Se connecter / S'enregistrer
Votre question

souci avec explorer au demarrage du pc

Tags :
  • Demarrage
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Avril 2008 16:19:50

bonjour tout le monde...

J ai des soucis avec mon pc..
A chaque demarrage de l ordinateur.. l explorer.exe plante..
Qui pourrais m aider?


JE VOUS REMERCIE A L AVANCE

Ci joint un rapport avec l outil combixfix.

Endroit: C:\Documents and Settings\Administrateur\Bureau\LIEN\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active


AVERTISSEMENT LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE - !!
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.

2008-04-02 14:51 . 2008-04-02 14:51 80 -r-hs---- C:\WINDOWS\CT5PRET.BIN
2008-04-02 14:49 . 2008-04-02 14:50 <REP> d-------- C:\Program Files\Reallusion
2008-03-31 04:02 . 2008-03-31 04:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-31 04:02 . 2008-03-31 04:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-30 12:47 . 2008-03-30 12:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-03-26 15:27 . 2008-03-26 15:29 <REP> d--h----- C:\WINDOWS\Icons
2008-03-25 18:08 . 2008-03-25 18:08 34 --------- C:\WINDOWS\system32\oeminfo.ini
2008-03-25 15:55 . 2008-03-25 15:55 <REP> d-------- C:\Program Files\HHD Software
2008-03-25 14:51 . 2008-03-25 14:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-25 13:48 . 2008-03-25 13:48 <REP> d-------- C:\Program Files\Nero
2008-03-25 13:48 . 2008-03-25 13:48 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-03-25 13:48 . 2008-02-28 14:26 3,036,456 --a------ C:\WINDOWS\system32\BCGCBPRO860u80.dll
2008-03-25 13:48 . 2006-03-17 12:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
2008-03-25 13:48 . 2006-03-17 12:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-03-25 13:48 . 2006-03-17 12:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-03-25 13:48 . 2006-03-17 15:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-03-25 13:48 . 2006-03-17 12:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-03-25 13:48 . 2008-02-28 14:25 206,120 --a------ C:\WINDOWS\system32\BCGCBProResRUS.nls
2008-03-25 13:48 . 2008-03-16 19:02 193,832 --a------ C:\WINDOWS\system32\NeroBurnRights.cpl
2008-03-25 13:48 . 2008-02-28 14:26 33,576 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll
2008-03-24 13:35 . 2008-03-24 13:43 <REP> d-------- C:\Program Files\Tweak-XP Pro 4
2008-03-24 13:35 . 2008-03-24 13:35 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-03-22 16:56 . 2008-03-22 16:56 <REP> d-------- C:\Program Files\Realtek
2008-03-22 16:56 . 2008-03-22 16:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-03-22 15:27 . 2008-02-28 14:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-03-22 15:27 . 2008-02-28 14:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-03-22 15:27 . 2008-03-22 15:27 0 --a------ C:\WINDOWS\Irremote.ini
2008-03-22 01:21 . 2008-03-22 01:21 <REP> d-------- C:\WINDOWS\Sun
2008-03-22 01:10 . 2007-12-05 03:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-03-22 01:09 . 2008-03-22 01:09 <REP> d-------- C:\NVIDIA
2008-03-21 23:46 . 2008-03-21 23:46 <REP> d-------- C:\Program Files\AMD
2008-03-21 23:45 . 2008-03-21 23:45 <REP> d-------- C:\WINDOWS\OPTIONS
2008-03-21 23:44 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-03-21 23:43 . 2008-03-22 00:50 <REP> d-------- C:\NVIDIA(2)
2008-03-21 22:23 . 2008-03-21 22:23 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Acronis
2008-03-21 21:29 . 2008-03-21 21:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Acronis
2008-03-21 21:28 . 2008-03-21 21:28 441,760 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2008-03-21 21:28 . 2008-03-21 21:28 368,544 --a------ C:\WINDOWS\system32\drivers\tdrpman.sys
2008-03-21 21:28 . 2008-03-21 21:28 44,384 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-03-21 20:45 . 2008-03-21 20:45 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-03-21 20:45 . 2005-05-06 22:00 8,704 --a------ C:\WINDOWS\system32\CNMVS7J.DLL
2008-03-21 20:44 . 2005-05-06 22:00 140,288 --a------ C:\WINDOWS\system32\CNMLM7J.DLL
2008-03-21 20:35 . 2008-03-21 20:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Canon
2008-03-21 20:30 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-21 20:29 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-21 19:13 . 2008-03-21 21:28 <REP> d-------- C:\Program Files\Fichiers communs\Acronis
