Votre question

mon Windows explorer défaille

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Mars 2008 15:06:27

Bonjour, donc, Depuis hier, quand j'ouvre un dossier ma barre d'exploration + Tout les raccourcis et icônes sur mon bureau disparaissent , je ne peut même pas ouvrir mon panneau de configuration sans ce bug, je pense peut etre à un virus...


merci

Autres pages sur : windows explorer defaille

23 Mars 2008 16:23:49

ah, j'avais prévu sa

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:30, on 23/03/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinPerfectAutoRun] C:\Program Files\Haysoft\HS WinPerfect\WinPerfect.exe -boot
O4 - HKCU\..\Run: [2ced2581] rundll32.exe "C:\Users\Tiago\AppData\Local\Temp\bsupotcg.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O13 - Gopher Prefix:
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6887 bytes
Contenus similaires
23 Mars 2008 17:51:20

Re,

Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ...
et valide par OK , il te sera demandé de redémarrer, fais le )


1) Désactive toute protection résidente ( antivirus…) !

Télécharge Combofix de sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !


Redémarre en mode sans échecs : aide ici >>>

http://forum.telecharger.01net.com/telecharger/virus_et...
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

2) Copie/colle un nouveau rapport HiJackThis avec.

;) 
23 Mars 2008 21:54:29

ComboFix 08-03-23.2 - Tiago 2008-03-23 21:31:07.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1689 [GMT 1:00]
Endroit: C:\Dossiers Mozilla\ComboFix.exe
.
TimedOut: Windir.dat
TimedOut: progfile.dat
-- Other TimeOuts --
VFind -td "C:\Windows\system32\baiso*"
CF11273.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\Windows\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\Windows\*
CF11273.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
CF11273.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
pv -d10000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\wbem\wmiprvse.exe
winlogon.exe
"C:\Program Files\TortoiseSVN\bin\TSVNCache.exe"
SED "/32\\[0-9]*\\insatll.~tmp/I!d"
VFind -tf "C:\Windows\system32\insatll.~tmp"
CF11273.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\Windows\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\Windows\*
CF11273.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
CF11273.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
pv -d10000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
C:\Windows\system32\svchost.exe -k netsvcs
wmiadap.exe /F /T /R
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\wbem\wmiprvse.exe
winlogon.exe
"C:\Program Files\TortoiseSVN\bin\TSVNCache.exe"
Findstr -MIF:/ sursen
CF11273.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\Windows\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\Windows\*
CF11273.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
CF11273.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
pv -d80000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
C:\Windows\system32\svchost.exe -k netsvcs
wmiadap.exe /F /T /R
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\wbem\wmiprvse.exe
winlogon.exe
"C:\Program Files\TortoiseSVN\bin\TSVNCache.exe"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF11273.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\Windows\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\Windows\*
CF11273.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
CF11273.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
pv -d20000 * -t -l

