Libellules.ch - forum d'informatique • entrée manquante au démarrage et pbm explorateur windows : Désinfections et demandes d'analyse

par **noumaios** » 24 Fév 2008 16:04

j'ai lancé le scan.
il ne se fait pas.
j'ai une fenêtre qui s'affiche : run time error 52 bad file name or number
puis ensuite 3 ou 4 fois la fenêtre suivante : run time error 75 path/file access error

par **Falkra** » 24 Fév 2008 16:06

Désactive l'UAC-User Account Control -contrôle des comptes utilisateurs (surtout, bien penser à le réactiver après la désinfection).

* Démarrer > Panneau de Configuration
* Double clique sur l'icône Comptes d'utilisateurs
* Clique ensuite sur Désactiver et valide.

Ensuite relance le scan.

par **noumaios** » 24 Fév 2008 18:06

j'ai fait le scan.
je suis bloqué à l'étape envoyer le fichier :upload............
il me dit que le fichier est invalide
diaghelp est bloqué : j'ai le message "appuyer sur une touche pour continuer" mais ça ne marche pas.

par contre voici le résultat :

DiagHelp version v1.4 - http://www.malekal.com
excute le 2008-02-24 à 16:13:28.73

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\Windows\prefetch\DLLHOST.EXE-71214090.pf -->2008-02-24 16:13:28
C:\Windows\prefetch\CHCP.COM-950EAF32.pf -->2008-02-24 16:13:27
C:\Windows\prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf -->2008-02-24 16:13:08
C:\Windows\prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf -->2008-02-24 16:13:05
C:\Windows\prefetch\AOLTBSERVER.EXE-2F1E4D28.pf -->2008-02-24 16:12:51
C:\Windows\prefetch\IEXPLORE.EXE-1B894AFB.pf -->2008-02-24 16:12:46
C:\Windows\prefetch\PRESENTATIONFONTCACHE.EXE-42767AE9.pf -->2008-02-24 16:12:36
C:\Windows\prefetch\NTOSBOOT-B00DFAAD.pf -->2008-02-24 16:12:36
C:\Windows\prefetch\MOBSYNC.EXE-D8BC6ED2.pf -->2008-02-24 16:12:36
C:\Windows\prefetch\HPQTOASTER.EXE-3B718527.pf -->2008-02-24 16:12:36

C:\Windows\System32\drivers\SYMEVENT.SYS -->2008-02-22 18:55:30
C:\Windows\System32\drivers\SYMEVENT.INF -->2008-02-22 18:55:30
C:\Windows\System32\drivers\SYMEVENT.CAT -->2008-02-22 18:55:30
C:\Windows\System32\drivers\Pcouffin.sys -->2008-02-17 09:21:41
C:\Windows\System32\drivers\wmiacpi.sys -->2008-02-16 17:35:28
C:\Windows\System32\drivers\compbatt.sys -->2008-02-16 17:35:28
C:\Windows\System32\drivers\acpi.sys -->2008-02-16 17:35:28

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -->2008-02-24 16:11:00
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -->2008-02-24 16:11:00
C:\Windows\System32\PerfStringBackup.INI -->2008-02-23 12:56:26
C:\Windows\System32\perfh00C.dat -->2008-02-23 12:56:26
C:\Windows\System32\perfh009.dat -->2008-02-23 12:56:26
C:\Windows\System32\perfc00C.dat -->2008-02-23 12:56:26
C:\Windows\System32\perfc009.dat -->2008-02-23 12:56:26
C:\Windows\System32\jupdate-1.5.0_11-b03.log -->2008-02-17 10:24:07
C:\Windows\System32\FNTCACHE.DAT -->2008-02-16 18:09:38
C:\Windows\System32\PhotoScreensaver.scr -->2008-02-16 17:35:30
C:\Windows\System32\wtsapi32.dll -->2008-02-16 17:35:28
C:\Windows\System32\win32k.sys -->2008-02-16 17:35:28
C:\Windows\System32\timedate.cpl -->2008-02-16 17:35:26
C:\Windows\System32\sysmain.dll -->2008-02-16 17:35:26
C:\Windows\System32\wlansvc.dll -->2008-02-16 17:35:24
C:\Windows\System32\wlansec.dll -->2008-02-16 17:35:24
C:\Windows\System32\wlanmsm.dll -->2008-02-16 17:35:24
C:\Windows\System32\wlanhlp.dll -->2008-02-16 17:35:24
C:\Windows\System32\wlanapi.dll -->2008-02-16 17:35:24
C:\Windows\System32\wlan.tmf -->2008-02-16 17:35:24
C:\Windows\System32\WebClnt.dll -->2008-02-16 17:35:00
C:\Windows\System32\wpd_ci.dll -->2008-02-16 17:33:21
C:\Windows\System32\umpnpmgr.dll -->2008-02-16 17:33:20
C:\Windows\System32\drvinst.exe -->2008-02-16 17:33:20
C:\Windows\System32\dpx.dll -->2008-02-16 17:33:20

C:\Windows\bootstat.dat -->2008-02-24 16:10:54
C:\Windows\WindowsUpdate.log -->2008-02-24 16:09:44
C:\Windows\system.ini -->2008-02-23 16:06:13
C:\Windows\PFRO.log -->2008-02-23 16:04:59
C:\Windows\setupact.log -->2008-02-23 12:53:25
C:\Windows\setuperr.log -->2008-02-23 12:53:24
C:\Windows\CDE DX7400DEFGIPS.ini -->2008-02-16 18:38:25
C:\Windows\explorer.exe -->2008-02-16 17:35:27
C:\Windows\CSUP.txt -->2007-11-21 07:11:17
C:\Windows\WindowsShell.Manifest -->2007-11-21 07:08:33
C:\Windows\UNNeroMediaHome.exe -->2007-06-27 19:05:02
C:\Windows\UNNeroVision.exe -->2007-06-26 14:12:02
C:\Windows\UNRecode.exe -->2007-04-23 16:42:50
C:\Windows\UNNeroBackItUp.exe -->2007-03-20 21:22:04
C:\Windows\UNNeroShowTime.exe -->2007-02-28 16:41:02

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1704
Command line: C:\Windows\Explorer.EXE

