Bonjour,
J'ai un problème assé embetant depuis aujourd'hui, je sais pas ce qui se passe, mais quand j'ouvre une application, elle ont souvent tendance a beugé au démarage et a se quitté toute seul et puis m'envoyé un rapport d'erreur, bon c'est un peu embetant, mais ca, ca va encore, par contre avec Firefox, dés que je vais recherché un truc sur google directe il me met un rapport d'erreur et se ferme, a tous les coups, il est impossible d'utilisé firefox
au début j'ai eu ca avec Firefox, donc j'ai supprimé, favoris, cookie, archive de page visité et tous ce qui s'en suis, j'ai désinstalé firefox, retiré tous ce qui avai dans application data, local setting... et remis tous les parametre a zero, mais rien :s toujours pareil...
j'ai fait une annalyse anti virus avec McAfee, Spybot et aussi Ad Aware, et j'ai meme configuré deux trois truc avec Tune UP...
et pourtant toujours rien... Firefox se quitte toujours et d'autre programme comme internet explorer a souvent tendance a se fermé aussi au premier démarage mais après ca va...
J'espère que vous saurez me conseillé quelque chose ou trouvez une solution parce que la, c'est assé embetant :s
Merci d'avance 
Ce sujet a été déplacé de la catégorie Logiciels vers la catégorie Sécurité - Virus par Lonithe1
Répondre à Loni
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
Et voila pour le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:35:33, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Zango\bin\10.3.36.0\OEAddOn.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\windowslogonb.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\windowslogonb.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.36.0\HostIE.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\Vista Hard Drive Status Bar\vsdrv.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.36.0\OEAddOn.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Windows Express] windowslogonb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BMd368bfd2] Rundll32.exe "C:\WINDOWS\system32\aklqjkna.dll",s
O4 - HKLM\..\RunServices: [Microsoft Windows Express] windowslogonb.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/d [...] csxp2k.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/h [...] _0_4_9.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
--
End of file - 10472 bytes
Bonjour,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Bonjour,
Je viens de faire le scan du logiciel, voila ce qu'il me met en rapport :
Malwarebytes' Anti-Malware 1.09
Version de la base de données: 569
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Eléments examinés: 236569
Temps écoulé: 9 hour(s), 50 minute(s), 4 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\vtsqo.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\pmnomkl.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30cff002-d3c5-448e-a6a4-fc6516baae4b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{30cff002-d3c5-448e-a6a4-fc6516baae4b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d318119e-cb62-4039-ae9b-cf9575bcaa7f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d318119e-cb62-4039-ae9b-cf9575bcaa7f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnomkl (Trojan.Vundo) -> Delete on reboot.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d318119e-cb62-4039-ae9b-cf9575bcaa7f} (Trojan.Vundo) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\rylbcqqb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bqqcblyr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtsqo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\oqstv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oqstv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnomkl.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{1A7F0528-DDDE-449D-9A20-781D1E277D2A}\RP244\A0066042.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
(PS : pour mieux décrire mon problème, dans le rapport d'erreur que j'ai la plus part du temp avec firefox, en trifouillant bien, j'ai remarqué que c'était du a "Appcompat.txt"
J'ai fait quelques recherches sur google, j'ai vu que plein de gens avait le même problèmes que moi, mais sur aucun forum, le problème a bien été résolu 
)
Message édité par J-Cee le 01-04-2008 à 12:49:10
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:32, on 1/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\windowslogonb.exe
C:\WINDOWS\system32\windowslogonb.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\Vista Hard Drive Status Bar\vsdrv.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Windows Express] windowslogonb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BMd368bfd2] Rundll32.exe "C:\WINDOWS\system32\wpyqwjxk.dll",s
O4 - HKLM\..\Run: [d05b8c4e] rundll32.exe "C:\WINDOWS\system32\nahnyica.dll",b
O4 - HKLM\..\RunServices: [Microsoft Windows Express] windowslogonb.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/d [...] csxp2k.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/h [...] _0_4_9.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
--
End of file - 9897 bytes
Message édité par J-Cee le 01-04-2008 à 17:12:38
Re,
Désactive tes protections résidentes (antivirus, Spybot...) !
- Télécharge Combofix (sUBs) sur ton Bureau.
- Double clique sur combofix.exe afin de le lancer.
- Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Répondre à Angeldark
Re,
Voila j'ai fait ce que tu m'a dit mais je ne vois pas d'amélioration :S
Fin voila pour le rapport :
ComboFix 08-03-30.5 - J-Cee 2008-04-01 20:37:11.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.812 [GMT 2:00]
Endroit: D:\Documents and Settings\J-Cee\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\BMd368bfd2.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aciynhan.ini
C:\WINDOWS\system32\aklqjkna.dll
C:\WINDOWS\system32\dgoxkasf.dll
C:\WINDOWS\system32\ewfikbjs.dll
C:\WINDOWS\system32\kjoibcrq.dll
C:\WINDOWS\system32\lwvdisfd.dll
C:\WINDOWS\system32\nahnyica.dll
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini2
C:\WINDOWS\system32\snpcrpkp.dll
C:\WINDOWS\system32\uypatuqc.dll
C:\WINDOWS\system32\vtsqo.dll
C:\WINDOWS\system32\wpyqwjxk.dll
C:\WINDOWS\system32\yeksyqcg.dll
C:\WINDOWS\system32\yuenuisf.dll
D:\Documents and Settings\J-Cee\Application Data\ShoppingReport
D:\Documents and Settings\J-Cee\Application Data\ShoppingReport\cs\Config.xml
D:\Documents and Settings\J-Cee\Application Data\ShoppingReport\cs\db\Aliases.dbs
D:\Documents and Settings\J-Cee\Application Data\ShoppingReport\cs\db\Sites.dbs
D:\Documents and Settings\J-Cee\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
D:\Documents and Settings\J-Cee\Application Data\ShoppingReport\cs\report\aggr_storage.xml
D:\Documents and Settings\J-Cee\Application Data\ShoppingReport\cs\report\send_storage.xml
D:\Documents and Settings\J-Cee\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
.
