Explorer.exe plante à la fermeture d dossiers
bapor
-
bapor -
bapor -
Bonjour,
Depuis environ 3 4 jours, explorer.exe plante et redemarre aussi tot lorsque je ferme mes dossiers. Je suis allé chercher sur les forums traitant de ce sujet, mais aucune solution ne s'est avérée bonne. Voici mon log combofix
ComboFix 08-06-16.5 - BaPoR 2008-06-19 20:24:16.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1084 [GMT 2:00]
Endroit: C:\Documents and Settings\BaPoR\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\down
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))))))))
.
2008-06-19 20:27 . 2008-06-19 20:27 <REP> d-------- C:\WINDOWS\system32\drivers\down
2008-06-17 16:12 . 2008-01-26 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-17 16:12 . 2008-01-26 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-17 16:12 . 2008-01-26 16:48 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-06-17 16:12 . 2008-01-26 17:45 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-17 16:12 . 2008-01-26 17:45 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-17 16:12 . 2008-01-26 16:52 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-06-17 16:12 . 2008-01-26 17:45 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-17 16:12 . 2008-06-17 16:12 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-17 13:30 . 2008-06-17 13:30 <REP> d-------- C:\Documents and Settings\BaPoR\Application Data\Grisoft
2008-06-17 13:30 . 2008-06-17 13:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-17 13:30 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-17 01:11 . 2008-06-17 01:14 <REP> d-------- C:\Program Files\Navilog1
2008-06-17 01:00 . 2008-06-17 01:00 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-06-17 00:51 . 2008-06-17 01:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-17 00:33 . 2008-06-17 00:33 <REP> d-------- C:\Program Files\Yahoo!
2008-06-15 19:37 . 2008-06-15 19:39 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-06-14 19:30 . 2008-06-19 20:26 10,216 --a------ C:\WINDOWS\system32\oodbs.lor
2008-06-14 16:15 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-06-14 16:15 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-06-11 12:17 . 2008-06-11 12:16 29,760 --a------ C:\WINDOWS\system32\PF26bX2p.exe
2008-06-09 21:33 . 2008-06-09 21:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Seagate
2008-06-09 21:27 . 2008-06-09 21:27 400,864 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2008-06-09 21:27 . 2008-06-09 21:27 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-06-09 21:27 . 2008-06-09 21:27 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-06-09 21:26 . 2008-06-09 21:26 <REP> d-------- C:\Program Files\Fichiers communs\Seagate
2008-06-09 21:16 . 2008-06-09 21:16 <REP> d-------- C:\Program Files\ULiRaid
2008-06-09 21:16 . 2005-07-04 14:21 52,480 --a------ C:\WINDOWS\system32\drivers\m5289.sys
2008-06-09 21:16 . 2005-07-15 15:09 29,696 --a------ C:\WINDOWS\system32\dev32.exe
2008-06-09 21:16 . 2005-12-28 03:32 9,621 --a------ C:\WINDOWS\system32\drivers\ulisata.cat
2008-06-09 20:12 . 2008-06-09 20:12 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-06-08 22:24 . 2008-06-14 16:13 <REP> d-------- C:\Program Files\Fichiers communs\BinarySense
2008-06-08 22:24 . 2008-06-08 22:24 <REP> d-------- C:\Documents and Settings\BaPoR\Application Data\BinarySense
2008-06-08 22:24 . 2008-06-19 20:27 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-06 13:26 . 2008-06-06 13:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 13:26 . 2008-06-06 13:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-05 17:21 . 2008-06-05 17:21 <REP> d-------- C:\Program Files\OpenAL
2008-06-05 17:21 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-06-05 15:17 . 2008-06-05 15:17 <REP> d-------- C:\Documents and Settings\BaPoR\Application Data\GARMIN
2008-06-05 15:16 . 2008-06-05 15:16 <REP> d-------- C:\Program Files\Garmin GPS Plugin
2008-06-05 15:16 . 2008-06-10 22:32 <REP> d-------- C:\Garmin
2008-05-21 01:50 . 2008-05-21 01:50 <REP> d-------- C:\WINDOWS\system32\Adobe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 14:34 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Free Download Manager
2008-06-15 15:23 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Azureus
2008-06-09 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-06 11:36 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-06 11:36 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-28 16:21 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Command & Conquer(tm) 3 La Fureur de Kane
2008-04-28 15:57 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-19 01:08 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Command & Conquer 3 Les guerres du Tiberium
2008-04-19 00:52 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Skype
2008-02-18 19:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-02-27 23:15 19,560 ----a-w C:\Documents and Settings\BaPoR\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2005-10-17 08:06 700416]
"SuperCopier2.exe"="G:\Logiciel\SuperCopier2\SuperCopier2.exe" [2005-03-14 01:37 1057280]
"MessengerPlus3"="G:\logiciel\MessengerPlus! 3\MsgPlus.exe" [2008-01-26 20:56 190024]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 20:24 7094272]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:07 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="D:\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 15:11 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 19:07 49152]
"CTHelper"="CTHELPER.EXE" [2006-05-24 06:20 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 06:20 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"MessengerPlus3"="G:\logiciel\MessengerPlus! 3\MsgPlus.exe" [2008-01-26 20:56 190024]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"CmUsbSound"="cmcnfgu.cpl" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"!AVG Anti-Spyware"="g:\logiciel\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSMHelp"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSMHelp"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^BaPoR^Menu Démarrer^Programmes^Démarrage^desktop.ini]
path=C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup
[HKLM\~\startupfolder\C:^Documents and Settings^BaPoR^Menu Démarrer^Programmes^Démarrage^Raccourci vers KeyLogger.lnk]
path=C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage\Raccourci vers KeyLogger.lnk
backup=C:\WINDOWS\pss\Raccourci vers KeyLogger.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^BaPoR^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
"DAEMON Tools"="G:\logiciel\DAEMON Tools\daemon.exe" -lang 1033
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe
"ULiRaid"=C:\Program Files\ULiRaid\ULiRaid.exe
"AcronisTimounterMonitor"=G:\logiciel\DiscWizard\TimounterMonitor.exe
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
"DiscWizardMonitor.exe"=G:\logiciel\DiscWizard\DiscWizardMonitor.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"G:\\Logiciel\\Xfire\\Xfire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"G:\\Logiciel\\Winamp\\winamp.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8377:TCP"= 8377:TCP:messenger
