Sujet Précédent Sujet Suivant

Barre de tâche gris + freeze+ bug

Fermé
kevindu75 Messages postés 274 Date d'inscription vendredi 28 mars 2008 Statut Membre Dernière intervention 3 janvier 2014 - 9 févr. 2009 à 18:41
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 12 févr. 2009 à 17:23
Bonjour,
j'ai un gros bug, mon pc arrête pas de freeze et la barre de tâche devient grise ou bien elle est toute petite grisée. C'est comme sa depuis que j'ai désinstallé Malwayres. Je suis bad en informatique, et sinon l'ordinateur, je ne peux pas le contrôler. Des fois sa rédémarre tous seul quand je suis sur un jeux ou bien quand je démarre, sa m'écris erreur, redémarrage, c'est services.exe un truc du genre qui fait redémarrer. Merci de m'aider a+
A voir également:

15 réponses

Réponse 1 / 15
kevin05 Messages postés 3636 Date d'inscription samedi 29 novembre 2008 Statut Contributeur sécurité Dernière intervention 13 mai 2010 147
9 févr. 2009 à 18:42
Salut,

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 2 / 15
kevindu75 Messages postés 274 Date d'inscription vendredi 28 mars 2008 Statut Membre Dernière intervention 3 janvier 2014 6
9 févr. 2009 à 18:47
Salut, je l'ai mis sur une clé usb car sur l'autre pc, je peux pas aller sur le net. Mais l'ordinateur ne détecte pas la clé usb, je peux rien faire.Et merci de m'aider et de me répondre vite ^^
0
Réponse 3 / 15
kevin05 Messages postés 3636 Date d'inscription samedi 29 novembre 2008 Statut Contributeur sécurité Dernière intervention 13 mai 2010 147
9 févr. 2009 à 18:52
je l'ai mis sur une clé usb car sur l'autre pc, je peux pas aller sur le net. Mais l'ordinateur ne détecte pas la clé usb, je peux rien faire.

Dans ce cas je peux pas t'aider
0
Réponse 4 / 15
kevindu75 Messages postés 274 Date d'inscription vendredi 28 mars 2008 Statut Membre Dernière intervention 3 janvier 2014 6
9 févr. 2009 à 18:57
J'essaye en mode sans échec pour voir.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
kevindu75 Messages postés 274 Date d'inscription vendredi 28 mars 2008 Statut Membre Dernière intervention 3 janvier 2014 6
9 févr. 2009 à 19:09
C'est bon !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:32:58, on 01/01/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\hiwdemon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\svchost.exe
H:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,C:\WINDOWS\system32\ndetect.exe,C:\WINDOWS\system32\regwiz.exe,C:\WINDOWS\system32\c++.exe,C:\WINDOWS\system32\gcc.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: luciolis2.servegame.com 80.239.180.113
O1 - Hosts: luciolis2.servegame.com 91.121.124.125
O1 - Hosts: luciolis2.servegame.com 91.121.106.15
O1 - Hosts: luciolis2.servegame.com 91.121.69.136
O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P36 "EPSON Stylus CX6600 Series (Copie 1)" /O5 "LPT1:" /M "Stylus CX6600"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O5 "LPT1:" /M "Stylus CX6600"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
O4 - HKLM\..\Run: [hiwdemon] "C:\WINDOWS\system32\hiwdemon.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\TEMP\TMP25.tmp
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-3751206288-2118142139-2730665617-1005\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User '?')
O4 - HKUS\S-1-5-21-3751206288-2118142139-2730665617-1005\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3751206288-2118142139-2730665617-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3751206288-2118142139-2730665617-1005\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-3751206288-2118142139-2730665617-1005\..\Run: [services] C:\WINDOWS\services.exe (User '?')
O4 - HKUS\S-1-5-21-3751206288-2118142139-2730665617-1005\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [nttivhgz.exe] C:\WINDOWS\nttivhgz.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [dbxnkipp.exe] C:\WINDOWS\dbxnkipp.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [fpryyakh.exe] C:\WINDOWS\fpryyakh.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [nutrxvkf.exe] C:\WINDOWS\nutrxvkf.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [services] C:\WINDOWS\services.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ntscqoam.exe] C:\WINDOWS\ntscqoam.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [zzgwijdb.exe] C:\WINDOWS\zzgwijdb.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [vxsderlh.exe] C:\WINDOWS\vxsderlh.exe (User '?')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
O4 - S-1-5-21-3751206288-2118142139-2730665617-1005 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User '?')
O4 - S-1-5-21-3751206288-2118142139-2730665617-1005 Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe (User '?')
O4 - S-1-5-18 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User '?')
O4 - S-1-5-18 Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe (User '?')
O4 - .DEFAULT Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'Default user')
O4 - .DEFAULT Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O20 - Winlogon Notify: 60fb1947517 - C:\WINDOWS\System32\extmgr32.dll
O23 - Service: 6to4 - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe
O23 - Service: ANIWZCSdService - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: AppMgmt - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: AudioSrv - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: bdss - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: belkin wireless usb network adapter service - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: BITS - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: Browser - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: clr_optimization_v2.0.50727_32 - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: COMSysApp - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: DcomLaunch - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: Dhcp - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: dmadmin - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: dmserver - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: ehRecvr - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: ehSched - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Service Messenger Sharing Folders USN Journal Reader usnjsvcHidServ (usnjsvchidserv) - Unknown owner - C:\WINDOWS\system32\2D.tmp.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 6 / 15
kevin05 Messages postés 3636 Date d'inscription samedi 29 novembre 2008 Statut Contributeur sécurité Dernière intervention 13 mai 2010 147
9 févr. 2009 à 19:19
Tu ees très infecter...

▶ Télécharge Combofix de sUBs


▶ et enregistre le sur le Bureau.


▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)


Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


▶ Je te conseille d'installer la console de récupération !!
0
Réponse 7 / 15
kevindu75 Messages postés 274 Date d'inscription vendredi 28 mars 2008 Statut Membre Dernière intervention 3 janvier 2014 6
9 févr. 2009 à 19:19
Comment ca ?
0
Réponse 8 / 15
kevindu75 Messages postés 274 Date d'inscription vendredi 28 mars 2008 Statut Membre Dernière intervention 3 janvier 2014 6
9 févr. 2009 à 19:22
Pour la console de récupération, il faut les cd windows mais je mes ai pas :(
0
Réponse 9 / 15
kevindu75 Messages postés 274 Date d'inscription vendredi 28 mars 2008 Statut Membre Dernière intervention 3 janvier 2014 6
9 févr. 2009 à 19:27
Je fais comment ? :x
0
Réponse 10 / 15
kevin05 Messages postés 3636 Date d'inscription samedi 29 novembre 2008 Statut Contributeur sécurité Dernière intervention 13 mai 2010 147
9 févr. 2009 à 19:29
Installe la pas c'est pas grave
0
Réponse 11 / 15
kevindu75 Messages postés 274 Date d'inscription vendredi 28 mars 2008 Statut Membre Dernière intervention 3 janvier 2014 6
9 févr. 2009 à 19:30
Lol, comment ca? Mon ordi est très infecté non?
0
Réponse 12 / 15
kevindu75 Messages postés 274 Date d'inscription vendredi 28 mars 2008 Statut Membre Dernière intervention 3 janvier 2014 6
9 févr. 2009 à 20:03
Re salut, j'ai fais le truc, peux tu regarder le rapport stp?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:16, on 09/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\hiwdemon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\explorer.exe
H:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P36 "EPSON Stylus CX6600 Series (Copie 1)" /O5 "LPT1:" /M "Stylus CX6600"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O5 "LPT1:" /M "Stylus CX6600"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hiwdemon] "C:\WINDOWS\system32\hiwdemon.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-3751206288-2118142139-2730665617-1005\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User '?')
O4 - HKUS\S-1-5-21-3751206288-2118142139-2730665617-1005\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-3751206288-2118142139-2730665617-1005\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-3751206288-2118142139-2730665617-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3751206288-2118142139-2730665617-1005\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [zzfbnjiv.exe] C:\WINDOWS\zzfbnjiv.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ntlgxljw.exe] C:\WINDOWS\ntlgxljw.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [nttivhgz.exe] C:\WINDOWS\nttivhgz.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [dbxnkipp.exe] C:\WINDOWS\dbxnkipp.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [fpryyakh.exe] C:\WINDOWS\fpryyakh.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [nutrxvkf.exe] C:\WINDOWS\nutrxvkf.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ntscqoam.exe] C:\WINDOWS\ntscqoam.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [zzgwijdb.exe] C:\WINDOWS\zzgwijdb.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [vxsderlh.exe] C:\WINDOWS\vxsderlh.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-3751206288-2118142139-2730665617-1005 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User '?')
O4 - S-1-5-21-3751206288-2118142139-2730665617-1005 Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe (User '?')
O4 - S-1-5-18 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User '?')
O4 - S-1-5-18 Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe (User '?')
O4 - .DEFAULT Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'Default user')
O4 - .DEFAULT Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O20 - Winlogon Notify: 60fb1947517 - C:\WINDOWS\System32\extmgr32.dll
O23 - Service: 6to4 - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe
O23 - Service: ANIWZCSdService - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: AudioSrv - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: bdss - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: belkin wireless usb network adapter service - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: clr_optimization_v2.0.50727_32 - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: COMSysApp - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: DcomLaunch - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: Dhcp - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: dmadmin - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: ehRecvr - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: ehSched - Unknown owner - C:\WINDOWS\TEMP\VRT3.tmp (file missing)
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 13 / 15
kevin05 Messages postés 3636 Date d'inscription samedi 29 novembre 2008 Statut Contributeur sécurité Dernière intervention 13 mai 2010 147
9 févr. 2009 à 20:33
C'est pas celui là

Poste le rapport de combofix stp
0
Réponse 14 / 15
kevindu75 Messages postés 274 Date d'inscription vendredi 28 mars 2008 Statut Membre Dernière intervention 3 janvier 2014 6
10 févr. 2009 à 18:05
Salut, tien le rapport, et merci.

ComboFix 09-02-08.02 - CHODERLOS DE LACLOS 2009-02-10 18:02:13.2 - NTFSx86
Lancé depuis: H:\ComboFixqdqsd.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\****\Application Data\[u]0/u2000000e625fbf3517C.manifest
c:\documents and settings\****\Application Data\[u]0/u2000000e625fbf3517O.manifest
c:\documents and settings\****\Application Data\[u]0/u2000000e625fbf3517P.manifest
c:\documents and settings\****\Application Data\[u]0/u2000000e625fbf3517S.manifest

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_protect


((((((((((((((((((((((((((((( Fichiers créés du 2009-01-10 au 2009-02-10 ))))))))))))))))))))))))))))))))))))
.