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Tiago\AppData\Local\mldqmqzuw.dat
C:\Users\Tiago\AppData\Local\mldqmqzuw.exe
C:\Users\Tiago\AppData\Local\mldqmqzuw_nav.dat
C:\Users\Tiago\AppData\Local\mldqmqzuw_navps.dat
C:\Users\Tiago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InternetGameBox
C:\Windows\system32\awtstsp.dll
C:\Windows\system32\jkkllmj.dll
C:\Windows\system32\nvs2.inf
C:\Windows\system32\rqropnl.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 20:26 476,480 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-03-23 20:26 35,418,912 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-03-23 20:26 --------- d-----w C:\Users\Tiago\AppData\Roaming\OpenOffice.org2
2008-03-23 20:26 --------- d-----w C:\Users\Tiago\AppData\Roaming\Azureus
2008-03-23 20:22 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-03-23 20:18 --------- d-----w C:\Users\Tiago\AppData\Roaming\HLSW
2008-03-23 18:22 --------- d-----w C:\Program Files\Steam
2008-03-23 15:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 15:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-23 13:30 --------- d-----w C:\Program Files\Toribash-3.2
2008-03-23 09:30 --------- d-----w C:\Program Files\Google
2008-03-22 22:01 --------- d-----w C:\Program Files\THQ
2008-03-22 22:00 --------- d-----w C:\Program Files\Autodesk
2008-03-22 21:43 --------- d-----w C:\Program Files\Haysoft
2008-03-22 21:37 --------- d-----w C:\ProgramData\NVIDIA
2008-03-22 21:34 174 --sha-w C:\Program Files\desktop.ini
2008-03-22 21:22 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-22 21:22 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-22 21:22 --------- d-----w C:\Program Files\Windows Mail
2008-03-22 21:22 --------- d-----w C:\Program Files\Windows Journal
2008-03-22 21:22 --------- d-----w C:\Program Files\Windows Defender
2008-03-22 21:22 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-22 21:22 --------- d-----w C:\Program Files\Windows Calendar
2008-03-22 21:01 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-22 21:01 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-22 20:30 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-03-22 20:30 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-03-22 12:51 --------- d-----w C:\Program Files\Java
2008-03-22 10:20 91,700 ----a-w C:\Windows\system32\drivers\klin.dat
2008-03-22 10:20 85,860 ----a-w C:\Windows\system32\drivers\klick.dat
2008-03-22 10:17 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-22 09:51 --------- d-----w C:\Program Files\Trend Micro
2008-03-21 14:30 --------- d-----w C:\Program Files\Battlefront II
2008-03-21 11:38 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-21 11:36 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-18 19:27 --------- d-----w C:\Program Files\Savage 2 - A Tortured Soul
2008-03-18 18:17 --------- d-----w C:\Program Files\Paint.NET
2008-03-18 17:46 --------- d-----w C:\Program Files\City of Heroes
2008-03-18 17:41 --------- d---a-w C:\ProgramData\TEMP
2008-03-13 19:59 --------- d--h--w C:\Program Files\Common Files\AssortedEngines
2008-03-12 11:06 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-11 14:49 --------- d-s---w C:\Program Files\HLSW
2008-03-09 10:31 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-03-07 17:25 --------- d-----w C:\Program Files\Azureus
2008-03-06 18:10 --------- d-----w C:\Users\Tiago\AppData\Roaming\SmartFTP
2008-03-06 18:09 --------- d-----w C:\Program Files\SmartFTP Client
2008-03-06 18:08 --------- d-----w C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-03-05 14:53 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-05 14:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-05 14:41 --------- d-----w C:\Program Files\AGEIA Technologies