Base Size Version Path
0x009f0000 0x2cd000 6.00.6000.16549 C:\Windows\Explorer.EXE
0x76f60000 0x11e000 6.00.6000.16386 C:\Windows\system32\ntdll.dll
0x75ae0000 0xd8000 6.00.6000.16386 C:\Windows\system32\kernel32.dll
0x75a20000 0xbf000 6.00.6000.16386 C:\Windows\system32\ADVAPI32.dll
0x76bf0000 0xc3000 6.00.6000.16525 C:\Windows\system32\RPCRT4.dll
0x76d50000 0x4b000 6.00.6000.16386 C:\Windows\system32\GDI32.dll
0x769d0000 0x9e000 6.00.6000.16438 C:\Windows\system32\USER32.dll
0x76b40000 0xaa000 7.00.6000.16386 C:\Windows\system32\msvcrt.dll
0x76820000 0x55000 6.00.6000.16386 C:\Windows\system32\SHLWAPI.dll
0x75bc0000 0xace000 6.00.6000.16513 C:\Windows\system32\SHELL32.dll
0x76880000 0x144000 6.00.6000.16386 C:\Windows\system32\ole32.dll
0x76ed0000 0x8c000 6.00.6000.16609 C:\Windows\system32\OLEAUT32.dll
0x72f10000 0x107000 6.00.6000.16386 C:\Windows\system32\SHDOCVW.dll
0x748c0000 0x3f000 6.00.6000.16386 C:\Windows\system32\UxTheme.dll
0x74b70000 0x1a000 6.00.6000.16386 C:\Windows\system32\POWRPROF.dll
0x73020000 0xc000 6.00.6000.20640 C:\Windows\system32\dwmapi.dll
0x74070000 0x1aa000 5.02.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll
0x75160000 0x39000 6.00.6000.16509 C:\Windows\system32\slc.dll
0x73d70000 0xb7000 6.00.6000.16386 C:\Windows\system32\PROPSYS.dll
0x72c40000 0x145000 6.00.6000.16386 C:\Windows\system32\BROWSEUI.dll
0x77090000 0x1e000 6.00.6000.16386 C:\Windows\system32\IMM32.dll
0x75820000 0xc7000 6.00.6000.16386 C:\Windows\system32\MSCTF.dll
0x74890000 0x30000 6.00.6000.16386 C:\Windows\system32\DUser.dll
0x77080000 0x9000 6.00.6000.16386 C:\Windows\system32\LPK.DLL
0x77120000 0x7d000 1.626.6000.16386 C:\Windows\system32\USP10.dll
0x745c0000 0x194000 6.10.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
0x73620000 0xb2000 6.00.6000.16493 C:\Windows\system32\WindowsCodecs.dll
0x72c20000 0x6000 6.00.6000.16386 C:\Windows\system32\IconCodecService.dll
0x756b0000 0x14000 6.00.6000.16386 C:\Windows\system32\Secur32.dll
0x76cc0000 0x84000 2001.12.6930.16386 C:\Windows\system32\CLBCatQ.DLL
0x74c40000 0x38000 6.00.6000.16386 C:\Windows\system32\rsaenh.dll
0x72520000 0xb2000 6.00.6000.16549 C:\Windows\system32\timedate.cpl
0x73ed0000 0x14000 3.05.2284.0000 C:\Windows\system32\ATL.DLL
0x75520000 0x6a000 6.00.6000.16386 C:\Windows\system32\NETAPI32.dll
0x75780000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
0x73f90000 0x38000 4.02.5406.0000 C:\Windows\system32\OLEACC.dll
0x72360000 0x53000 6.00.6000.16386 C:\Windows\system32\actxprxy.dll
0x756d0000 0x1e000 6.00.6000.16386 C:\Windows\system32\USERENV.dll
0x723c0000 0x2b000 6.00.6000.16386 C:\Windows\system32\msutb.dll
0x10000000 0x1b000 1.00.0000.0010 C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
0x725e0000 0x9b000 8.00.50727.0762 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll
0x74d00000 0xd7000 6.00.6000.16386 C:\Windows\system32\WINBRAND.dll
0x73f30000 0x16000 6.00.6000.16386 C:\Windows\System32\shacct.dll
0x75300000 0x11000 6.00.6000.16386 C:\Windows\System32\SAMLIB.dll
0x75650000 0x2c000 6.00.6000.16386 C:\Windows\system32\apphelp.dll
0x71f60000 0x3c000 6.00.6000.16404 C:\Windows\System32\msshsq.dll
0x71dc0000 0xc5000 6.00.6000.16386 C:\Windows\System32\NaturalLanguage6.dll
0x751a0000 0xf1000 6.00.6000.16425 C:\Windows\System32\CRYPT32.dll
0x752e0000 0x12000 6.00.6000.16386 C:\Windows\System32\MSASN1.dll
0x743d0000 0x1e7000 6.00.6000.16513 C:\Windows\system32\authui.dll
0x74b60000 0x5000 6.00.6000.16386 C:\Windows\system32\MSIMG32.dll
0x72bc0000 0x9000 6.00.6000.16386 C:\Windows\system32\LINKINFO.dll
0x76da0000 0x127000 7.00.6000.16609 C:\Windows\system32\urlmon.dll
0x770d0000 0x45000 7.00.6000.16386 C:\Windows\system32\iertutil.dll
0x712d0000 0x5cd000 7.00.6000.16609 C:\Windows\system32\ieframe.dll
0x73fd0000 0x33000 6.00.6000.16386 C:\Windows\system32\WINMM.dll
0x73f00000 0x30000 6.00.6000.16386 C:\Windows\system32\wdmaud.drv
0x73f80000 0x4000 6.00.6000.16386 C:\Windows\system32\ksuser.dll
0x74a90000 0x7000 6.00.6000.16386 C:\Windows\system32\AVRT.dll
0x74860000 0x27000 6.00.6000.16386 C:\Windows\system32\MMDevAPI.DLL
0x74b90000 0x21000 6.00.6000.16386 C:\Windows\system32\NTMARTA.DLL
0x75920000 0x49000 6.00.6000.16386 C:\Windows\system32\WLDAP32.dll
0x758f0000 0x2d000 6.00.6000.16386 C:\Windows\system32\WS2_32.dll
0x770c0000 0x6000 6.00.6000.16386 C:\Windows\system32\NSI.dll
0x76690000 0x189000 6.00.6000.16609 C:\Windows\system32\SETUPAPI.dll
0x71eb0000 0x4a000 6.00.6000.16386 C:\Windows\system32\ntshrui.dll
0x749c0000 0x2d000 6.00.6000.16386 C:\Windows\system32\WINTRUST.dll
0x75970000 0x29000 6.00.6000.16470 C:\Windows\system32\imagehlp.dll
0x72280000 0xa000 6.00.6000.16386 C:\Windows\system32\cscapi.dll
0x72270000 0x9000 6.00.6000.16386 C:\Windows\system32\ExplorerFrame.dll
0x76a70000 0xcf000 7.00.6000.16609 C:\Windows\system32\WININET.dll
0x770b0000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll
0x73d10000 0x21000 6.00.6000.16386 C:\Windows\System32\audioses.dll
0x73720000 0x66000 6.00.6000.16386 C:\Windows\System32\audioeng.dll
0x74800000 0x9000 6.00.6000.16386 C:\Windows\system32\msacm32.drv
0x747e0000 0x15000 6.00.6000.16386 C:\Windows\system32\MSACM32.dll
0x74780000 0x7000 6.00.6000.16386 C:\Windows\system32\midimap.dll
0x73510000 0x7000 4.00.6000.16386 C:\Windows\system32\msiltcfg.dll
0x74f20000 0x8000 6.00.6000.16386 C:\Windows\system32\VERSION.dll
0x71fa0000 0x204000 4.00.6000.16386 C:\Windows\system32\msi.dll
0x718a0000 0x30000 6.00.6000.16386 C:\Windows\system32\MLANG.dll
0x710d0000 0x92000 6.00.6000.16386 C:\Windows\system32\stobject.dll
0x70cf0000 0xb6000 6.00.6000.16386 C:\Windows\system32\BatMeter.dll
0x74a80000 0x9000 6.00.6000.16553 C:\Windows\system32\WTSAPI32.dll
0x74bf0000 0x24000 6.00.6000.16386 C:\Windows\system32\WINSTA.dll
0x73b40000 0x45000 2001.12.6930.16386 C:\Windows\system32\es.dll
0x71250000 0x30000 6.00.6000.16386 C:\Windows\System32\SndVolSSO.dll
0x71220000 0x21000 6.00.6000.16386 C:\Windows\ehome\ehSSO.dll
0x73d60000 0x9000 6.00.6000.16386 C:\Windows\system32\HID.DLL
0x6fb80000 0x30b000 6.00.6000.16386 C:\Windows\System32\netshell.dll
0x750f0000 0x19000 6.00.6000.16386 C:\Windows\System32\IPHLPAPI.DLL
0x750b0000 0x35000 6.00.6000.16512 C:\Windows\System32\dhcpcsvc.DLL
0x75320000 0x2b000 6.00.6000.16386 C:\Windows\System32\DNSAPI.dll
0x750a0000 0x7000 6.00.6000.16386 C:\Windows\System32\WINNSI.DLL
0x75070000 0x20000 6.00.6000.16512 C:\Windows\System32\dhcpcsvc6.DLL
0x73ef0000 0xf000 6.00.6000.16386 C:\Windows\System32\nlaapi.dll
0x74aa0000 0x63000 6.00.6000.16501 C:\Windows\system32\FirewallAPI.dll
0x708d0000 0x1bf000 6.00.6000.16386 C:\Windows\system32\pnidui.dll
0x71290000 0x17000 6.00.6000.16386 C:\Windows\system32\QUtil.dll
0x75110000 0x3e000 6.00.6000.16386 C:\Windows\system32\wevtapi.dll
0x730c0000 0x6000 6.00.6000.16386 C:\Windows\system32\wlanutil.dll
0x708a0000 0x27000 6.00.6000.16386 C:\Windows\system32\FunDisc.dll
0x712c0000 0x9000 6.00.6000.16386 C:\Windows\system32\fdproxy.dll
0x70640000 0x126000 8.90.1101.0000 C:\Windows\System32\msxml3.dll
0x74830000 0x22000 1.01.1002.0000 C:\Windows\system32\xmllite.dll
0x6f660000 0x8000 6.00.6000.16386 C:\Windows\System32\npmproxy.dll
0x6dcd0000 0x28c000 6.00.6000.16386 C:\Windows\System32\NLSData000c.dll
0x6d0d0000 0x5f4000 6.00.6000.16386 C:\Windows\System32\NLSLexicons000c.dll
0x73f50000 0xe000 6.00.6000.20670 C:\Windows\system32\Wlanapi.dll
0x73550000 0x2d000 6.00.6000.16386 C:\Windows\system32\OneX.DLL
0x73540000 0xd000 6.00.6000.16386 C:\Windows\system32\eappprxy.dll
0x731e0000 0x28000 6.00.6000.16386 C:\Windows\system32\eappcfg.dll
0x74fd0000 0x44000 6.00.6000.16386 C:\Windows\system32\bcrypt.dll
0x70300000 0xd000 6.00.6000.16386 C:\Windows\System32\AltTab.dll
0x6ff70000 0x23000 6.00.6000.16386 C:\Windows\system32\wpdshserviceobj.dll
0x71f00000 0x5f000 6.00.6000.16386 C:\Windows\system32\WINHTTP.dll
0x6fea0000 0x40000 6.00.6000.16386 C:\Windows\System32\srchadmin.dll
0x6e230000 0x3c000 7.00.6000.16386 C:\Windows\system32\webcheck.dll
0x6d890000 0x21c000 6.00.6000.16386 C:\Windows\System32\SyncCenter.dll
0x6fee0000 0x39000 6.00.6000.16386 C:\Windows\system32\wscntfy.dll
0x70310000 0xb000 6.00.6000.16386 C:\Windows\system32\WSCAPI.dll
0x702d0000 0xb000 6.00.6000.16386 C:\Windows\system32\mssprxy.dll
0x6e130000 0xf9000 6.00.6000.16386 C:\Windows\system32\bthprops.cpl
0x6dc70000 0x51000 6.00.6000.16386 C:\Windows\system32\imapi2.dll
0x70fe0000 0x2c000 6.00.6000.16386 C:\Windows\System32\QAgent.dll
0x719f0000 0x8a000 6.00.6000.16386 C:\Windows\System32\fwpuclnt.dll
0x6e0b0000 0x2b000 6.00.6000.16386 C:\Windows\system32\PortableDeviceTypes.dll
0x6eff0000 0x46000 6.00.6000.16386 C:\Windows\system32\PortableDeviceApi.dll
0x75590000 0x5f000 6.00.6000.16386 C:\Windows\system32\SXS.DLL
0x752a0000 0x14000 6.00.6000.16386 C:\Windows\system32\MPR.dll
0x6cc00000 0x60000 6.00.6000.16386 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
0x039f0000 0x10000 8.00.0000.0456 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x092d0000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x759a0000 0x74000 6.00.6000.16386 C:\Windows\system32\comdlg32.dll
0x72500000 0x7000 6.00.6000.16386 C:\Windows\system32\wsock32.dll
0x6ed20000 0xdd000 6.00.6000.16386 C:\Windows\system32\wer.dll
0x71980000 0x6000 6.00.6000.16386 C:\Windows\system32\SensApi.dll
0x71b40000 0x26000 6.00.6000.16386 C:\Windows\system32\faultrep.dll
0x6ce90000 0x18000 6.00.6000.16386 C:\Windows\system32\olepro32.dll
0x735d0000 0xa000 7.00.6000.16609 C:\Windows\system32\jsproxy.dll
0x72680000 0x87000 8.00.50727.0762 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCP80.dll
0x6b160000 0x98000 107.00.0000.0102 c:\Program Files\Common Files\Symantec Shared\ccL70U.dll
0x6d7c0000 0x79000 6.00.0020.0006 C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Java\jre1.6.0_02\bin\MSVCR71.dll
0x70ed0000 0x12000 6.00.6000.16386 C:\Windows\system32\thumbcache.dll
0x6ace0000 0x223000 6.00.6000.16386 C:\Windows\system32\NetworkExplorer.dll
0x749a0000 0x14000 6.00.6000.16386 C:\Windows\system32\Cabinet.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 752
Command line: winlogon.exe

Base Size Version Path
0x003b0000 0x4e000 6.00.6000.16386 C:\Windows\system32\winlogon.exe
0x76f60000 0x11e000 6.00.6000.16386 C:\Windows\system32\ntdll.dll
0x75ae0000 0xd8000 6.00.6000.16386 C:\Windows\system32\kernel32.dll
0x75a20000 0xbf000 6.00.6000.16386 C:\Windows\system32\ADVAPI32.dll
0x76bf0000 0xc3000 6.00.6000.16525 C:\Windows\system32\RPCRT4.dll
0x769d0000 0x9e000 6.00.6000.16438 C:\Windows\system32\USER32.dll
0x76d50000 0x4b000 6.00.6000.16386 C:\Windows\system32\GDI32.dll
0x76b40000 0xaa000 7.00.6000.16386 C:\Windows\system32\msvcrt.dll
0x756b0000 0x14000 6.00.6000.16386 C:\Windows\system32\Secur32.dll
0x74bf0000 0x24000 6.00.6000.16386 C:\Windows\system32\WINSTA.dll
0x75780000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
0x756d0000 0x1e000 6.00.6000.16386 C:\Windows\system32\USERENV.dll
0x77090000 0x1e000 6.00.6000.16386 C:\Windows\system32\IMM32.DLL
0x75820000 0xc7000 6.00.6000.16386 C:\Windows\system32\MSCTF.dll
0x77080000 0x9000 6.00.6000.16386 C:\Windows\system32\LPK.DLL
0x77120000 0x7d000 1.626.6000.16386 C:\Windows\system32\USP10.dll
0x75650000 0x2c000 6.00.6000.16386 C:\Windows\system32\apphelp.dll
0x74b90000 0x21000 6.00.6000.16386 C:\Windows\system32\NTMARTA.DLL
0x75920000 0x49000 6.00.6000.16386 C:\Windows\system32\WLDAP32.dll
0x758f0000 0x2d000 6.00.6000.16386 C:\Windows\system32\WS2_32.dll
0x770c0000 0x6000 6.00.6000.16386 C:\Windows\system32\NSI.dll
0x75300000 0x11000 6.00.6000.16386 C:\Windows\system32\SAMLIB.dll
0x76880000 0x144000 6.00.6000.16386 C:\Windows\system32\ole32.dll
0x736e0000 0x3e000 6.00.6000.16386 C:\Windows\system32\SHSVCS.dll
0x748c0000 0x3f000 6.00.6000.16386 C:\Windows\system32\uxtheme.dll
0x74c40000 0x38000 6.00.6000.16386 C:\Windows\system32\rsaenh.dll
0x73620000 0xb2000 6.00.6000.16493 C:\Windows\system32\WindowsCodecs.dll
0x75520000 0x6a000 6.00.6000.16386 C:\Windows\system32\NETAPI32.dll
0x75160000 0x39000 6.00.6000.16509 C:\Windows\system32\slc.dll
0x752a0000 0x14000 6.00.6000.16386 C:\Windows\system32\MPR.dll

