Probléme sécurité étrange - Page 2

Précédent
  • 1
  • 2
  • 3
  • 4
  • 5
  1. francox59 Messages postés 103 Statut Membre
     
    stp tu es encore là ?
    0
  2. francox59 Messages postés 103 Statut Membre
     
    up
    0
  3. francox59 Messages postés 103 Statut Membre
     
    re
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. francox59 Messages postés 103 Statut Membre
     
    ok
    0
  6. francox59 Messages postés 103 Statut Membre
     
    voila mon rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:12:19, on 21/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Didier\Mes documents\My Completed Downloads\WindowsInstaller-KB893803-v2-x86.exe
    c:\d57cac8bf4a630b8f53efd8c274b\UPDATE\update.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Barre de Traduction IdiomaX - {477A7A3C-8B11-4B02-ADD1-7A01C4D00FA2} - C:\Program Files\Fichiers communs\IdiomaX Shared\Cat 6.0\TrdIEAddIn.dll
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [L07FXLRD_26968078] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-1085031214-73586283-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-1085031214-73586283-725345543-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
    O4 - HKUS\S-1-5-21-1085031214-73586283-725345543-1003\..\Run: [L07FXLRD_26968078] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m (User '?')
    O4 - HKUS\S-1-5-21-1085031214-73586283-725345543-1003\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Montrer/Cacher la Barre de Traduction - {FE768A8F-9F88-4511-B28B-552ED2F6B500} - C:\Program Files\Fichiers communs\IdiomaX Shared\Cat 6.0\TrdIEAddIn.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
    O15 - Trusted Zone: http://download.windowsupdate.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{062E22AA-A073-4E3D-A7C5-8B9D69D1C10F}: NameServer = 81.253.149.1 80.10.246.3
    O17 - HKLM\System\CS1\Services\Tcpip\..\{062E22AA-A073-4E3D-A7C5-8B9D69D1C10F}: NameServer = 81.253.149.1 80.10.246.3
    O17 - HKLM\System\CS3\Services\Tcpip\..\{062E22AA-A073-4E3D-A7C5-8B9D69D1C10F}: NameServer = 80.10.246.1 81.253.149.2
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  7. francox59 Messages postés 103 Statut Membre
     
    j'ai réinstaller windows installer et redémarré mon ordi rien n'a changé
    0
  8. E..T Messages postés 6565 Statut Contributeur 437
     
    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique sur combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    A toute!
    0
  9. francox59 Messages postés 103 Statut Membre
     
    voila le rapport

    reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation
    old REG_MULTI_SZ =
    SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain
    SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

    reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{062E22AA-A073-4E3D-A7C5-8B9D69D1C10F}\NameServerList
    old REG_MULTI_SZ =
    <empty>

    reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{062E22AA-A073-4E3D-A7C5-8B9D69D1C10F}\NetbiosOptions
    old REG_DWORD = 2

    reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{21D8B9A1-DE9D-4DF6-91AB-8001632C6D77}\NetbiosOptions
    old REG_DWORD = 2

    reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{7BF8308F-DDE3-41C2-8C2E-F5BF1666E15E}\NameServerList
    old REG_MULTI_SZ =
    <empty>

    added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{7BF8308F-DDE3-41C2-8C2E-F5BF1666E15E}\NetbiosOptions
    added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{8B85647F-2A4B-4D85-8563-92AEAE26BC53}\NetbiosOptions
    reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{CE0C5E43-4D18-4E34-9C45-5B01BCCE6653}\NameServerList
    old REG_MULTI_SZ =
    <empty>