2008-04-01 17:24 . 2008-04-01 17:30 <REP> d-------- C:\Program Files\RegCleaner
2008-04-01 17:23 . 2008-04-01 17:32 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-04-01 02:20 . 2008-04-01 16:49 <REP> d-------- C:\Program Files\Opera
2008-03-31 19:18 . 2008-03-31 19:18 <REP> d-------- C:\Program Files\CleanUp!
2008-03-31 15:19 . 2008-04-01 12:16 1,584,366 ---hs---- C:\WINDOWS\system32\uqkfkpoa.ini
2008-03-31 05:37 . 2008-03-31 05:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-30 23:43 . 2008-03-30 23:43 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\TVU Networks
2008-03-30 23:43 . 2008-03-30 23:43 <REP> d-------- D:\Documents and Settings\All Users\Application Data\TVU Networks
2008-03-30 19:59 . 2008-03-30 19:59 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\Malwarebytes
2008-03-30 19:59 . 2008-03-30 19:59 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-30 19:59 . 2008-03-30 19:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-30 14:31 . 2008-03-30 14:31 <REP> d-------- C:\Program Files\Trend Micro
2008-03-29 22:47 . 2008-03-29 22:47 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave
2008-03-29 22:45 . 2008-03-29 22:47 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\Vga Drive Dupe
2008-03-29 22:45 . 2008-03-29 22:45 <REP> d-------- C:\Program Files\Vga Drive Dupe
2008-03-29 22:45 . 2008-03-29 22:45 <REP> d-------- C:\Program Files\Circle Developement
2008-03-29 18:50 . 2008-03-29 18:50 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-29 18:50 . 2008-02-27 14:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-29 02:51 . 2008-03-29 02:51 38,400 --------- C:\WINDOWS\system32\pmnomkl.dll
2008-03-27 03:37 . 2008-03-27 03:38 <REP> d-------- C:\Program Files\Acoustica Mixcraft 3
2008-03-26 16:59 . 2008-03-26 16:59 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\Shareaza
2008-03-26 16:59 . 2008-03-26 16:59 <REP> d-------- C:\Program Files\Shareaza
2008-03-26 14:08 . 2008-03-26 14:08 <REP> d-------- C:\Program Files\SpacialAudio
2008-03-26 14:01 . 2008-03-26 14:04 <REP> d-------- C:\wamp
2008-03-26 01:45 . 2008-03-26 01:45 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\Acoustica
2008-03-26 01:45 . 2008-03-30 20:04 <REP> d-------- C:\Program Files\Acoustica Shared Effects
2008-03-26 01:44 . 2008-03-26 01:45 <REP> d-------- C:\Program Files\Acoustica Mixcraft 4
2008-03-23 16:46 . 2008-03-23 16:46 <REP> d-------- C:\Program Files\Hercules
2008-03-23 16:46 . 2008-03-23 16:46 <REP> d-------- C:\Program Files\Guillemot
2008-03-23 16:46 . 2005-01-28 13:49 106,496 --a------ C:\WINDOWS\system32\GUStrLib.dll
2008-03-23 16:46 . 2005-08-15 12:43 39,424 --a------ C:\WINDOWS\system32\drivers\hdjmidi.sys
2008-03-23 16:46 . 2005-08-29 14:31 37,376 --a------ C:\WINDOWS\system32\HDJSAPI.dll
2008-03-23 16:46 . 2005-08-15 10:21 17,408 --a------ C:\WINDOWS\system32\HDJCProp.DLL
2008-03-23 16:46 . 2005-07-29 16:06 11,008 --a------ C:\WINDOWS\system32\drivers\HDJCTRL.sys
2008-03-23 00:38 . 2008-03-23 00:38 <REP> d-------- C:\Program Files\MP3 Player Utilities 3.79
2008-03-23 00:07 . 2008-03-23 00:08 <REP> d-------- C:\Program Files\Microsoft Virtual PC
2008-03-18 21:45 . 2008-03-18 21:46 <REP> d-------- C:\Program Files\Safari
2008-03-14 14:32 . 2008-03-31 13:27 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\WeatherDPA
2008-03-09 05:22 . 2008-03-09 05:22 <REP> d-------- C:\Program Files\eMule 0.48a MorphXT
2008-03-08 16:19 . 2008-03-31 21:21 <REP> d-------- C:\Program Files\eMule
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 19:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-31 17:22 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-03-31 17:22 --------- d-----w D:\Documents and Settings\J-Cee\Application Data\LimeWire
2008-03-31 17:22 --------- d-----w D:\Documents and Settings\J-Cee\Application Data\Desktop Sidebar
2008-03-31 17:22 --------- d-----w D:\Documents and Settings\J-Cee\Application Data\Azureus
2008-03-31 17:21 --------- d-----w C:\Program Files\MSN Messenger
2008-03-31 17:21 --------- d-----w C:\Program Files\FILERECOVERY PRO DEMO
2008-03-30 17:58 --------- d-----w C:\Program Files\Common Files
2008-03-30 10:41 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-29 20:45 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-29 16:51 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-28 21:37 --------- d-----w C:\Program Files\LimeWire
2008-03-27 01:38 --------- d-----w C:\Program Files\VST
2008-03-25 14:20 --------- d-----w D:\Documents and Settings\J-Cee\Application Data\Canon
2008-03-23 14:50 --------- d-----w C:\Program Files\VirtualDJ
2008-03-23 14:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 22:30 --------- d-----w C:\Program Files\DivX
2008-03-22 22:07 --------- d-----w C:\Program Files\VirtualDubMOD
2008-03-22 17:28 --------- d-----w C:\Program Files\StuffPlug3
2008-03-20 16:56 --------- d-----w D:\Documents and Settings\J-Cee\Application Data\utorrent
2008-03-20 16:56 --------- d-----w D:\Documents and Settings\J-Cee\Application Data\MegauploadToolbar
2008-03-13 20:52 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-07 17:23 --------- d-----w C:\Program Files\Azureus
2008-03-01 02:49 --------- d-----w C:\Program Files\Windows Live
2008-02-28 14:52 --------- d-----w D:\Documents and Settings\J-Cee\Application Data\TypingMaster7
2008-02-28 14:52 --------- d-----r C:\Program Files\TypingMaster
2008-02-28 14:49 --------- d-----w C:\Program Files\DactyloMagic
2008-02-28 14:01 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-26 20:40 --------- d-----w C:\Program Files\iTunes
