Explorer.exe ne démarre plus

htc -
brandon9554296 - 25 févr. 2010 à 11:09

salut tout le monde

en fait explorer.exe ne démarre plus.
j pense que j'ai un virus

rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:59, on 16/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Pierre\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/nl-be?cobrand=compaq.msn.com&ocid=HPDHP&pc=CPDTDF&checklang=1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/nl-be?cobrand=compaq.msn.com&ocid=HPDHP&pc=CPDTDF&checklang=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/nl-be?cobrand=compaq.msn.com&ocid=HPDHP&pc=CPDTDF&checklang=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe "C:\Windows\winsy.exe"
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,"C:\Windows\winsy.exe",
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Users\Pierre\AppData\Local\Temp\nro.tmp\"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Policies\Explorer\Run: [configs] C:\Windows\winsy.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TipCtrl - Unknown owner - C:\Program Files\uTIPu\TipCtrl.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Afficher la suite

A voir également:

Explorer.exe ne démarre plus
Windows ne démarre pas - Guide
Explorer.exe - Télécharger - Divers Utilitaires
Mon pc démarre mais l'écran ne s'allume pas - Guide
Mon pc clignote et ne démarre pas ✓ - Forum PC portable
"Pourquoi explorer.exe plante?" - Forum Windows

7 réponses

Réponse 1 / 7

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

slt il faut éviter de répondre a tes messages au bout de quelques minutes ... car en général on regarde uniquement les messages sans réponse...
tu as eu de la chance ...

Télécharge et install UsbFix de C_XX & Chiquitine29

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisis l'option 1 ( Recherche )

# Laisse travailler l'outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

htc

est-ce qu'un cd aurait pu être infecté ? si oui, usbfix l'analysera-t-il ?
merci :D

htc > htc

Voilà le rapport de usbfix :

############################## [ UsbFix V3.021 # Scan ]

# User : Pierre (Administrateurs) # ELECTROPC
# Update on 16/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:44:09 | 16/05/2009

# AMD Athlon Dual-Core QL-60
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : ESET NOD32 Antivirus 3.0 3.0 [ (!) Disabled | Updated ]

# C:\ # Disque fixe local # 223,48 Go (149,6 Go free) # NTFS
# D:\ # Disque fixe local # 9,4 Go (1,7 Go free) [PRESARIO_RP] # NTFS
# E:\ # Disque CD-ROM # 694,95 Mo (0 Mo free) [SLAX] # CDFS

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Opera\opera.exe
C:\Windows\explorer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Opera 10 Preview\opera.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\Windows\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
HKCU_Main: "Start Page"="https://fr.search.yahoo.com/"
HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,\"C:\\Windows\\winsy.exe\","
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM_Run: QPService="C:\Program Files\HP\QuickPlay\QPService.exe"
HKLM_Run: Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM_Run: QlbCtrl.exe=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HKLM_Run: hpWirelessAssistant=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM_Run: egui="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
HKLM_Run: DU Meter=C:\Program Files\DU Meter\DUMeter.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ehTray.exe=C:\Windows\ehome\ehTray.exe
HKCU_Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=

################## [ Fichiers # Dossiers infectieux ]

Found ! C:\install.exe

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
Found ! HKLM\software\microsoft\security center\\ "UacDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

################## [ Registre # Mountpoints2 ]

################## [ ! Fin du rapport # UsbFix V3.021 ! ]

merci!

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040 > htc

oui un cd peut etre infecté comme tout support

et l'infection que tu as en fait parti

Réponse 2 / 7

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisis l'option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

_______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

htc

voici le rapport usbfix après nettoyage :

############################## [ UsbFix V3.021 # Cleaning ]

# User : Pierre (Administrateurs) # ELECTROPC
# Update on 16/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:52:08 | 16/05/2009

# AMD Athlon Dual-Core QL-60
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : ESET NOD32 Antivirus 3.0 3.0 [ Enabled | Updated ]

# C:\ # Disque fixe local # 223,48 Go (149,59 Go free) # NTFS
# D:\ # Disque fixe local # 9,4 Go (1,7 Go free) [PRESARIO_RP] # NTFS
# E:\ # Disque CD-ROM # 694,95 Mo (0 Mo free) [SLAX] # CDFS

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\PresentationSettings.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\explorer.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\install.exe

################## [ Registre # Clés Run infectieuses ]

Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
# HKLM\software\microsoft\security center\\ "UacDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !

################## [ Registre # Mountpoints2 ]

################## [ Listing des fichiers présent ]

[18/09/2006 23:43|--a------|24] - C:\autoexec.bat
[21/01/2008 04:24|-rahs----|333203] - C:\bootmgr
[18/09/2006 23:43|--a------|10] - C:\config.sys
[07/11/2007 09:00|--a------|17734] - C:\eula.1028.txt
[07/11/2007 09:00|--a------|17734] - C:\eula.1031.txt
[07/11/2007 09:00|--a------|10134] - C:\eula.1033.txt
[07/11/2007 09:00|--a------|17734] - C:\eula.1036.txt
[07/11/2007 09:00|--a------|17734] - C:\eula.1040.txt
[07/11/2007 09:00|--a------|118] - C:\eula.1041.txt
[07/11/2007 09:00|--a------|17734] - C:\eula.1042.txt
[07/11/2007 09:00|--a------|17734] - C:\eula.2052.txt
[07/11/2007 09:00|--a------|17734] - C:\eula.3082.txt
[22/02/2009 19:42|--a------|7800] - C:\fixnavi.txt
[07/11/2007 09:00|--a------|1110] - C:\globdata.ini
[07/11/2007 09:00|--a------|843] - C:\install.ini
[07/11/2007 09:03|--a------|76304] - C:\install.res.1028.dll
[07/11/2007 09:03|--a------|96272] - C:\install.res.1031.dll
[07/11/2007 09:03|--a------|91152] - C:\install.res.1033.dll
[07/11/2007 09:03|--a------|97296] - C:\install.res.1036.dll
[07/11/2007 09:03|--a------|95248] - C:\install.res.1040.dll
[07/11/2007 09:03|--a------|81424] - C:\install.res.1041.dll
[07/11/2007 09:03|--a------|79888] - C:\install.res.1042.dll
[07/11/2007 09:03|--a------|75792] - C:\install.res.2052.dll
[07/11/2007 09:03|--a------|96272] - C:\install.res.3082.dll
[01/01/2009 13:07|-rahs----|0] - C:\IO.SYS
[25/12/2008 18:59|--a------|69] - C:\ioVIO.ini
[22/02/2009 21:01|--a------|15559] - C:\lopR.txt
[21/03/2009 19:10|--a------|48582] - C:\MDL 2.0 Debug.txt
[01/01/2009 13:07|-rahs----|0] - C:\MSDOS.SYS
[?|?|?] - C:\pagefile.sys
[16/05/2009 21:53|--a------|4566] - C:\UsbFix.txt
[07/11/2007 09:00|--a------|5686] - C:\vcredist.bmp
[07/11/2007 09:09|--a------|1442522] - C:\VC_RED.cab
[07/11/2007 09:12|--a------|232960] - C:\VC_RED.MSI
[16/12/2008 17:58|---hs----|13] - D:\BLOCK.RIN
[04/10/2006 01:02|---hs----|438328] - D:\bootmgr
[26/03/2008 18:08|---hs----|1089] - D:\Desktop.ini
[10/09/2002 18:14|---hs----|8134] - D:\Folder.htt
[16/05/2009 21:50|--ahs----|143] - D:\MASTER.LOG
[29/01/2007 19:59|---hs----|109342] - D:\protect.chinese hong kong
[29/01/2007 19:59|---hs----|109360] - D:\protect.chinese simplified
[29/01/2007 19:59|---hs----|109342] - D:\protect.chinese traditional
[14/02/2007 20:30|---hs----|111653] - D:\protect.czech
[29/01/2007 19:55|---hs----|109124] - D:\protect.danish
[29/01/2007 19:57|---hs----|109049] - D:\protect.dutch
[29/01/2007 19:55|---hs----|109092] - D:\protect.ed
[29/01/2007 19:55|---hs----|109092] - D:\protect.english
[29/01/2007 19:56|---hs----|109092] - D:\protect.finnish
[29/01/2007 19:56|---hs----|109060] - D:\protect.french
[29/01/2007 19:55|---hs----|109094] - D:\protect.german
[14/02/2007 20:38|---hs----|112541] - D:\protect.greek
[14/02/2007 20:40|---hs----|112375] - D:\protect.hebrew
[28/08/2007 16:57|---hs----|111475] - D:\protect.hungarian
[29/01/2007 19:56|---hs----|108979] - D:\protect.italian
[29/01/2007 19:57|---hs----|109795] - D:\protect.japanese
[29/01/2007 19:57|---hs----|109487] - D:\protect.korean
[14/02/2007 20:44|---hs----|111402] - D:\protect.norwegian
[14/02/2007 20:45|---hs----|111585] - D:\protect.polish
[14/02/2007 20:46|---hs----|111448] - D:\protect.portuguese
[14/02/2007 20:46|---hs----|111697] - D:\protect.portuguese brazilian
[29/01/2007 19:58|---hs----|163804] - D:\protect.russian
[29/01/2007 19:55|---hs----|109016] - D:\protect.spanish
[14/02/2007 20:48|---hs----|111445] - D:\protect.swedish
[14/02/2007 20:49|---hs----|111598] - D:\protect.turkish