    added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{CE0C5E43-4D18-4E34-9C45-5B01BCCE6653}\NetbiosOptions
    deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{062E22AA-A073-4E3D-A7C5-8B9D69D1C10F}\Mtu
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{062E22AA-A073-4E3D-A7C5-8B9D69D1C10F}\NameServer
    added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{217F3EB2-38B3-4862-8F69-630CCEAE94D6}\AddressType
    added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{217F3EB2-38B3-4862-8F69-630CCEAE94D6}\DisableDynamicUpdate
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{217F3EB2-38B3-4862-8F69-630CCEAE94D6}\Mtu
    reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{217F3EB2-38B3-4862-8F69-630CCEAE94D6}\RawIpAllowedProtocols
    old REG_MULTI_SZ =
    0

    reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{217F3EB2-38B3-4862-8F69-630CCEAE94D6}\TcpAllowedPorts
    old REG_MULTI_SZ =
    0

    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{217F3EB2-38B3-4862-8F69-630CCEAE94D6}\TcpWindowSize
    reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{217F3EB2-38B3-4862-8F69-630CCEAE94D6}\UdpAllowedPorts
    old REG_MULTI_SZ =
    0

    added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4FFB7E17-9AB7-4A61-B32D-B83DC6BC414F}\AddressType
    added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4FFB7E17-9AB7-4A61-B32D-B83DC6BC414F}\DisableDynamicUpdate
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4FFB7E17-9AB7-4A61-B32D-B83DC6BC414F}\Mtu
    reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4FFB7E17-9AB7-4A61-B32D-B83DC6BC414F}\RawIpAllowedProtocols
    old REG_MULTI_SZ =
    0

    reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4FFB7E17-9AB7-4A61-B32D-B83DC6BC414F}\TcpAllowedPorts
    old REG_MULTI_SZ =
    0

    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4FFB7E17-9AB7-4A61-B32D-B83DC6BC414F}\TcpWindowSize
    reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4FFB7E17-9AB7-4A61-B32D-B83DC6BC414F}\UdpAllowedPorts
    old REG_MULTI_SZ =
    0

    added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D096CE8-43AE-4509-9009-87E856980786}\AddressType
    added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D096CE8-43AE-4509-9009-87E856980786}\DisableDynamicUpdate
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D096CE8-43AE-4509-9009-87E856980786}\Mtu
    reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D096CE8-43AE-4509-9009-87E856980786}\RawIpAllowedProtocols
    old REG_MULTI_SZ =
    0

    reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D096CE8-43AE-4509-9009-87E856980786}\TcpAllowedPorts
    old REG_MULTI_SZ =
    0

    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D096CE8-43AE-4509-9009-87E856980786}\TcpWindowSize
    reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D096CE8-43AE-4509-9009-87E856980786}\UdpAllowedPorts
    old REG_MULTI_SZ =
    0

    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7BF8308F-DDE3-41C2-8C2E-F5BF1666E15E}\Mtu
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7BF8308F-DDE3-41C2-8C2E-F5BF1666E15E}\NameServer
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7BF8308F-DDE3-41C2-8C2E-F5BF1666E15E}\TcpWindowSize
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B85647F-2A4B-4D85-8563-92AEAE26BC53}\Mtu
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B85647F-2A4B-4D85-8563-92AEAE26BC53}\TcpWindowSize
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CE0C5E43-4D18-4E34-9C45-5B01BCCE6653}\Mtu
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CE0C5E43-4D18-4E34-9C45-5B01BCCE6653}\NameServer
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DefaultTtl
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirect
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePmtuBhDetect
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePmtuDiscovery
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\GlobalMaxTcpWindowSize
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxFreeTcbs
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxHashTableSize
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SackOpts
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Tcp1323Opts
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpNumConnections
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpWindowSize
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
    reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was:
    REG_MULTI_SZ =
    PSched

    reset Linkage\UpperBind for PCI\VEN_1106&DEV_3065&SUBSYS_80FF1043&REV_78\3&61AAA01&0&90. bad value was:
    REG_MULTI_SZ =
    PSched