2009-02-09 15:55 . 2009-02-09 15:55 0 --a------ c:\windows\system32\2.tmp
2009-02-09 15:26 . 2009-02-09 15:27 110,080 --------- c:\windows\system32\65.tmp
2009-02-09 15:26 . 2009-02-09 15:26 67,585 --a------ c:\windows\system32\64.tmp
2009-02-09 15:26 . 2009-02-09 15:26 3,584 --a------ c:\windows\vxsderlh.exe
2009-02-09 15:20 . 2009-02-09 15:26 162,980 --a------ c:\windows\system32\63.tmp
2009-02-09 15:20 . 2009-02-09 15:20 168 --a------ c:\windows\system32\61.tmp
2009-02-09 15:16 . 2009-02-09 15:16 0 --a------ c:\windows\system32\60.tmp
2009-02-09 15:15 . 2009-02-09 15:16 38,913 --a------ c:\windows\system32\5E.tmp
2009-02-09 15:15 . 2009-02-09 15:15 168 --a------ c:\windows\system32\5D.tmp
2009-02-09 14:45 . 2009-02-09 14:45 67,585 --a------ c:\windows\system32\5C.tmp
2009-02-09 14:44 . 2009-02-09 14:45 163,364 --a------ c:\windows\system32\58.tmp
2009-02-09 14:44 . 2009-02-09 14:44 23,553 --a------ c:\windows\system32\57.tmp
2009-02-09 14:44 . 2009-02-09 14:44 168 --a------ c:\windows\system32\55.tmp
2009-02-09 14:41 . 2009-02-09 14:42 110,080 --------- c:\windows\system32\5B.tmp
2009-02-09 14:41 . 2009-02-09 14:41 67,585 --a------ c:\windows\system32\59.tmp
2009-02-09 14:41 . 2009-02-09 14:41 3,584 --a------ c:\windows\zzgwijdb.exe
2009-02-09 14:37 . 2009-02-09 14:41 163,364 --a------ c:\windows\system32\56.tmp
2009-02-09 14:37 . 2009-02-09 14:37 212 --a------ c:\windows\system32\53.tmp
2009-02-09 14:37 . 2009-02-09 14:37 1 --a------ c:\windows\system32\54.tmp
2009-02-08 21:32 . 2009-02-08 21:32 67,585 --a------ c:\windows\system32\50.tmp
2009-02-08 21:32 . 2009-02-08 21:32 168 --a------ c:\windows\system32\4F.tmp
2009-02-08 21:32 . 2009-02-08 21:32 0 --a------ c:\windows\system32\51.tmp
2009-02-08 18:53 . 2009-02-08 18:53 67,585 --a------ c:\windows\system32\4D.tmp
2009-02-08 18:53 . 2009-02-08 18:53 0 --a------ c:\windows\system32\4E.tmp
2009-02-08 18:52 . 2009-02-08 18:53 168 --a------ c:\windows\system32\4C.tmp
2009-02-08 17:58 . 2009-02-08 17:58 0 --a------ c:\windows\system32\52.tmp
2009-02-08 17:45 . 2009-02-08 17:45 23,553 --a------ c:\windows\system32\4A.tmp
2009-02-08 17:44 . 2009-02-08 17:44 67,585 --a------ c:\windows\system32\3F.tmp
2009-02-08 17:44 . 2009-02-08 17:44 64,512 --a------ c:\windows\system32\hhupd.exe
2009-02-08 17:44 . 2009-02-08 17:44 168 --a------ c:\windows\system32\39.tmp
2009-02-08 17:44 . 2009-02-08 17:44 0 --a------ c:\windows\system32\49.tmp
2009-02-08 17:36 . 2009-02-08 17:36 110,080 --------- c:\windows\system32\38.tmp
2009-02-08 17:36 . 2009-02-08 17:36 23,553 --a------ c:\windows\system32\2E.tmp
2009-02-08 17:35 . 2009-02-08 17:35 67,585 --a------ c:\windows\system32\25.tmp
2009-02-08 17:35 . 2009-02-08 17:35 168 --a------ c:\windows\system32\1C.tmp
2009-02-08 17:35 . 2009-02-08 17:35 0 --a------ c:\windows\system32\26.tmp
2009-02-08 15:49 . 2009-02-08 15:49 0 --a------ c:\windows\system32\4B.tmp
2009-02-08 15:43 . 2009-02-08 15:43 67,585 --a------ c:\windows\system32\42.tmp
2009-02-08 15:43 . 2009-02-08 15:43 39,937 --a------ c:\windows\system32\44.tmp
2009-02-08 15:43 . 2009-02-08 15:43 168 --a------ c:\windows\system32\41.tmp
2009-02-08 15:43 . 2009-02-08 15:43 0 --a------ c:\windows\system32\43.tmp
2009-02-08 15:28 . 2009-02-08 15:28 39,937 --a------ c:\windows\system32\3E.tmp
2009-02-08 15:27 . 2009-02-08 15:27 67,585 --a------ c:\windows\system32\3B.tmp
2009-02-08 15:27 . 2009-02-08 15:27 168 --a------ c:\windows\system32\3A.tmp
2009-02-08 15:27 . 2009-02-08 15:27 0 --a------ c:\windows\system32\3C.tmp
2009-02-08 15:20 . 2009-02-08 15:20 67,585 --a------ c:\windows\system32\35.tmp
2009-02-08 15:20 . 2009-02-08 15:20 39,937 --a------ c:\windows\system32\37.tmp
2009-02-08 15:20 . 2009-02-08 15:20 168 --a------ c:\windows\system32\34.tmp
2009-02-08 15:20 . 2009-02-08 15:20 0 --a------ c:\windows\system32\36.tmp
2009-02-08 14:55 . 2009-02-08 14:55 67,585 --a------ c:\windows\system32\28.tmp
2009-02-08 14:55 . 2009-02-08 14:55 23,553 --a------ c:\windows\system32\2B.tmp
2009-02-08 14:55 . 2009-02-08 14:55 168 --a------ c:\windows\system32\27.tmp
2009-02-08 14:55 . 2009-02-08 14:55 0 --a------ c:\windows\system32\2A.tmp
2009-02-08 14:53 . 2009-02-08 14:53 67,585 --a------ c:\windows\system32\1E.tmp
2009-02-08 14:53 . 2009-02-08 14:53 23,553 --a------ c:\windows\system32\24.tmp
2009-02-08 14:53 . 2009-02-08 14:53 168 --a------ c:\windows\system32\1D.tmp
2009-02-08 14:53 . 2009-02-08 14:53 0 --a------ c:\windows\system32\1F.tmp
2009-02-08 14:51 . 2009-02-08 14:51 168 --a------ c:\windows\system32\D.tmp
2009-02-08 14:51 . 2009-02-08 14:51 0 --a------ c:\windows\system32\F.tmp
2009-02-08 14:51 . 2009-02-08 14:51 0 --a------ c:\windows\system32\1B.tmp
2009-02-08 14:51 . 2009-02-08 14:51 0 --a------ c:\windows\system32\13.tmp
2009-02-08 13:55 . 2009-02-08 13:55 168 --a------ c:\windows\system32\7.tmp
2009-02-08 11:52 . 2009-02-08 11:52 32,768 --ah----- c:\documents and settings\****\cplts.exe
2009-02-08 11:51 . 2009-02-08 11:51 128 --a------ c:\windows\system32\4.tmp
2009-02-08 11:46 . 2009-02-08 11:52 53,248 --a------ c:\windows\system32\drivers\ndisio.sys
2009-02-08 11:46 . 2009-02-08 11:46 23,553 --a------ c:\windows\system32\33.tmp
2009-02-08 11:46 . 2009-02-08 11:46 3,584 --a------ c:\windows\ntscqoam.exe
2009-02-08 11:43 . 2009-02-08 11:46 164,708 --a------ c:\windows\system32\32.tmp
2009-02-08 11:43 . 2009-02-08 11:43 128 --a------ c:\windows\system32\2F.tmp
2009-02-08 11:33 . 2003-01-01 00:26 <REP> d--hs---- c:\windows\system32\twain32
2009-02-08 10:44 . 2009-02-08 10:47 163,652 --a------ c:\windows\system32\23.tmp
2009-02-08 10:44 . 2009-02-08 10:44 29,184 --a------ c:\windows\system32\22.tmp
2009-02-08 10:44 . 2009-02-08 10:44 23,553 --a------ c:\windows\system32\21.tmp
2009-02-08 10:44 . 2009-02-08 10:44 172 --a------ c:\windows\system32\20.tmp
2009-02-08 10:42 . 2009-02-08 10:42 0 --a------ c:\windows\system32\1A.tmp
2009-02-08 10:40 . 2009-02-08 10:42 77,153 --a------ c:\windows\system32\15.tmp
2009-02-08 10:40 . 2009-02-08 10:40 29,184 --a------ c:\windows\system32\14.tmp
2009-02-08 10:40 . 2009-02-08 10:40 172 --a------ c:\windows\system32\12.tmp
2009-02-07 21:48 . 2003-10-13 15:30 94,208 --a------ c:\windows\system32\GTW32N50.dll
2009-02-07 21:48 . 2004-04-30 15:12 40,960 --a------ c:\windows\system32\B11gUSB.dll
2009-02-07 21:48 . 2003-09-25 23:28 31,930 --a------ c:\windows\system32\GTNDIS3.VXD
2009-02-07 21:48 . 2003-09-25 22:15 15,872 --a------ c:\windows\system32\GTNDIS5.sys
2009-02-07 16:56 . 2009-02-07 20:39 <REP> d-------- c:\program files\Belkin