################## [ Vaccination ]

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.021 ! ]

merci !

Réponse 3 / 7

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

htc

RSIT plante

htc > htc

oups g rien dit .

voici log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pierre at 2009-05-16 22:02:49
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 155 GB (68%) free of 229 GB
Total RAM: 2814 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:18, on 16/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Opera 10 Preview\opera.exe
C:\Users\Pierre\Desktop\RSIT.exe
C:\Users\Pierre\Desktop\Pierre.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe "C:\Windows\winsy.exe"
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,"C:\Windows\winsy.exe",
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Users\Pierre\AppData\Local\Temp\nro.tmp\"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Policies\Explorer\Run: [configs] C:\Windows\winsy.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TipCtrl - Unknown owner - C:\Program Files\uTIPu\TipCtrl.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Réponse 4 / 7

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

htc

ok merci

htc > htc

voici le rapport combofix : (remarque : j'ai l'impression que mon pc est plus rapide ;)

ComboFix 09-05-16.03 - Pierre 16/05/2009 22:23.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.32.1036.18.2814.1871 [GMT 2:00]
Lancé depuis: c:\users\Pierre\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\emMON.exe
c:\windows\msnimport.exe
c:\windows\system32\Ijl11.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-16 au 2009-05-16 ))))))))))))))))))))))))))))))))))))
.

