30 09:32 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-21 10:40 . 2009-04-21 10:40 -------- d-----w c:\program files\Trend Micro
2009-04-21 10:31 . 2009-04-21 10:31 -------- d-----w c:\program files\ToniArts
2009-04-21 10:31 . 2009-01-28 16:23 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-21 10:19 . 2009-04-21 10:19 -------- d-----w c:\program files\Sophos
2009-04-21 09:54 . 2009-04-21 09:54 -------- d-----w c:\program files\CCleaner
2009-04-21 09:46 . 2009-04-21 09:46 -------- d-----w c:\program files\AxBx
2009-04-21 09:29 . 2009-01-30 17:02 211316 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-21 09:29 . 2009-01-30 17:02 17940512 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-10 07:47 . 2009-01-28 15:30 80344 ----a-w c:\documents and settings\Green\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-09 11:52 . 2009-02-02 12:03 -------- d-----w c:\documents and settings\Green\Application Data\Winamp
2009-04-08 14:37 . 2009-02-02 12:03 -------- d-----w c:\program files\Winamp
2009-03-12 17:02 . 2009-03-12 14:03 -------- d-----w c:\documents and settings\Green\Application Data\FileZilla
2009-03-12 14:04 . 2009-03-12 14:02 -------- d-----w c:\program files\FileZilla FTP Client
2009-03-12 13:49 . 2009-01-30 09:06 -------- d-----w c:\program files\free-downloads.net
2009-03-09 16:35 . 2009-02-02 11:21 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-09 16:35 . 2009-01-28 16:36 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-02-27 16:33 . 2009-02-27 16:33 -------- d-----w c:\program files\TagRename
2009-02-27 13:40 . 2009-02-27 13:06 -------- d-----w c:\program files\PhotoFiltre
2009-02-26 09:49 . 2009-02-11 17:07 -------- d-----w c:\documents and settings\Green\Application Data\968 Series
2009-02-26 09:49 . 2009-02-11 15:37 -------- d-----w c:\program files\Dell 968 AIO Printer
2009-02-26 09:04 . 2009-02-17 14:57 -------- d-----w c:\program files\Fichiers communs\Sonic Shared
2009-02-24 08:57 . 2009-02-17 14:57 -------- d-----w c:\program files\Roxio
2009-02-23 08:39 . 2009-02-23 08:38 -------- d-----w c:\program files\Windows Media Connect 2
2009-02-23 08:37 . 2009-02-16 17:05 -------- d-----w c:\documents and settings\Green\Application Data\dvdcss
2009-01-30 16:47 . 2009-01-30 16:46 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-01-28 16:23 . 2009-01-28 16:23 409600 ----a-w c:\windows\system32\wrap_oal.dll
2009-01-28 16:23 . 2009-01-28 16:23 114688 ----a-w c:\windows\system32\OpenAL32.dll
2009-01-28 15:48 . 2009-01-28 13:07 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-28 13:05 . 2009-01-28 13:05 21892 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-22_09.21.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-23 12:42 . 2009-04-23 12:42 16384 c:\windows\Temp\Perflib_Perfdata_17c.dat
+ 2009-01-28 13:04 . 2004-08-05 12:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2008-08-13 13:03 . 2008-08-13 13:03 65536 c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 13:03 . 2008-08-13 13:03 798720 c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2005-05-16 17:34 . 2005-05-16 17:34 213048 c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-01-30 14:12 650752 ----a-w c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2009-03-12 13:49 1883672 ----a-w c:\program files\free-downloads.net\tbfre0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2009-03-12 1883672]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2009-03-12 1883672]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-04-21 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"VirusKeeper"="c:\program files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe" [2009-04-21 3824512]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-21 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Green^Menu Démarrer^Programmes^Démarrage^Raccourci vers Courrier électronique.lnk]
path=c:\documents and settings\Green\Menu Démarrer\Programmes\Démarrage\Raccourci vers Courrier électronique.lnk
backup=c:\windows\pss\Raccourci vers Courrier électronique.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\system32\\dldocoms.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 pavboot;pavboot; [x]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 99568]
R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-21 951632]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2007-06-20 79168]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 595184]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-12-11 3575808]
S2 RDXmon;RDXmon 1.12;c:\program files\RD1000\Service\RDXmon.exe [2006-09-13 45056]
S2 vkservice;VirusKeeper antivirus/antispyware;c:\program files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe [2008-09-26 1119584]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fbb3c3e-eeb0-11dd-ae8b-d848b2d2b192}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8e4d9b6-1dce-11de-8f6b-0022190afae8}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
.
Contenu du dossier 'Tâches planifiées'
2009-04-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-19 16:35]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Green\Application Data\Mozilla\Firefox\Profiles\nelfxylc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 14:56
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-04-23 14:56
ComboFix-quarantined-files.txt 2009-04-23 12:56
ComboFix2.txt 2009-04-22 09:22
Avant-CF: 179 443 605 504 octets libres
Après-CF: 179 549 782 016 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
188 --- E O F --- 2009-02-11 17:03
Ca a marché jorginho67!!! merci pour ton lien, la connexion fonctionne.
Une fois que le nettoyage est effectué par le logiciel ComboFix ( http://www.combofix.org/download.php ), il faut se rendre sur ce paragraphe ( https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix#restore ) et suivre ce qui est indiqué pour réparer la connexion internet, à priori ça fonctionne de nouveau !!!
Merci bien, (content d'avoir réglé ce pb rapidement :) )
Une fois que le nettoyage est effectué par le logiciel ComboFix ( http://www.combofix.org/download.php ), il faut se rendre sur ce paragraphe ( https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix#restore ) et suivre ce qui est indiqué pour réparer la connexion internet, à priori ça fonctionne de nouveau !!!
Merci bien, (content d'avoir réglé ce pb rapidement :) )