R0 JAHCI;JAHCI;C:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-05-12 15:12]
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2005-07-04 14:21]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 18:31]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:55]
R2 HDDlife HDD Access service;HDDlife HDD Access service;"C:\Program Files\Fichiers communs\BinarySense\hldasvc.exe" [2008-02-15 14:17]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-24 05:40]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 21:36]
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys [2004-09-03 03:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\MLLaunch.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\wd_windows_tools\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-18 22:32:01 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 07:00:01 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 08:00:01 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 09:00:01 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 10:00:01 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 11:00:01 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 12:00:01 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 13:00:01 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 14:00:01 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 15:00:05 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 16:00:05 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-18 23:00:01 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 17:00:05 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 18:00:05 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-18 19:00:05 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-18 20:00:06 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-18 21:00:01 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-18 22:16:00 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-18 23:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 00:00:00 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 01:00:00 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 02:00:00 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 00:00:01 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 03:00:00 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 04:00:00 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 05:00:00 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 06:00:00 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 07:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 08:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 09:00:00 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 10:00:00 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 11:00:00 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 12:00:00 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 01:00:01 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 13:00:00 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 14:00:00 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 15:00:00 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 16:00:00 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 17:00:00 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 18:00:00 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-18 19:00:00 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-18 20:01:19 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-18 21:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 02:00:01 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 03:00:01 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 04:00:01 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 05:00:01 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 06:00:01 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-13 15:15:34 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- G:\logiciel\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 20:27:25
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc22.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
G:\Logiciel\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\CTXFISPI.EXE
C:\WINDOWS\system32\rundll32.exe
G:\Logiciel\Logitech\SetPoint\SetPoint.exe
G:\Logiciel\WinBar\WinBar.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-19 20:28:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 18:28:26
Pre-Run: 10,422,796,288 octets libres
Post-Run: 10,431,631,360 octets libres
306
Et mon log Hijackthis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03, on 19/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
g:\logiciel\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\BinarySense\hldasvc.exe
C:\Program Files\Fichiers communs\BinarySense\hldasvc.exe
D:\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
G:\logiciel\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
G:\logiciel\AVG Anti-Spyware 7.5\avgas.exe
G:\Logiciel\SuperCopier2\SuperCopier2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
G:\Logiciel\Logitech\SetPoint\SetPoint.exe
G:\Logiciel\WinBar\WinBar.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
G:\Logiciel\teamspeak2_RC2\TeamSpeak.exe
G:\jeux\World of Warcraft\WoW.exe
C:\WINDOWS\explorer.exe
G:\Logiciel\Mozilla Firefox\firefox.exe
G:\Logiciel\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - G:\logiciel\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [VolPanel] "D:\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "G:\logiciel\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "g:\logiciel\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] G:\Logiciel\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "G:\logiciel\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: WinBar.lnk = G:\Logiciel\WinBar\WinBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Logiciel\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Logiciel\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\logiciel\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Fichiers communs\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - g:\logiciel\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Fichiers communs\BinarySense\hldasvc.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - G:\Logiciel\Vegas 7.0\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - G:\Logiciel\Vegas 7.0\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - G:\logiciel\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Depuis environ 3 4 jours, explorer.exe plante et redemarre aussi tot lorsque je ferme mes dossiers. Je suis allé chercher sur les forums traitant de ce sujet, mais aucune solution ne s'est avérée bonne. Voici mon log combofix
ComboFix 08-06-16.5 - BaPoR 2008-06-19 20:24:16.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1084 [GMT 2:00]
Endroit: C:\Documents and Settings\BaPoR\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\down
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))))))))
.