2008-03-21 19:13 . 2008-03-21 21:28 <REP> d-------- C:\Program Files\Acronis
2008-03-21 19:13 . 2008-03-21 21:28 129,248 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-03-21 19:04 . 2008-03-21 19:04 <REP> d-------- C:\Program Files\Microsoft LifeCam
2008-03-21 19:02 . 2006-09-28 17:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-03-21 19:02 . 2006-09-28 17:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-03-21 19:02 . 2006-07-28 10:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-03-21 19:02 . 2006-09-28 17:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-03-21 19:02 . 2006-07-28 10:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-03-21 19:02 . 2006-09-28 17:03 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-03-21 19:01 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-21 18:32 . 2008-03-24 15:02 <REP> d-------- C:\Program Files\eMule
2008-03-21 18:18 . 2008-03-31 16:43 22 --a------ C:\WINDOWS\WB.ini
2008-03-21 18:11 . 2008-03-21 18:11 <REP> d-------- C:\Program Files\Stardock
2008-03-21 18:11 . 2003-02-26 21:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-03-21 18:11 . 2005-01-22 19:05 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2008-03-21 18:03 . 2008-04-01 21:25 <REP> d-------- C:\wii
2008-03-21 18:01 . 2008-03-21 18:01 0 --a------ C:\WINDOWS\system32\BSPRINT.INI
2008-03-21 18:00 . 2008-03-21 18:00 <REP> d-------- C:\Program Files\IVT Corporation
2008-03-21 18:00 . 2008-03-21 18:01 32 --a------ C:\WINDOWS\0
2008-03-21 18:00 . 2008-03-21 18:00 0 --a------ C:\WINDOWS\system32\0
2008-03-21 17:56 . 2008-03-21 17:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ashampoo
2008-03-21 17:55 . 2008-03-21 17:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-03-21 17:54 . 2008-03-21 17:54 <REP> d-------- C:\Program Files\Ashampoo
2008-03-21 17:51 . 2008-03-21 17:51 <REP> d-------- C:\Program Files\PiFreePC
2008-03-21 17:51 . 2008-03-21 17:51 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PIFreePC
2008-03-21 17:48 . 2008-03-21 17:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2008-03-21 17:47 . 2008-03-21 17:51 <REP> d-------- C:\Program Files\adslTV
2008-03-21 17:14 . 2008-03-21 17:14 <REP> d--h----- C:\WINDOWS\PIF
2008-03-21 16:20 . 2008-03-21 16:53 <REP> d-------- C:\Documents and Settings\Administrateur\Downloads
2008-03-21 16:20 . 2008-03-21 16:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\NewsLeecher
2008-03-21 13:30 . 2008-03-28 13:30 512 --a------ C:\ScanSectorLog.dat
2008-03-20 23:46 . 2008-03-20 23:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\LEAPS
2008-03-20 23:45 . 2008-03-20 23:45 <REP> d-------- C:\Program Files\Pegasys Inc
2008-03-20 23:44 . 2008-03-20 23:44 <REP> d-------- C:\Program Files\VSTplugins
2008-03-20 23:44 . 2008-03-20 23:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Publish Providers
2008-03-20 23:43 . 2008-03-20 23:43 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony
2008-03-20 23:42 . 2008-03-20 23:42 <REP> d-------- C:\Program Files\Sony
2008-03-20 23:40 . 2008-03-20 23:40 <REP> d-------- C:\WINDOWS\system32\URTTEMP
2008-03-20 23:37 . 2008-03-20 23:37 <REP> d-------- C:\Program Files\Sony Setup
2008-03-20 23:32 . 2008-03-24 15:26 <REP> d-------- C:\xbox 360
2008-03-20 23:25 . 2008-03-20 23:25 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-03-20 23:25 . 2008-03-20 23:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-03-20 23:22 . 2008-03-20 23:22 <REP> d-------- C:\VirtualDub-1.7.0
2008-03-20 23:03 . 2008-03-21 14:37 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
2008-03-20 23:00 . 2008-03-21 22:20 280 --a------ C:\WINDOWS\system32\PDBootState
2008-03-20 22:03 . 2008-03-20 22:02 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-20 22:03 . 2008-03-20 22:03 2,564 --a------ C:\WINDOWS\unins000.dat
2008-03-20 22:01 . 2008-03-20 22:02 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-20 22:01 . 2008-04-02 15:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 22:00 . 2008-03-20 22:00 <REP> d-------- C:\Program Files\CCleaner
2008-03-20 21:58 . 2008-03-20 21:58 <REP> d-------- C:\Program Files\Raxco
2008-03-20 21:58 . 2008-03-20 21:58 <REP> d-------- C:\Program Files\Fichiers communs\Raxco
2008-03-20 21:58 . 2008-03-20 21:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-03-20 21:57 . 2008-03-20 21:57 <REP> d-------- C:\Program Files\HomePlayer1.5.4