2008-03-03 11:51 --------- d-----w C:\Users\Tiago\AppData\Roaming\Orbit
2008-03-02 18:47 --------- d-----w C:\Users\Tiago\AppData\Roaming\Thinstall
2008-03-02 14:22 --------- d-----w C:\ProgramData\ALM
2008-03-02 12:52 --------- d-----w C:\Program Files\Bonjour
2008-02-29 17:48 --------- d-----w C:\Users\Tiago\AppData\Roaming\FileZilla
2008-02-29 11:42 --------- d-----w C:\Users\Tiago\AppData\Roaming\gtk-2.0
2008-02-28 14:40 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-02-28 14:37 --------- d-----w C:\Program Files\FileZilla-3.0.6
2008-02-28 11:30 --------- d-----w C:\Users\Tiago\AppData\Roaming\Joost
2008-02-26 21:38 --------- d-----w C:\ProgramData\FLEXnet
2008-02-25 18:59 --------- d-----w C:\Users\Tiago\AppData\Roaming\Hamachi
2008-02-23 18:48 --------- d-----w C:\Program Files\TortoiseSVN
2008-02-23 17:53 996,232 ----a-w C:\mp5_army_green.zip
2008-02-23 17:49 --------- d-----w C:\Program Files\Xvi32
2008-02-22 17:50 --------- d-----w C:\Program Files\CoHTest
2008-02-19 17:16 --------- d-----w C:\Program Files\Joost
2008-02-17 15:48 --------- d-----w C:\Program Files\Electronic Arts
2008-02-17 15:05 --------- d-----w C:\Program Files\Orbitdownloader
2008-02-16 18:01 --------- d-----w C:\ProgramData\Autodesk
2008-02-16 10:03 --------- d-----w C:\ProgramData\Steam
2008-02-16 10:03 --------- d-----w C:\ProgramData\PopCap Games
2008-02-15 17:54 --------- d-----w C:\ProgramData\LogiShrd
2008-02-15 17:44 --------- d-----w C:\Users\Tiago\AppData\Roaming\DMCache
2008-02-15 17:44 --------- d-----w C:\Program Files\MagicISO
2008-02-15 17:41 --------- d-----w C:\Program Files\crocpopup+
2008-02-14 19:48 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-11 11:14 --------- d-----w C:\Users\Tiago\AppData\Roaming\Autodesk
2008-02-11 11:10 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-02-11 10:22 --------- d-----w C:\Program Files\Movie Maker 2.6
2008-02-08 17:37 219,664 ----a-w C:\Windows\System32\klogon.dll
2008-02-08 17:35 23,604 ----a-w C:\Windows\system32\drivers\klopp.dat
2008-02-04 19:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-02 18:32 --------- d-----w C:\ProgramData\FlashFXP
2008-01-29 19:52 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-01-28 18:27 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-01-27 19:01 --------- d-----w C:\ProgramData\Grisoft
2008-01-27 18:50 --------- d-----w C:\Program Files\CCleaner
2008-01-27 16:54 --------- d-----w C:\Program Files\KeyBinder
2008-01-26 20:19 --------- d-----w C:\Users\Tiago\AppData\Roaming\DivX
2008-01-26 13:30 --------- d-----w C:\Program Files\DivX
2008-01-26 13:30 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-01-18 22:44 986,680 ----a-w C:\Windows\System32\winload.exe
2008-01-18 22:44 926,776 ----a-w C:\Windows\System32\winresume.exe
2008-01-18 22:43 614,968 ----a-w C:\Windows\System32\ci.dll
2008-01-18 22:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-18 22:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-18 22:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-18 22:43 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-18 22:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-18 22:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]
"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-31 04:44 36864]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\Windows\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 05:34 868352]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-17 08:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-17 08:07 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-17 08:07 81920]
"WinPerfectAutoRun"="C:\Program Files\Haysoft\HS WinPerfect\WinPerfect.exe" [2008-03-08 17:35 3747328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" []