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 0CA1-69CF

Répertoire de C:\Windows\system32

2006-11-02 10:45 7,680 csrss.exe
1 fichier(s) 7,680 octets
0 Rép(s) 81,888,661,504 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 0CA1-69CF

Répertoire de C:\Windows\Downloaded Program Files

2008-02-16 18:52 <REP> .
2008-02-16 18:52 <REP> ..
2007-01-24 02:41 841,304 ampAx3.0.84.2.dll
2006-09-18 22:26 65 desktop.ini
2002-07-25 17:13 24,576 dwusplay.dll
2002-07-25 17:13 196,608 dwusplay.exe
2007-11-21 07:10 2,681 install.log
2002-07-25 17:05 172,032 isusweb.dll
2007-11-21 07:10 38,428 unagiuninst.exe
7 fichier(s) 1,275,694 octets

Total des fichiers listés :
7 fichier(s) 1,275,694 octets
2 Rép(s) 81,888,661,504 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]

exports des policies
REGEDIT4

[System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000000
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000

[System\UIPI]

[System\UIPI\Clipboard]

[System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 http://www.activexupdate.com
127.0.0.1 activexupdate.com
127.0.0.1 http://www.avpcheckupdate.com
127.0.0.1 avpcheckupdate.com
127.0.0.1 client.exeupdate.com
127.0.0.1 http://www.eupdatepage.com
127.0.0.1 eupdatepage.com
127.0.0.1 http://www.exeupdate.com
127.0.0.1 exeupdate.com
127.0.0.1 hotwinupdates.com
127.0.0.1 http://www.hotwinupdates.com
127.0.0.1 http://www.lavasoftupdate.com
127.0.0.1 lavasoftupdate.com
127.0.0.1 http://www.malwarewipeupdate.com
127.0.0.1 malwarewipeupdate.com
127.0.0.1 http://www.msupdate.net
127.0.0.1 msupdate.net
127.0.0.1 http://www.msupdater.net
127.0.0.1 msupdater.net
127.0.0.1 necessaryupdates.com
127.0.0.1 http://www.necessaryupdates.com
127.0.0.1 newupdates.lzio.com
127.0.0.1 redirect.msupdate.net
127.0.0.1 search.keyword.exeupdate.com
127.0.0.1 http://www.securityupdatesite.com
127.0.0.1 securityupdatesite.com
127.0.0.1 settings.updatemysettings.com
127.0.0.1 http://www.spyaxeupdate.com
127.0.0.1 spyaxeupdate.com
127.0.0.1 http://www.spyfalconupdate.com
127.0.0.1 spyfalconupdate.com
127.0.0.1 http://www.systemupdates.net
127.0.0.1 systemupdates.net
127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 update.680180.net
127.0.0.1 http://www.updatemysettings.com
127.0.0.1 updatemysettings.com
127.0.0.1 updates.spywarequake.com
127.0.0.1 http://www.urgentsystemupdate.biz
127.0.0.1 urgentsystemupdate.biz
127.0.0.1 http://www.urgentsystemupdate.com
127.0.0.1 urgentsystemupdate.com
127.0.0.1 windupdates.com
127.0.0.1 http://www.pandaantivirus-2007.com
127.0.0.1 pandaantivirus-2007.com
127.0.0.1 http://www.pandadownload-now.com
127.0.0.1 pandadownload-now.com
127.0.0.1 http://www.panda-hq.com
127.0.0.1 panda-hq.com
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 16:13:47
Windows 6.0.6000 NTFS

scanning hidden services & system hive ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)

Sorry, this version supports only Win2K/XP

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)