2009-05-16 20:02 . 2009-05-16 20:03 -------- d-----w C:\rsit
2009-05-16 19:42 . 2009-05-16 19:56 -------- d-----w C:\UsbFix
2009-05-16 18:42 . 2009-05-16 18:47 -------- d-----w C:\BT3
2009-05-16 18:17 . 2009-05-16 19:12 -------- d-----w c:\users\Pierre\AppData\Roaming\Nero
2009-05-16 17:33 . 2009-05-16 17:55 -------- d-----w c:\program files\Nero
2009-05-16 17:33 . 2009-05-16 17:46 -------- d-----w c:\programdata\Nero
2009-05-16 17:33 . 2009-05-16 17:46 -------- d-----w c:\users\All Users\Nero
2009-05-16 17:33 . 2009-05-14 21:14 532487 ----a-w c:\windows\winsy.exe
2009-05-16 17:33 . 2009-05-16 18:16 -------- d-----w c:\program files\Common Files\Nero
2009-05-16 17:32 . 2009-05-16 17:32 -------- d-----w c:\program files\Common Files\LightScribe
2009-05-16 16:37 . 2009-05-16 16:38 -------- d-----w c:\users\Pierre\AppData\Roaming\DeepBurner
2009-05-16 14:58 . 2009-05-16 18:10 -------- d-----w c:\program files\Astonsoft
2009-05-16 11:15 . 2009-05-16 11:15 604416 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-16 11:15 . 2009-04-27 12:21 28928 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-16 11:15 . 2009-04-27 12:21 17152 ----a-w c:\windows\system32\authuitu.dll
2009-05-16 11:15 . 2009-05-16 11:15 361216 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-02 17:51 . 2009-05-02 17:51 -------- d-----w c:\program files\Astase
2009-04-26 17:31 . 2009-04-26 17:31 -------- d-----w c:\programdata\ALM
2009-04-26 17:31 . 2009-04-26 17:31 -------- d-----w c:\users\All Users\ALM
2009-04-26 17:24 . 2009-04-26 17:24 -------- d-----w c:\program files\Adobe Media Player
2009-04-26 17:24 . 2009-04-26 17:24 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-24 20:24 . 2008-04-07 03:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-04-24 20:09 . 2009-04-24 20:09 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-19 17:51 . 2009-04-19 17:51 -------- d-----w c:\users\All Users\Google
2009-04-19 17:19 . 2009-05-08 18:18 -------- d-----w c:\program files\OllyDbg
2009-04-19 16:07 . 2009-04-19 16:07 -------- d-----w C:\StartLogos
2009-04-19 10:48 . 2009-05-16 11:14 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-19 10:48 . 2009-04-19 10:48 -------- d-sh--w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-19 10:48 . 2009-04-19 10:48 -------- d-sh--w c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-18 17:24 . 2009-04-18 17:24 -------- d-----w c:\program files\Xtremsplit

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 20:21 . 2008-06-07 12:01 656652 ----a-w c:\windows\system32\perfh013.dat
2009-05-16 20:21 . 2008-06-07 12:01 126264 ----a-w c:\windows\system32\perfc013.dat
2009-05-16 20:21 . 2008-06-07 11:53 669566 ----a-w c:\windows\system32\perfh00C.dat
2009-05-16 20:21 . 2008-06-07 11:53 123556 ----a-w c:\windows\system32\perfc00C.dat
2009-05-16 20:16 . 2008-07-18 19:21 42654 ----a-w c:\users\All Users\nvModes.dat
2009-05-16 20:16 . 2008-07-18 19:21 42654 ----a-w c:\programdata\nvModes.dat
2009-05-16 16:25 . 2009-02-25 20:47 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-16 16:25 . 2009-02-25 20:47 189784 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-16 11:09 . 2009-04-11 17:45 -------- d-----w c:\program files\Resource Tuner
2009-05-13 11:30 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-02 15:15 . 2009-03-02 11:02 113360 ---ha-w c:\windows\system32\mlfcache.dat
2009-04-29 08:51 . 2008-12-16 16:17 87768 ----a-w c:\users\Pierre\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-26 17:26 . 2008-12-16 16:00 -------- d-----w c:\program files\Common Files\Adobe
2009-04-23 20:17 . 2009-01-10 17:58 -------- d-----w c:\program files\Google
2009-04-23 19:17 . 2009-02-07 19:59 -------- d-----w c:\program files\Panda Security
2009-04-23 18:53 . 2009-03-08 12:14 -------- d-----w c:\program files\Uplink
2009-04-19 13:44 . 2009-04-12 18:58 -------- d-----w c:\program files\Yahoo!
2009-04-18 18:06 . 2009-02-25 20:47 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-18 18:04 . 2009-02-25 20:47 22328 ----a-w c:\users\Pierre\AppData\Roaming\PnkBstrK.sys
2009-04-18 18:04 . 2009-02-25 20:47 2246144 ----a-w c:\windows\system32\pbsvc.exe
2009-04-16 17:42 . 2009-03-29 17:50 -------- d-----w c:\program files\Acoustica Mixcraft 4
2009-04-16 10:11 . 2009-04-08 11:02 -------- d-----w c:\program files\TechnoLogismiki
2009-04-16 09:10 . 2008-12-19 10:18 308 ----a-w c:\users\Pierre\AppData\Roaming\wklnhst.dat
2009-04-15 15:24 . 2009-04-15 15:24 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-15 12:57 . 2009-01-16 17:39 -------- d-----w c:\program files\Empire Interactive
2009-04-14 18:12 . 2009-01-06 16:59 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-13 10:19 . 2009-04-12 16:28 -------- d-----w c:\program files\WinHex 10.2
2009-04-13 10:12 . 2009-04-12 16:28 -------- d-----w c:\program files\W32dasm 8.93
2009-04-12 10:52 . 2009-03-29 17:50 -------- d-----w c:\program files\VST
2009-04-12 08:23 . 2009-01-03 15:43 -------- d-----w c:\program files\GordianKnot
2009-04-11 17:43 . 2009-04-11 17:42 -------- d-----w c:\program files\eXeScope
2009-04-11 13:51 . 2008-12-20 16:58 -------- d-----w c:\program files\VDOWNLOADER
2009-04-11 13:46 . 2008-06-07 04:00 -------- d-----w c:\program files\Java
2009-04-09 09:54 . 2009-01-07 13:23 -------- d-----w c:\program files\Ahead
2009-04-07 08:08 . 2009-02-24 17:23 -------- d-----w c:\program files\Notepad++
2009-04-04 09:40 . 2009-02-22 17:39 -------- d-----w c:\program files\Navilog1
2009-03-29 18:10 . 2009-03-29 18:10 -------- d-----w c:\program files\Acoustica Shared Effects
2009-03-28 19:17 . 2009-03-28 19:17 -------- d-----w c:\program files\Intelore
2009-03-26 06:00 . 2009-03-26 06:00 64000 ----a-w c:\windows\system32\drivers\RTSTOR.sys
2009-03-21 20:38 . 2009-03-21 20:38 -------- d-----w c:\program files\Lavalys
2009-03-21 17:15 . 2009-03-21 17:15 -------- d-----w c:\program files\TeamViewer
2009-03-21 17:11 . 2008-12-31 10:42 -------- d-----w c:\program files\MessengerDiscovery
2009-03-21 17:01 . 2008-12-27 16:13 -------- d-----w c:\program files\uTIPu
2009-03-20 17:54 . 2009-03-20 17:53 -------- d-----w c:\program files\QuickTime
2009-03-20 17:43 . 2009-01-01 18:27 -------- d-----w c:\program files\Windows Live
2009-03-20 17:41 . 2009-02-08 12:26 -------- d-----w c:\program files\Microsoft
2009-03-20 17:41 . 2009-03-20 17:41 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-20 17:37 . 2009-03-20 17:37 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-20 17:37 . 2008-12-26 17:31 -------- d-----w c:\program files\Safari
2009-03-18 18:44 . 2009-03-05 18:33 -------- d-----w c:\program files\DU Meter
2009-03-17 03:38 . 2009-04-15 08:25 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 08:25 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 03:19 . 2008-12-21 14:32 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-04-01 10:58 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-01 10:58 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-01 10:58 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-01 10:58 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-01 10:58 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-01 10:58 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-01 10:58 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-01 10:58 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-01 10:58 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-01 10:58 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-01 10:59 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-01 10:58 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-01 10:58 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-01 10:58 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-01 10:58 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-01 10:59 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-01 10:58 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-01 10:58 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-05 14:49 . 2008-12-18 16:58 7592 ----a-w c:\users\Pierre\AppData\Local\d3d9caps.dat
2009-03-03 04:46 . 2009-04-15 08:25 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 08:25 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 08:25 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 08:25 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 08:25 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 08:25 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 08:25 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 08:25 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 08:25 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 08:25 17408 ----a-w c:\windows\system32\iashost.exe