2008-06-19 20:27 . 2008-06-19 20:27 <REP> d-------- C:\WINDOWS\system32\drivers\down
2008-06-17 16:12 . 2008-01-26 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-17 16:12 . 2008-01-26 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-17 16:12 . 2008-01-26 16:48 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-06-17 16:12 . 2008-01-26 17:45 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-17 16:12 . 2008-01-26 17:45 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-17 16:12 . 2008-01-26 16:52 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-06-17 16:12 . 2008-01-26 17:45 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-17 16:12 . 2008-06-17 16:12 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-17 13:30 . 2008-06-17 13:30 <REP> d-------- C:\Documents and Settings\BaPoR\Application Data\Grisoft
2008-06-17 13:30 . 2008-06-17 13:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-17 13:30 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-17 01:11 . 2008-06-17 01:14 <REP> d-------- C:\Program Files\Navilog1
2008-06-17 01:00 . 2008-06-17 01:00 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-06-17 00:51 . 2008-06-17 01:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-17 00:33 . 2008-06-17 00:33 <REP> d-------- C:\Program Files\Yahoo!
2008-06-15 19:37 . 2008-06-15 19:39 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-06-14 19:30 . 2008-06-19 20:26 10,216 --a------ C:\WINDOWS\system32\oodbs.lor
2008-06-14 16:15 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-06-14 16:15 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-06-11 12:17 . 2008-06-11 12:16 29,760 --a------ C:\WINDOWS\system32\PF26bX2p.exe
2008-06-09 21:33 . 2008-06-09 21:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Seagate
2008-06-09 21:27 . 2008-06-09 21:27 400,864 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2008-06-09 21:27 . 2008-06-09 21:27 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-06-09 21:27 . 2008-06-09 21:27 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-06-09 21:26 . 2008-06-09 21:26 <REP> d-------- C:\Program Files\Fichiers communs\Seagate
2008-06-09 21:16 . 2008-06-09 21:16 <REP> d-------- C:\Program Files\ULiRaid
2008-06-09 21:16 . 2005-07-04 14:21 52,480 --a------ C:\WINDOWS\system32\drivers\m5289.sys
2008-06-09 21:16 . 2005-07-15 15:09 29,696 --a------ C:\WINDOWS\system32\dev32.exe
2008-06-09 21:16 . 2005-12-28 03:32 9,621 --a------ C:\WINDOWS\system32\drivers\ulisata.cat
2008-06-09 20:12 . 2008-06-09 20:12 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-06-08 22:24 . 2008-06-14 16:13 <REP> d-------- C:\Program Files\Fichiers communs\BinarySense
2008-06-08 22:24 . 2008-06-08 22:24 <REP> d-------- C:\Documents and Settings\BaPoR\Application Data\BinarySense
2008-06-08 22:24 . 2008-06-19 20:27 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-06 13:26 . 2008-06-06 13:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 13:26 . 2008-06-06 13:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-05 17:21 . 2008-06-05 17:21 <REP> d-------- C:\Program Files\OpenAL
2008-06-05 17:21 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-06-05 15:17 . 2008-06-05 15:17 <REP> d-------- C:\Documents and Settings\BaPoR\Application Data\GARMIN
2008-06-05 15:16 . 2008-06-05 15:16 <REP> d-------- C:\Program Files\Garmin GPS Plugin
2008-06-05 15:16 . 2008-06-10 22:32 <REP> d-------- C:\Garmin
2008-05-21 01:50 . 2008-05-21 01:50 <REP> d-------- C:\WINDOWS\system32\Adobe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 14:34 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Free Download Manager
2008-06-15 15:23 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Azureus
2008-06-09 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-06 11:36 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-06 11:36 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-28 16:21 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Command & Conquer(tm) 3 La Fureur de Kane
2008-04-28 15:57 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-19 01:08 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Command & Conquer 3 Les guerres du Tiberium
2008-04-19 00:52 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Skype
2008-02-18 19:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-02-27 23:15 19,560 ----a-w C:\Documents and Settings\BaPoR\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2005-10-17 08:06 700416]
"SuperCopier2.exe"="G:\Logiciel\SuperCopier2\SuperCopier2.exe" [2005-03-14 01:37 1057280]
"MessengerPlus3"="G:\logiciel\MessengerPlus! 3\MsgPlus.exe" [2008-01-26 20:56 190024]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 20:24 7094272]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:07 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="D:\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 15:11 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 19:07 49152]
"CTHelper"="CTHELPER.EXE" [2006-05-24 06:20 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 06:20 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"MessengerPlus3"="G:\logiciel\MessengerPlus! 3\MsgPlus.exe" [2008-01-26 20:56 190024]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"CmUsbSound"="cmcnfgu.cpl" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"!AVG Anti-Spyware"="g:\logiciel\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSMHelp"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSMHelp"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^BaPoR^Menu Démarrer^Programmes^Démarrage^desktop.ini]
path=C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup
[HKLM\~\startupfolder\C:^Documents and Settings^BaPoR^Menu Démarrer^Programmes^Démarrage^Raccourci vers KeyLogger.lnk]
path=C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage\Raccourci vers KeyLogger.lnk
backup=C:\WINDOWS\pss\Raccourci vers KeyLogger.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^BaPoR^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
"DAEMON Tools"="G:\logiciel\DAEMON Tools\daemon.exe" -lang 1033
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe
"ULiRaid"=C:\Program Files\ULiRaid\ULiRaid.exe
"AcronisTimounterMonitor"=G:\logiciel\DiscWizard\TimounterMonitor.exe
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
"DiscWizardMonitor.exe"=G:\logiciel\DiscWizard\DiscWizardMonitor.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"G:\\Logiciel\\Xfire\\Xfire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"G:\\Logiciel\\Winamp\\winamp.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8377:TCP"= 8377:TCP:messenger
R0 JAHCI;JAHCI;C:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-05-12 15:12]
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2005-07-04 14:21]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 18:31]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:55]
R2 HDDlife HDD Access service;HDDlife HDD Access service;"C:\Program Files\Fichiers communs\BinarySense\hldasvc.exe" [2008-02-15 14:17]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-24 05:40]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 21:36]
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys [2004-09-03 03:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\MLLaunch.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\wd_windows_tools\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-18 22:32:01 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 07:00:01 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 08:00:01 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 09:00:01 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 10:00:01 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 11:00:01 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 12:00:01 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 13:00:01 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 14:00:01 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 15:00:05 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 16:00:05 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-18 23:00:01 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 17:00:05 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 18:00:05 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-18 19:00:05 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-18 20:00:06 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-18 21:00:01 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-18 22:16:00 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-18 23:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 00:00:00 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 01:00:00 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 02:00:00 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 00:00:01 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 03:00:00 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 04:00:00 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 05:00:00 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 06:00:00 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 07:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 08:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 09:00:00 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 10:00:00 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 11:00:00 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 12:00:00 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 01:00:01 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 13:00:00 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 14:00:00 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 15:00:00 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 16:00:00 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 17:00:00 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 18:00:00 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-18 19:00:00 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-18 20:01:19 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-18 21:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 02:00:01 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 03:00:01 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 04:00:01 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 05:00:01 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 06:00:01 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-13 15:15:34 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- G:\logiciel\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 20:27:25
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc22.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
G:\Logiciel\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\CTXFISPI.EXE
C:\WINDOWS\system32\rundll32.exe
G:\Logiciel\Logitech\SetPoint\SetPoint.exe
G:\Logiciel\WinBar\WinBar.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-19 20:28:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 18:28:26
Pre-Run: 10,422,796,288 octets libres
Post-Run: 10,431,631,360 octets libres
306
Et mon log Hijackthis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03, on 19/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
g:\logiciel\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\BinarySense\hldasvc.exe
C:\Program Files\Fichiers communs\BinarySense\hldasvc.exe
D:\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
G:\logiciel\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
G:\logiciel\AVG Anti-Spyware 7.5\avgas.exe
G:\Logiciel\SuperCopier2\SuperCopier2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
G:\Logiciel\Logitech\SetPoint\SetPoint.exe
G:\Logiciel\WinBar\WinBar.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
G:\Logiciel\teamspeak2_RC2\TeamSpeak.exe
G:\jeux\World of Warcraft\WoW.exe
C:\WINDOWS\explorer.exe
G:\Logiciel\Mozilla Firefox\firefox.exe
G:\Logiciel\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - G:\logiciel\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [VolPanel] "D:\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "G:\logiciel\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "g:\logiciel\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] G:\Logiciel\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "G:\logiciel\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: WinBar.lnk = G:\Logiciel\WinBar\WinBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Logiciel\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Logiciel\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\logiciel\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Fichiers communs\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - g:\logiciel\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Fichiers communs\BinarySense\hldasvc.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - G:\Logiciel\Vegas 7.0\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - G:\Logiciel\Vegas 7.0\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - G:\logiciel\TuneUp Utilities 2006\WinStylerThemeSvc.exe