    <completed>
    0
  10. francox59 Messages postés 103 Statut Membre
     
    alors E.T. ??? et aprés ?
    0
  11. E..T Messages postés 6565 Statut Contributeur 437
     
    le rapport n est pas bon !
    Il faut celui ci celui ci : C:\Combofix.txt
    0
  12. francox59 Messages postés 103 Statut Membre
     
    l'heure est resté en anglais 2008-06-21 comment la remettre normale
    0
  13. francox59 Messages postés 103 Statut Membre
     
    voila j'espére que c cleui la dans c:\ j'ai un dossier nommé combofix à l'intérieur il y a combofix.txt

    ComboFix 08-06-20.4 - Didier 2008-06-21 13:33:49.1 - NTFSx86

    Endroit: C:\Documents and Settings\Didier\Mes documents\My Completed Downloads\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Didier\Application Data\inst.exe
    C:\WINDOWS\system32\_005444_.tmp.dll
    C:\WINDOWS\system32\_005445_.tmp.dll
    C:\WINDOWS\system32\_005446_.tmp.dll
    C:\WINDOWS\system32\_005447_.tmp.dll
    C:\WINDOWS\system32\_005454_.tmp.dll
    C:\WINDOWS\system32\_005455_.tmp.dll
    C:\WINDOWS\system32\_005456_.tmp.dll
    C:\WINDOWS\system32\_005458_.tmp.dll
    C:\WINDOWS\system32\_005459_.tmp.dll
    C:\WINDOWS\system32\_005462_.tmp.dll
    C:\WINDOWS\system32\_005463_.tmp.dll
    C:\WINDOWS\system32\_005465_.tmp.dll
    C:\WINDOWS\system32\_005466_.tmp.dll
    C:\WINDOWS\system32\_005467_.tmp.dll
    C:\WINDOWS\system32\_005469_.tmp.dll
    C:\WINDOWS\system32\_005472_.tmp.dll
    C:\WINDOWS\system32\_005473_.tmp.dll
    C:\WINDOWS\system32\_005477_.tmp.dll
    C:\WINDOWS\system32\_005478_.tmp.dll
    C:\WINDOWS\system32\_005480_.tmp.dll
    C:\WINDOWS\system32\_005483_.tmp.dll
    C:\WINDOWS\system32\_005486_.tmp.dll
    C:\WINDOWS\system32\_005487_.tmp.dll
    C:\WINDOWS\system32\_005488_.tmp.dll
    C:\WINDOWS\system32\_005489_.tmp.dll
    C:\WINDOWS\system32\_005492_.tmp.dll
    C:\WINDOWS\system32\_005493_.tmp.dll
    C:\WINDOWS\system32\_005494_.tmp.dll
    C:\WINDOWS\system32\_005495_.tmp.dll
    C:\WINDOWS\system32\_005496_.tmp.dll
    C:\WINDOWS\system32\_005501_.tmp.dll
    C:\WINDOWS\system32\_005503_.tmp.dll
    C:\WINDOWS\system32\_007901_.tmp.dll
    C:\WINDOWS\system32\_007902_.tmp.dll
    C:\WINDOWS\system32\_007903_.tmp.dll
    C:\WINDOWS\system32\_007904_.tmp.dll
    C:\WINDOWS\system32\_007911_.tmp.dll
    C:\WINDOWS\system32\_007912_.tmp.dll
    C:\WINDOWS\system32\_007913_.tmp.dll
    C:\WINDOWS\system32\_007914_.tmp.dll
    C:\WINDOWS\system32\_007916_.tmp.dll
    C:\WINDOWS\system32\_007917_.tmp.dll
    C:\WINDOWS\system32\_007920_.tmp.dll
    C:\WINDOWS\system32\_007921_.tmp.dll
    C:\WINDOWS\system32\_007923_.tmp.dll
    C:\WINDOWS\system32\_007924_.tmp.dll
    C:\WINDOWS\system32\_007925_.tmp.dll
    C:\WINDOWS\system32\_007926_.tmp.dll
    C:\WINDOWS\system32\_007927_.tmp.dll
    C:\WINDOWS\system32\_007928_.tmp.dll
    C:\WINDOWS\system32\_007930_.tmp.dll
    C:\WINDOWS\system32\_007931_.tmp.dll
    C:\WINDOWS\system32\_007935_.tmp.dll
    C:\WINDOWS\system32\_007936_.tmp.dll
    C:\WINDOWS\system32\_007938_.tmp.dll
    C:\WINDOWS\system32\_007941_.tmp.dll
    C:\WINDOWS\system32\_007944_.tmp.dll
    C:\WINDOWS\system32\_007945_.tmp.dll
    C:\WINDOWS\system32\_007946_.tmp.dll
    C:\WINDOWS\system32\_007947_.tmp.dll
    C:\WINDOWS\system32\_007948_.tmp.dll
    C:\WINDOWS\system32\_007951_.tmp.dll
    C:\WINDOWS\system32\_007952_.tmp.dll
    C:\WINDOWS\system32\_007953_.tmp.dll
    C:\WINDOWS\system32\_007954_.tmp.dll
    C:\WINDOWS\system32\_007955_.tmp.dll
    C:\WINDOWS\system32\_007960_.tmp.dll
    C:\WINDOWS\system32\_007962_.tmp.dll
    C:\WINDOWS\system32\_009094_.tmp.dll
    C:\WINDOWS\system32\_009095_.tmp.dll
    C:\WINDOWS\system32\_009096_.tmp.dll
    C:\WINDOWS\system32\_009097_.tmp.dll
    C:\WINDOWS\system32\_009104_.tmp.dll
    C:\WINDOWS\system32\_009105_.tmp.dll
    C:\WINDOWS\system32\_009106_.tmp.dll
    C:\WINDOWS\system32\_009108_.tmp.dll
    C:\WINDOWS\system32\_009109_.tmp.dll
    C:\WINDOWS\system32\_009112_.tmp.dll
    C:\WINDOWS\system32\_009113_.tmp.dll
    C:\WINDOWS\system32\_009115_.tmp.dll
    C:\WINDOWS\system32\_009116_.tmp.dll
    C:\WINDOWS\system32\_009117_.tmp.dll
    C:\WINDOWS\system32\_009119_.tmp.dll
    C:\WINDOWS\system32\_009122_.tmp.dll
    C:\WINDOWS\system32\_009123_.tmp.dll
    C:\WINDOWS\system32\_009127_.tmp.dll
    C:\WINDOWS\system32\_009128_.tmp.dll
    C:\WINDOWS\system32\_009130_.tmp.dll
    C:\WINDOWS\system32\_009133_.tmp.dll
    C:\WINDOWS\system32\_009136_.tmp.dll
    C:\WINDOWS\system32\_009137_.tmp.dll
    C:\WINDOWS\system32\_009138_.tmp.dll
    C:\WINDOWS\system32\_009139_.tmp.dll
    C:\WINDOWS\system32\_009142_.tmp.dll
    C:\WINDOWS\system32\_009143_.tmp.dll
    C:\WINDOWS\system32\_009144_.tmp.dll
    C:\WINDOWS\system32\_009145_.tmp.dll
    C:\WINDOWS\system32\_009146_.tmp.dll
    C:\WINDOWS\system32\_009151_.tmp.dll
    C:\WINDOWS\system32\_009153_.tmp.dll
    C:\WINDOWS\system32\Cache
    C:\WINDOWS\system32\drivers\downld
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\regsvr32.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_IPRIP
    -------\Service_Iprip