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-01 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2004-08-25 1465856]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"configs"="c:\windows\winsy.exe" [2009-05-14 532487]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^Pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3583519051-1277534310-3896445694-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DF7CEF0F-6D93-4CBE-B68D-9B5DD376D2F2}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{1CB62DA7-0B38-4F22-91E6-CDA6C2D48271}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{5954EDED-234B-4ACE-AECE-205E0E288920}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{8CFB1C77-846E-42C2-8895-9E33BDB7D617}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3F8C35CE-EDDA-4DD2-BCEC-39DA1EE64D28}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0A55629D-4400-45F9-A916-D0E007AF5682}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{23D1FD6C-D563-4228-B488-41FD4A55CFB5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{37F93D14-AC5B-4205-9291-E53A660AF44B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{32FED043-AC0A-4EDF-99CC-15C232708594}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{875CFE4D-FCCF-4FE6-AF99-9A28E6A7FA6A}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{A21C6242-1836-45FD-B97F-EA28CEFA610E}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7F19DF7C-DA2A-488F-8549-E1445BD7FD01}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{727CD872-1A6F-4FB2-826D-097B62581CD3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{04224298-2A6D-4536-A51D-3042059B4D79}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3A9581EC-7992-4A58-8449-D64B75486F17}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7DF9CD83-971C-44DA-94B8-E57DCC7709FC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DFDC5277-144A-4E7F-93B0-20536552B382}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F860BA66-DAC5-4DF6-9C77-91BC7134E828}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0552593E-D7AA-4C02-B32D-EB849E9035B8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{150AF6FA-637D-45DC-A07A-F9D0EC3A2465}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{151E78E5-A4D2-49D5-9A2A-A36B50C802B3}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{62C2AB60-A78F-4535-8F50-C69F708D279C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{485C33D0-1A63-40F9-8FCC-83C7B5FD65D7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5866F77A-7CED-4B22-869B-4A365A14A235}c:\\program files\\empire interactive\\flatout 2\\flatout2.exe"= UDP:c:\program files\empire interactive\flatout 2\flatout2.exe:FlatOut2
"UDP Query User{D5045776-F253-4749-85C1-57D96430460D}c:\\program files\\empire interactive\\flatout 2\\flatout2.exe"= TCP:c:\program files\empire interactive\flatout 2\flatout2.exe:FlatOut2
"{D1080A10-C496-4FBE-BA2E-17F1237E9124}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A492491D-2D2A-4DBF-8D2D-73294AD65224}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B1FE8EFA-1F64-405D-AD79-88AE1F34B046}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{185D4814-1C4C-4F43-934D-974630AF4F01}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{93DEFEFD-1650-4377-B490-91C4CAB2AF4D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1264093D-BB23-4CA8-943A-B7FDA1FCFCDC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C5097003-3789-4BAF-BE14-78995AB9A64D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E3617C4C-B9CC-4906-92F9-AA0A20E8CF44}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{04667894-A443-4C83-8AAA-75ABFC6C4145}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BD74D654-6BD6-4BBE-896A-02B6403DBF28}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{013B5686-8394-4850-848A-90588FF3FC02}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{265EE1BF-184F-4672-A898-FC0D904CEBFB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{24D963EE-7A9E-4C5D-A3A4-5C97E90C2135}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FE6E39B1-778F-439B-8EB7-ED9D14111D63}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3721B453-C471-4DC1-A8F8-FCF91A6FEFD6}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{DAC20B3B-1B82-4934-A85F-6316BAABE5CD}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{BD8708D9-70D4-4287-BDC7-5E66DEC21F3F}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D8526369-0D0D-41A7-903C-02589790471E}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B566E805-A5C9-479D-B9A2-A66159BA813F}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1FF79F4F-1F6B-4B6A-9935-1CD2AF964926}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DEF14D5D-A2A4-4E46-AD5C-807619CCA3D1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{44054BE9-5802-4D1D-9095-B700B441A311}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F1F6A9F5-6B5A-43C2-89E6-EDC1908F7AD2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{C1FA9216-315B-48CD-8A45-7391662C5574}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2BB2072D-0AF3-4C04-A23C-4E7AF61BAF27}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B617049C-58BA-45D7-8139-4EC517A5046E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{519CF83D-4250-41BE-9FEB-55B5679D8147}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B2E87339-69D4-4031-9CDB-27C8F15D01D6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{091418E7-0431-43C9-A7A0-08CA369420FE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2F5857B0-D931-4A43-B1BD-F4F08093C81D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D7624F55-347C-459E-B113-E9775F4360C4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{550DFE15-BC49-4F24-A635-05357FD56ADE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{252A4064-1DF1-4CDF-ADCC-09AA89BB1939}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D5EF084D-F27E-49E3-ADF9-A039F14119D6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CAAC085E-A8F1-4EF6-937E-FBD43B05A0D4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C0C64D70-836D-4B58-AF7E-CEA5C3C39823}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F7F007F9-7F37-4679-9433-94EC626DBF06}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{772AD27C-E3B6-4743-9F18-76EF7DBD662D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{57086BAF-4819-4722-B7FE-C3AEB68449A5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7B642943-7582-4E34-92B5-EB8FD0D05D7A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2B10D559-ABD6-4CDF-8849-B92810E25B88}"= UDP:5353:Adobe CSI CS4
"{9874522B-2388-4DE2-970E-667E553E8372}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{ED14AE0E-A00D-4163-8182-3C1691EBAFB4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{612DAC9B-8F0C-4F83-9616-4B9D8FA59525}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{65E7C075-1699-4AE0-BCCF-0CF7F64721AC}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{30AEA1A4-E351-4395-A53D-1316BCF43A42}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9A130BAB-2D59-44A6-B9B4-95711C7646A0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{ADF4C90A-395A-4445-A378-C25ABD536C65}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8B12D4D4-131B-4CE5-B444-057D684D1691}"= c:\program files\Skype\Phone\Skype.exe:Skype