Sorry, this version supports only Win2K/XP

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 0CA1-69CF

Répertoire de C:\Program Files

2008-02-24 15:21 <REP> .
2008-02-24 15:21 <REP> ..
2008-02-16 18:47 <REP> ABBYY FineReader 6.0 Sprint
2007-11-21 07:48 <REP> Activation Assistant for the 2007 Microsoft Office suites
2008-02-22 19:18 <REP> Adobe
2007-11-21 07:11 <REP> AIM6
2008-02-16 16:51 <REP> AOL
2008-01-14 23:54 <REP> Apoint2K
2008-01-14 23:52 <REP> Atheros
2008-02-23 10:34 <REP> Azureus
2008-02-18 18:24 <REP> CCleaner
2008-02-23 10:34 <REP> Common Files
2008-01-14 23:59 <REP> CONEXANT
2008-01-15 00:11 <REP> CyberLink
2008-02-16 22:46 <REP> DVD Shrink
2008-02-16 16:49 <REP> Electronic Arts
2008-02-16 19:32 <REP> eMule
2008-02-16 18:49 <REP> epson
2008-01-15 00:07 <REP> Hewlett-Packard
2008-01-15 00:05 <REP> Hp
2008-01-15 00:14 <REP> HP Games
2008-01-15 00:07 <REP> HPQ
2008-01-14 23:57 <REP> Intel
2008-02-16 18:07 <REP> Internet Explorer
2008-02-17 10:24 <REP> Java
2008-02-16 22:16 <REP> K-Lite Codec Pack
2006-11-02 13:37 <REP> Microsoft Games
2007-11-21 07:46 <REP> Microsoft Office
2007-11-21 07:47 <REP> Microsoft Works
2007-11-21 07:46 <REP> Microsoft.NET
2007-11-21 14:44 <REP> Movie Maker
2006-11-02 13:37 <REP> MSBuild
2006-11-02 13:37 <REP> MSN
2008-02-16 17:25 <REP> MSXML 4.0
2007-11-21 07:34 <REP> muvee Technologies
2008-02-17 21:25 <REP> Nero
2008-01-14 23:56 <REP> NetWaiting
2008-02-22 19:06 <REP> Norton Internet Security
2008-02-17 09:16 <REP> Online Services
2008-01-14 23:54 <REP> Realtek
2006-11-02 13:37 <REP> Reference Assemblies
2008-02-24 15:21 <REP> Spybot - Search & Destroy
2008-02-22 18:55 <REP> Symantec
2008-02-23 11:18 <REP> Trend Micro
2008-02-16 22:26 <REP> VideoLAN
2007-11-21 07:11 <REP> Viewpoint
2008-02-17 09:20 <REP> VSO
2007-11-21 07:04 <REP> Windows Calendar
2007-11-21 14:44 <REP> Windows Collaboration
2007-11-21 07:04 <REP> Windows Defender
2007-11-21 14:44 <REP> Windows Journal
2008-02-16 18:07 <REP> Windows Mail
2008-02-16 18:07 <REP> Windows Media Player
2008-02-16 16:37 <REP> Windows NT
2007-11-21 14:44 <REP> Windows Photo Gallery
2008-02-16 18:07 <REP> Windows Sidebar
2008-02-16 21:06 <REP> WinRAR
2008-02-18 18:24 <REP> Yahoo!
0 fichier(s) 0 octets
58 Rép(s) 81,882,931,200 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 0CA1-69CF

Répertoire de C:\Program Files\fichiers communs

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 0CA1-69CF

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

2007-11-21 07:46 <REP> .
2007-11-21 07:46 <REP> ..
2007-11-21 07:44 <REP> 1036
2006-10-26 20:12 40,256 MSOSV.DLL
1 fichier(s) 40,256 octets
3 Rép(s) 81,882,931,200 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 0CA1-69CF

Répertoire de C:\Program Files\common files

2008-02-23 10:34 <REP> .
2008-02-23 10:34 <REP> ..
2008-02-22 19:18 <REP> Adobe
2008-02-17 21:27 <REP> Ahead
2007-11-21 07:10 <REP> AOL
2007-11-21 07:46 <REP> DESIGNER
2008-02-16 18:52 <REP> InstallShield
2007-11-21 08:13 <REP> Java
2007-11-21 07:47 <REP> microsoft shared
2007-11-21 07:34 <REP> muvee Technologies
2006-11-02 12:18 <REP> Services
2006-11-02 12:18 <REP> SpeechEngines
2008-02-22 19:06 <REP> Symantec Shared
2007-11-21 07:04 <REP> System
0 fichier(s) 0 octets
14 Rép(s) 81,882,931,200 octets libres

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_PC-de-david.tar.gz a l'adresse http://upload.malekal.com

par **Falkra** » 24 Fév 2008 18:10

Il semble qu'il y ait d'autres saletés désinfectables sans script. On essaie sans d'abord.

Garde l'UAC désactivée.

* Télécharge SmitFraudFix de S!Ri sur le bureau.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
* Double-clique sur smitfraudfix.exe
* Choisis l'option 1 pour créer un rapport des fichiers responsables de l'infection.
* Poste le rapport sur le forum dans ta prochaine réponse.

Si process.exe est détecté par ton antivirus ou un autre logiciel, n'en tiens pas compte (choisis d'ignorer) et ne bloque pas le fichier, il sert à terminer des processus, d'où l'alerte émise par ces antivirus qui y voient un danger potentiel. (doc).

par **noumaios** » 24 Fév 2008 18:45

SmitFraudFix v2.294

Scan done at 18:43:54.48, 2008-02-24
Run from C:\Users\david\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Windows\system32\conime.exe
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 http://www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\david

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\david\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\david\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Atheros AR5007 802.11b/g WiFi Adapter
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{10587C54-5EDC-41B7-8D1B-3E75EDF8A2C4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{10587C54-5EDC-41B7-8D1B-3E75EDF8A2C4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{10587C54-5EDC-41B7-8D1B-3E75EDF8A2C4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

par **Falkra** » 24 Fév 2008 18:46

Il faudra réparer ton fichier hosts.

Il ne le voit pas, je te prépare un script dans la soirée.

par **noumaios** » 25 Fév 2008 21:58

bonjour,

Je voulais installer "dropmyrignhts" (tutorial malekal) et
- à l'étape :
"Nous devons ensuite enregistrer le programme au sain du système, pour cela :
Ouvrez le menu Démarrer puis Exécuter
Tapez : regsvr32 C:\DropMyRights\PrivBar.dll
Cliquez sur OK.
Un message doit vous signaler que l'opération a réussi, cliquez sur OK."
=> ça ne marche pas pour moi : j'ai le message :
le module C:\DropMyRights\PrivBar.dll a été chargé mais l'appel à Dllregisterserver a échoué avec le code erreur 0x80070005
pour plus d'informationsur ce problème faites une recherche en ligne avec le code erreur.....

par aileurs, j'ai essayé la création du raccourci et impossible de créer un raccourci sur le bureau

est-ce que c'est lié à notre problème ?

par **Falkra** » 25 Fév 2008 22:09

Attends, il faudra le faire mais après avoir réglé les infections.
Voici un nouveau script :

CFScript.txt

RootKit::
C:\Windows\System32\sysmain.dll
C:\Users\david\AppData\Local\Temp\tusro.dll
C:\Users\david\AppData\Local\Temp\xxyvt.dll
C:\Users\david\AppData\Local\Temp\mcmtfyvv.dll
C:\Users\david\AppData\Local\Temp\eouioalq.dll

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
"cmds"=-
"MS Juan"=-
"0ca16960"=-

DirLook::
c:\users\david\appdata\local\temp\

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

par **noumaios** » 25 Fév 2008 22:34

ComboFix 08-02-23.2 - david 2008-02-25 22:22:26.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.896 [GMT 1:00]
Endroit: C:\Users\david\Desktop\ComboFix.exe
Command switches used :: C:\Users\david\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\david\AppData\Local\Temp\eouioalq.dll
C:\Users\david\AppData\Local\Temp\mcmtfyvv.dll
C:\Users\david\AppData\Local\Temp\tusro.dll
C:\Users\david\AppData\Local\Temp\xxyvt.dll
C:\Windows\System32\sysmain.dll . . . . Echec de suppression
.
---- Previous Run -------
.
c:\ users\david\appdata\local\temp\mcmtfyvv.dll
C:\Users\david\AppData\Local\Temp\eouioalq.dll
C:\Users\david\AppData\Local\Temp\tusro.dll
C:\Users\david\AppData\Local\Temp\xxyvt.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\poof

((((((((((((((((((((((((((((( Fichiers créés 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))))))))
.