A voir également:
- Explorer.exe plante à la fermeture d dossiers
- Explorer.exe - Télécharger - Divers Utilitaires
- Plante - Guide
- "Pourquoi explorer.exe plante?" - Forum Windows
- Forcer la fermeture d'un programme - Guide
- Plusieurs processus "explorer.exe" ✓ - Forum Virus
15 réponses
Voici le log combofix avec le yJVQnJ56.exe ouvert.
ComboFix 08-06-16.5 - BaPoR 2008-06-19 22:37:32.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1014 [GMT 2:00]
Endroit: C:\Documents and Settings\BaPoR\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\down
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))))))))
.
2008-06-19 21:11 . 2008-06-19 21:11 35,842 --a------ C:\WINDOWS\system32\yJVQnJ56.exe
2008-06-17 16:12 . 2008-01-26 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-17 16:12 . 2008-01-26 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-17 16:12 . 2008-01-26 16:48 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-06-17 16:12 . 2008-01-26 17:45 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-17 16:12 . 2008-01-26 17:45 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-17 16:12 . 2008-01-26 16:52 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-06-17 16:12 . 2008-01-26 17:45 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-17 16:12 . 2008-06-17 16:12 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-17 13:30 . 2008-06-17 13:30 <REP> d-------- C:\Documents and Settings\BaPoR\Application Data\Grisoft
2008-06-17 13:30 . 2008-06-17 13:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-17 13:30 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-17 01:11 . 2008-06-17 01:14 <REP> d-------- C:\Program Files\Navilog1
2008-06-17 01:00 . 2008-06-17 01:00 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-06-17 00:51 . 2008-06-17 01:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-17 00:33 . 2008-06-17 00:33 <REP> d-------- C:\Program Files\Yahoo!
2008-06-15 19:37 . 2008-06-15 19:39 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-06-14 19:30 . 2008-06-19 22:40 11,493 --a------ C:\WINDOWS\system32\oodbs.lor
2008-06-14 16:15 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-06-14 16:15 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-06-11 12:17 . 2008-06-11 12:16 29,760 --a------ C:\WINDOWS\system32\PF26bX2p.exe
2008-06-09 21:33 . 2008-06-09 21:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Seagate
2008-06-09 21:27 . 2008-06-09 21:27 400,864 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2008-06-09 21:27 . 2008-06-09 21:27 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-06-09 21:27 . 2008-06-09 21:27 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-06-09 21:26 . 2008-06-09 21:26 <REP> d-------- C:\Program Files\Fichiers communs\Seagate
2008-06-09 21:16 . 2008-06-09 21:16 <REP> d-------- C:\Program Files\ULiRaid
2008-06-09 21:16 . 2005-07-04 14:21 52,480 --a------ C:\WINDOWS\system32\drivers\m5289.sys
2008-06-09 21:16 . 2005-07-15 15:09 29,696 --a------ C:\WINDOWS\system32\dev32.exe
2008-06-09 21:16 . 2005-12-28 03:32 9,621 --a------ C:\WINDOWS\system32\drivers\ulisata.cat
2008-06-09 20:12 . 2008-06-09 20:12 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-06-08 22:24 . 2008-06-14 16:13 <REP> d-------- C:\Program Files\Fichiers communs\BinarySense
2008-06-08 22:24 . 2008-06-08 22:24 <REP> d-------- C:\Documents and Settings\BaPoR\Application Data\BinarySense
2008-06-08 22:24 . 2008-06-19 20:27 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-06 13:26 . 2008-06-06 13:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 13:26 . 2008-06-06 13:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-05 17:21 . 2008-06-05 17:21 <REP> d-------- C:\Program Files\OpenAL
2008-06-05 17:21 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-06-05 15:17 . 2008-06-05 15:17 <REP> d-------- C:\Documents and Settings\BaPoR\Application Data\GARMIN
2008-06-05 15:16 . 2008-06-05 15:16 <REP> d-------- C:\Program Files\Garmin GPS Plugin
2008-06-05 15:16 . 2008-06-10 22:32 <REP> d-------- C:\Garmin
2008-05-21 01:50 . 2008-05-21 01:50 <REP> d-------- C:\WINDOWS\system32\Adobe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 14:34 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Free Download Manager
2008-06-15 15:23 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Azureus
2008-06-09 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-06 11:36 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-06 11:36 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-28 16:21 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Command & Conquer(tm) 3 La Fureur de Kane
2008-04-28 15:57 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-19 01:08 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Command & Conquer 3 Les guerres du Tiberium
2008-04-19 00:52 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Skype
2008-02-18 19:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-02-27 23:15 19,560 ----a-w C:\Documents and Settings\BaPoR\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-06-19_20.28.03.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-19 18:27:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-19 20:40:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-18 18:14:19 74,196 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-19 18:32:08 74,196 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-18 18:14:19 86,952 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-06-19 18:32:08 86,952 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-06-18 18:14:19 445,558 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-19 18:32:08 445,558 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-18 18:14:19 512,898 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-06-19 18:32:08 512,898 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2005-10-17 08:06 700416]
"SuperCopier2.exe"="G:\Logiciel\SuperCopier2\SuperCopier2.exe" [2005-03-14 01:37 1057280]
"MessengerPlus3"="G:\logiciel\MessengerPlus! 3\MsgPlus.exe" [2008-01-26 20:56 190024]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 20:24 7094272]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:07 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="D:\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 15:11 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 19:07 49152]