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [1/07/2008 10:04 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/07/2008 10:02 468224]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 4:23 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [7/06/2008 5:55 361808]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [27/02/2009 18:07 185640]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [16/05/2009 13:15 604416]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/06/2008 4:56 193840]
R3 dfmirage;dfmirage;c:\windows\System32\drivers\dfmirage.sys [26/03/2008 21:31 34128]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [3/05/2008 14:39 42528]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [23/12/2008 17:18 1527900]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [14/11/2007 21:40 34448]
S3 TipCtrl;TipCtrl;"c:\program files\uTIPu\TipCtrl.exe" --> c:\program files\uTIPu\TipCtrl.exe [?]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [23/12/2008 17:19 544768]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{GSM22XO8-8HF7-1B30-CK0C-HI7MM745RUC5}]
"c:\windows\winsy.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3583519051-1277534310-3896445694-1000.job
- c:\users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-20 17:38]

2009-05-16 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:42]

2009-05-16 c:\windows\Tasks\User_Feed_Synchronization-{9E7A4CC2-2B67-409B-B15A-2653626950C0}.job
- c:\windows\system32\msfeedssync.exe [2009-04-01 11:31]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uInternet Settings,ProxyServer = socks=
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\6dlu1bs2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://fr.search.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Pierre\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- PARAMETRES FIREFOX ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 22:28
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\TEMP\TMP00000058ED624F1B76D7F395 524288 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2009-05-16 22:30
ComboFix-quarantined-files.txt 2009-05-16 20:30

Avant-CF: 162.452.176.896 octets libres
Après-CF: 162.424.483.840 octets libres

329 --- E O F --- 2009-05-15 16:29

merci encore mille fois jlpjlp !!!!!!!!!!!

htc > htc

franchement g l'impresion que mon pc va mieux :)

htc > htc

c bon ce topic est résolu mais je n'ai pas le bouton pour l'afficher résolu. tant pis :D

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 7

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

analyse ce fichier sur virus total et colle le rapport: https://www.virustotal.com/gui/

c:\windows\winsy.exe

Réponse 6 / 7

htc

re up

Réponse 7 / 7

brandon9554296

flatout 2 il marche pas sur windows xp 95 ou je croi que jai pas la bonne cart graphique !!!!!!!! :(

Discussions similaires

plantage explorer.exe

Explorer.exe plante a chaque démarrage/redémarrage

Probleme avec explorer.exe

Explorer.exe trèèèès gourmand

explorer.exe plante systematiquement

Explorer.exe ne démarre plus

7 réponses

Votre réponse

Discussions similaires

Newsletters