2008-02-26 20:40 --------- d-----w C:\Program Files\iPod
2008-02-26 20:38 --------- d-----w C:\Program Files\QuickTime
2008-02-24 22:40 397,926 ----a-w C:\WINDOWS\Help\SETUP.EXE
2008-02-24 22:40 123,392 ----a-w C:\WINDOWS\Help\KEYGEN.EXE
2008-02-22 15:52 --------- d-----w C:\Program Files\MessengerDiscovery
2008-02-16 00:09 --------- d-----w C:\Program Files\DomPlayer
2008-02-13 04:14 720,832,628 ----a-w C:\Program Files\La Haine ALEXANDRA.avi
2008-02-13 01:10 --------- d-----w C:\Program Files\Bonjour
2008-02-13 00:59 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-04 16:46 --------- d-----w C:\Program Files\EA GAMES
2008-02-04 16:11 --------- d-----w C:\Program Files\Sims2Pack Clean Installer
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-31 23:07 87,608 ----a-w D:\Documents and Settings\J-Cee\Application Data\inst.exe
2008-01-31 23:07 47,360 ----a-w D:\Documents and Settings\J-Cee\Application Data\pcouffin.sys
2008-01-19 20:38 813 ----a-w D:\Documents and Settings\J-Cee\Application Data\waver_2.95.dat
2006-07-02 09:15 11,052 ----a-w C:\WINDOWS\Cursors\curseur.reg
2004-09-28 03:00 26,240 -c--a-w C:\WINDOWS\inf\RAMDSK.SYS
2004-08-04 16:30 2,342,272 ----a-w D:\Documents and Settings\J-Cee\VistaBoot.exe
2007-06-13 14:22 729,088 --sh--r C:\WINDOWS\system32\windowslogonb.exe
2006-07-29 18:18 112 -csha-w C:\WINDOWS\Vista Hard Drive Status Bar\unistl.cmd
.
------- Sigcheck -------
2005-03-02 20:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-19 16:20 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:02 2069120 a1d477bf290da7a09ad89c04c21b4292 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2069120 a1d477bf290da7a09ad89c04c21b4292 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe
2005-03-02 20:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-19 16:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:02 2191872 c1d02eb35659729a2961d6638c1cfd1c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2191872 c1d02eb35659729a2961d6638c1cfd1c C:\WINDOWS\system32\VITrans\ntoskrnl.exe
2007-06-13 16:22 979456 394be08d7487d31500aad65e15f91a6f C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 16:22 979456 394be08d7487d31500aad65e15f91a6f C:\WINDOWS\system32\VITrans\explorer.exe
2007-06-13 16:22 979456 394be08d7487d31500aad65e15f91a6f C:\WINDOWS\VistaFx\explorer.exe
2007-06-13 16:22 979456 394be08d7487d31500aad65e15f91a6f C:\WINDOWS\vistafx_backup\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D318119E-CB62-4039-AE9B-CF9575BCAA7F}]
2008-03-29 02:51 38400 --------- C:\WINDOWS\system32\pmnomkl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= "C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL" [2007-11-14 10:25 266240]
[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2007-11-14 10:25 266240]
[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-03-03 10:41 197888]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows Express"="windowslogonb.exe" [2007-06-13 16:22 729088 C:\WINDOWS\system32\windowslogonb.exe]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 02:27 65536]
"Vistadrv"="C:\WINDOWS\Vista Hard Drive Status Bar\vsdrv.exe" [2006-07-30 04:37 121089]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-17 02:36 180269]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 18:29 7700480]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Windows Express"="windowslogonb.exe" [2007-06-13 16:22 729088 C:\WINDOWS\system32\windowslogonb.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 01000000
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D318119E-CB62-4039-AE9B-CF9575BCAA7F}"= C:\WINDOWS\system32\pmnomkl.dll [2008-03-29 02:51 38400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnomkl]
pmnomkl.dll 2008-03-29 02:51 38400 C:\WINDOWS\system32\pmnomkl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-20 23:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VistawelcomeCenter.exe]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\VistawelcomeCenter.exe
backup=C:\WINDOWS\pss\VistawelcomeCenter.exeCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur de calendrier Ulead.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur de calendrier Ulead.lnk
backup=C:\WINDOWS\pss\Contrôleur de calendrier Ulead.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Styler.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Styler.lnk
backup=C:\WINDOWS\pss\Styler.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^J-Cee^Menu Démarrer^Démarrage^Styler.lnk]
path=D:\Documents and Settings\J-Cee\Menu Démarrer\Démarrage\Styler.lnk
backup=C:\WINDOWS\pss\Styler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]
--a------ 2007-11-14 09:54 6283264 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 20:03 152872 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 16:09 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 16:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 12:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-11-08 02:56 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 17:44 61440 C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
--a------ 2002-09-03 19:38 987187 C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2006-07-25 04:55 131072 C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
--a------ 2003-10-07 10:48 147514 C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-11-17 18:29 7700480 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-11-17 18:29 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-11-17 18:29 1622016 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a------ 2007-10-05 13:33 5207368 C:\Program Files\Pando Networks\Pando\pando.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PnPUI Registrator]