"CTHelper"="CTHELPER.EXE" [2006-05-24 06:20 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 06:20 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"MessengerPlus3"="G:\logiciel\MessengerPlus! 3\MsgPlus.exe" [2008-01-26 20:56 190024]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"CmUsbSound"="cmcnfgu.cpl" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"!AVG Anti-Spyware"="g:\logiciel\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSMHelp"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSMHelp"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^BaPoR^Menu Démarrer^Programmes^Démarrage^desktop.ini]
path=C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup
[HKLM\~\startupfolder\C:^Documents and Settings^BaPoR^Menu Démarrer^Programmes^Démarrage^Raccourci vers KeyLogger.lnk]
path=C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage\Raccourci vers KeyLogger.lnk
backup=C:\WINDOWS\pss\Raccourci vers KeyLogger.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^BaPoR^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
"DAEMON Tools"="G:\logiciel\DAEMON Tools\daemon.exe" -lang 1033
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe
"ULiRaid"=C:\Program Files\ULiRaid\ULiRaid.exe
"AcronisTimounterMonitor"=G:\logiciel\DiscWizard\TimounterMonitor.exe
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
"DiscWizardMonitor.exe"=G:\logiciel\DiscWizard\DiscWizardMonitor.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"G:\\Logiciel\\Xfire\\Xfire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"G:\\Logiciel\\Winamp\\winamp.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8377:TCP"= 8377:TCP:messenger
R0 JAHCI;JAHCI;C:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-05-12 15:12]
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2005-07-04 14:21]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 18:31]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:55]
R2 HDDlife HDD Access service;HDDlife HDD Access service;"C:\Program Files\Fichiers communs\BinarySense\hldasvc.exe" [2008-02-15 14:17]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-24 05:40]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 21:36]
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys [2004-09-03 03:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\MLLaunch.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\wd_windows_tools\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-18 22:32:01 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 07:00:01 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 08:00:01 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 09:00:01 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 10:00:01 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 11:00:01 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 12:00:01 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 13:00:01 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 14:00:01 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 15:00:05 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 16:00:05 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-18 23:00:01 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 17:00:05 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 18:00:05 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 19:00:05 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 20:00:05 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-18 21:00:01 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-18 22:16:00 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-18 23:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 00:00:00 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 01:00:00 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 02:00:00 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 00:00:01 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 03:00:00 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 04:00:00 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 05:00:00 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 06:00:00 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 07:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 08:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 09:00:00 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 10:00:00 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 11:00:00 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 12:00:00 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 01:00:01 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 13:00:00 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 14:00:00 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 15:00:00 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 16:00:00 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 17:00:00 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 18:00:00 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 19:00:00 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 20:00:15 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-18 21:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 02:00:01 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 03:00:01 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 04:00:01 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 05:00:01 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 06:00:01 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-13 15:15:34 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- G:\logiciel\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 22:40:39
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc22.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
G:\Logiciel\Logitech\SetPoint\SetPoint.exe
G:\Logiciel\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
G:\Logiciel\WinBar\WinBar.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-19 22:41:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 20:41:44
ComboFix2.txt 2008-06-19 18:28:31
Pre-Run: 10,460,450,816 octets libres
Post-Run: 10,480,168,960 octets libres
318
ComboFix 08-06-16.5 - BaPoR 2008-06-19 22:37:32.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1014 [GMT 2:00]
Endroit: C:\Documents and Settings\BaPoR\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\down
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))))))))
.