2009-02-07 16:48 . 2009-02-07 16:48 <REP> d-------- c:\windows\{D9FAE986-A4C1-4A2D-8B20-60F92F4222AD}
2009-02-06 17:46 . 2009-02-06 17:46 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Media Player Classic
2009-02-06 17:35 . 2009-02-06 17:35 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-02-05 20:51 . 2009-02-05 21:08 3,284 --a------ c:\windows\system32\ANIWZCS{757CDBFA-B625-4034-A4D0-31590D714A0F}
2009-02-05 19:39 . 2009-02-05 19:40 67,585 --a------ c:\windows\system32\48.tmp
2009-02-05 19:39 . 2009-02-05 19:39 23,553 --a------ c:\windows\system32\47.tmp
2009-02-05 19:39 . 2009-02-05 19:39 3,584 --a------ c:\windows\nutrxvkf.exe
2009-02-05 19:33 . 2009-02-05 19:39 163,652 --a------ c:\windows\system32\46.tmp
2009-02-05 19:33 . 2009-02-05 19:33 168 --a------ c:\windows\system32\45.tmp
2009-02-05 17:41 . 2009-02-06 17:21 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-05 17:18 . 2009-02-05 17:18 <REP> d-------- c:\program files\VS Revo Group
2009-02-05 16:51 . 2009-02-05 16:51 20,480 --ahs---- c:\windows\system32\17a.dll
2009-02-05 12:42 . 2009-02-05 12:42 67,585 --a------ c:\windows\system32\31.tmp
2009-02-05 12:42 . 2009-02-09 14:45 64,512 --a------ c:\windows\system32\i386kd.exe
2009-02-05 12:42 . 2009-02-05 20:02 82 --a-s---- c:\windows\system32\3008035650.dat
2009-02-05 12:41 . 2009-02-05 12:41 128 --a------ c:\windows\system32\2C.tmp
2009-02-05 12:38 . 2009-02-05 12:38 0 --a------ c:\windows\system32\29.tmp
2009-02-05 12:27 . 2009-02-05 12:27 67,585 --a------ c:\windows\system32\19.tmp
2009-02-05 12:27 . 2009-02-08 14:53 64,512 --a------ c:\windows\system32\7z.exe
2009-02-05 12:27 . 2009-02-05 12:27 84 --a------ c:\windows\system32\17.tmp
2009-02-05 12:26 . 2009-02-05 12:26 62,510 --a------ c:\windows\system32\11.tmp
2009-02-05 12:23 . 2009-02-05 12:23 64,512 --a------ c:\windows\system32\pdbcopy.exe
2009-02-04 21:00 . 2009-02-04 21:00 3,584 --a------ c:\windows\fpryyakh.exe
2009-02-04 19:12 . 2009-02-04 19:12 32,768 --ah----- c:\documents and settings\****\rjrdqmp.exe
2009-02-04 19:10 . 2009-02-04 19:10 32,768 --ah----- c:\documents and settings\****\pgqnx.exe
2009-02-04 19:06 . 2009-02-04 19:06 3,584 --a------ c:\windows\dbxnkipp.exe
2009-02-04 18:57 . 2009-02-04 18:57 61,440 --a------ c:\windows\system32\drivers\iouzrlo.sys
2009-02-04 18:23 . 2009-02-04 18:23 30,848 --a------ c:\windows\system32\drivers\qjgkffyga.sys
2009-02-04 18:23 . 2009-02-04 18:23 3,584 --a------ c:\windows\nttivhgz.exe
2009-02-04 17:24 . 2009-02-04 17:24 3,584 --a------ c:\windows\ntlgxljw.exe
2009-02-04 17:22 . 2009-02-06 15:24 3,284 --a------ c:\windows\system32\ANIWZCS{A358F9CD-70FD-485C-912D-33362DED0E3B}
2009-02-04 17:22 . 2009-02-06 15:23 20 --a------ c:\windows\system32\ANIWZCSUSERNAME{A358F9CD-70FD-485C-912D-33362DED0E3B}
2009-02-04 17:20 . 2009-02-09 15:26 64,512 --a------ c:\windows\system32\gcc.exe
2009-02-04 17:20 . 2009-02-04 17:20 15,000 --a------ c:\windows\system32\hgdfeeeh4fdg.dll
2009-02-04 13:04 . 2009-02-04 13:04 3,584 --a------ c:\windows\zzfbnjiv.exe
2009-02-03 20:44 . 2009-02-03 20:44 0 --a------ c:\windows\system32\3D.tmp
2009-02-03 20:30 . 2009-02-04 13:22 <REP> d--h----- c:\windows\system32\GroupPolicy
2009-02-03 19:26 . 2009-02-03 19:26 552 --a------ c:\windows\system32\d3d8caps.dat
2009-02-03 18:53 . 2009-02-03 18:53 3,584 --a------ c:\windows\tjpybeij.exe
2009-02-03 17:46 . 2009-02-03 17:46 0 --a------ c:\windows\system32\10.tmp
2009-02-03 17:38 . 2009-02-03 17:38 32,768 --ah----- c:\documents and settings\****\yjresnl.exe
2009-02-03 13:21 . 2009-02-03 13:21 3,584 --a------ c:\windows\xldopide.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 14:45 29,184 ----a-w c:\windows\system32\alg.exe
2009-02-09 14:29 94,208 ----a-w c:\windows\DUMP51b9.tmp
2009-02-08 20:32 64,512 -c--a-w c:\windows\system32\regwiz.exe
2009-02-08 17:02 94,208 ----a-w c:\windows\DUMP5747.tmp
2009-02-08 13:36 94,208 ----a-w c:\windows\DUMP6404.tmp
2009-02-07 20:22 94,208 ----a-w c:\windows\DUMP67fc.tmp
2009-02-07 19:51 94,208 ----a-w c:\windows\DUMP6869.tmp
2009-02-07 15:56 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-06 18:33 6,656 ----a-w c:\windows\system32\drivers\arp1394.sys
2009-02-06 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-06 11:59 --------- d-----w c:\program files\World of Warcraft
2009-02-05 20:53 94,208 ----a-w c:\windows\DUMP6ced.tmp
2009-02-05 16:22 --------- d-----w c:\program files\Softwin
2009-02-04 16:44 --------- d-----w c:\program files\Real Alternative
2009-02-04 16:34 --------- d-----w c:\program files\Fichiers communs\Softwin
2009-02-04 16:05 90,112 ----a-w c:\windows\DUMP6750.tmp
2009-02-04 12:34 94,208 ----a-w c:\windows\DUMP6b48.tmp
2009-02-04 11:53 94,208 ----a-w c:\windows\DUMP874b.tmp
2009-02-03 18:01 94,208 ----a-w c:\windows\DUMP5ee4.tmp
2009-02-02 18:58 --------- d-----w c:\documents and settings\****\Application Data\Desktopicon
2009-02-02 18:44 578,560 ----a-w c:\windows\system32\user32.DLL
2009-02-02 18:38 81,984 ----a-w c:\windows\system32\bdod.bin
2009-01-30 19:15 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-29 15:31 --------- d-----w c:\documents and settings\****\Application Data\LimeWire
2009-01-28 15:34 --------- d-----w c:\program files\Samsung
2008-12-23 16:17 126,464 ----a-w c:\windows\system32\nqnanuhq.dll
2008-12-18 16:13 --------- d-----w c:\program files\GamesBar
2008-12-17 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\GamesBar
2008-12-17 12:37 --------- d-----w c:\program files\Fraps
2008-12-12 16:04 --------- d-----w c:\program files\MSN Messenger
2008-12-12 16:04 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-12 16:02 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-12-12 15:31 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-12 15:23 --------- d-----w c:\program files\Windows Live
2008-12-11 21:22 --------- d-----w c:\program files\Bsplayer Pro Version 1.36
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
.
[color=red] c:\windows\system32\user32.dll ... est infecté !! /color
578,048 2005-03-02 18:20:32 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
579,072 2007-03-08 15:50:30 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
578,048 2005-03-02 18:10:36 c:\windows\$NtUninstallKB925902$\user32.dll
579,584 2008-04-14 02:33:48 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\user32.dll
579,584 2008-04-14 02:33:48 c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\user32.dll
578,560 2009-02-02 18:44:04 c:\windows\system32\user32.DLL
578,560 2009-02-02 18:44:04 c:\windows\system32\dllcache\user32.dll