2008-02-24 18:43 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-02-24 18:43 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-02-24 18:43 . 2008-02-22 18:44 86,016 --a------ C:\Windows\System32\VACFix.exe
2008-02-24 18:43 . 2008-02-08 10:37 82,432 --a------ C:\Windows\System32\IEDFix.exe
2008-02-24 18:43 . 2003-06-05 20:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-02-24 18:43 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-02-24 18:43 . 2007-10-03 23:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-02-24 18:43 . 2008-02-24 18:43 5,114 --a------ C:\Windows\System32\tmp.reg
2008-02-24 16:14 . 2008-02-24 16:14 4,099,064 --a------ C:\upload_moi_PC-de-david.tar.gz
2008-02-24 15:35 . 2008-02-24 15:37 <REP> d-------- C:\DropMyRights
2008-02-24 15:21 . 2008-02-24 15:25 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-24 15:21 . 2008-02-24 15:25 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-24 15:21 . 2008-02-24 15:21 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-23 16:34 . 2008-02-23 16:34 <REP> d-------- C:\VundoFix Backups
2008-02-23 11:18 . 2008-02-23 11:18 <REP> d-------- C:\Program Files\Trend Micro
2008-02-22 19:18 . 2008-02-22 19:18 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-02-22 06:12 . 2008-02-22 06:12 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-02-22 06:12 . 2008-02-22 06:12 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-02-20 05:35 . 2008-02-20 05:35 <REP> d-------- C:\Users\david\AppData\Roaming\Media Player Classic
2008-02-18 18:24 . 2008-02-18 18:24 <REP> d-------- C:\Program Files\Yahoo!
2008-02-18 18:24 . 2008-02-18 18:24 <REP> d-------- C:\Program Files\CCleaner
2008-02-17 21:28 . 2008-02-19 06:17 <REP> d-------- C:\Users\david\AppData\Roaming\Ahead
2008-02-17 21:27 . 2008-02-17 21:27 <REP> d-------- C:\Users\All Users\Ahead
2008-02-17 21:27 . 2008-02-17 21:27 <REP> d-------- C:\ProgramData\Ahead
2008-02-17 21:25 . 2008-02-17 21:25 <REP> d-------- C:\Users\All Users\Nero
2008-02-17 21:25 . 2008-02-17 21:25 <REP> d-------- C:\ProgramData\Nero
2008-02-17 21:25 . 2008-02-17 21:25 <REP> d-------- C:\Program Files\Nero
2008-02-17 21:25 . 2008-02-17 21:27 <REP> d-------- C:\Program Files\Common Files\Ahead
2008-02-17 09:21 . 2008-02-17 09:21 39,264 --a------ C:\Windows\System32\drivers\Pcouffin.sys
2008-02-17 09:20 . 2008-02-17 09:20 <REP> d-------- C:\Program Files\VSO
2008-02-16 22:46 . 2008-02-16 22:46 <REP> d-------- C:\Users\All Users\DVD Shrink
2008-02-16 22:46 . 2008-02-16 22:46 <REP> d-------- C:\ProgramData\DVD Shrink
2008-02-16 22:46 . 2008-02-16 22:46 <REP> d-------- C:\Program Files\DVD Shrink
2008-02-16 22:26 . 2008-02-16 22:26 <REP> d-------- C:\Users\david\AppData\Roaming\vlc
2008-02-16 22:26 . 2008-02-16 22:26 <REP> d-------- C:\Program Files\VideoLAN
2008-02-16 22:16 . 2008-02-16 22:16 <REP> d-------- C:\Users\All Users\Real
2008-02-16 22:16 . 2008-02-16 22:16 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-16 19:33 . 2008-02-16 19:33 <REP> d-------- C:\Users\All Users\eMule
2008-02-16 19:33 . 2008-02-16 19:33 <REP> d-------- C:\ProgramData\eMule
2008-02-16 19:32 . 2008-02-16 19:32 <REP> d-------- C:\Program Files\eMule
2008-02-16 19:19 . 2008-02-17 11:31 <REP> d-------- C:\Users\david\AppData\Roaming\Azureus
2008-02-16 19:19 . 2008-02-16 19:19 <REP> d-------- C:\Users\All Users\Azureus
2008-02-16 19:19 . 2008-02-16 19:19 <REP> d-------- C:\ProgramData\Azureus
2008-02-16 19:16 . 2008-02-23 10:34 <REP> d-------- C:\Program Files\Azureus
2008-02-16 18:50 . 2008-02-16 18:50 <REP> d-------- C:\Users\All Users\UDL
2008-02-16 18:50 . 2008-02-16 18:50 <REP> d-------- C:\ProgramData\UDL
2008-02-16 18:47 . 2008-02-16 18:47 <REP> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-02-16 18:45 . 2008-02-16 18:45 <REP> d-------- C:\Users\david\AppData\Roaming\InstallShield
2008-02-16 18:45 . 2006-10-20 00:10 501,912 --a------ C:\Windows\System32\PICSDK2.dll
2008-02-16 18:44 . 2008-02-16 18:44 <REP> d-------- C:\Users\All Users\EPSON
2008-02-16 18:44 . 2008-02-16 18:44 <REP> d-------- C:\ProgramData\EPSON
2008-02-16 18:40 . 2006-12-08 03:04 76,800 --a------ C:\Windows\System32\E_FLBCDE.DLL
2008-02-16 18:40 . 2006-04-19 03:00 62,976 --a------ C:\Windows\System32\E_FD4BCDE.DLL
2008-02-16 18:40 . 2004-09-10 21:12 49,152 --a------ C:\Windows\System32\E_DCINST.DLL
2008-02-16 18:38 . 2008-02-16 18:49 <REP> d-------- C:\Program Files\epson
2008-02-16 18:38 . 2007-03-27 00:00 67,072 --a------ C:\Windows\System32\escwiad.dll
2008-02-16 18:38 . 2008-02-16 18:38 25 --a------ C:\Windows\CDE DX7400DEFGIPS.ini
2008-02-16 17:33 . 2008-02-16 17:33 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-02-16 17:29 . 2008-02-16 17:29 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-16 17:29 . 2008-02-16 17:29 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-16 17:29 . 2008-02-16 17:29 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-02-16 17:29 . 2008-02-16 17:29 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-02-16 17:29 . 2008-02-16 17:29 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-02-16 17:29 . 2008-02-16 17:29 2,048 --a------ C:\Windows\System32\asferror.dll
2008-02-16 17:28 . 2008-02-16 17:28 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-02-16 17:28 . 2008-02-16 17:28 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-02-16 17:28 . 2008-02-16 17:28 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-02-16 17:27 . 2008-02-16 17:27 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-02-16 17:27 . 2008-02-16 17:27 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-02-16 17:27 . 2008-02-16 17:27 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-02-16 17:27 . 2008-02-16 17:27 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-02-16 17:26 . 2008-02-16 17:26 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-02-16 17:25 . 2008-02-16 17:25 <REP> d-------- C:\Program Files\MSXML 4.0
2008-02-16 17:25 . 2008-02-16 17:25 2,048 --a------ C:\Windows\System32\tzres.dll
2008-02-16 17:21 . 2008-02-16 17:21 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-16 17:08 . 2008-02-16 17:08 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-02-16 17:08 . 2008-02-16 17:08 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-02-16 17:08 . 2008-02-16 17:08 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-02-16 17:08 . 2008-02-16 17:08 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-02-16 17:08 . 2008-02-16 17:08 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-02-16 17:08 . 2008-02-16 17:08 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-02-16 17:08 . 2008-02-16 17:08 43,352 --a------ C:\Windows\System32\wups2.dll
2008-02-16 17:08 . 2008-02-16 17:08 33,624 --a------ C:\Windows\System32\wups.dll
2008-02-16 17:08 . 2008-02-16 17:08 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-02-16 17:01 . 2008-02-16 17:01 <REP> dr------- C:\Users\david\Searches
2008-02-16 17:01 . 2008-02-16 17:01 <REP> d-------- C:\Users\david\AppData\Roaming\Symantec
2008-02-16 17:00 . 2008-02-16 17:00 <REP> dr------- C:\Users\david\Contacts
2008-02-16 17:00 . 2008-02-16 17:00 81 --a------ C:\Windows\System32\LOG
2008-02-16 17:00 . 2008-02-16 17:00 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-02-16 16:51 . 2008-02-16 17:02 <REP> d-------- C:\Users\david\AppData\Roaming\Hewlett-Packard
2008-02-16 16:49 . 2008-02-16 16:49 <REP> d-------- C:\Users\All Users\Electronic Arts
2008-02-16 16:49 . 2008-02-16 16:49 <REP> d-------- C:\ProgramData\Electronic Arts
2008-02-16 16:44 . 2008-02-16 16:49 <REP> d-------- C:\Program Files\Electronic Arts
2008-02-16 16:42 . 2008-02-16 16:42 0 -rahs---- C:\Windows\System32\drivers\103C_HP_cNB_Presario A900 Notebook PC_Y5335KV_0U_QCND8030GMJ_E460271-051_4A_I30ED_SHP_V83.1E_F.22_T071214_WV3-0_L40C_M2038_J160_7Intel_86FD_91.67_#071121_N10EC8139;168C001C_(KM058EA#ABF)_XMOBILE_CN10_Z_2F.22.MRK
2008-02-16 16:41 . 2008-02-16 17:01 <REP> dr------- C:\Users\david\Videos
2008-02-16 16:41 . 2008-02-23 12:00 <REP> dr------- C:\Users\david\Saved Games
2008-02-16 16:41 . 2008-02-16 21:40 <REP> dr------- C:\Users\david\Pictures
2008-02-16 16:41 . 2008-02-16 17:01 <REP> dr------- C:\Users\david\Music
2008-02-16 16:41 . 2008-02-16 17:01 <REP> dr------- C:\Users\david\Links
2008-02-16 16:41 . 2008-02-23 11:01 <REP> dr------- C:\Users\david\Downloads