--a------ 2004-11-23 00:04 163840 C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
--a------ 2007-11-20 10:12 4306208 C:\Program Files\RayV\RayV\RayV.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
--a------ 2004-09-22 09:00 94208 C:\Program Files\Network Associates\VirusScan\SHSTAT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-11-17 06:42 577536 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-05-24 20:31 1372160 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-17 02:36 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
--a------ 2001-03-19 01:41 110640 C:\WINDOWS\system32\TWEAKUI.CPL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
C:\Program Files\Zango\bin\10.1.181.0\Weather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Dart Body"=D:\DOA1D1~1\J-Cee\APPLIC~1\VGADRI~1\BEND MP3 FILM.exe
"WeatherDPA"="C:\Program Files\Zango\bin\10.3.36.0\Weather.exe" -auto
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"BMd368bfd2"=Rundll32.exe "C:\WINDOWS\system32\aklqjkna.dll",s
"Bat Wave Base Dale"=D:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\admin option.exe
"KBD"=C:\HP\KBD\KBD.EXE
"Microsoft Windows Express"=windowslogonb.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"ZangoSA"="C:\Program Files\Zango\bin\10.3.36.0\ZangoSA.exe"
"d05b8c4e"=rundll32.exe "C:\WINDOWS\system32\uyiakgyw.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Microsoft Windows Express"=windowslogonb.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\RayV\\RayV\\RayV.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\eMule 0.48a MorphXT\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"C:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2004-03-11 07:32]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2007-10-18 10:55]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2007-10-18 10:55]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
S3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2005-07-29 16:06]
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2005-08-15 12:43]
S3 JL2005;JL2005A Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [2004-09-20 20:09]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-03-19 18:31]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-29 18:50]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a9dce48-ab20-11dc-b860-0011d8a4b2d8}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-01 18:43:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-01 18:44:53 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 20:45:18
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\pmnomkl.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
-> C:\Program Files\LClock\LC.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-01 20:50:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-01 18:49:39
Pre-Run: 92,906,991,616 octets libres
Post-Run: 92,785,065,984 octets libres
.
2008-03-31 13:28:33 --- E O F ---
Re,
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
Voila, j'ai fait tous comme t'a dit, seulement j'ai pas sur tappé 1 il m'a pas demandé de choisir quelque chose, et puis meme quand j'le tappais, rien ne s'écrivais....
ComboFix 08-03-30.5 - J-Cee 2008-04-01 22:40:56.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.634 [GMT 2:00]
Endroit: D:\Documents and Settings\J-Cee\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\J-Cee\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
FILE ::
C:\WINDOWS\system32\pmnomkl.dll
C:\WINDOWS\system32\uqkfkpoa.ini
C:\WINDOWS\system32\windowslogonb.exe
.
TimedOut: progfile.dat
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\PandoBar
C:\Program Files\PandoBar\bar\1.bin\NPPANDBR.DLL
C:\Program Files\PandoBar\bar\1.bin\P4FFXTBR.JAR
C:\Program Files\PandoBar\bar\1.bin\P4FFXTBR.MANIFEST
C:\Program Files\PandoBar\bar\1.bin\P4HIGHIN.EXE
C:\Program Files\PandoBar\bar\1.bin\P4NTSTBR.JAR
C:\Program Files\PandoBar\bar\1.bin\P4NTSTBR.MANIFEST
C:\Program Files\PandoBar\bar\1.bin\P4PLUGIN.DLL
C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
C:\Program Files\PandoBar\bar\Cache\00028488.bin
C:\Program Files\PandoBar\bar\Cache\00028B5E.bin
C:\Program Files\PandoBar\bar\Cache\00028F84.bin
C:\Program Files\PandoBar\bar\Cache\000292B1.bin
C:\Program Files\PandoBar\bar\Cache\000293E9.bin
C:\Program Files\PandoBar\bar\Cache\00029522.bin
C:\Program Files\PandoBar\bar\Cache\000296D7.bin
C:\Program Files\PandoBar\bar\Cache\00229267
C:\Program Files\PandoBar\bar\Cache\005EE3CF
C:\Program Files\PandoBar\bar\Cache\00A73A2E
C:\Program Files\PandoBar\bar\Cache\01A45E13
C:\Program Files\PandoBar\bar\Cache\files.ini
C:\Program Files\PandoBar\bar\History\search2
C:\Program Files\PandoBar\bar\Settings\prevcfg2.htm
C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\gxmsrqkr.ini
C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\nqtss.ini2
C:\WINDOWS\system32\odbijsnp.dll
C:\WINDOWS\system32\pmnomkl.dll
C:\WINDOWS\system32\rkqrsmxg.dll
C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\uqkfkpoa.ini
C:\WINDOWS\system32\windowslogonb.exe
C:\WINDOWS\system32\xixvcrad.dll
D:\Documents and Settings\J-Cee\Application Data\inst.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
.
2008-04-01 17:24 . 2008-04-01 21:22 <REP> d-------- C:\Program Files\RegCleaner
2008-04-01 17:23 . 2008-04-01 22:49 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-04-01 02:20 . 2008-04-01 21:22 <REP> d-------- C:\Program Files\Opera
2008-03-31 19:18 . 2008-04-01 21:22 <REP> d-------- C:\Program Files\CleanUp!