------- Sigcheck -------

2008-04-14 03:34 31744 cc96d2232a7fece156062570949a7b79 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\svchost.exe
2008-04-14 03:34 31744 990663dc3e2d18eb72464c99dfde5e43 c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\svchost.exe
2004-08-10 13:00 31744 3f43e179b775afcddb7a572df6f085ee c:\windows\system32\svchost.exe
2004-08-10 13:00 31744 6744a1f0fe4714bd8a4ab69bfe16edf8 c:\windows\system32\dllcache\svchost.exe

2005-03-02 19:20 578048 c34920eb988ce98910bd6b0417f334eb c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 16:50 579072 4d88aaf39adabfe45958ea1384e2c4ff c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 19:10 578048 0df75fb73f705b011630159a43d7c354 c:\windows\$NtUninstallKB925902$\user32.dll
2008-04-14 03:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\user32.dll
2008-04-14 03:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\user32.dll
2009-02-02 19:44 578560 608b9559a8eb62bf25af4d06999e72be c:\windows\system32\user32.DLL
2009-02-02 19:44 578560 608b9559a8eb62bf25af4d06999e72be c:\windows\system32\dllcache\user32.dll

2008-04-14 03:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ws2_32.dll
2008-04-14 03:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\ws2_32.dll
2004-08-10 13:00 82944 bc41f51a39d3b255805fdb759b7814ae c:\windows\system32\ws2_32.dll
2004-08-10 13:00 82944 bc41f51a39d3b255805fdb759b7814ae c:\windows\system32\dllcache\ws2_32.dll

2004-09-29 19:47 660992 61cdcab341ade3482101da90fcc793ac c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-01-27 18:12 662016 66a10b98f18fd804236ab2d90301de04 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-05-02 21:58 663040 0996b57cc2abcb271872296e98a18db2 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
2005-03-10 08:48 662016 06ad0b0f43286cd50af283762eb56763 c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-07-03 03:10 663552 39846b1ac2b99349272ee6e075c3b8af c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-21 04:39 665600 d327378ceef9a141c7352691fc30a0da c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
2007-03-23 10:29 823296 375b58a68a016546535a84060092325c c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 09:26 823808 47ddad237f60729dea2b9e0e2382b58f c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 15:14 824320 7201d19b81883b57d5ffe8ebb5a83e8b c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 10:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 00:22 825344 871ae10d6ae8877e9636ae5017953d52 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 02:42 825344 f4fd487241d3ac291046a22cebd2cf71 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 13:34 827392 5a0093f59b505c008ed0cee615563c72 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 08:19 827392 78d3d2b0be6ad3e6d82ccb115cf74310 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 16:40 827904 52589bae67dd9859724287372668690b c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2008-08-26 10:10 827904 4b0e70d44297877a313045bd059770e1 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
2008-10-16 20:33 827904 37d1a1bfe3d9904f2c3d11592456f9c0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
2005-07-03 03:16 662528 e994e704303f07f331b03ee9ed6d9e2d c:\windows\$NtUninstallKB905915$\wininet.dll
2005-10-21 04:41 662528 e41e8fdf62cf20f2e2b16d800d96eb51 c:\windows\$NtUninstallKB912812$\wininet.dll
2006-03-04 05:00 667648 241dbc4c2714b2f39afded49459ed420 c:\windows\$NtUninstallKB916281$\wininet.dll
2006-05-10 06:26 667648 44fcc339191adb8892520dfa473c455f c:\windows\$NtUninstallKB918899$\wininet.dll
2006-06-23 12:25 668672 582953780721ac5d38f98cab229ec7b9 c:\windows\$NtUninstallKB922760$\wininet.dll
2007-02-27 14:26 822784 75de73e328e300caed5965faea2f5d3f c:\windows\ie7updates\KB933566-IE7\wininet.dll
2007-10-11 00:49 824832 bc5119c53bdd48dabc628d448a3bdccb c:\windows\ie7updates\KB944533-IE7\wininet.dll
2008-03-01 13:58 826368 8e027981ddffa690d456fe18b37415a0 c:\windows\ie7updates\KB950759-IE7\wininet.dll
2008-06-23 17:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c c:\windows\ie7updates\KB956390-IE7\wininet.dll
2006-09-14 09:38 668672 b8b6f05885a6f42724e8d6bfede6bd3f c:\windows\ie8\wininet.dll
2006-05-10 06:26 667648 44fcc339191adb8892520dfa473c455f c:\windows\SoftwareDistribution\Download\40efcf7ecd1dbc7929c55532cfa0efc6\sp2qfe\wininet.dll
2008-04-14 03:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wininet.dll
2008-04-14 03:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\wininet.dll
2007-10-11 00:49 824832 bc5119c53bdd48dabc628d448a3bdccb c:\windows\SoftwareDistribution\Download\b09b87418e1b1dbe22dc86ea2b3c2087\sp2gdr\wininet.dll
2007-10-11 00:22 825344 871ae10d6ae8877e9636ae5017953d52 c:\windows\SoftwareDistribution\Download\b09b87418e1b1dbe22dc86ea2b3c2087\sp2qfe\wininet.dll
2006-09-14 09:38 668672 b8b6f05885a6f42724e8d6bfede6bd3f c:\windows\SoftwareDistribution\Download\ba9e980005ec8aee5f97a11556b4d00f\sp2qfe\wininet.dll
2008-08-22 03:08 878592 df1cb456ed1e038b276123365a1a93c4 c:\windows\system32\wininet.dll
2008-08-22 03:08 878592 df1cb456ed1e038b276123365a1a93c4 c:\windows\system32\dllcache\wininet.dll

