Bonsoir Ludo,
je reviens vers toi une semaine après une appartée sur un autre portable que j'ai du reformater, puis tout réinstaller, fixer ce qui n'allait plus, etc ... maintenant que ce portable est sur pattes, je reviens vers le mien afin de terminer sa remise en forme.
Donc pour répondre à ton dernier post que j'ai une fois de plus suivi à la lettre :
- je n'ai toujours pas récupérer mon bureau et mon gestionnaire au démarrage lorsque je boot avec mon loggin ( que ce soit en mode de démarrage normal ou sans échec ) et c'est à présent tout l'enjeu restant. Pour répondre à ton interrogation "j'ai téléchargé et lancé le soft, Cela signifie que tu as récupéré ton bureau et le gestionnaire des tâches ou pas ? " la réponse est non. J'ai pu effectuer cette tâche car j'accède normalement à mon bureau + gestionnaire lorsque je me log avec le loggin admin. Cela focntionne en mode de démarrage normal ou sans échec, raison pour laquelle j'ai également pu faire toutes les procédures que tu m'indiquais.
C'est pour cela que je pense à un profil vérolé également ...
Donc voici le résultat des dernières manip que tu m'a demandé d'effectuer :
- HiJackThis : j'ai fait ce que tu m'a demandé. Voici le rapport post manip :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18, on 2008-04-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranoo.francetelecom.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranoo.francetelecom.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LanceurEasyBox] "C:\Program Files\EasyBox\EasyBox.exe" -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-835509042-1775024499-82321609-500\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-835509042-1775024499-82321609-500 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.francetelecom.fr
O17 - HKLM\Software\..\Telephony: DomainName = ad.francetelecom.fr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.francetelecom.fr
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EasyBoxApache - Apache Software Foundation - C:\Program Files\EasyBox\Apache\Apache.exe
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems Ltd. - C:\WINNT\System32\eTSrv.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
End of file - 8340 bytes
- CCleaner en mode sans echec : OK
- ComboFix : voici le rapport :
ComboFix 08-03-26.3 - w2k234ad 2008-04-07 21:21:49.2 - NTFSx86 NETWORK
Endroit: C:\Temp\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
-- Script messages for sUBs --
GREP -Fis \baiso
VFind -td "C:\WINNT\system32\*"
Findstr -MIF:/ sursen
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.
2008-04-07 18:33 . 2008-04-07 18:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2008-04-06 22:55 . 2008-04-06 22:55 <REP> d-------- C:\Program Files\Sunbelt Software
2008-04-03 00:39 . 2008-04-07 20:41 <REP> d-------- C:\Program Files\EasyBox
2008-04-03 00:06 . 2008-04-03 00:23 <REP> d-------- C:\Program Files\FileZilla
2008-04-03 00:03 . 2008-04-03 00:04 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nvu
2008-04-03 00:02 . 2008-04-03 00:03 <REP> d-------- C:\Program Files\Nvu
2008-04-02 23:31 . 2008-04-02 23:31 <REP> d-------- C:\Program Files\Free
2008-04-02 23:06 . 2008-04-02 23:07 <REP> d-------- C:\Program Files\FpTest
2008-04-02 18:26 . 2008-04-02 18:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\skypePM
2008-04-02 18:04 . 2008-04-02 18:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Skype
2008-04-01 23:25 . 2004-08-03 22:29 19,455 --a--c--- C:\WINNT\system32\dllcache\wvchntxx.sys
2008-04-01 23:25 . 2004-08-03 22:29 12,063 --a--c--- C:\WINNT\system32\dllcache\wsiintxx.sys
2008-04-01 23:23 . 2001-08-23 17:46 386,560 --a--c--- C:\WINNT\system32\dllcache\sgiul50.dll
2008-04-01 23:22 . 2001-08-23 17:18 899,914 --a--c--- C:\WINNT\system32\dllcache\r2mdkxga.sys
2008-04-01 23:21 . 2001-08-17 20:50 198,144 --a--c--- C:\WINNT\system32\dllcache\nv3.sys
2008-04-01 23:20 . 2001-08-23 17:09 131,072 --a--c--- C:\WINNT\system32\dllcache\n100325.sys
2008-04-01 23:20 . 2001-08-17 20:50 103,296 --a--c--- C:\WINNT\system32\dllcache\mtxvideo.sys
2008-04-01 23:20 . 2001-08-23 17:09 76,928 --a--c--- C:\WINNT\system32\dllcache\mxport.sys
2008-04-01 23:20 . 2001-08-23 17:09 53,791 --a--c--- C:\WINNT\system32\dllcache\n1000nt5.sys
2008-04-01 23:20 . 2001-08-23 17:46 35,392 --a--c--- C:\WINNT\system32\dllcache\n9i128.dll
2008-04-01 23:20 . 2001-08-23 17:08 22,144 --a--c--- C:\WINNT\system32\dllcache\mxcard.sys
2008-04-01 23:20 . 2001-08-17 21:49 19,968 --a--c--- C:\WINNT\system32\dllcache\mxnic.sys
2008-04-01 23:20 . 2001-08-23 17:47 19,968 --a--c--- C:\WINNT\system32\dllcache\mxicfg.dll
2008-04-01 23:20 . 2001-08-17 20:50 13,664 --a--c--- C:\WINNT\system32\dllcache\n9i128.sys
2008-04-01 23:20 . 2001-08-23 17:47 7,168 --a--c--- C:\WINNT\system32\dllcache\mxport.dll
2008-04-01 23:19 . 2004-08-03 23:10 49,024 --a--c--- C:\WINNT\system32\dllcache\mstape.sys
2008-04-01 23:19 . 2001-08-17 22:02 35,200 --a--c--- C:\WINNT\system32\dllcache\msgame.sys
2008-04-01 23:19 . 2001-08-17 21:48 12,416 --a--c--- C:\WINNT\system32\dllcache\msriffwv.sys
2008-04-01 23:19 . 2001-08-17 21:48 6,016 --a--c--- C:\WINNT\system32\dllcache\msfsio.sys
2008-04-01 23:19 . 2001-08-17 22:00 2,944 --a--c--- C:\WINNT\system32\dllcache\msmpu401.sys
2008-04-01 23:18 . 2001-08-17 21:52 17,280 --a--c--- C:\WINNT\system32\dllcache\mraid35x.sys
2008-04-01 23:18 . 2001-08-17 21:57 16,128 --a--c--- C:\WINNT\system32\dllcache\modemcsa.sys
2008-04-01 23:18 . 2001-08-17 21:52 6,528 --a--c--- C:\WINNT\system32\dllcache\miniqic.sys
2008-04-01 23:16 . 2001-08-23 17:00 728,554 --a--c--- C:\WINNT\system32\dllcache\ltck000c.sys
2008-04-01 23:15 . 2004-08-19 16:09 702,845 --a--c--- C:\WINNT\system32\dllcache\i81xdnt5.dll
2008-04-01 23:14 . 2001-08-24 14:00 10,129,408 --a--c--- C:\WINNT\system32\dllcache\hwxkor.dll
2008-04-01 23:14 . 2004-08-03 23:00 8,192 --a--c--- C:\WINNT\system32\dllcache\i2omgmt.sys
2008-04-01 23:12 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINNT\system32\dllcache\g400d.dll
2008-04-01 23:11 . 2001-08-23 17:13 634,166 --a--c--- C:\WINNT\system32\dllcache\el656ct5.sys
2008-04-01 23:10 . 2001-08-17 20:14 952,007 --a--c--- C:\WINNT\system32\dllcache\diwan.sys
2008-04-01 23:09 . 2001-08-23 17:04 980,034 --a--c--- C:\WINNT\system32\dllcache\cicap.sys
2008-04-01 23:08 . 2001-08-17 22:05 314,752 --a--c--- C:\WINNT\system32\dllcache\camdro21.sys
2008-04-01 23:07 . 2001-08-17 21:28 871,388 --a--c--- C:\WINNT\system32\dllcache\bcmdm.sys
2008-04-01 23:06 . 2001-08-23 17:46 382,592 --a--c--- C:\WINNT\system32\dllcache\atidrab.dll
2008-04-01 23:05 . 2001-08-17 21:28 762,780 --a--c--- C:\WINNT\system32\dllcache\3cwmcru.sys