2008-06-19 21:11 . 2008-06-19 21:11 35,842 --a------ C:\WINDOWS\system32\yJVQnJ56.exe
2008-06-17 16:12 . 2008-01-26 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-17 16:12 . 2008-01-26 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-17 16:12 . 2008-01-26 16:48 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-06-17 16:12 . 2008-01-26 17:45 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-17 16:12 . 2008-01-26 17:45 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-17 16:12 . 2008-01-26 16:52 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-06-17 16:12 . 2008-01-26 17:45 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-17 16:12 . 2008-06-17 16:12 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-17 13:30 . 2008-06-17 13:30 <REP> d-------- C:\Documents and Settings\BaPoR\Application Data\Grisoft
2008-06-17 13:30 . 2008-06-17 13:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-17 13:30 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-17 01:11 . 2008-06-17 01:14 <REP> d-------- C:\Program Files\Navilog1
2008-06-17 01:00 . 2008-06-17 01:00 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-06-17 00:51 . 2008-06-17 01:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-17 00:33 . 2008-06-17 00:33 <REP> d-------- C:\Program Files\Yahoo!
2008-06-15 19:37 . 2008-06-15 19:39 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-06-14 19:30 . 2008-06-19 22:40 11,493 --a------ C:\WINDOWS\system32\oodbs.lor
2008-06-14 16:15 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-06-14 16:15 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-06-11 12:17 . 2008-06-11 12:16 29,760 --a------ C:\WINDOWS\system32\PF26bX2p.exe
2008-06-09 21:33 . 2008-06-09 21:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Seagate
2008-06-09 21:27 . 2008-06-09 21:27 400,864 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2008-06-09 21:27 . 2008-06-09 21:27 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-06-09 21:27 . 2008-06-09 21:27 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-06-09 21:26 . 2008-06-09 21:26 <REP> d-------- C:\Program Files\Fichiers communs\Seagate
2008-06-09 21:16 . 2008-06-09 21:16 <REP> d-------- C:\Program Files\ULiRaid
2008-06-09 21:16 . 2005-07-04 14:21 52,480 --a------ C:\WINDOWS\system32\drivers\m5289.sys
2008-06-09 21:16 . 2005-07-15 15:09 29,696 --a------ C:\WINDOWS\system32\dev32.exe
2008-06-09 21:16 . 2005-12-28 03:32 9,621 --a------ C:\WINDOWS\system32\drivers\ulisata.cat
2008-06-09 20:12 . 2008-06-09 20:12 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-06-08 22:24 . 2008-06-14 16:13 <REP> d-------- C:\Program Files\Fichiers communs\BinarySense
2008-06-08 22:24 . 2008-06-08 22:24 <REP> d-------- C:\Documents and Settings\BaPoR\Application Data\BinarySense
2008-06-08 22:24 . 2008-06-19 20:27 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-06 13:26 . 2008-06-06 13:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 13:26 . 2008-06-06 13:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-05 17:21 . 2008-06-05 17:21 <REP> d-------- C:\Program Files\OpenAL
2008-06-05 17:21 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-06-05 15:17 . 2008-06-05 15:17 <REP> d-------- C:\Documents and Settings\BaPoR\Application Data\GARMIN
2008-06-05 15:16 . 2008-06-05 15:16 <REP> d-------- C:\Program Files\Garmin GPS Plugin
2008-06-05 15:16 . 2008-06-10 22:32 <REP> d-------- C:\Garmin
2008-05-21 01:50 . 2008-05-21 01:50 <REP> d-------- C:\WINDOWS\system32\Adobe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 14:34 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Free Download Manager
2008-06-15 15:23 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Azureus
2008-06-09 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-06 11:36 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-06 11:36 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-28 16:21 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Command & Conquer(tm) 3 La Fureur de Kane
2008-04-28 15:57 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-19 01:08 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Command & Conquer 3 Les guerres du Tiberium
2008-04-19 00:52 --------- d-----w C:\Documents and Settings\BaPoR\Application Data\Skype
2008-02-18 19:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-02-27 23:15 19,560 ----a-w C:\Documents and Settings\BaPoR\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-06-19_20.28.03.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-19 18:27:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-19 20:40:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-18 18:14:19 74,196 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-19 18:32:08 74,196 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-18 18:14:19 86,952 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-06-19 18:32:08 86,952 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-06-18 18:14:19 445,558 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-19 18:32:08 445,558 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-18 18:14:19 512,898 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-06-19 18:32:08 512,898 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2005-10-17 08:06 700416]
"SuperCopier2.exe"="G:\Logiciel\SuperCopier2\SuperCopier2.exe" [2005-03-14 01:37 1057280]
"MessengerPlus3"="G:\logiciel\MessengerPlus! 3\MsgPlus.exe" [2008-01-26 20:56 190024]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 20:24 7094272]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:07 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="D:\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 15:11 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 19:07 49152]