2005-05-25 20:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 18:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2005-05-25 20:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$NtUninstallKB913446$\tcpip.sys
2006-01-13 03:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SoftwareDistribution\Download\1abbf7c00bc08e0ffcd2d1ef66130fa0\sp2gdr\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\SoftwareDistribution\Download\1abbf7c00bc08e0ffcd2d1ef66130fa0\sp2qfe\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\SoftwareDistribution\Download\1abbf7c00bc08e0ffcd2d1ef66130fa0\sp3gdr\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\SoftwareDistribution\Download\1abbf7c00bc08e0ffcd2d1ef66130fa0\sp3qfe\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\SoftwareDistribution\Download\507067b70cd6d949aad91fc738213e69\sp2gdr\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\SoftwareDistribution\Download\507067b70cd6d949aad91fc738213e69\sp2qfe\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\tcpip.sys
2008-06-20 11:45 360320 1cc09561e21a48a7f649a40f18235860 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 11:45 360320 1cc09561e21a48a7f649a40f18235860 c:\windows\system32\drivers\tcpip.sys

2008-04-14 03:34 529408 21526be68e330d72253abb6de6ddda0c c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\winlogon.exe
2008-04-14 03:34 529408 9f8717ae11f88e1b0219a61e946be507 c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\winlogon.exe
2004-08-10 13:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e c:\windows\system32\winlogon.exe
2004-08-10 13:00 523776 dceacf2c7a966bbfd1e84426a9d33e14 c:\windows\system32\dllcache\winlogon.exe

2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\ndis.sys
2004-08-10 13:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys
2004-08-10 13:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ip6fw.sys
2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\ip6fw.sys
2004-08-10 13:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\dllcache\ip6fw.sys
2004-08-10 13:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys

2005-03-02 10:13 2059008 5311776074b6c13f983dc75baeac9c0c c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 19:45 2061440 8b039efbe4c9aa23f152ffa0e238b8fa c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 17:08 2061440 7a56a64eb50399613587e90292dd2aab c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2008-08-14 14:39 2065024 dcbc1a6d150b5ee1bd6257186157b0f3 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
2008-08-14 14:23 2068096 8da71f1900721e1e4fcb5b02d55fb771 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
2008-08-14 18:26 2068096 755b50949d0dbc0f0136b0db58765331 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2005-03-02 19:08 2017280 50b3a210b6fa8d3089a36a32e7d8b21f c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 19:22 2059648 06015d137b02542f07d5cd7b144df942 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 17:02 2017792 11c942f6519575079baa9f14aee35e88 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
2008-08-14 14:44 2059776 f9720d61df1e3e47614c4fc891f3fe44 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-04-14 03:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ntkrnlpa.exe
2008-04-14 03:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\ntkrnlpa.exe
2008-08-14 14:44 2017792 7d0242cd4b2242bc766435dc1a1d49fa c:\windows\system32\ntkrnlpa.exe
2008-08-14 14:44 2059776 f9720d61df1e3e47614c4fc891f3fe44 c:\windows\system32\dllcache\ntkrnlpa.exe

2005-03-02 19:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 19:45 2184064 1f3fa2065e6e043a1d82a487b5da309c c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 17:08 2184192 8e244108562e0e452eb68dff64cb08a9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2008-08-14 14:39 2188032 c6649255e51f145b6e15c505ab68e459 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
2008-08-14 14:23 2191232 c8d4d5974f9671da0a37175650912960 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
2008-08-14 18:26 2191232 d79210549bbf09b7638e860440504299 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2005-03-02 19:07 2137600 e75f7aa5a33479f29c636fd0890f5762 c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 19:22 2182400 d27929db7b7f92f9d0f8ec9ba01c601c c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 17:02 2138112 c7a39c47c064ae50417a944b60f37b6a c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
2008-08-14 14:44 2182400 449566d74b5c261a3a54aa216f0c532b c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-04-14 03:08 2191104 099d639da1ef6968d4e41795bb507e6b c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ntoskrnl.exe
2008-04-14 03:08 2191104 099d639da1ef6968d4e41795bb507e6b c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\ntoskrnl.exe
2008-08-14 14:44 2138112 f54f9151170d876d9540cb8021cc83d5 c:\windows\system32\ntoskrnl.exe
2008-08-14 14:44 2182400 449566d74b5c261a3a54aa216f0c532b c:\windows\system32\dllcache\ntoskrnl.exe

2007-06-13 14:22 1054720 9d808c13891a31ca3739dba0607d35fd c:\windows\explorer.exe
2007-06-13 14:10 1054720 08ced9b94515749de314dad816539572 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-10 13:00 1053696 73772912612920223998098499523461 c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 03:34 1055232 5dda970c341d1434c99f3ab8a130b5f4 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
2008-04-14 03:34 1055232 c1f7a473045d88946a8117debd0dfc3f c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\explorer.exe
2007-06-13 14:22 1054720 6b7003ab181b3a839dae50f7bb599900 c:\windows\system32\dllcache\explorer.exe

2008-04-14 03:34 126464 0f71fd6bfa617368b19c2ceba7ee4251 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\services.exe
2008-04-14 03:34 126464 b1d1fa8451d89f1fab4181d76691becb c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\services.exe
2004-08-10 13:00 108544 732e0b1abaace15d80ec19056b0a2af9 c:\windows\system32\services.exe
2004-08-10 13:00 125952 d177ab1f91178e6050892c1828ce0e32 c:\windows\system32\dllcache\services.exe

2008-04-14 03:34 30720 941950d503958267e02db95defdf74bf c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\lsass.exe
2008-04-14 03:34 30720 f07d25df4f87beb0f86be04b2017ee7d c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\lsass.exe
2004-08-10 13:00 13312 9f3744a5c6f49291a7a685040a013399 c:\windows\system32\lsass.exe
2004-08-10 13:00 30720 6e0383567a8a51ff204fe63dd9934e25 c:\windows\system32\dllcache\lsass.exe

2008-04-14 03:33 32768 e7ed22d056feaf2e2a6b28efe4621b98 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe
2008-04-14 03:33 32768 1e52dc704b474e2f8d8ba7d87ab9e68f c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\ctfmon.exe
2004-08-10 13:00 32768 67342b06fa97fd639a5ed485a4fbd273 c:\windows\system32\ctfmon.exe
2004-08-10 13:00 32768 88688b8f81cf1cd5bceaab764684585c c:\windows\system32\dllcache\ctfmon.exe

2005-06-11 01:17 75264 605e021491907b16e092b436f79193de c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2008-04-14 03:34 75264 a617f51335bc9927059ceb5206bf50b0 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\spoolsv.exe
2008-04-14 03:34 75264 5eedae6061a37a233fb173b53192d3e4 c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\spoolsv.exe
2005-06-11 00:53 75264 4164dd9ff1785a854d27bbf18010e55a c:\windows\system32\spoolsv.exe
2005-06-11 00:53 75264 e4dd72c5ad3bd33c3a7f06804109e94b c:\windows\system32\dllcache\spoolsv.exe

2008-04-14 03:34 44032 fa3cd697adea3f60540b28e7acba271e c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe
2008-04-14 03:34 44032 008a241199c3a5083d776ee56aae9ccf c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\userinit.exe
2004-08-10 13:00 42496 1bac0ebf423089a3fef6ce596e28ef9d c:\windows\system32\userinit.exe
2004-08-10 13:00 42496 5c8beba1f48396754b4a684135f1cff5 c:\windows\system32\dllcache\userinit.exe

2004-08-10 13:00 297984 7d521b8cf926459e270d18c559323815 c:\windows\$NtUninstallKB895961$\termsrv.dll
2008-04-14 03:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\termsrv.dll
2008-04-14 03:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\termsrv.dll
2005-03-10 08:50 297984 70921de4c83652dc301a05f0cc46c985 c:\windows\system32\termsrv.dll
2005-03-10 08:50 297984 70921de4c83652dc301a05f0cc46c985 c:\windows\system32\dllcache\termsrv.dll

2006-07-05 11:58 1050112 fb85ef2a6713e3a58a497e093626b93c c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
2007-04-16 17:11 1051136 62e3f0e9abfcbcee62c51546f622c455 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
2004-08-10 13:00 1048576 7830e20c74611281b1bdae5888cd50f5 c:\windows\$NtUninstallKB917422$\kernel32.dll
2006-07-05 11:56 1049088 ce4af1fa47a29adf97cb107775ce395c c:\windows\$NtUninstallKB935839$\kernel32.dll
2008-04-14 03:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\kernel32.dll
2008-04-14 03:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\kernel32.dll
2007-04-16 16:53 1049600 6f1fe2ae7b22eb9ced1bff533c9455ea c:\windows\system32\kernel32.dll
2007-04-16 16:53 1049600 6f1fe2ae7b22eb9ced1bff533c9455ea c:\windows\system32\dllcache\kernel32.dll

2008-04-14 03:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\powrprof.dll
2008-04-14 03:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\powrprof.dll
2004-08-10 13:00 17408 b02e4ddbe0e98f42f3b61292ddb3a104 c:\windows\system32\powrprof.dll
2004-08-10 13:00 17408 b02e4ddbe0e98f42f3b61292ddb3a104 c:\windows\system32\dllcache\powrprof.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-09_19.58.16.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-09 18:48:46 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-10 17:05:06 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-09 18:48:46 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-02-10 17:05:06 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2009-02-09 18:48:46 49,152 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-10 17:05:06 49,152 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2003-01-01 01:26:27 62,812 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-10 16:37:35 62,812 ----a-w c:\windows\system32\perfc009.dat
- 2003-01-01 01:26:27 76,002 ----a-w c:\windows\system32\perfc00C.dat
+ 2009-02-10 16:37:35 76,002 ----a-w c:\windows\system32\perfc00C.dat
- 2003-01-01 01:26:27 404,288 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-10 16:37:35 404,288 ----a-w c:\windows\system32\perfh009.dat
- 2003-01-01 01:26:27 472,252 ----a-w c:\windows\system32\perfh00C.dat
+ 2009-02-10 16:37:35 472,252 ----a-w c:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1978368]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 328192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 32768]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 221696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX6600 Series (Copie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE" [2004-03-01 118784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-18 118784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 176128]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 159744]
"EPSON Stylus CX6600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE" [2004-03-01 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 81920]
"hiwdemon"="c:\windows\system32\hiwdemon.exe" [2009-01-29 1486848]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 69632]
"D-Link D-Link Wireless G DWA-110"="c:\program files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2007-05-04 1683456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 32768]
"tkghmtel.exe"="c:\windows\tkghmtel.exe" [2009-02-02 3584]
"fpjdahbd.exe"="c:\windows\fpjdahbd.exe" [2009-02-02 3584]
"fpootqta.exe"="c:\windows\fpootqta.exe" [2009-02-02 3584]
"xldopide.exe"="c:\windows\xldopide.exe" [2009-02-03 3584]
"tjpybeij.exe"="c:\windows\tjpybeij.exe" [2009-02-03 3584]
"zzfbnjiv.exe"="c:\windows\zzfbnjiv.exe" [2009-02-04 3584]
"ntlgxljw.exe"="c:\windows\ntlgxljw.exe" [2009-02-04 3584]
"nttivhgz.exe"="c:\windows\nttivhgz.exe" [2009-02-04 3584]
"dbxnkipp.exe"="c:\windows\dbxnkipp.exe" [2009-02-04 3584]
"fpryyakh.exe"="c:\windows\fpryyakh.exe" [2009-02-04 3584]
"nutrxvkf.exe"="c:\windows\nutrxvkf.exe" [2009-02-05 3584]
"ntscqoam.exe"="c:\windows\ntscqoam.exe" [2009-02-08 3584]
"zzgwijdb.exe"="c:\windows\zzgwijdb.exe" [2009-02-09 3584]
"vxsderlh.exe"="c:\windows\vxsderlh.exe" [2009-02-09 3584]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-09-01 1204224]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 47104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\60fb1947517]
2009-01-28 16:48 135168 c:\windows\system32\extmgr32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\Conf.exe"=
"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\D-Link\\D-Link Wireless G DWA-110\\AirGCFG.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

R1 15ec6892;15ec6892;c:\windows\System32\drivers\15ec6892.sys [2009-02-08 0]
R1 ethoycew;ethoycew;c:\windows\system32\drivers\ethoycew.sys [2009-02-09 137632]
R2 EAPPkt;Realtek EAPPkt Protocol; [x]
R3 BTCOMM;BTCOMM; [x]
R3 BTKRNBDG;Bluetooth COM Bridge; [x]
R3 kbeepm;kbeepm; [x]
R3 vad_multi;Windigo Virtual Audio Device (WDM); [x]
S0 yxcpqbwz;yxcpqbwz;c:\windows\System32\Drivers\yxcpqbwz.sys [2009-02-03 33920]
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-12-06 826752]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-05-12 1287296]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2005-11-28 7040]