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-21 11:10 . 2008-06-21 11:46 <REP> d-------- C:\WINDOWS\SoftDist.old
    2008-06-21 11:09 . 2008-06-21 13:18 <REP> d-------- C:\WINDOWS\system32\CatRoot2
    2008-06-21 06:28 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-06-20 23:10 . 2008-06-20 23:10 <REP> d-------- C:\Program Files\Zone Labs
    2008-06-20 15:49 . 2008-06-20 15:49 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Sony
    2008-06-20 14:57 . 2008-06-20 14:57 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Malwarebytes
    2008-06-20 14:56 . 2008-06-20 14:57 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-20 14:56 . 2008-06-20 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-20 14:56 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-20 14:56 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-20 13:59 . 2008-06-20 13:59 <REP> d-------- C:\Program Files\eMule
    2008-06-20 13:32 . 2008-06-20 13:33 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-06-20 12:20 . 2008-06-20 12:20 50 --a------ C:\WINDOWS\MegaManager.INI
    2008-06-20 11:18 . 2008-06-20 11:18 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-18 21:14 . 2008-06-18 21:14 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-14 10:47 . 2008-06-14 10:47 <REP> d-------- C:\Program Files\MathType
    2008-06-07 17:50 . 2008-06-07 17:50 <REP> d-------- C:\Documents and Settings\Didier\Application Data\TaoUSign
    2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
    2008-05-28 13:12 . 2008-05-28 13:14 <REP> d-------- C:\Program Files\QuickMediaConverter
    2008-05-28 13:09 . 2008-05-28 13:09 <REP> d-------- C:\Program Files\AviSynth 2.5
    2008-05-28 13:09 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
    2008-05-23 21:18 . 2008-05-23 21:19 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Spamihilator
    2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
    2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
    2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
    2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
    2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
    2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
    2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-05-22 19:38 . 2008-05-22 19:38 <REP> d-------- C:\Program Files\Viewpoint