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 18:19 --------- d-----w C:\ProgramData\Symantec
2008-02-22 18:06 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-22 18:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-22 17:55 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-02-22 17:55 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-02-22 17:55 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-02-22 17:55 --------- d-----w C:\Program Files\Symantec
2008-02-17 09:24 --------- d-----w C:\Program Files\Java
2008-02-16 17:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 17:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-16 17:07 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-16 17:07 --------- d-----w C:\Program Files\Windows Mail
2008-02-16 16:35 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-02-16 16:35 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-02-16 16:35 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-02-16 16:35 2,923,520 ----a-w C:\Windows\explorer.exe
2008-02-16 16:35 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-02-16 16:35 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-16 16:35 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2008-02-16 16:33 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-16 16:33 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-16 16:33 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-16 16:33 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-16 16:33 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-16 16:33 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-16 16:33 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-16 16:33 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-16 16:30 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-16 16:30 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-16 16:30 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-16 16:30 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-02-16 16:30 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-16 16:30 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-16 16:30 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-16 16:30 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-16 16:30 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-02-16 16:29 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-16 16:29 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-16 16:29 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-16 16:29 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-16 16:22 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-16 16:02 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-02-16 15:42 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Presario A900 Notebook PC_Y5335KV_0U_QCND8030GMJ_E460271-051_4A_I30ED_SHP_V83.1E_F.22_T071214_WV3-0_L40C_M2038_J160_7Intel_86FD_91.67_#071121_N10EC8139;168C001C_(KM058EA#ABF)_XMOBILE_CN10_Z_2F.22.MRK
2008-02-16 15:37 --------- d-sh--w C:\ProgramData\Modèles
2008-02-16 15:37 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-02-16 15:37 --------- d-sh--w C:\ProgramData\Favoris
2008-02-16 15:37 --------- d-sh--w C:\ProgramData\Bureau
2008-02-16 15:37 --------- d-sh--w C:\Program Files\Fichiers communs
2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-14 23:14 --------- d-----w C:\ProgramData\WildTangent
2008-01-14 23:14 --------- d-----w C:\Program Files\HP Games
2008-01-14 23:11 --------- d-----w C:\Program Files\CyberLink
2008-01-14 23:07 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-01-14 23:07 --------- d-----w C:\Program Files\HPQ
2008-01-14 23:07 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-14 23:06 --------- d-----w C:\ProgramData\CyberLink
2008-01-14 23:05 --------- d-----w C:\Program Files\Hp
2008-01-14 22:59 --------- d-----w C:\Program Files\CONEXANT
2008-01-14 22:57 --------- d-----w C:\Program Files\Intel
2008-01-14 22:56 --------- d-----w C:\Program Files\NetWaiting
2008-01-14 22:54 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-01-14 22:54 --------- d-----w C:\Program Files\Realtek
2008-01-14 22:54 --------- d-----w C:\Program Files\Apoint2K
2008-01-14 22:52 --------- d-----w C:\ProgramData\Atheros
2008-01-14 22:52 --------- d-----w C:\Program Files\Atheros
2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2007-11-21 06:08 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\users\david\appdata\local\temp\ ----