2008-04-01 23:04 . 2001-08-23 17:46 66,048 --a--c--- C:\WINNT\system32\dllcache\s3legacy.dll
2008-04-01 17:26 . 2008-04-01 17:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Flickr
2008-04-01 17:24 . 2008-04-01 19:07 <REP> d-------- C:\Program Files\Flickr Uploadr
2008-04-01 03:06 . 2008-04-01 03:06 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-01 03:04 . 2008-04-01 03:04 <REP> d-------- C:\SIGNATURES
2008-03-31 17:46 . 2007-07-30 19:19 271,224 --a------ C:\WINNT\system32\mucltui.dll
2008-03-31 17:46 . 2007-07-30 19:19 207,736 --a------ C:\WINNT\system32\muweb.dll
2008-03-31 17:46 . 2007-07-30 19:18 30,072 --a------ C:\WINNT\system32\mucltui.dll.mui
2008-03-31 17:28 . 2008-03-31 17:28 <REP> d-------- C:\Program Files\Freeplayer
2008-03-31 03:06 . 2008-03-31 03:09 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-31 03:04 . 2008-03-31 03:14 <REP> d-------- C:\Program Files\Windows Live
2008-03-31 02:56 . 2008-03-31 02:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-30 01:42 . 2008-04-02 19:04 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
2008-03-29 17:13 . 2008-04-06 05:26 10,240,151 --a------ C:\WINNT\pfirewall.log.old
2008-03-29 15:51 . 2008-04-07 19:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BitTorrent
2008-03-29 02:15 . 2008-03-28 20:59 51,723 --a------ C:\Temp\ELIBAGLA_1119.EXE
2008-03-28 17:10 . 2008-03-28 17:10 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2008-03-28 02:05 . 2008-03-28 02:05 <REP> d-------- C:\_OTMoveIt
2008-03-28 02:00 . 2008-03-18 21:54 226,258 --a------ C:\Temp\clean.zip
2008-03-28 02:00 . 2008-03-19 18:55 201,030 --a------ C:\Temp\lspfix.zip
2008-03-28 02:00 . 2008-03-27 22:00 92,672 --a------ C:\Temp\KillBox.exe
2008-03-28 02:00 . 2008-03-27 22:00 90,498 --a------ C:\Temp\install_CCleaner_.exe
2008-03-28 00:12 . 2008-03-27 21:57 1,600,994 --a------ C:\Temp\ComboFix.exe
2008-03-27 20:03 . 2008-03-28 02:10 <REP> d-------- C:\Temp\clean
2008-03-27 20:00 . 2008-03-18 21:56 1,413,600 --a------ C:\Temp\SDFix.exe
2008-03-27 20:00 . 2008-03-20 15:53 1,413,120 --a------ C:\Temp\WinsockXPFix.exe
2008-03-27 20:00 . 2008-03-19 18:18 812,344 --a------ C:\Temp\HJTInstall.exe
2008-03-27 20:00 . 2008-03-21 19:24 290,304 --a------ C:\Temp\OTMoveIt2.exe
2008-03-22 01:46 . 2008-03-22 01:46 <REP> d-------- C:\Temp\_OTMoveIt
2008-03-21 20:31 . 2008-03-21 20:31 <REP> d-------- C:\Program Files\Avira
2008-03-21 20:31 . 2008-03-21 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-20 17:05 . 2008-03-20 17:05 <REP> d-------- C:\Temp\PCMCIA_wifi
2008-03-19 22:27 . 2008-03-19 22:27 <REP> d-------- C:\Temp\lspfix
2008-03-19 18:24 . 2008-03-19 18:24 <REP> d-------- C:\Program Files\Trend Micro
2008-03-19 03:26 . 2008-03-19 03:26 <REP> d-------- C:\WINNT\ERUNT
2008-03-19 02:23 . 2008-03-19 02:23 <REP> d-------- C:\clean
2008-03-19 00:30 . 2008-03-28 03:33 <REP> d-------- C:\Temp\SDFix
2008-03-19 00:13 . 2008-03-19 00:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-19 00:13 . 2007-05-30 14:10 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2008-03-19 00:09 . 2008-03-19 00:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-18 16:49 . 2008-03-18 16:49 <REP> d-------- C:\WINNT\system32\Logfiles
2008-03-18 16:49 . 2008-03-18 16:49 <REP> d-------- C:\Inetpub
2008-03-18 02:48 . 2008-03-18 04:11 <REP> d-------- C:\Temp\!KillBox