--- Autres Services/Pilotes en mémoire ---

*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - Alerter
*Deregistered* - ANIO
*Deregistered* - Arp1394
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - ELhid
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - IAANTMon
*Deregistered* - iastor
*Deregistered* - Ip6Fw
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - Modem
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - PptpMiniport
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RpcSs
*Deregistered* - seclogon
*Deregistered* - sr
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - StarOpen
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - Tcpip6
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - tunmp
*Deregistered* - Update
*Deregistered* - upnphost
*Deregistered* - VcommMgr
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - WMPNetworkSvc
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - yxcpqbwz

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62812be8-a5c9-11dd-ac7d-001cdf1cb983}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ntldr.exe
\Shell\´ò¿ª(&O)\command - K:\ntldr.exe
.
Contenu du dossier 'Tâches planifiées'

2009-02-09 c:\windows\Tasks\User_Feed_Synchronization-{3A91D026-2C58-4808-AED4-3BF7DFF2B063}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 03:05]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_12.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 18:06:18
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\controlset002\Services\6to4]
"ImagePath"="c:\windows\TEMP\VRT3.tmp"

[HKEY_LOCAL_MACHINE\System\controlset002\Services\ANIWZCSdService]
"ImagePath"="c:\windows\TEMP\VRT3.tmp"

[HKEY_LOCAL_MACHINE\System\controlset002\Services\Ati HotKey Poller]
"ImagePath"="c:\windows\TEMP\VRT3.tmp"

[HKEY_LOCAL_MACHINE\System\controlset002\Services\ATI Smart]
"ImagePath"="c:\windows\TEMP\VRT3.tmp"

[HKEY_LOCAL_MACHINE\System\controlset002\Services\AudioSrv]
"ImagePath"="c:\windows\TEMP\VRT3.tmp"

[HKEY_LOCAL_MACHINE\System\controlset002\Services\bdss]
"ImagePath"="c:\windows\TEMP\VRT3.tmp"

[HKEY_LOCAL_MACHINE\System\controlset002\Services\belkin wireless usb network adapter service]
"ImagePath"="c:\windows\TEMP\VRT3.tmp"

[HKEY_LOCAL_MACHINE\System\controlset002\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\TEMP\VRT3.tmp"

[HKEY_LOCAL_MACHINE\System\controlset002\Services\COMSysApp]
"ImagePath"="c:\windows\TEMP\VRT3.tmp"

[HKEY_LOCAL_MACHINE\System\controlset002\Services\CryptSvc]
"ImagePath"="c:\windows\TEMP\VRT3.tmp"

[HKEY_LOCAL_MACHINE\System\controlset002\Services\DcomLaunch]
"ImagePath"="c:\windows\TEMP\VRT3.tmp"

[HKEY_LOCAL_MACHINE\System\controlset002\Services\Dhcp]
"ImagePath"="c:\windows\TEMP\VRT3.tmp"

[HKEY_LOCAL_MACHINE\System\controlset002\Services\dmadmin]
"ImagePath"="c:\windows\TEMP\VRT3.tmp"

[HKEY_LOCAL_MACHINE\System\controlset002\Services\ehRecvr]
"ImagePath"="c:\windows\TEMP\VRT3.tmp"

[HKEY_LOCAL_MACHINE\System\controlset002\Services\ehSched]
"ImagePath"="c:\windows\TEMP\VRT3.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,08,38,92,63,3b,58,45,bf,e3,97,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,08,38,92,63,3b,58,45,bf,e3,97,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,07,fc,95,f4,76,
09,f3,fb,e2,63,26,f1,3f,c8,ff,68,b0,7b,36,e8,39,1d,dd,ef,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{51E29D5A-1E22-D148-B774-72C492C3BB23}\InProcServer32*]
"oabinfkccngncoaggcnjjpcamchgbg"=hex:6a,61,64,64,6d,6b,6c,62,63,6b,6a,63,6a,63,
61,65,68,6f,65,68,00,f9
"nabihcinbjpppbimdhehgpjiahdn"=hex:6a,61,64,64,6d,6b,6c,62,63,6b,6a,63,6a,63,
61,65,68,6f,65,68,00,f4

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,48,f7,a3,37,7b,
e4,c0,09,6a,9c,d6,61,af,45,84,18,7b,1d,6b,92,54,e4,61,f7,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,52,51,2d,94,9c,
35,ab,e9,ff,7c,85,e0,43,d4,0e,fe,ca,5c,78,11,b4,0c,ce,5e,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,94,eb,85,66,75,
83,20,0a,86,8c,21,01,be,91,eb,e7,ed,ce,b6,5a,2d,24,90,9f,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,f8,2a,b6,bb,fa,
0c,8e,25,f5,1d,4d,73,a8,13,5c,05,23,b2,d7,c3,5b,81,da,ab,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,2c,26,23,9c,da,
4d,a5,62,df,20,58,62,78,6b,cf,c8,79,d6,08,78,d3,34,85,83,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,c9,12,de,70,83,
df,18,a2,fb,a7,78,e6,12,2f,9a,ea,58,39,dd,12,8d,e3,c9,92,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,08,30,25,8c,8a,
fd,c4,1b,01,3a,48,fc,e8,04,4a,f1,76,a6,a4,72,0b,c7,e6,f7,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,b9,3a,dc,f3,c0,
d2,4e,0a,f6,0f,4e,58,98,5b,89,c9,ea,7a,31,7b,a7,6c,6f,37,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,57,79,2c,59,c8,
c0,4c,df,3d,ce,ea,26,2d,45,aa,78,6e,27,d6,8d,0e,cb,70,64,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,5f,fe,66,2a,91,
0d,52,d1,2a,b7,cc,b5,b9,7f,41,e7,2a,54,a4,5c,bf,92,78,f6,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,3f,7c,7f,fe,0c,
70,47,7c,6c,43,2d,1e,aa,22,2f,9c,24,82,29,04,0c,2c,8d,05,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\System32\extmgr32.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2009-02-10 18:09:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-10 17:09:14
ComboFix2.txt 2009-02-09 19:00:54

Avant-CF: 119 213 920 256 octets libres
Après-CF: 119,219,019,776 octets libres

667 --- E O F --- 2009-02-01 19:03:53
0
Réponse 15 / 15
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
12 févr. 2009 à 17:23
Triplon :
http://www.commentcamarche.net/forum/affich 10976659 barre de tache grise pas de son a par window?page=3#67
0

Discussions similaires

Discord se lance mais l'écran se reste gris et rien ne se passe
Azo23 -
MENTEUR -

38 réponses
Barre verticale droite sur clavier
k_lou -
Leuide -

41 réponses
Problème Facebook rencontre
Margalle -
Jpf -

17 réponses
Écran gris au démarrage
Cacahouette84 -
Lacacahouete -

6 réponses