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-21 11:47 --------- d-----w C:\Program Files\Wanadoo
    2008-06-21 11:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-20 13:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-20 10:26 --------- d-----w C:\Program Files\BitTorrent
    2008-06-20 10:23 --------- d-----w C:\Program Files\Astonsoft
    2008-06-20 10:19 --------- d-----w C:\Program Files\Radiochronologie
    2008-06-20 10:19 --------- d-----w C:\Program Files\AnglaisFacile.com
    2008-06-18 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-14 20:02 --------- d-----w C:\Documents and Settings\Didier\Application Data\OpenOffice.org2
    2008-06-14 13:20 --------- d-----w C:\Documents and Settings\Didier\Application Data\Vso
    2008-06-14 08:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-06-14 08:48 --------- d-----w C:\Documents and Settings\Didier\Application Data\Design Science
    2008-06-09 09:16 --------- d-----w C:\Documents and Settings\Didier\Application Data\BitTorrent
    2008-06-08 20:15 --------- d-----w C:\Program Files\DivX
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-05-28 19:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-05-23 10:23 --------- d-----w C:\Documents and Settings\Didier\Application Data\LimeWire
    2008-05-22 17:42 1,385,744 ----a-w C:\WINDOWS\system32\msvbvm60.dll
    2008-05-20 18:58 --------- d-----w C:\Program Files\Newsoft
    2008-05-20 14:23 --------- d-----w C:\Program Files\CodeStuff
    2008-05-19 08:19 --------- d-----w C:\Program Files\JPEG Compression
    2008-05-19 04:33 4,445,184 ----a-w C:\WINDOWS\system32\msi.dll
    2008-05-19 04:33 332,800 ----a-w C:\WINDOWS\system32\msihnd.dll
    2008-05-19 04:33 18,944 ----a-w C:\WINDOWS\system32\msisip.dll
    2008-05-18 23:57 95,744 ----a-w C:\WINDOWS\system32\msiexec.exe
    2008-05-18 17:44 --------- d-----w C:\Program Files\Canta
    2008-05-17 08:30 --------- d-----w C:\Program Files\LimeWire
    2008-05-15 08:42 --------- d-----w C:\Documents and Settings\Didier\Application Data\DeepBurner
    2008-05-14 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-05-10 17:54 --------- d-----w C:\Documents and Settings\Didier\Application Data\GlarySoft
    2008-05-09 21:07 --------- d-----w C:\Program Files\Glary Utilities
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-02 11:08 359,040 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
    2008-05-01 08:31 --------- d-----w C:\Program Files\Windows Resource Kits
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-04-22 20:18 --------- d-----w C:\Program Files\NCH Swift Sound
    2008-04-22 20:18 --------- d-----w C:\Documents and Settings\Didier\Application Data\NCH Swift Sound
    2008-04-22 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    2008-04-16 23:43 2,560 ----a-w C:\WINDOWS\system32\msimsg.dll
    2008-04-13 17:36 239,006 ----a-w C:\WINDOWS\AppPatch\SET76D.tmp
    2008-04-13 17:36 239,006 ----a-w C:\WINDOWS\AppPatch\set72d.tmp
    2008-04-13 17:36 239,006 ----a-w C:\WINDOWS\AppPatch\set60c.tmp
    2008-04-13 17:36 204,396 ----a-w C:\WINDOWS\AppPatch\SET76C.tmp
    2008-04-13 17:36 204,396 ----a-w C:\WINDOWS\AppPatch\set72c.tmp
    2008-04-13 17:36 204,396 ----a-w C:\WINDOWS\AppPatch\set60b.tmp
    2008-04-13 17:36 1,202,774 ----a-w C:\WINDOWS\AppPatch\SET76B.tmp
    2008-04-13 17:36 1,202,774 ----a-w C:\WINDOWS\AppPatch\set72b.tmp
    2008-04-13 17:36 1,202,774 ----a-w C:\WINDOWS\AppPatch\set60a.tmp
    2008-04-13 17:33 98,816 ----a-w C:\WINDOWS\system32\SET40E.tmp
    2008-04-13 17:32 5,632 ----a-w C:\WINDOWS\system32\SET336.tmp
    2008-04-13 17:32 5,632 ----a-w C:\WINDOWS\system32\SET186.tmp
    2008-04-13 17:32 5,632 ----a-w C:\WINDOWS\system32\SET14D.tmp
    2008-04-13 17:02 50,688 ----a-w C:\WINDOWS\system32\SET51C.tmp