2008-03-31 05:37 . 2008-03-31 05:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-30 23:43 . 2008-03-30 23:43 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\TVU Networks
2008-03-30 23:43 . 2008-03-30 23:43 <REP> d-------- D:\Documents and Settings\All Users\Application Data\TVU Networks
2008-03-30 19:59 . 2008-03-30 19:59 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\Malwarebytes
2008-03-30 19:59 . 2008-03-30 19:59 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-30 19:59 . 2008-04-01 21:23 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-30 14:31 . 2008-03-30 14:31 <REP> d-------- C:\Program Files\Trend Micro
2008-03-29 22:47 . 2008-03-29 22:47 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave
2008-03-29 22:45 . 2008-03-29 22:47 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\Vga Drive Dupe
2008-03-29 22:45 . 2008-03-29 22:45 <REP> d-------- C:\Program Files\Vga Drive Dupe
2008-03-29 22:45 . 2008-03-29 22:45 <REP> d-------- C:\Program Files\Circle Developement
2008-03-29 18:50 . 2008-03-29 18:50 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-29 18:50 . 2008-02-27 14:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-27 03:37 . 2008-03-27 03:38 <REP> d-------- C:\Program Files\Acoustica Mixcraft 3
2008-03-26 16:59 . 2008-03-26 16:59 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\Shareaza
2008-03-26 16:59 . 2008-03-26 16:59 <REP> d-------- C:\Program Files\Shareaza
2008-03-26 14:08 . 2008-03-26 14:08 <REP> d-------- C:\Program Files\SpacialAudio
2008-03-26 14:01 . 2008-03-26 14:04 <REP> d-------- C:\wamp
2008-03-26 01:45 . 2008-03-26 01:45 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\Acoustica
2008-03-26 01:45 . 2008-04-01 21:23 <REP> d-------- C:\Program Files\Acoustica Shared Effects
2008-03-26 01:44 . 2008-03-26 01:45 <REP> d-------- C:\Program Files\Acoustica Mixcraft 4
2008-03-23 16:46 . 2008-03-23 16:46 <REP> d-------- C:\Program Files\Hercules
2008-03-23 16:46 . 2008-03-23 16:46 <REP> d-------- C:\Program Files\Guillemot
2008-03-23 16:46 . 2005-01-28 13:49 106,496 --a------ C:\WINDOWS\system32\GUStrLib.dll
2008-03-23 16:46 . 2005-08-15 12:43 39,424 --a------ C:\WINDOWS\system32\drivers\hdjmidi.sys
2008-03-23 16:46 . 2005-08-29 14:31 37,376 --a------ C:\WINDOWS\system32\HDJSAPI.dll
2008-03-23 16:46 . 2005-08-15 10:21 17,408 --a------ C:\WINDOWS\system32\HDJCProp.DLL
2008-03-23 16:46 . 2005-07-29 16:06 11,008 --a------ C:\WINDOWS\system32\drivers\HDJCTRL.sys
2008-03-23 00:38 . 2008-03-23 00:38 <REP> d-------- C:\Program Files\MP3 Player Utilities 3.79
2008-03-23 00:07 . 2008-03-23 00:08 <REP> d-------- C:\Program Files\Microsoft Virtual PC
2008-03-18 21:45 . 2008-03-18 21:46 <REP> d-------- C:\Program Files\Safari
2008-03-14 14:32 . 2008-03-31 13:27 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\WeatherDPA
2008-03-09 05:22 . 2008-03-09 05:22 <REP> d-------- C:\Program Files\eMule 0.48a MorphXT
2008-03-08 16:19 . 2008-03-31 21:21 <REP> d-------- C:\Program Files\eMule
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 04:14 720,832,628 ----a-w C:\Program Files\La Haine ALEXANDRA.avi
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-31 23:07 47,360 ----a-w D:\Documents and Settings\J-Cee\Application Data\pcouffin.sys
2008-01-19 20:38 813 ----a-w D:\Documents and Settings\J-Cee\Application Data\waver_2.95.dat
2004-08-04 16:30 2,342,272 ----a-w D:\Documents and Settings\J-Cee\VistaBoot.exe
.
------- Sigcheck -------
2005-03-02 20:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-19 16:20 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:02 2069120 a1d477bf290da7a09ad89c04c21b4292 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2069120 a1d477bf290da7a09ad89c04c21b4292 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe
2005-03-02 20:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-19 16:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:02 2191872 c1d02eb35659729a2961d6638c1cfd1c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2191872 c1d02eb35659729a2961d6638c1cfd1c C:\WINDOWS\system32\VITrans\ntoskrnl.exe
2007-06-13 16:22 979456 394be08d7487d31500aad65e15f91a6f C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 16:22 979456 394be08d7487d31500aad65e15f91a6f C:\WINDOWS\system32\VITrans\explorer.exe
2007-06-13 16:22 979456 394be08d7487d31500aad65e15f91a6f C:\WINDOWS\VistaFx\explorer.exe
2007-06-13 16:22 979456 394be08d7487d31500aad65e15f91a6f C:\WINDOWS\vistafx_backup\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-01_20.49.04.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-29 15:27:04 530,568 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-04-01 19:23:29 2,181,660 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-04-01 20:52:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_118.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-03-03 10:41 197888]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows Express"="windowslogonb.exe" []
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 02:27 65536]
"Vistadrv"="C:\WINDOWS\Vista Hard Drive Status Bar\vsdrv.exe" [2006-07-30 04:37 121089]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-17 02:36 180269]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 18:29 7700480]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 01000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-20 23:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VistawelcomeCenter.exe]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\VistawelcomeCenter.exe
backup=C:\WINDOWS\pss\VistawelcomeCenter.exeCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur de calendrier Ulead.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur de calendrier Ulead.lnk
backup=C:\WINDOWS\pss\Contrôleur de calendrier Ulead.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Styler.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Styler.lnk
backup=C:\WINDOWS\pss\Styler.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^J-Cee^Menu Démarrer^Démarrage^Styler.lnk]
path=D:\Documents and Settings\J-Cee\Menu Démarrer\Démarrage\Styler.lnk
backup=C:\WINDOWS\pss\Styler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]
--a------ 2007-11-14 09:54 6283264 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 20:03 152872 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 16:09 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 16:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 12:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-11-08 02:56 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 17:44 61440 C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
--a------ 2002-09-03 19:38 987187 C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2006-07-25 04:55 131072 C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
--a------ 2003-10-07 10:48 147514 C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-11-17 18:29 7700480 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-11-17 18:29 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-11-17 18:29 1622016 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a------ 2007-10-05 13:33 5207368 C:\Program Files\Pando Networks\Pando\pando.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PnPUI Registrator]
--a------ 2004-11-23 00:04 163840 C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
--a------ 2007-11-20 10:12 4306208 C:\Program Files\RayV\RayV\RayV.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
--a------ 2004-09-22 09:00 94208 C:\Program Files\Network Associates\VirusScan\SHSTAT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-11-17 06:42 577536 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-05-24 20:31 1372160 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-17 02:36 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
--a------ 2001-03-19 01:41 110640 C:\WINDOWS\system32\TWEAKUI.CPL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
C:\Program Files\Zango\bin\10.1.181.0\Weather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Dart Body"=D:\DOA1D1~1\J-Cee\APPLIC~1\VGADRI~1\BEND MP3 FILM.exe
"WeatherDPA"="C:\Program Files\Zango\bin\10.3.36.0\Weather.exe" -auto
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Microsoft Windows Express"=windowslogonb.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\RayV\\RayV\\RayV.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\eMule 0.48a MorphXT\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"C:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2004-03-11 07:32]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2007-10-18 10:55]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2007-10-18 10:55]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
S3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2005-07-29 16:06]
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2005-08-15 12:43]
S3 JL2005;JL2005A Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [2004-09-20 20:09]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-03-19 18:31]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-29 18:50]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a9dce48-ab20-11dc-b860-0011d8a4b2d8}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-01 18:43:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-01 20:52:34 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 22:52:44
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
-> C:\Program Files\LClock\LC.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-01 22:55:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-01 20:55:50
ComboFix2.txt 2008-04-01 18:50:38
Pre-Run: 92,923,621,376 octets libres
Post-Run: 92,943,089,664 octets libres
.
2008-03-31 13:28:33 --- E O F ---
Et le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:32, on 1/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [Microsoft Windows Express] windowslogonb.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\Vista Hard Drive Status Bar\vsdrv.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/d [...] csxp2k.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/h [...] _0_4_9.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
--
End of file - 10009 bytes
Re,
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Registry::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
Salut,
Je viens de me rendre compte d'une chose...
Depuis que hier j'ai fait ce que tu m'a demandé, tous a l'air de fonctionné... l'ordi beug plus, firefox va très biens, y avait quelque chose qui a aidé dans ce que tu m'a envoyé hier ?
et maintenant que tous reva, je dois quand meme faire ce que tu viens de posté ?
Oui 
Répondre à Angeldark
Voila pour le raport :
ComboFix 08-03-30.5 - J-Cee 2008-04-02 16:44:13.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.689 [GMT 2:00]
Endroit: D:\Documents and Settings\J-Cee\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\J-Cee\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.
2008-04-02 00:39 . 2008-04-02 00:39 <REP> d-------- C:\Program Files\Xtremsplit
2008-04-01 17:24 . 2008-04-01 21:22 <REP> d-------- C:\Program Files\RegCleaner
2008-04-01 17:23 . 2008-04-01 22:49 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-04-01 02:20 . 2008-04-01 21:22 <REP> d-------- C:\Program Files\Opera
2008-03-31 19:18 . 2008-04-01 21:22 <REP> d-------- C:\Program Files\CleanUp!
2008-03-31 05:37 . 2008-03-31 05:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-30 23:43 . 2008-03-30 23:43 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\TVU Networks
2008-03-30 23:43 . 2008-03-30 23:43 <REP> d-------- D:\Documents and Settings\All Users\Application Data\TVU Networks
2008-03-30 19:59 . 2008-03-30 19:59 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\Malwarebytes
2008-03-30 19:59 . 2008-03-30 19:59 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-30 19:59 . 2008-04-01 21:23 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-30 14:31 . 2008-03-30 14:31 <REP> d-------- C:\Program Files\Trend Micro
2008-03-29 22:47 . 2008-03-29 22:47 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave
2008-03-29 22:45 . 2008-03-29 22:47 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\Vga Drive Dupe
2008-03-29 22:45 . 2008-03-29 22:45 <REP> d-------- C:\Program Files\Vga Drive Dupe
2008-03-29 22:45 . 2008-03-29 22:45 <REP> d-------- C:\Program Files\Circle Developement
2008-03-29 18:50 . 2008-03-29 18:50 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-29 18:50 . 2008-02-27 14:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-27 03:37 . 2008-03-27 03:38 <REP> d-------- C:\Program Files\Acoustica Mixcraft 3
2008-03-26 16:59 . 2008-03-26 16:59 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\Shareaza
2008-03-26 16:59 . 2008-03-26 16:59 <REP> d-------- C:\Program Files\Shareaza
2008-03-26 14:08 . 2008-03-26 14:08 <REP> d-------- C:\Program Files\SpacialAudio
2008-03-26 14:01 . 2008-03-26 14:04 <REP> d-------- C:\wamp
2008-03-26 01:45 . 2008-03-26 01:45 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\Acoustica
2008-03-26 01:45 . 2008-04-01 21:23 <REP> d-------- C:\Program Files\Acoustica Shared Effects
2008-03-26 01:44 . 2008-03-26 01:45 <REP> d-------- C:\Program Files\Acoustica Mixcraft 4
2008-03-23 16:46 . 2008-03-23 16:46 <REP> d-------- C:\Program Files\Hercules
2008-03-23 16:46 . 2008-03-23 16:46 <REP> d-------- C:\Program Files\Guillemot
2008-03-23 16:46 . 2005-01-28 13:49 106,496 --a------ C:\WINDOWS\system32\GUStrLib.dll
2008-03-23 16:46 . 2005-08-15 12:43 39,424 --a------ C:\WINDOWS\system32\drivers\hdjmidi.sys
2008-03-23 16:46 . 2005-08-29 14:31 37,376 --a------ C:\WINDOWS\system32\HDJSAPI.dll
2008-03-23 16:46 . 2005-08-15 10:21 17,408 --a------ C:\WINDOWS\system32\HDJCProp.DLL
2008-03-23 16:46 . 2005-07-29 16:06 11,008 --a------ C:\WINDOWS\system32\drivers\HDJCTRL.sys
2008-03-23 00:38 . 2008-03-23 00:38 <REP> d-------- C:\Program Files\MP3 Player Utilities 3.79
2008-03-23 00:07 . 2008-03-23 00:08 <REP> d-------- C:\Program Files\Microsoft Virtual PC
2008-03-18 21:45 . 2008-03-18 21:46 <REP> d-------- C:\Program Files\Safari
2008-03-14 14:32 . 2008-03-31 13:27 <REP> d-------- D:\Documents and Settings\J-Cee\Application Data\WeatherDPA
2008-03-09 05:22 . 2008-03-09 05:22 <REP> d-------- C:\Program Files\eMule 0.48a MorphXT
2008-03-08 16:19 . 2008-04-02 15:31 <REP> d-------- C:\Program Files\eMule
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 14:45 --------- d-----w D:\Documents and Settings\J-Cee\Application Data\Azureus
2008-04-02 10:40 --------- d-----w C:\Program Files\MessengerDiscovery
2008-04-01 19:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-31 17:22 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-03-31 17:22 --------- d-----w D:\Documents and Settings\J-Cee\Application Data\LimeWire
2008-03-31 17:22 --------- d-----w D:\Documents and Settings\J-Cee\Application Data\Desktop Sidebar
2008-03-31 17:21 --------- d-----w C:\Program Files\MSN Messenger
2008-03-31 17:21 --------- d-----w C:\Program Files\FILERECOVERY PRO DEMO
2008-03-30 17:58 --------- d-----w C:\Program Files\Common Files
2008-03-30 10:41 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-29 20:45 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-29 16:51 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-28 21:37 --------- d-----w C:\Program Files\LimeWire
2008-03-27 01:38 --------- d-----w C:\Program Files\VST
2008-03-25 14:20 --------- d-----w D:\Documents and Settings\J-Cee\Application Data\Canon
2008-03-23 14:50 --------- d-----w C:\Program Files\VirtualDJ
2008-03-23 14:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 22:30 --------- d-----w C:\Program Files\DivX
2008-03-22 22:07 --------- d-----w C:\Program Files\VirtualDubMOD
2008-03-22 17:28 --------- d-----w C:\Program Files\StuffPlug3
2008-03-20 16:56 --------- d-----w D:\Documents and Settings\J-Cee\Application Data\utorrent
2008-03-20 16:56 --------- d-----w D:\Documents and Settings\J-Cee\Application Data\MegauploadToolbar
2008-03-13 20:52 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-07 17:23 --------- d-----w C:\Program Files\Azureus
2008-03-01 02:49 --------- d-----w C:\Program Files\Windows Live
2008-02-28 15:23 3,674 ----a-w C:\WINDOWS\system32\Sys2679b.DLL
2008-02-28 14:52 --------- d-----w D:\Documents and Settings\J-Cee\Application Data\TypingMaster7
2008-02-28 14:52 --------- d-----r C:\Program Files\TypingMaster
2008-02-28 14:49 --------- d-----w C:\Program Files\DactyloMagic
2008-02-28 14:01 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-26 20:40 --------- d-----w C:\Program Files\iTunes
2008-02-26 20:40 --------- d-----w C:\Program Files\iPod
2008-02-26 20:38 --------- d-----w C:\Program Files\QuickTime
2008-02-24 22:40 123,392 ----a-w C:\WINDOWS\Help\KEYGEN.EXE
2008-02-16 00:09 --------- d-----w C:\Program Files\DomPlayer
2008-02-13 01:10 --------- d-----w C:\Program Files\Bonjour
2008-02-13 00:59 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-04 16:46 --------- d-----w C:\Program Files\EA GAMES
2008-02-04 16:11 --------- d-----w C:\Program Files\Sims2Pack Clean Installer
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-31 23:07 47,360 ----a-w D:\Documents and Settings\J-Cee\Application Data\pcouffin.sys
2008-01-30 14:10 274,432 ----a-w C:\WINDOWS\system32\libcurl.dll
2008-01-27 01:44 4,484,096 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-01-19 20:38 813 ----a-w D:\Documents and Settings\J-Cee\Application Data\waver_2.95.dat
2006-07-02 09:15 11,052 ----a-w C:\WINDOWS\Cursors\curseur.reg
2004-09-28 03:00 26,240 -c--a-w C:\WINDOWS\inf\RAMDSK.SYS
2004-08-04 16:30 2,342,272 ----a-w D:\Documents and Settings\J-Cee\VistaBoot.exe
2006-07-29 18:18 112 -csha-w C:\WINDOWS\Vista Hard Drive Status Bar\unistl.cmd
.
------- Sigcheck -------
2005-03-02 20:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-19 16:20 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:02 2069120 a1d477bf290da7a09ad89c04c21b4292 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2069120 a1d477bf290da7a09ad89c04c21b4292 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe
2005-03-02 20:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-19 16:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:02 2191872 c1d02eb35659729a2961d6638c1cfd1c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2191872 c1d02eb35659729a2961d6638c1cfd1c C:\WINDOWS\system32\VITrans\ntoskrnl.exe
2007-06-13 16:22 979456 394be08d7487d31500aad65e15f91a6f C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 16:22 979456 394be08d7487d31500aad65e15f91a6f C:\WINDOWS\system32\VITrans\explorer.exe
2007-06-13 16:22 979456 394be08d7487d31500aad65e15f91a6f C:\WINDOWS\VistaFx\explorer.exe
2007-06-13 16:22 979456 394be08d7487d31500aad65e15f91a6f C:\WINDOWS\vistafx_backup\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-01_20.49.04.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-29 15:27:04 530,568 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-04-01 19:23:29 2,181,660 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-04-01 20:52:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_118.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-03-03 10:41 197888]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows Express"="windowslogonb.exe" []
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 02:27 65536]
"Vistadrv"="C:\WINDOWS\Vista Hard Drive Status Bar\vsdrv.exe" [2006-07-30 04:37 121089]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-17 02:36 180269]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 18:29 7700480]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 01000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-20 23:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VistawelcomeCenter.exe]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\VistawelcomeCenter.exe
backup=C:\WINDOWS\pss\VistawelcomeCenter.exeCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur de calendrier Ulead.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur de calendrier Ulead.lnk
backup=C:\WINDOWS\pss\Contrôleur de calendrier Ulead.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Styler.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Styler.lnk
backup=C:\WINDOWS\pss\Styler.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^J-Cee^Menu Démarrer^Démarrage^Styler.lnk]
path=D:\Documents and Settings\J-Cee\Menu Démarrer\Démarrage\Styler.lnk
backup=C:\WINDOWS\pss\Styler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]
--a------ 2007-11-14 09:54 6283264 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 20:03 152872 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 16:09 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 16:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 12:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-11-08 02:56 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 17:44 61440 C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
--a------ 2002-09-03 19:38 987187 C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2006-07-25 04:55 131072 C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
--a------ 2003-10-07 10:48 147514 C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-11-17 18:29 7700480 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-11-17 18:29 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-11-17 18:29 1622016 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a------ 2007-10-05 13:33 5207368 C:\Program Files\Pando Networks\Pando\pando.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PnPUI Registrator]
--a------ 2004-11-23 00:04 163840 C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
--a------ 2007-11-20 10:12 4306208 C:\Program Files\RayV\RayV\RayV.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
--a------ 2004-09-22 09:00 94208 C:\Program Files\Network Associates\VirusScan\SHSTAT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-11-17 06:42 577536 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-05-24 20:31 1372160 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-17 02:36 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
--a------ 2001-03-19 01:41 110640 C:\WINDOWS\system32\TWEAKUI.CPL
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Dart Body"=D:\DOA1D1~1\J-Cee\APPLIC~1\VGADRI~1\BEND MP3 FILM.exe
"WeatherDPA"="C:\Program Files\Zango\bin\10.3.36.0\Weather.exe" -auto
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\RayV\\RayV\\RayV.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\eMule 0.48a MorphXT\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"C:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2004-03-11 07:32]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2007-10-18 10:55]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2007-10-18 10:55]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
S3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2005-07-29 16:06]
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2005-08-15 12:43]
S3 JL2005;JL2005A Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [2004-09-20 20:09]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-03-19 18:31]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-29 18:50]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a9dce48-ab20-11dc-b860-0011d8a4b2d8}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-01 18:43:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-02 14:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 16:46:29
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
-> C:\Program Files\LClock\LC.dll
.
Temps d'accomplissement: 2008-04-02 16:47:21
ComboFix-quarantined-files.txt 2008-04-02 14:47:12
ComboFix2.txt 2008-04-01 20:55:53
ComboFix3.txt 2008-04-01 18:50:38
Pre-Run: 92,408,688,640 octets libres
Post-Run: 92,398,227,456 octets libres
.
2008-03-31 13:28:33 --- E O F ---
Et puis pour
Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51:23, on 2/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Styler\Styler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\divxsm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [Microsoft Windows Express] windowslogonb.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\Vista Hard Drive Status Bar\vsdrv.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/d [...] csxp2k.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/h [...] _0_4_9.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
--
End of file - 10163 bytes
En faite c'est du a quoi que j'ai eu ce problème ?
Et est ce que avec les deux rapport la, tous parait OK ?
Message édité par J-Cee le 02-04-2008 à 16:52:48
Encore des soucis ?
Répondre à Angeldark
Non plus aucun depuis hier.
c'était a cause de quoi que j'ai eu tous ca en faite ?
Crack, P2P ?
Répondre à Angeldark
Non, je me souviens pas avoir téléchargé de crack...
maintenant juste une derniere question ^^, McAfee c'est un bonne anti virus ou il faut que j'en prenne un meilleur peut etre... ?
Antivirus payant ou gratuit ?
Répondre à Angeldark
McAfee c'est un anti virus payant oui
Nan mais tu veux un antivirus payant ou gratuit ?
Répondre à Angeldark
eeeeuh... ben tant qu'il est bon ca va...mais je sais bien que les meilleurs se trouvent toujours dans les payants...donc voila :s
http://tinyurl.com/3b2psm
Tout est indiqué
Répondre à Angeldark
ah ouais je viens d'y jeté un petit coup d'oeil
Merci pour tout !
Il y a 1794 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