2008-02-25 22:18 512 --a----t- c:\users\david\appdata\local\temp\\Low\~DF7579.tmp
2008-02-25 22:18 16384 --a------ c:\users\david\appdata\local\temp\\Low\~DF756C.tmp
2008-02-25 14:57 702 --a------ c:\users\david\appdata\local\temp\\MainFrame.Log.txt
2008-02-25 13:29 31832 --a------ c:\users\david\appdata\local\temp\\david.bmp
2008-02-25 13:29 1420 --a------ c:\users\david\appdata\local\temp\\wmplog00.sqm
2008-02-25 13:21 4157 --a------ c:\users\david\appdata\local\temp\\UserInfoSetup(20080225132131120C).log
2008-02-25 13:21 3721 --a------ c:\users\david\appdata\local\temp\\SetupExe(20080225132130120C).log
2008-02-25 13:07 4157 --a------ c:\users\david\appdata\local\temp\\UserInfoSetup(200802251307151570).log
2008-02-25 13:07 3720 --a------ c:\users\david\appdata\local\temp\\SetupExe(200802251307141570).log
2008-02-25 13:01 982 --a------ c:\users\david\appdata\local\temp\\wmsetup.log
2008-02-25 12:56 1368 --a------ c:\users\david\appdata\local\temp\\jusched.log
2008-02-25 12:51 934 --a------ c:\users\david\appdata\local\temp\\MUI\CyberLink YouCam\Cyberlink YouCam.lnk
2008-02-24 15:13 3723 --a------ c:\users\david\appdata\local\temp\\SetupExe(20080224151339C3C).log
2008-02-24 15:13 17059 --a------ c:\users\david\appdata\local\temp\\UserInfoSetup(20080224151340C3C).log
2008-02-24 11:07 49208 --a------ c:\users\david\appdata\local\temp\\Invité.bmp
2008-02-23 16:03 60416 --a------ c:\users\david\appdata\local\temp\\Perflib_Perfdata__755
2008-02-23 16:03 0 --a------ c:\users\david\appdata\local\temp\\Perflib_Perfdata__754
2008-02-23 16:02 71 --a------ c:\users\david\appdata\local\temp\\Av-test.txt

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 03:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-16 17:23 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{300BC64A-BF32-4CC8-8917-91148CEFE700}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-16 17:28 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 16:10 1783136]
"EPSON Stylus DX7400 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 07:00 182272]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-28 13:43 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-28 13:43 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-28 13:43 137752]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-10-10 13:48 212992]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 19:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 16:05 202032]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 16:32 222504]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-21 06:28 1006264]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 05:07 51048]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 15:15 480560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{053AB282-E2DF-4F2E-B806-4A8C143D0FDF}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2C0C2D29-F3D6-444D-8A5C-21AC5D347C8A}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C480E308-4D58-40D5-BBDB-E2B1FE48357E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0FB36BD6-41FD-4EF9-AF57-32C005BBCF26}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{21592082-8707-4982-AA79-54813E0AAB47}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector|Desc=CyberLink PowerDirector
"{1A6DD2DF-10DA-4D90-BC75-F7B18492797B}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play|Desc=Quick Play
"{CCCD9476-B687-4AF7-BB9A-FBD817DEDFBF}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program|Desc=Quick Play Resident Program
"{B6048534-BCF8-4441-AE00-830DCF9F02A1}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{9D8B39D7-2EF5-4889-A313-64963B776E03}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{CB0CAD73-2154-4B7B-AC4C-8749A7906B23}C:\program files\azureus\azureus.exe"= Disabled:UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"UDP Query User{B64C5F25-25BC-440F-B499-490CF3076A73}C:\program files\azureus\azureus.exe"= Disabled:TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"TCP Query User{A87E987A-7F25-46C2-8FDE-41BBDCB59525}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{E3F4E857-6EA5-4CB6-969D-651623EB670E}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"TCP Query User{89878C77-DE97-4733-85E9-4AFBAF3109A8}C:\program files\nero\nero 7\nero home\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home|Desc=Nero Home
"UDP Query User{96DD66E0-C264-4CCE-B5C8-035983BB25B8}C:\program files\nero\nero 7\nero home\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home|Desc=Nero Home

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080221.002\IDSvix86.sys [2008-02-13 17:18]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 05:07]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 15:27]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 15:40]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 13:25]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-09-27 17:33]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 20:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-24 00:33]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-25 20:32:39 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - david.job"

par **Falkra** » 25 Fév 2008 22:39

Télécharge OTMoveIt de OldTimer.
Sauvegarde le sur ton Bureau.
Double-Clique sur OTMoveIt.exe pour le lancer.
Copie le chemin des fichiers suivants en sélectionnant TOUT le contenu de la citation ci-dessous et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) :

C:\Windows\System32\sysmain.dll

Retourne dans OTMoveit, fais un clique-droit dans la partie gauche intitulée "Paste List of Files/Folders to be moved" et choisis Coller.
Clique sur le bouton rouge Moveit!.
Ferme OTMoveIt.
Note : Si un fichier ou un dossier ne peut être déplacé immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes.

Poste le rapport de OTMoveIT dispo ici : C:\_OTMoveIt\MovedFiles.

par **noumaios** » 25 Fév 2008 22:49

oadLibrary failed for C:\Windows\System32\sysmain.dll
C:\Windows\System32\sysmain.dll NOT unregistered.
File move failed. C:\Windows\System32\sysmain.dll scheduled to be moved on reboot.

OTMoveIt2 v1.0.20 log created on 02252008_224331

par **Falkra** » 25 Fév 2008 22:54

Ne redémarre pas !

Poste un log HJT stp !

par **noumaios** » 25 Fév 2008 23:10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09, on 2008-02-25
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {300BC64A-BF32-4cc8-8917-91148CEFE700} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_SA479.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10303 bytes

par **Falkra** » 25 Fév 2008 23:14

Ne redémarre pas encore.

Télécharge Startup CPL :
http://www.mlin.net/files/StartupCPL_EXE.zip

Dézippe-le sur le bureau.
Double clique sur startup.exe
Ouvre l'onglet RunOnce, vois tu des entrées dans la liste ? Si oui, qu'est-ce que ça affiche ?

par **noumaios** » 25 Fév 2008 23:19

il n'y a rien d'affiché

par **Falkra** » 25 Fév 2008 23:26

Télécharge et lance ce programme : (why reboot)
http://www.libellules.ch/dotclear/index.php?2006/12/28/1578-whyreboot

Dézippe-le.
Lance le en double cliquant sur whyreboot.exe
Copie colle le rapport (il y a un bouton copy, si besoin).

par **noumaios** » 25 Fév 2008 23:30

Whyreboot © 2003-2006 Exodus Development, Inc. http://exodusdev.com

Version 1.0.1.537

NOTE: These results may not reflect all pending operations, and you should use your own good sense in deciding whether to reboot your computer after an install.

Detected Windows NT, 2000, XP, or variant

Results:

No items were found.

NOTE that this does not mean that you don't need to reboot your computer, rather, WhyReboot was unable to detect any pending file operations.

par **Falkra** » 25 Fév 2008 23:31

Je ne trouve pas ce que je cherchais. Clique sur dismiss en bas à droite.
Redémarre et poste un log HijackThis, il devrait y avoir déjà moins de saletés.

par **noumaios** » 25 Fév 2008 23:37

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:37, on 2008-02-25
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {300BC64A-BF32-4cc8-8917-91148CEFE700} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_SA479.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10482 bytes

par **Falkra** » 25 Fév 2008 23:39

Je ne vois plus de fichiers infectieux ! :-D

Reste-t-il des symptômes anormaux ?

entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Re: entrée manquante au démarrage et pbm explorateur windows

Qui est en ligne