    2008-04-13 17:01 572,416 ----a-w C:\WINDOWS\system32\SET251.tmp
    2008-04-13 16:57 70,144 ----a-w C:\WINDOWS\system32\SET643.tmp
    2008-04-13 16:57 70,144 ----a-w C:\WINDOWS\system32\SET602.tmp
    2008-04-13 16:57 70,144 ----a-w C:\WINDOWS\system32\SET4D0.tmp
    2008-04-13 09:36 2,986,496 ----a-w C:\WINDOWS\system32\SET11DC.tmp
    2008-04-13 09:36 2,986,496 ----a-w C:\WINDOWS\system32\SET1077.tmp
    2008-04-13 09:36 2,986,496 ------w C:\WINDOWS\system32\SET1199.tmp
    2008-04-13 09:30 61,440 ----a-w C:\WINDOWS\system32\SET292.tmp
    2008-04-13 08:37 208,384 ----a-w C:\WINDOWS\system32\SET3E2.tmp
    2008-04-13 08:37 208,384 ----a-w C:\WINDOWS\system32\SET290.tmp
    2008-04-13 08:37 208,384 ----a-w C:\WINDOWS\system32\SET1F9.tmp
    2008-04-13 08:37 138,752 ----a-w C:\WINDOWS\system32\SET589.tmp
    2008-04-13 08:37 138,752 ----a-w C:\WINDOWS\system32\SET577.tmp
    2008-04-13 08:37 138,752 ----a-w C:\WINDOWS\system32\SET3EA.tmp
    2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\SET4B9.tmp
    2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\SET432.tmp
    2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\SET42B.tmp
    2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\SET312.tmp
    2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\SET2D0.tmp
    2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\SET249.tmp
    2008-04-13 07:23 48,128 ----a-w C:\WINDOWS\system32\SET48B.tmp
    2008-04-13 07:23 48,128 ----a-w C:\WINDOWS\system32\SET3DE.tmp
    2008-04-13 07:23 48,128 ----a-w C:\WINDOWS\system32\SET2A2.tmp
    2008-04-13 06:42 16,896 ----a-w C:\WINDOWS\system32\SET20A.tmp
    2008-04-13 06:42 16,896 ----a-w C:\WINDOWS\system32\SET1A4.tmp
    2008-04-13 06:42 16,896 ------w C:\WINDOWS\system32\SET38D.tmp
    2008-04-13 06:39 884,736 ----a-w C:\WINDOWS\system32\SET49E.tmp
    2008-04-13 06:39 884,736 ----a-w C:\WINDOWS\system32\SET401.tmp
    2008-04-13 06:39 884,736 ----a-w C:\WINDOWS\system32\SET2B5.tmp
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-01-28 12:55 667 -c--a-w C:\Documents and Settings\Didier\Application Data\waver_2.95.dat
    2008-01-03 15:14 1 ------w C:\Documents and Settings\Didier\SI.bin
    2007-08-20 09:22 47,360 -c----w C:\Documents and Settings\Didier\Application Data\pcouffin.sys
    2007-08-08 19:29 0 -c----w C:\Documents and Settings\Didier\Application Data\wklnhst.dat
    2007-05-13 11:21 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
    2008-02-14 13:40 23 --sha-w C:\WINDOWS\system32\acccab6_d.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-05-07 13:03 15360]
    "WOOKIT"="C:\Program Files\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
    "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-04-04 19:01 1368064]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-24 20:15 204288]
    "L07FXLRD_26968078"="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" [ ]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
    "CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 18:32 278528]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
    "DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-02-29 22:23 3057152]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2007-05-07 13:03 15360]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"= 1 (0x1)
    "AllowUnhashedWebView"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoExpandedNewMenu"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-11-21 15:50 233472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 13:30 72208 c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "msacm.l3acm"= l3codecp.acm
    "VIDC.MJPG"= pvmjpg21.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
    Notification Packages REG_MULTI_SZ scecli scecli

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "%windir%\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8309220-C260-AE04-D00E-BF07CB315C00}]
    C:\WINDOWS\system32\Msgrss.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-06-14 15:17:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-06-08 08:00:01 C:\WINDOWS\Tasks\At1.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-06-08 18:00:00 C:\WINDOWS\Tasks\At2.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-06-08 12:00:00 C:\WINDOWS\Tasks\At3.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-06-21 11:21:55 C:\WINDOWS\Tasks\GlaryInitialize.job"
    - C:\Program Files\Glary Utilities\initialize.exe
    "2008-06-20 15:15:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
    "2008-06-01 10:00:00 C:\WINDOWS\Tasks\Mise à jour des produits IdiomaX.job"
    0
  14. E..T Messages postés 6565 Statut Contributeur 437
     
    Re
    Je jette un coup d'œil à ton rapport et je te tiens au courant le plus vite possible ;-)
    @+++
    0
  15. francox59 Messages postés 103 Statut Membre
     
    ok d'accord c'est sympa de s'occuper de moi la console de récupération était installé avant de formaté il y a 2 ans j'avais 2 partition une de 180 go et une autre de 5 go avec la récupération mais maintenant j'en ai plus qu'une de 184 go bizarre je sais pas ou elle est passé
    0
  16. E..T Messages postés 6565 Statut Contributeur 437
     
    Bon on y retourne ;-))

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\dpufr.qm
    C:\WINDOWS\system32\dtu_fr.qm
    C:\WINDOWS\system32\dtu100.dll.manifest
    C:\WINDOWS\system32\dpl100.dll.manifest
    C:\WINDOWS\AppPatch\SET76D.tmp
    C:\WINDOWS\AppPatch\set72d.tmp
    C:\WINDOWS\AppPatch\set60c.tmp
    C:\WINDOWS\AppPatch\SET76C.tmp
    C:\WINDOWS\AppPatch\set72c.tmp
    C:\WINDOWS\AppPatch\set60b.tmp
    C:\WINDOWS\AppPatch\SET76B.tmp
    C:\WINDOWS\AppPatch\set72b.tmp
    C:\WINDOWS\AppPatch\set60a.tmp
    C:\WINDOWS\system32\SET40E.tmp
    C:\WINDOWS\system32\SET336.tmp
    C:\WINDOWS\system32\SET186.tmp
    C:\WINDOWS\system32\SET14D.tmp
    C:\WINDOWS\system32\SET51C.tmp
    C:\WINDOWS\system32\SET251.tmp
    C:\WINDOWS\system32\SET643.tmp
    C:\WINDOWS\system32\SET602.tmp
    C:\WINDOWS\system32\SET4D0.tmp
    C:\WINDOWS\system32\SET11DC.tmp
    C:\WINDOWS\system32\SET1077.tmp
    C:\WINDOWS\system32\SET1199.tmp
    C:\WINDOWS\system32\SET292.tmp
    C:\WINDOWS\system32\SET3E2.tmp
    C:\WINDOWS\system32\SET290.tmp
    C:\WINDOWS\system32\SET1F9.tmp
    C:\WINDOWS\system32\SET589.tmp
    C:\WINDOWS\system32\SET577.tmp
    C:\WINDOWS\system32\SET3EA.tmp
    C:\WINDOWS\system32\SET4B9.tmp
    C:\WINDOWS\system32\SET432.tmp
    C:\WINDOWS\system32\SET42B.tmp
    C:\WINDOWS\system32\SET312.tmp
    C:\WINDOWS\system32\SET2D0.tmp
    C:\WINDOWS\system32\SET249.tmp
    C:\WINDOWS\system32\SET48B.tmp
    C:\WINDOWS\system32\SET3DE.tmp
    C:\WINDOWS\system32\SET2A2.tmp
    C:\WINDOWS\system32\SET20A.tmp
    C:\WINDOWS\system32\SET1A4.tmp
    C:\WINDOWS\system32\SET38D.tmp
    C:\WINDOWS\system32\SET49E.tmp
    C:\WINDOWS\system32\SET401.tmp
    C:\WINDOWS\system32\SET2B5.tmp
    C:\Documents and Settings\Didier\Application Data\waver_2.95.dat
    C:\Documents and Settings\Didier\Application Data\wklnhst.dat

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de redémarrage, poste quand même les rapports.

    A toute
    0
  17. E..T Messages postés 6565 Statut Contributeur 437
     
    Bon en espérant que ça avance ;-)
    @++
    0
  18. francox59 Messages postés 103 Statut Membre
     
    je vais l'analyse lundi matin car la l'ordi est occupé par ma soeur depuis le premier scan de combofix l'heure était au format anglais année- mois-jour j'ai réussi à le remettre normal mais quand je met ma souris dessus il est encore au format anglais bizarre
    la taille des documents était également séparés par des virgules au lieu d'espace j'ai changé ds paramétre régionales là c bon mon ordi semble un peu moins long mais windows installer ne marche toujours pas ni windows update je suis presque persuadé que si j'installé le sp3 il y a urait peut etre une chance que ça remarche la réinstallation de windows installer 3.1 n'a rien changé
    0
  19. francox59
     
    E.T.

    est ce que cette manipulation va régler le problème windows installer ???
    0
  20. E..T Messages postés 6565 Statut Contributeur 437
     
    est ce que cette manipulation va régler le problème windows installer ???

    Pas sur pour windows installer mais il doit y avoir un gros virus!

    Fais les mainps et dis moi quoi .
    ++
    0
Précédent
  • 1
  • 2
  • 3
  • 4
  • 5