2008-03-17 22:59 . 2008-03-17 22:59 <REP> d-------- C:\Program Files\Lavasoft
2008-03-17 22:59 . 2008-03-17 23:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-17 22:55 . 2008-03-17 22:55 <REP> d-------- C:\Program Files\CCleaner
2008-03-17 18:10 . 2008-03-17 18:09 1,104,734 --a------ C:\Documents and Settings\EFOr7353\dvdshrink_dvdshrink_3.2.0.16_vf_francais_11021.zip
2008-03-17 16:02 . 2008-03-17 16:02 7,482 --a------ C:\Documents and Settings\EFOr7353\exefix.reg
2008-03-09 20:15 . 2008-03-15 04:03 844 --a------ C:\WINNT\ARPR.INI
2008-03-09 20:13 . 2008-03-09 20:13 <REP> d-------- C:\Program Files\AdvPassw
2008-03-08 01:41 . 2008-03-08 01:41 2,735,871 --a------ C:\Documents and Settings\EFOr7353\creabox.zip
2008-03-07 22:53 . 2008-03-07 22:53 3,388,599 --a------ C:\Documents and Settings\EFOr7353\dg834v3_dg834gv3_4_01_30.zip
2008-03-07 17:17 . 2008-03-07 17:17 62,464 --a------ C:\Documents and Settings\EFOr7353\CertiNomis.exe
2008-03-07 04:55 . 2008-03-30 21:08 <REP> d-------- C:\WINNT\system32\fr-fr
2008-03-07 04:48 . 2008-03-30 21:29 <REP> d--h----- C:\WINNT\$hf_mig$
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 18:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-07 00:46 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-06 14:28 --------- d-----w C:\Program Files\eMule
2008-03-30 01:06 --------- d-----w C:\Program Files\BitTorrent
2008-03-29 22:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 17:07 --------- d-----w C:\Program Files\Fortuna
2008-03-22 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 15:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-19 21:48 --------- d-----w C:\Program Files\Yahoo!
2008-03-18 16:27 --------- d-----w C:\Program Files\Google
2008-03-18 16:22 --------- d-----w C:\Program Files\CyberLink
2008-03-17 13:11 --------- d-----w C:\Program Files\LM Version-2.5-F
2008-03-14 23:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-14 20:12 --------- d-----w C:\Program Files\Windows Journal Viewer
2008-03-14 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\OD2
2008-03-14 20:08 --------- d-----w C:\Program Files\Macromedia
2008-03-14 20:08 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-03-14 20:05 --------- d-----w C:\Program Files\Creative
2008-02-26 20:47 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-26 20:44 --------- d-----w C:\Program Files\Skype
2008-02-26 20:44 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-02-26 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-02-25 18:48 --------- d-----w C:\Program Files\SWiSHmax
2008-02-09 00:38 --------- d-----w C:\Program Files\Microsoft
2007-12-16 18:30 1,019,278 ----a-w C:\Documents and Settings\EFOr7353\cc_20071216_1929.reg
2004-08-19 14:09 65,024 --sha-w C:\WINNT\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINNT\system32\comctl32.dll
2004-08-19 14:09 1,028,096 --sha-w C:\WINNT\system32\mfc42.dll
2002-08-30 12:00 57,344 --sha-w C:\WINNT\system32\mfc42loc.dll
2004-08-19 14:09 413,696 --sha-w C:\WINNT\system32\msvcp60.dll
2004-08-19 14:09 343,040 --sha-w C:\WINNT\system32\msvcrt.dll
2002-08-30 12:00 253,952 -csha-w C:\WINNT\system32\msvcrt20.dll
2007-12-04 18:41 550,912 --sha-w C:\WINNT\system32\oleaut32.dll
2004-08-19 14:09 83,456 --sha-w C:\WINNT\system32\olepro32.dll
2004-08-19 14:09 30,749 --sha-w C:\WINNT\system32\vbajet32.dll
.
------- Sigcheck -------
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:07 1289000]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"LanceurEasyBox"="C:\Program Files\EasyBox\EasyBox.exe" [2007-02-23 21:42 499699]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"Synchronization Manager"="C:\WINNT\system32\mobsync.exe" [2004-08-19 16:09 144384]
"POINTER"="point32.exe" []
"IgfxTray"="C:\WINNT\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-29 14:19 249896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-03-19 19:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"nosmconfigureprograms"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 TivoliAP
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0\[u]0]
"Script"=Drive_E.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0\1]
"Script"=Citrix.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0\2]
"Script"=GrpLocal.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0\3]
"Script"=Netscape_cfg.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-835509042-1775024499-82321609-500\Scripts\Logoff\[u]0\[u]0]
"Script"=RProfile.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-835509042-1775024499-82321609-500\Scripts\Logoff\[u]0\1]
"Script"=Logoff.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-835509042-1775024499-82321609-500\Scripts\Logon\[u]0\[u]0]
"Script"=Install.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-835509042-1775024499-82321609-500\Scripts\Logon\[u]0\1]
"Script"=Logon.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-835509042-1775024499-82321609-500\Scripts\Logon\[u]0\2]
"Script"=confatnw.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-835509042-1775024499-82321609-500\Scripts\Logon\[u]0\3]
"Script"=habil2.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-835509042-1775024499-82321609-500\Scripts\Logon\[u]0\4]
"Script"=Netscape.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-835509042-1775024499-82321609-500\Scripts\Logon\[u]0\5]
"Script"=tivoli.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-835509042-1775024499-82321609-500\Scripts\Logon\[u]0\6]
"Script"=Dazel.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-789336058-682003330-1194\Scripts\Logoff\[u]0\[u]0]
"Script"=RProfile.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-789336058-682003330-1194\Scripts\Logoff\[u]0\1]
"Script"=Logoff.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-789336058-682003330-1194\Scripts\Logon\[u]0\[u]0]
"Script"=Install.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-789336058-682003330-1194\Scripts\Logon\[u]0\1]
"Script"=Logon.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-789336058-682003330-1194\Scripts\Logon\[u]0\2]
"Script"=confatnw.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-789336058-682003330-1194\Scripts\Logon\[u]0\3]
"Script"=habil2.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-789336058-682003330-1194\Scripts\Logon\[u]0\4]
"Script"=Netscape.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-789336058-682003330-1194\Scripts\Logon\[u]0\5]
"Script"=tivoli.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-789336058-682003330-1194\Scripts\Logon\[u]0\6]
"Script"=Dazel.vbs
[HKLM\~\startupfolder\C:^Documents and Settings^EFOr7353^FT-NAHA5D3UZCYT^Menu Démarrer^Programmes^Démarrage^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\EFOr7353\FT-NAHA5D3UZCYT\Menu Démarrer\Programmes\Démarrage\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINNT\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2007-11-05 00:27 286016 C:\Program Files\BitTorrent_DNA\dna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\PROGRA~1\MI3AA1~1\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 17:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcq]
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smash]
--a------ 2004-03-02 09:56 66592 C:\Program Files\SoftMaker\Shared Tools\Smash\Smash.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Fujitsu\\Plugfree\\PfChat.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\EasyBox\\vlc\\vlc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"8080:TCP"= 8080:TCP:freeplayer
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b4a7e1e-e3d0-11dc-a0ec-000f66e5565a}]
\Shell\AutoRun\command - setup.exe /AUTORUN
\Shell\configure\command - setup.exe
\Shell\install\command - setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmactedp.inf,PerUserStub
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-04-07 21:33:46
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-07 21:39:06 - machine was rebooted [w2k234ad]
ComboFix-quarantined-files.txt 2008-04-07 19:39:03
ComboFix2.txt 2008-03-29 01:08:56
ComboFix3.txt 2008-03-28 16:32:02
Pre-Run: 694,136,832 octets libres
Post-Run: 676,331,520 octets libres
.
2008-04-04 01:06:58 --- E O F ---
JE précise que ces manips ne m'ont malheureusement pas fait récupérer mon bureau + gestionnaire au démarrage avec mon loggin windows standard ...
Merci de ton aide,
François
Comment convertir un fichier .exe et le transformer en un autre format ?