"CTHelper"="CTHELPER.EXE" [2006-05-24 06:20 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 06:20 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"MessengerPlus3"="G:\logiciel\MessengerPlus! 3\MsgPlus.exe" [2008-01-26 20:56 190024]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"CmUsbSound"="cmcnfgu.cpl" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"!AVG Anti-Spyware"="g:\logiciel\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSMHelp"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSMHelp"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^BaPoR^Menu Démarrer^Programmes^Démarrage^desktop.ini]
path=C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup
[HKLM\~\startupfolder\C:^Documents and Settings^BaPoR^Menu Démarrer^Programmes^Démarrage^Raccourci vers KeyLogger.lnk]
path=C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage\Raccourci vers KeyLogger.lnk
backup=C:\WINDOWS\pss\Raccourci vers KeyLogger.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^BaPoR^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
"DAEMON Tools"="G:\logiciel\DAEMON Tools\daemon.exe" -lang 1033
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe
"ULiRaid"=C:\Program Files\ULiRaid\ULiRaid.exe
"AcronisTimounterMonitor"=G:\logiciel\DiscWizard\TimounterMonitor.exe
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
"DiscWizardMonitor.exe"=G:\logiciel\DiscWizard\DiscWizardMonitor.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"G:\\Logiciel\\Xfire\\Xfire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"G:\\Logiciel\\Winamp\\winamp.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8377:TCP"= 8377:TCP:messenger
R0 JAHCI;JAHCI;C:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-05-12 15:12]
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2005-07-04 14:21]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 18:31]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:55]
R2 HDDlife HDD Access service;HDDlife HDD Access service;"C:\Program Files\Fichiers communs\BinarySense\hldasvc.exe" [2008-02-15 14:17]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-24 05:40]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 21:36]
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys [2004-09-03 03:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\MLLaunch.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\wd_windows_tools\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-18 22:32:01 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 07:00:01 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 08:00:01 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 09:00:01 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 10:00:01 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 11:00:01 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 12:00:01 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 13:00:01 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 14:00:01 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 15:00:05 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 16:00:05 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-18 23:00:01 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 17:00:05 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 18:00:05 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 19:00:05 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 20:00:05 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-18 21:00:01 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-18 22:16:00 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-18 23:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 00:00:00 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 01:00:00 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 02:00:00 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 00:00:01 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 03:00:00 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 04:00:00 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 05:00:00 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 06:00:00 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 07:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 08:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 09:00:00 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 10:00:00 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 11:00:00 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 12:00:00 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 01:00:01 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 13:00:00 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 14:00:00 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 15:00:00 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 16:00:00 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 17:00:00 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 18:00:00 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 19:00:00 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 20:00:15 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-18 21:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\yJVQnJ56.exe
"2008-06-19 02:00:01 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 03:00:01 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 04:00:01 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 05:00:01 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-19 06:00:01 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\PF26bX2p.exe
"2008-06-13 15:15:34 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- G:\logiciel\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 22:40:39
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc22.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
G:\Logiciel\Logitech\SetPoint\SetPoint.exe
G:\Logiciel\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
G:\Logiciel\WinBar\WinBar.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-19 22:41:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 20:41:44
ComboFix2.txt 2008-06-19 18:28:31
Pre-Run: 10,460,450,816 octets libres
Post-Run: 10,480,168,960 octets libres
318
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