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 12:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 13:06 --------- d-----w C:\Program Files\QuickPar
2008-03-21 22:53 1,256,448 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-21 16:24 34,312 ----a-w C:\WINDOWS\system32\drivers\blueletaudio.sys
2008-03-21 16:17 20,747,766 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_03_21_17_05_08_full.dmp.zip
2008-03-20 21:26 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-20 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-20 17:53 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-03-20 17:45 --------- d-----w C:\Program Files\Winamp
2008-03-20 17:45 --------- d-----w C:\Program Files\Real Alternative
2008-03-20 17:45 --------- d-----w C:\Program Files\Media Player Classic
2008-03-20 17:45 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-03-20 17:45 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Winamp
2008-03-20 17:45 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-03-20 17:44 --------- d-----w C:\Program Files\Xtremsplit
2008-03-20 17:44 --------- d-----w C:\Program Files\Windows Live
2008-03-20 17:44 --------- d-----w C:\Program Files\QuickTime Alternative
2008-03-20 17:44 --------- d-----w C:\Program Files\NewsLeecher
2008-03-20 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-20 17:43 505,392 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-20 17:43 353,840 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-20 17:43 --------- d-----w C:\Program Files\CyberLink
2008-03-20 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-20 17:42 --------- d-----w C:\Program Files\SlySoft
2008-03-20 17:42 --------- d-----w C:\Program Files\Java
2008-03-20 17:41 --------- d-----w C:\Program Files\MSBuild
2008-03-20 17:41 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-03-20 17:40 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-20 17:39 --------- d-----w C:\Program Files\MSECache
2008-03-20 17:34 --------- d-----w C:\Program Files\Microsoft Works
2008-03-20 17:32 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-20 17:31 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-03-20 17:22 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-20 17:21 --------- d-----w C:\Program Files\Services en ligne
2008-03-20 17:18 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-04 18:33 3,110 ----a-w C:\WINDOWS\system32\presetup.cmd
2008-02-04 17:41 28,672 ----a-w C:\WINDOWS\system32\setupold.exe
2008-02-04 17:11 2,323,968 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-02-03 10:12 920,638 ----a-w C:\WINDOWS\srchasst\srchui.dll
2008-02-03 10:10 928,256 ----a-w C:\WINDOWS\system32\mstscax.dll
2008-02-03 10:09 999,424 ----a-w C:\WINDOWS\system32\mqutil.dll
2008-02-03 10:08 974,848 ----a-w C:\WINDOWS\system32\gpedit.dll
2008-02-03 10:07 99,840 ----a-w C:\WINDOWS\system32\ahui.exe
2008-02-03 09:55 360,832 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-02-03 09:55 142,336 ----a-w C:\WINDOWS\system32\sfc_os.dll
2008-02-03 09:54 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-01-23 20:43 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
2008-01-23 20:40 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-01-23 20:40 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-01-23 20:40 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-01-23 20:40 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
2008-01-23 20:40 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
2008-01-23 20:40 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-01-23 20:39 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2008-01-23 20:39 65,536 ----a-w C:\WINDOWS\system32\wshext.dll
2008-01-23 20:39 57,344 ----a-w C:\WINDOWS\system32\wshfr.dll
2008-01-23 20:39 28,672 ----a-w C:\WINDOWS\system32\wshcon.dll
2008-01-23 20:39 28,672 ----a-w C:\WINDOWS\system32\dispex.dll
2008-01-23 20:39 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
2008-01-23 20:39 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
2008-01-23 20:39 151,552 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-01-23 20:39 14,848 ----a-w C:\WINDOWS\system32\jsfr.dll
2008-01-23 20:39 12,800 ----a-w C:\WINDOWS\system32\vbsfr.dll
2008-01-23 20:39 11,776 ----a-w C:\WINDOWS\system32\scrrnfr.dll
2008-01-23 20:39 10,752 ----a-w C:\WINDOWS\system32\scofr.dll
2008-01-14 17:19 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
2008-01-14 17:18 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
2008-01-14 17:17 450,048 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
2008-01-14 17:17 141,312 ----a-w C:\WINDOWS\AppPatch\AcLua.dll
2008-01-14 17:17 116,224 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
2008-01-14 17:17 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
2004-09-28 02:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
.

------- Sigcheck -------

2008-02-03 12:12 579072 d631fbc2a8b9af181a8612276fc56154 C:\WINDOWS\system32\user32.dll

2008-02-03 11:55 360832 9edca6cc591147475d1f09e95020d956 C:\WINDOWS\system32\drivers\tcpip.sys

2008-02-03 12:12 555520 df3ed75d36bb55fedf9f02ec863bdf3f C:\WINDOWS\system32\winlogon.exe

2008-02-04 19:11 2323968 65715918961345ad81cc006627f8fd4e C:\WINDOWS\system32\ntoskrnl.exe

2008-02-03 12:08 1573376 baa0e1b7da39d7bfcb2e0306b3e98ec1 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280]
"MM_MODULE"="C:\Program Files\MIC\HAWAII\Hawaii.exe" [2005-11-16 15:27 121856]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2008-03-21 18:14 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-03-21 21:28]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 01:12]
R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-03-21 18:24]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 15:45]
R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-30 21:51]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-04 05:55]
R3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 16:58]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 15:46]
S3 MosIrUsb;MosIrUsb.sys;C:\WINDOWS\system32\DRIVERS\MosIrUsb.sys [2004-04-14 15:52]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-20 20:38]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-20 18:38:45 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 16:05:36
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\BsLangInDepRes.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-02 16:07:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-02 14:07:04
Pre-Run: 23,879,020,544 octets libres
Post-Run: 23,775,416,320 octets libres

Autres pages sur : souci explorer demarrage

2 Avril 2008 16:57:34

ensuite le rapport avec hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:21, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MIC\HAWAII\Hawaii.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\Monitor.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MM_MODULE] C:\Program Files\MIC\HAWAII\Hawaii.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientContr...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6391 bytes
4 Avril 2008 14:29:10

petit up..personne ne peut m aider svp?
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS