Combofix

isla · Août 31, 2008, 10:10

Rapport combofix :
ComboFix 08-08-30.03 - Damien 2008-08-31 22:00:38.3 - NTFSx86 MINIMAL
Microsoft® Windows Vista Édition Intégrale 6.0.6001.1.1252.1.1036.18.1669 [GMT 2:00]
Endroit: C:\Users\Damien\Downloads\ComboFix.exe
Command switches used :: C:\Users\Damien\Desktop\CFScript.txt
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\winxgo32.rom

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 19:56 --------- d-----w C:\Users\Damien\AppData\Roaming\uTorrent
2008-08-31 18:57 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-08-31 17:31 --------- d-----w C:\Program Files\Navilog1
2008-08-31 15:23 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-31 12:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-30 20:50 --------- d-----w C:\Program Files\PC Health Optimizer Free Edition
2008-08-30 18:59 --------- d-----w C:\Program Files\Enigma Software Group
2008-08-30 11:24 --------- d-----w C:\Users\Damien\AppData\Roaming\Malwarebytes
2008-08-30 11:24 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-30 11:20 24,576 ----a-w C:\Windows\System32\VundoFixSVC.exe
2008-08-15 07:24 --------- d-----w C:\ProgramData\NVIDIA
2008-08-14 13:54 296,777 ----a-w C:\Users\Damien\AppData\Roaming\mdb.bin
2008-08-14 06:41 --------- d-----w C:\Program Files\Windows Mail
2008-08-04 18:38 --------- d-----w C:\ProgramData\Xfire
2008-07-31 17:51 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-07-31 17:07 --------- d-----w C:\ProgramData\Media Center Programs
2008-07-31 16:53 --------- d-----w C:\Program Files\THQ
2008-07-29 18:23 136,888 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-07-29 18:23 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-07-25 20:50 --------- d-----w C:\Users\Damien\AppData\Roaming\Xfire
2008-07-24 08:21 --------- d-----w C:\Users\Damien\AppData\Roaming\Turbine
2008-07-22 11:31 --------- d-----w C:\Program Files\Xfire
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-17 15:07 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-07-17 06:59 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-07-17 06:34 22,328 ----a-w C:\Users\Damien\AppData\Roaming\PnkBstrK.sys
2008-07-17 06:11 --------- d-----w C:\Program Files\Activision
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-15 23:09 42,320 ----a-w C:\Windows\System32\xfcodec.dll
2008-07-14 18:59 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-07-06 16:35 --------- d-----w C:\Users\Damien\AppData\Roaming\teamspeak2
2008-07-06 16:35 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-07-06 16:29 --------- d-----w C:\Users\Damien\AppData\Roaming\RetinaX
2008-07-02 08:16 --------- d-----w C:\Program Files\Intel Corporation
2008-06-30 20:34 0 —ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-28 17:00 0 —ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-24 08:31 174 --sha-w C:\Program Files\desktop.ini
2008-06-24 08:15 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-24 08:15 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2004-11-12 11:49 207,872 ----a-w C:\Program Files\mozilla firefox\plugins\IN_MP3.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-08-31_20.13.18.29 )))))))))))))))))))))))))))))))))))))))))
.

2008-08-31 17:36:23 1,310,720 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

2008-08-31 19:56:58 1,310,720 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

2008-08-31 17:41:18 1,310,720 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

2008-08-31 19:56:58 1,310,720 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

2008-08-31 17:36:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-08-31 18:19:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-08-31 17:36:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-08-31 18:19:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-08-31 17:36:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2008-08-31 18:19:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2008-08-31 17:36:58 13,130 ----a-w C:\Windows\System32\WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2510773631-1177197948-1542983943-1000_UserData.bin

2008-08-31 18:20:29 13,130 ----a-w C:\Windows\System32\WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2510773631-1177197948-1542983943-1000_UserData.bin

2008-08-31 17:36:58 96,148 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

2008-08-31 18:20:29 96,210 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

2008-08-31 17:36:57 50,588 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

2008-08-31 18:20:27 50,612 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray.exe”=“C:\Windows\ehome\ehTray.exe” [2008-01-19 09:33 125952]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-01-19 09:33 1233920]
“NVIDIA nTune”=“C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe” [2007-09-04 19:25 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792]
“Launch LCDMon”=“C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe” [2007-04-18 11:34 774168]
“Launch LGDCore”=“C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe” [2007-04-18 11:55 1132056]
“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2008-05-03 05:46 13535776]
“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2008-05-03 05:46 92704]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2006-12-18 21:34 868352]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-07-19 16:38 78008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“GrpConv”=“grpconv -o” [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
“EnableLUA”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-11-16 16:57 450646 C:\Windows\System32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.sl_anet”= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
“vidc.yv12”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
“vidc.divx”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
“vidc.iyuv”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
“vidc.yvu9”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
“vidc.uyvy”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“vidc.yuy2”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“vidc.yvyu”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“msacm.msaudio1”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
“VIDC.XFR1”= xfcodec.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“NvSvc”=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{3B2CB8D9-C06A-4D3B-844D-BA9BCE1C84C4}”= UDP:9052:BitComet 9052 TCP
“{7FF9E015-AD66-4722-AEBE-1C6EF7C69346}”= TCP:9052:BitComet 9052 UDP
“TCP Query User{FAB147FA-ED34-4959-BF1E-1491D2CC485E}C:\program files\bitcomet\bitcomet.exe”= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
“UDP Query User{22849820-82F6-46EF-9D89-7F4AB709F15F}C:\program files\bitcomet\bitcomet.exe”= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
“TCP Query User{469F3FA0-BE55-439F-9B7A-64417ECD6C0B}C:\program files\codemasters\le seigneur des anneaux online\lotroclient.exe”= UDP:C:\program files\codemasters\le seigneur des anneaux online\lotroclient.exe:lotroclient.exe
“UDP Query User{0D9FA8BC-133C-40C6-949F-7E7CFF3620FF}C:\program files\codemasters\le seigneur des anneaux online\lotroclient.exe”= TCP:C:\program files\codemasters\le seigneur des anneaux online\lotroclient.exe:lotroclient.exe
“TCP Query User{6A190C05-A0D7-4A49-BE56-70AE4B9AED69}C:\users\damien\desktop\company_of_heroes_patch_fr_1_20.exe”= UDP:C:\users\damien\desktop\company_of_heroes_patch_fr_1_20.exe:company_of_heroes_patch_fr_1_20.exe
“UDP Query User{84AD2408-754C-4D2C-BC7B-9DC33EB01C61}C:\users\damien\desktop\company_of_heroes_patch_fr_1_20.exe”= TCP:C:\users\damien\desktop\company_of_heroes_patch_fr_1_20.exe:company_of_heroes_patch_fr_1_20.exe
“TCP Query User{5EC2671D-C078-4C64-A522-7412D7A3846A}C:\users\damien\desktop\company_of_heroes_patch_1-3.exe”= UDP:C:\users\damien\desktop\company_of_heroes_patch_1-3.exe:company_of_heroes_patch_1-3.exe
“UDP Query User{6CD3334C-4A68-4EB0-973F-C1F27620D446}C:\users\damien\desktop\company_of_heroes_patch_1-3.exe”= TCP:C:\users\damien\desktop\company_of_heroes_patch_1-3.exe:company_of_heroes_patch_1-3.exe
“TCP Query User{4177EE4F-C5C4-4941-A18A-6E90C752A750}C:\users\damien\desktop\company_of_heroes_patch_1-2_to_1-3.exe”= UDP:C:\users\damien\desktop\company_of_heroes_patch_1-2_to_1-3.exe:company_of_heroes_patch_1-2_to_1-3.exe
“UDP Query User{CF7557ED-1060-45EF-9C79-6E343917DD4F}C:\users\damien\desktop\company_of_heroes_patch_1-2_to_1-3.exe”= TCP:C:\users\damien\desktop\company_of_heroes_patch_1-2_to_1-3.exe:company_of_heroes_patch_1-2_to_1-3.exe
“{E1DDDA66-2DAD-4727-A869-AA7DE9BE967C}”= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
“{65F061C8-8A2A-4740-856A-91640559C651}”= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
“{A5491510-8723-423D-85D9-16ABC7D033E3}”= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“{2792E4EC-171B-49ED-89CF-6252A1AC95CD}”= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
“{2E6C621E-D409-4A3C-B771-3C878AB7E44D}”= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
“{9578CD5D-2976-4E65-8C30-3D66D0866511}”= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{69EADB3E-A48F-4459-9BCE-8CB0AC3E4ED4}”= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{06C4F2CE-3D69-4B90-A9C5-CDE920926662}”= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{95A2587A-45C7-4516-A5C7-B6D1F859DBA6}”= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{2CDA990D-0FC6-48A2-8A2B-A8EAE7DC9D44}”= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“{3A6B835E-F2F1-4955-A39A-83081F7AE0E4}”= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“TCP Query User{94C1ECA4-745A-4891-9F34-D951F830AAE6}C:\users\damien\desktop\wow-frfr-installer-downloader.exe”= UDP:C:\users\damien\desktop\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
“UDP Query User{CDE1DA49-8D4D-4ACC-BCFB-D432B92D3B27}C:\users\damien\desktop\wow-frfr-installer-downloader.exe”= TCP:C:\users\damien\desktop\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
“{FA7734A6-7F65-48FB-A274-E51C978C5A6A}”= UDP:3724:Blizzard Downloader
“{5071498C-66BF-4FF6-B84D-B1D6F637F52C}”= UDP:6112:Blizzard Downloader
“{CC221DFD-61B7-407E-A5D5-E2743DB6053A}”= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
“{822030E5-531D-4DB4-A63A-AABBB6FD6B93}”= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
“{7C60BACB-851A-468C-A975-5FF28E248114}”= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
“{52B66C93-FB7F-43D9-BDDA-A10298338683}”= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
“{185331FB-E9C4-4394-A80F-7A1549DE6278}”= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
“{6320D17A-696F-4A5A-96C1-15E34A221062}”= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
“{1BDE75C1-C874-43E9-9904-8B95451DAB35}”= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
“{09F28361-04BA-4687-A4DC-900F29DBF742}”= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
“{938A1F68-37B2-4B05-B1DB-D6264C34BFA9}”= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
“TCP Query User{25E0FAE5-EB9D-4887-BEC3-8532E197633A}C:\program files\codemasters\rf online;\rf.exe”= UDP:C:\program files\codemasters\rf online;\rf.exe:RFLauncher
“UDP Query User{FAD0F95A-DC93-42C8-BB10-A31CA6EAFB78}C:\program files\codemasters\rf online;\rf.exe”= TCP:C:\program files\codemasters\rf online;\rf.exe:RFLauncher
“TCP Query User{5A829D3A-97A4-4AFE-B2FE-A66225C9E57C}C:\program files\common files\nero\nero web\setupx.exe”= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
“UDP Query User{6A1BB185-E029-4279-986B-0F3309818243}C:\program files\common files\nero\nero web\setupx.exe”= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
“TCP Query User{B066D794-D398-4124-805A-574C5B007B7B}C:\program files\sony\station\launchpad\launchpad.exe”= UDP:C:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
“UDP Query User{802FE977-DA4C-48AF-9897-6057FB418053}C:\program files\sony\station\launchpad\launchpad.exe”= TCP:C:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
“TCP Query User{25FC9B26-0DD1-4777-92B7-46D4CF2A0170}C:\program files\xfire\xfire.exe”= UDP:C:\program files\xfire\xfire.exe:Xfire
“UDP Query User{BA4CF34D-B81E-4DA1-A128-F5658DBE6EB5}C:\program files\xfire\xfire.exe”= TCP:C:\program files\xfire\xfire.exe:Xfire
“TCP Query User{9854FF93-E92C-42DF-9463-07700F4294A8}C:\program files\emule\emule.exe”= UDP:C:\program files\emule\emule.exe:eMule
“UDP Query User{CAD2801E-F8AF-4A63-8392-0F61DFF26132}C:\program files\emule\emule.exe”= TCP:C:\program files\emule\emule.exe:eMule
“TCP Query User{F2CE9A1E-3145-467D-A0E8-C97219E23AC3}C:\windows\temp\navbrowser.exe”= UDP:C:\windows\temp\navbrowser.exe:navbrowser.exe
“UDP Query User{8A9B137D-2196-4CCE-86C0-50C71623F2CC}C:\windows\temp\navbrowser.exe”= TCP:C:\windows\temp\navbrowser.exe:navbrowser.exe
“TCP Query User{FE20476A-34FA-499C-B187-E05218A309B8}C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe”= UDP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
“UDP Query User{C5380C8D-0917-4AB4-8EC0-DB220E595820}C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe”= TCP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
“{E08F6C01-9DB3-462C-862B-70F3E683E1D9}”= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“{64A1684D-2DFC-42A9-8E9B-6A34E5928CFE}”= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“{4D627972-29D3-4108-AA24-8FC09EDCAD8B}”= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
“{0E4CBE3E-1A52-45D7-8FD5-FA5F4BBD7529}”= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
“TCP Query User{5A8D12EC-0989-4147-A525-33A25BC24D6C}C:\program files\xfire\xfire.exe”= UDP:C:\program files\xfire\xfire.exe:Xfire
“UDP Query User{95C1A641-8959-4AB8-BEC8-C6FE1C08909B}C:\program files\xfire\xfire.exe”= TCP:C:\program files\xfire\xfire.exe:Xfire
“{2F212F9A-2B42-4AFE-B7EC-CA416EA832F0}”= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{C48CD45F-E4B1-41B3-AC76-3F22AB7499D8}”= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{C7248625-7A33-431F-8C73-E8390ECDC0D8}”= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“{2D194D10-6A45-444E-9ACA-5A419FC72637}”= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“{F4D791FF-F584-4B23-BA25-638481CDCAE5}”= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“{A55C07C4-0BEA-44BD-B4CD-593A0D9D84E2}”= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“{4ED5893E-B57D-4A9D-BD4B-A86CC2811AF3}”= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
“{B813227B-8D8B-4E8C-BDAD-57E19AE25E54}”= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
“TCP Query User{84E3F1C2-5124-4C0C-BC5D-0F4380306F3A}C:\program files\thq\company of heroes\reliccoh.exe”= UDP:C:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
“UDP Query User{287A018C-42B0-49E9-BDFD-4D45CD8B4EE1}C:\program files\thq\company of heroes\reliccoh.exe”= TCP:C:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
“{DECC8098-BA78-418D-9D2C-FD3125E6602A}”= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
“{914E687D-1843-4609-A678-42EB580648C3}”= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-06-24 10:35]
S1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
S2 TimerStop;TimerStop;C:\Windows\system32\timerstop.sys [2006-12-22 17:44]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 12:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 12:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2c81e25d-62a9-11dc-9f3e-000b6b9b4c89}]
\shell\AutoRun\command - E:\Launch.exe

Newly Created Service - ECACHE
.
Contenu du dossier ‘Scheduled Tasks/Tâches planifiées’

2008-08-31 C:\Windows\Tasks\Maintenance en 1 clic.job

C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe []
.
- - - ORPHANS REMOVED - - - -

HKCU-Run-MSSMSGS - winxgo32.rom
HKLM-RunOnce-@ - (no file)

Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:10, on 31/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\system32\PRISMSVR.EXE
C:\Windows\Explorer.exe
C:\Users\Damien\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [Launch LCDMon] “C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe”
O4 - HKLM…\Run: [Launch LGDCore] “C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe” /SHOWHIDE
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\RunOnce: [GrpConv] grpconv -o
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [NVIDIA nTune] “C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe” clear
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

–
End of file - 4056 bytes

guigui14100 · Août 31, 2008, 10:14

Dans exécuter tape “combofix /u” sans guillemet

Lance un scan complet d’avast

isla · Août 31, 2008, 10:59

J’ai fait le scan et 0 fichier infecté

guigui14100 · Août 31, 2008, 11:17

OK je pense que sa doit etre bon

isla · Août 31, 2008, 11:26

Oki j’ai installé bitdefender et je referai un scan .
Je te remercie énormément .
Et pour mon probléme de bureau comment dois-je faire stp ?

Encore merci

guigui14100 · Août 31, 2008, 11:48

A oui c’est vrai

Créer un point de restauration.
Dans éxécuter tape regedit

isla · Septembre 1, 2008, 12:16

Oki mais ça ne marche toujours pas , pas de bureau au démarrage .

guigui14100 · Septembre 1, 2008, 12:28

Télécharge ce fichier, double clique et fait fusionner

isla · Septembre 1, 2008, 1:07

Lut

J’ai téléchargé le fichier et je l’ai fait fusionné ( avec shell dans le registre )
Je l’ai pris et collé dans le registre , ça m’a dit que la base de registre avait pris les modifs , mais au redémarrage toujours pas de bureau

alain77310_1_1 · Septembre 1, 2008, 2:33

Ce problème connu est en fait causé par le processus Explorer.exe qui gère à la fois l’Explorateur Windows, l’affichage du Bureau ainsi que la barre des tâches au sein d’un processus multithread*.

Pour régler ce problème, il suffit de séparer ces tâches dans des processus distincts, l’Explorateur Windows au sein d’un processus unique (chaque instance disposant de son propre processus) et le bureau ainsi que la barre des tâches dans un autre.

Cette modification impose une petite manipulation dans le Registre de Windows :

Cliquer sur " Démarrer ", " Exécuter… " puis taper " regedit " et cliquer sur " OK " pour accéder à l’éditeur de la base de registre de Windows.

Se rendre à la clé suivante :
HKEY_CURRENT_USER
\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

Ajouter une nouvelle valeur DWORD (clic droit sur la clé Explorer > Nouveau > Valeur DWORD) nommée DesktopProcess et mettre " 1 " dans le champ Données de la Valeur, pour séparer les processus.

Il n’est pas nécessaire de redémarrer l’ordinateur, les changements sont tout de suite actifs. Pour vérifier cela, il suffit d’ouvrir le Gestionnaire de tâches et de localiser le processus explorer.exe, lors du lancement de l’Explorateur Windows un second processus du même nom apparaîtra

isla · Septembre 1, 2008, 8:38

Ca ne fonctionne toujours pas , c’est embêtant

isla · Septembre 1, 2008, 10:13

Meci a tous de m’avoir aidé je vais essayer de réparer avec le disque d’installation en faisant une mise à niveau .
Encore merci

isla · Septembre 2, 2008, 5:07

Lut all

J’ai une petite question , si je veux remettre à niveau vista : y-aura t-il un soucis si j’ai installé la sp1 ( et que mon cd d’installation ne la contient pas ) ?

Merci

isla · Septembre 2, 2008, 8:24

Personne ?

isla · Septembre 2, 2008, 10:52

Lut ,

j’hésite pour la remise à niveau et je recherche toujours le probléme .
Aprés le nettoyage du registre par ccleaner j’ai eu ça comme rapport : est ce que ca a voir avec mon probléme de bureau ?

L’extension de fichier Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\OpenWithList fait référence à un programme inexistant. Ces références sont souvent laissées après la désinstallation d’un programme

Merci

isla · Septembre 4, 2008, 3:04

up