C:\Users\Tiago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Azureus.lnk - C:\Program Files\Azureus\Azureus.exe [2008-01-02 12:31:03 254976]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-29 20:41:49 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\startupfolder\C:^Users^Tiago^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MutiKeyboard Driver.lnk]
path=C:\Users\Tiago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MutiKeyboard Driver.lnk
backup=C:\Windows\pss\MutiKeyboard Driver.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2ced2581]
C:\Users\Tiago\AppData\Local\Temp\bsupotcg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2fde161d]
C:\Users\Tiago\AppData\Local\Temp\podurqfq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\Tiago\AppData\Local\Temp\byxyy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MS Juan]
C:\Users\Tiago\AppData\Local\Temp\xrhulqdf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\awtstsp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-18 23:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3503344611-239973625-2988070438-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AE9CEEC4-72C9-47D4-B0CA-7955238E0B4F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6DD9F4AE-B5EF-41E4-987B-B8EEF20CFD69}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{6CBC87B8-DB35-4FF9-AE93-71F55FAB55B6}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{CF1C7A03-4595-4D1B-9A9B-4BAC4BA09F5F}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{30FB0083-BD45-44D3-85C3-A29016737123}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"TCP Query User{B12B2A10-A658-44C7-B49C-9A1DEAA7EA3C}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F725B2CF-CB1A-400A-9F83-5D85363145E5}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{1DA5CAEA-08D1-4122-83A3-5317228DFBD9}"= UDP:C:\Program Files\Steam\Steam.exe:Steam
"{FB2BCCF6-829D-42C7-B68D-31B87B417D2A}"= TCP:C:\Program Files\Steam\Steam.exe:Steam
"TCP Query User{4ABADA64-C8A4-4F92-9392-26C92A886820}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{31772C5B-E30A-42F0-900D-69C04BA63E79}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{F58D58AE-05F8-45F6-942A-E94A991B2727}C:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:C:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{622F15E6-A03C-4B3E-9CE5-83F677244E22}C:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:C:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"TCP Query User{FA081825-CDBB-4616-81E3-D6C5ACBC4178}C:\\program files\\steam\\steamapps\\ragarnok\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\ragarnok\source sdk base\hl2.exe:hl2
"UDP Query User{DFA18C10-FFC3-4107-AA21-56009F119D77}C:\\program files\\steam\\steamapps\\ragarnok\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\ragarnok\source sdk base\hl2.exe:hl2
"TCP Query User{EF018A1D-1A33-43D2-AED8-D3FB6752FECB}C:\\program files\\steam\\steamapps\\ragarnok\\garrysmod\\hl2.exe"= UDP:C:\program files\steam\steamapps\ragarnok\garrysmod\hl2.exe:hl2
"UDP Query User{62E69E89-8E59-47CC-8606-003B825726FF}C:\\program files\\steam\\steamapps\\ragarnok\\garrysmod\\hl2.exe"= TCP:C:\program files\steam\steamapps\ragarnok\garrysmod\hl2.exe:hl2
"TCP Query User{EDD7E9CD-DC08-4354-BFAC-B6AF43E74284}C:\\program files\\thq\\dawn of war - soulstorm demo\\soulstorm.exe"= UDP:C:\program files\thq\dawn of war - soulstorm demo\soulstorm.exe:Soulstorm
"UDP Query User{37E54285-E6A5-4F77-BDD9-C782B813D096}C:\\program files\\thq\\dawn of war - soulstorm demo\\soulstorm.exe"= TCP:C:\program files\thq\dawn of war - soulstorm demo\soulstorm.exe:Soulstorm
"TCP Query User{AF2D29E7-7521-4490-B2D1-960083147703}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:D arkCrusade
"UDP Query User{34F7D14A-D9C7-481C-A4F2-2D9EFC904CA6}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:D arkCrusade
"TCP Query User{4CE5D910-0C40-4A43-86BF-23FED60C41E1}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"UDP Query User{339AB9BF-5E7B-4376-8B8F-385E7B81E703}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"TCP Query User{BB5496B7-E1A7-481A-8434-79034EDB5909}C:\\program files\\steam\\steamapps\\ragarnok\\garrysmod\\hl2.exe"= UDP:C:\program files\steam\steamapps\ragarnok\garrysmod\hl2.exe:hl2
"UDP Query User{BBD4BA87-E230-4701-AC1F-8E50116B70C5}C:\\program files\\steam\\steamapps\\ragarnok\\garrysmod\\hl2.exe"= TCP:C:\program files\steam\steamapps\ragarnok\garrysmod\hl2.exe:hl2
"TCP Query User{99A6C4F3-26CC-4CB5-ACE5-5F392B0C9CC4}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{875638A4-E9C8-4525-BEF0-A7150AE27122}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{511CE096-37B4-4BBF-BEAC-0C0386D5545A}C:\\program files\\flashfxp\\flashfxp.exe"= UDP:C:\program files\flashfxp\flashfxp.exe:FlashFXP
"UDP Query User{4948C8B7-4FE8-44B4-888C-51DCB5C33A14}C:\\program files\\flashfxp\\flashfxp.exe"= TCP:C:\program files\flashfxp\flashfxp.exe:FlashFXP
"TCP Query User{442350E0-466C-4221-9B3C-379D79976C21}C:\\program files\\steam\\steamapps\\ragarnok\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\ragarnok\team fortress 2\hl2.exe:hl2
"UDP Query User{10359027-F8D4-4A88-B16F-D6E92BBCF8B9}C:\\program files\\steam\\steamapps\\ragarnok\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\ragarnok\team fortress 2\hl2.exe:hl2
"{8C26A560-B8CC-44A2-834C-699FA6DC0B9C}"= UDP:C:\Program Files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit
"{D43AB76B-9800-40B2-993F-A5CA9F34160B}"= TCP:C:\Program Files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit
"{1EB13AEB-9713-40D2-B9F3-70B7D5F01F41}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{63B937A0-75BB-49C2-8AE9-5D3D1495EC70}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{69D1B9A7-4EB5-4342-85C7-09B6F5CC2923}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{CB7FAF62-FDA9-4BB8-8986-7A88DB1DA35B}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
S2 mi-raysat_3dsMax2008_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit;"C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe" [2007-09-24 17:05]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-11 16:09]
S3 UMPass;Pilote Microsoft UMPass;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 21:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\splash.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1340ecc2-b63e-11dc-ae7a-001bfc7455ab}]
\shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a7ae817-c07e-11dc-b1a9-001bfc7455ab}]
\shell\AutoRun\command - ntde1ect.com
\shell\explore\Command - ntde1ect.com
\shell\open\Command - ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ada503f4-b638-11dc-9b4a-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2f26fbe-b848-11dc-b717-001bfc7455ab}]
\shell\AutoRun\command - ntdelect.com
\shell\explore\Command - utdetect.com
\shell\open\Command - utdetect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd16d622-ee85-11dc-965b-001bfc7455ab}]
\shell\AutoRun\command - O:\h.cmd
\shell\explore\Command - O:\h.cmd
\shell\open\Command - O:\h.cmd

*Newly Created Service* - CATCHME
*Newly Created Service* - ECACHE
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-23 09:56:27 C:\Windows\Tasks\User_Feed_Synchronization-{824196D0-2DFE-44A3-81A5-B228ACD37111}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 21:36:46
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-23 21:37:41
ComboFix-quarantined-files.txt 2008-03-23 20:37:39
.
2008-03-21 13:47:42 --- E O F ---
23 Mars 2008 22:40:59

Re,

Télécharger OTMoveIt2. ( de OldTimer)
  • Fais un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisissez Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    C:\Windows\System32\ci.dll

  • Retourne dans la fenêtre de OTMoveIt2, fais un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisis Coller.


  • Copie les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    C:\Users\Tiago\AppData\Local\Temp\*.* /s

  • Retourne dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Custom List Of Files/Patterns To Move" (sous la barre jaune) puis choisis Coller.

  • Clique sur le bouton rouge Moveit!.
  • Copie tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Ferme OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine t'est demandé, choisis Oui/Yes. Dans ce cas, après le redémarrage, ouvre le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), clique sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuie sur la touche Entrée, navigue jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvre le fichier .log le plus récent; ensuite fais un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l'outil.
    24 Mars 2008 09:41:31

    LoadLibrary failed for C:\Windows\System32\ci.dll
    C:\Windows\System32\ci.dll NOT unregistered.
    File move failed. C:\Windows\System32\ci.dll scheduled to be moved on reboot.
    [Custom Input]
    < C:\Users\Tiago\AppData\Local\Temp\*.* /s >
    C:\Users\Tiago\AppData\Local\Temp\jusched.log moved successfully.
    DllUnregisterServer procedure not found in C:\Users\Tiago\AppData\Local\Temp\swt-gdip-win32-3430.dll
    C:\Users\Tiago\AppData\Local\Temp\swt-gdip-win32-3430.dll NOT unregistered.
    C:\Users\Tiago\AppData\Local\Temp\swt-gdip-win32-3430.dll moved successfully.
    DllUnregisterServer procedure not found in C:\Users\Tiago\AppData\Local\Temp\swt-win32-3430.dll
    C:\Users\Tiago\AppData\Local\Temp\swt-win32-3430.dll NOT unregistered.
    C:\Users\Tiago\AppData\Local\Temp\swt-win32-3430.dll moved successfully.
    C:\Users\Tiago\AppData\Local\Temp\Tiago.bmp moved successfully.
    File move failed. C:\Users\Tiago\AppData\Local\Temp\~DF23A3.tmp scheduled to be moved on reboot.
    File move failed. C:\Users\Tiago\AppData\Local\Temp\~DF2BDD.tmp scheduled to be moved on reboot.
    File move failed. C:\Users\Tiago\AppData\Local\Temp\~DF2CA5.tmp scheduled to be moved on reboot.
    File move failed. C:\Users\Tiago\AppData\Local\Temp\e4jD548.tmp_dir7992\exe4jlib.jar scheduled to be moved on reboot.
    C:\Users\Tiago\AppData\Local\Temp\hsperfdata_Tiago\2492 moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03242008_092034
    24 Mars 2008 11:19:44

    :hello: 

    Refais-moi un combofix normal :) 
    24 Mars 2008 17:42:21

    mais il s'arrête :/ 
    24 Mars 2008 17:58:49

    Re,

    Tu as plusieurs logiciels de protections (antivirus ou antispywares).
    Pour rappel : un seul antivirus et un seul antispyware par ordinateur

    Cela ne te protège pas forcemment mieux mais ce qui est certains c'est que ça te ralenti l'ordinateur voir peu occasionner des plantages, plus d'infos : http://forum.malekal.com/viewtopic.php?f=45&t=4650

    Fais du ménage dans les programes de protections installés.


    Et réessaye un scan avec combofix.

    Il s'arrête, c'est-à-dire ?
    27 Mars 2008 20:51:03

    Euhm depuis hier, je ne peux plus rien du tout effacer quand j'écris , sur n'importe quel logiciel, ou sur internet , tout ce que j'écris je ne plus plus rien effacer avec la touche retour arriéré . je vous donne un log hijack


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:21:49, on 27/03/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Haysoft\HS WinPerfect\WinPerfect.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [WinPerfectAutoRun] C:\Program Files\Haysoft\HS WinPerfect\WinPerfect.exe -boot
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &Download all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Download selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O13 - Gopher Prefix:
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 8100 bytes
    27 Mars 2008 21:30:03

    Re,

    Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Télécharge et installe Antivir. (tuto)
    Pourquoi changer ? Avast vs Antivir
    Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.

    :) 
    28 Mars 2008 12:47:21

    Je l'avait deja, mais je n'ai pas la barre barre d'outils yahoo
    28 Mars 2008 13:35:39

    Re,

    Si tu as antivir, fias un scan en mode sans échec avec et poste-moi le rapport :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS