Se connecter / S'enregistrer
Votre question

mon pc se plante

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Décembre 2007 17:52:52

bonjour à tous
mon pc se plante depuis 2jrs et le nod32 me signale une variante win32 au niveau de presque tous les fichiers .exe et mnt il ne marche plus ni lui ni le media player ...meme pas le bloc note ..
voila le rapport hijackthis
aidez moi plz :( 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:55, on 07/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O24 - Desktop Component 1: Anfy LAKE - C:\Program Files\AnfyTeam\Applet\lake\preview.html

--
End of file - 5605 bytes

Autres pages sur : plante

8 Décembre 2007 19:12:32

Bonjour


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
8 Décembre 2007 19:39:56

voilà le rapport de combofix ..aidez moi pleeeeeeeeease sinon je serais obligée de formater de nouveau..meme le rapport j'ai du l'ouvrire avec word car il trouve pas le bloc note!!!!!!!!!!!!!!!!

ComboFix 07-12-08.1 - Assouma 2007-12-08 17:59:38.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.247 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur\Mes documents\My Completed Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))))))))
.

2007-12-06 06:01 . 2007-12-06 06:01 2,432 --a------ C:\WINDOWS\system32\unpr.sys
2007-11-28 02:42 . 2007-12-08 06:22 <REP> d-------- C:\Program Files\Burn4Free
2007-11-25 02:21 . 2007-11-25 02:21 <REP> d-------- C:\WINDOWS\system32\NtmsData
2007-11-22 18:29 . 2007-11-22 18:29 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-11-20 18:02 . 2007-12-06 17:29 <REP> d-------- C:\Program Files\The Rise of Atlantis
2007-11-20 18:02 . 2007-11-20 18:02 <REP> d-------- C:\Program Files\BFG
2007-11-19 06:14 . 2007-11-19 06:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-11-19 06:14 . 2007-11-19 06:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Zylom
2007-11-19 06:11 . 2007-11-20 10:14 <REP> d-------- C:\Program Files\Zylom Games
2007-11-19 06:11 . 2007-11-19 06:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2007-11-18 12:52 . 2007-11-17 19:20 68,744 --a------ C:\WINDOWS\system32\Tiger2.jpg
2007-11-17 21:33 . 2007-11-17 19:20 139,137 --a------ C:\WINDOWS\system32\Tiger1.jpg
2007-11-17 21:33 . 2002-07-17 15:36 18,543 --a------ C:\WINDOWS\system32\AnLake.jar
2007-11-17 21:33 . 2002-07-17 15:36 18,521 --a------ C:\WINDOWS\system32\AnLake.class
2007-11-17 21:33 . 2002-07-17 14:14 13,567 --a------ C:\WINDOWS\system32\Lware.class
2007-11-17 21:33 . 1999-06-22 22:06 2,930 --a------ C:\WINDOWS\system32\ajbut1.gif
2007-11-17 21:33 . 2007-11-18 12:52 2,259 --a------ C:\WINDOWS\system32\anfysaver.html
2007-11-17 21:33 . 1998-11-29 23:48 648 --a------ C:\WINDOWS\system32\anfy.class
2007-11-17 21:27 . 1999-11-24 21:29 196,608 --a------ C:\WINDOWS\system32\anfysave.scr
2007-11-17 21:26 . 2007-11-18 12:49 <REP> d-------- C:\Program Files\AnfyTeam
2007-11-17 19:22 . 2007-11-17 19:22 <REP> d-------- C:\WINDOWS\system32\Themes
2007-11-14 05:57 . 2007-11-14 05:57 223,744 --a------ C:\WINDOWS\system32\b4fm.dll
2007-11-11 18:53 . 2007-12-04 00:11 372 --a------ C:\WINDOWS\pdf2word.INI
2007-11-11 18:49 . 2007-11-11 18:51 <REP> d-------- C:\Program Files\VeryPDF PDF2Word v3.0
2007-11-10 02:21 . 2007-11-10 02:22 <REP> d-------- C:\Program Files\WinHTTrack
2007-11-09 00:17 . 2007-11-09 00:17 38 --a------ C:\WINDOWS\avisplitter.INI
2007-11-08 23:00 . 2007-12-07 16:57 <REP> d-------- C:\Program Files\Shareaza
2007-11-08 23:00 . 2007-11-08 23:00 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Shareaza
2007-11-08 17:45 . 2007-11-08 17:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX
2007-11-08 03:55 . 2007-11-08 03:55 <REP> d-------- C:\Program Files\Lavasoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 16:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
2007-12-08 16:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-08 16:51 --------- d-----w C:\Program Files\eMule
2007-12-07 20:17 --------- d-----w C:\Program Files\SuperCopier2
2007-12-03 18:12 --------- d-----w C:\Program Files\Yahoo!
2007-12-02 09:18 --------- d-----w C:\Program Files\iColorFolder
2007-11-25 01:35 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-24 06:28 998,912 ----a-w C:\WINDOWS\system32\logonuiX.exe
2007-11-24 06:28 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2007-11-07 09:32 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-11-07 09:32 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-11-07 09:32 --------- d-----w C:\Program Files\Real
2007-11-07 09:32 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2007-11-07 09:32 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-11-07 08:40 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-07 07:16 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2007-11-06 21:04 --------- d-----w C:\Program Files\CDImage GUI
2007-11-06 21:01 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-11-06 12:43 --------- d-----w C:\Program Files\Cisco Systems
2007-11-06 12:42 --------- d-----w C:\Program Files\MathType
2007-11-06 12:08 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Design Science
2007-11-06 10:58 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2007-11-06 10:04 --------- d-----w C:\Program Files\Active Data Recovery Services
2007-11-06 08:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-06 08:25 --------- d-----w C:\Program Files\Ontrack
2007-11-06 08:01 --------- d-----w C:\Program Files\Microsoft Works
2007-11-06 08:00 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-06 07:34 --------- d-----w C:\Program Files\CDBurnerXP
2007-11-06 07:33 --------- d-----w C:\Program Files\Stardock
2007-11-06 07:32 --------- d-----w C:\Program Files\Object Desktop
2007-11-05 23:42 --------- d-----w C:\Program Files\Drive Rescue
2007-11-05 21:00 --------- d-----w C:\Program Files\Reference Assemblies
2007-11-05 21:00 --------- d-----w C:\Program Files\MSBuild
2007-11-04 09:09 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Winamp
2007-11-04 09:07 --------- d-----w C:\Program Files\eMule Acceleration Patch
2007-11-04 08:42 --------- d-----w C:\Program Files\Runtime Software
2007-11-04 06:51 --------- d-----w C:\Program Files\WinCustomize
2007-11-02 21:01 --------- d-----w C:\Program Files\Plus!
2007-11-02 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-02 19:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-02 18:30 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-02 18:10 --------- d-----w C:\Program Files\Google
2007-11-02 18:10 --------- d-----w C:\Program Files\DivX
2007-11-02 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-02 06:36 --------- d-----w C:\Program Files\Java
2007-11-02 06:10 --------- d-----w C:\Program Files\uTorrent
2007-11-02 06:06 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-11-02 05:46 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
2007-11-02 04:56 --------- d-----w C:\Program Files\DAP
2007-11-02 04:55 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2007-11-02 04:50 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-11-02 04:50 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-11-02 04:50 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-11-02 04:41 --------- d-----w C:\Program Files\Winamp
2007-11-02 04:06 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\vlc
2007-11-02 04:05 --------- d-----w C:\Program Files\VideoLAN
2007-11-01 21:52 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-11-01 21:52 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-11-01 21:16 --------- d-----w C:\Program Files\Sigmatel
2007-11-01 21:09 --------- d-----w C:\Program Files\Intel
2007-11-01 21:03 --------- d-----w C:\Program Files\CONEXANT
2007-11-01 20:58 --------- d-----w C:\Program Files\Services en ligne
2007-11-01 20:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-10-25 16:56 8,510,976 ------w C:\WINDOWS\system32\DllCache\shell32.dll
2007-09-28 17:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 17:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 17:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-09-28 16:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-09-28 16:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-09-28 16:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-11-06 19:51]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2007-11-02 06:40]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 00:37]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-12-02 04:30]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" []
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 15:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-07 10:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 18:20 C:\WINDOWS\stsystra.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-02 05:50]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-11-02 05:54]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 00:37]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-11-04 08:33:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoSetFolders"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Program Files\AnfyTeam\Applet\lake\preview.html
FriendlyName= Anfy LAKE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\FICHIE~1\Stardock\MCPStub.dll

R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys
R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7cdd5d1-88fd-11dc-b50c-00123f942cda}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Sys.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Eset\pr_imon.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 18:01:19
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-08 18:01:59
.
--- E O F ---
Contenus similaires
8 Décembre 2007 19:40:53

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:01, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O24 - Desktop Component 1: Anfy LAKE - C:\Program Files\AnfyTeam\Applet\lake\preview.html

--
End of file - 5525 bytes
8 Décembre 2007 19:42:37

là je crois que je vais desinstaller le nod 32 ,installer kaspersky ,et reinstaller ttes les applications endommagés
mais pour le bloc note comment faire ?
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS