Disque du qui "gratte" non stop !
François
-
François -
François -
Bonjour,
J'ai mon disque dur qui "gratte" depuis un certain temps, et presque non stop ... alors ça me fait vraiment peur quant à la durée de vie du DD ....
Alors en parcourant le forum j'ai remarqué qu'on pouvait y coller le rapport de hijackthis dans le post pour detecter eventuellement le probleme (virus ?), alors le voila :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:40:21, on 10/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\DoroPDFWriter\DoroServer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.carrefour.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Windows Live\Messenger\HTC.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31CDE8E1-E230-424D-AD7F-E5B563B931BC}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{31CDE8E1-E230-424D-AD7F-E5B563B931BC}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
End of file - 8670 bytes
Je vous remercie d'avance pour trouver l'eventuel(s) soucis !
J'ai mon disque dur qui "gratte" depuis un certain temps, et presque non stop ... alors ça me fait vraiment peur quant à la durée de vie du DD ....
Alors en parcourant le forum j'ai remarqué qu'on pouvait y coller le rapport de hijackthis dans le post pour detecter eventuellement le probleme (virus ?), alors le voila :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:40:21, on 10/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\DoroPDFWriter\DoroServer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.carrefour.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Windows Live\Messenger\HTC.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31CDE8E1-E230-424D-AD7F-E5B563B931BC}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{31CDE8E1-E230-424D-AD7F-E5B563B931BC}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
End of file - 8670 bytes
Je vous remercie d'avance pour trouver l'eventuel(s) soucis !
A voir également:
- Disque du qui "gratte" non stop !
- Cloner disque dur - Guide
- Stop 36200 - Guide
- Defragmenter disque dur - Guide
- Stop pub gratuit - Télécharger - Divers Utilitaires
- Test disque dur - Télécharger - Informations & Diagnostic
46 réponses
mon ami poplus, voici le rapport (pardon pour le retard):
ComboFix 09-03-10.03 - ** 2009-03-14 11:57:19.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3325.2215 [GMT 1:00]
Lancé depuis: c:\users\VASSEUR\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\VASSEUR\AppData\Roaming\inst.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-14 au 2009-03-14 ))))))))))))))))))))))))))))))))))))
.
2009-03-11 11:47 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-11 11:47 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-11 11:47 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-11 11:47 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-11 11:47 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-11 11:47 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-11 11:47 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-11 11:47 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-11 11:37 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-03-11 11:37 . 2008-04-12 04:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-03-11 11:37 . 2008-04-05 02:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-03-11 11:37 . 2008-04-05 04:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-03-11 10:27 . 2009-03-11 10:27 <REP> d-------- C:\rsit
2009-03-10 19:26 . 2009-03-10 19:26 <REP> d-------- C:\PerfLogs
2009-03-10 19:13 . 2009-03-10 19:07 152,576 --a------ c:\windows\System32\SPWizUI.dll
2009-03-10 19:13 . 2009-03-10 19:07 47,560 --a------ c:\windows\System32\SPReview.exe
2009-03-10 18:29 . 2008-01-18 23:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
2009-03-10 18:29 . 2008-01-18 23:33 193,024 --a------ c:\windows\System32\recdisc.exe
2009-03-10 18:29 . 2008-01-18 23:36 142,336 --a------ c:\windows\System32\spp.dll
2009-03-10 18:29 . 2008-01-18 23:36 28,160 --a------ c:\windows\System32\sxproxy.dll
2009-03-10 18:29 . 2008-01-18 23:36 6,656 --a------ c:\windows\System32\sdspres.dll
2009-03-10 18:27 . 2008-01-18 21:31 8,322,048 --a------ c:\windows\System32\spwizimg.dll
2009-03-10 18:26 . 2008-01-18 23:36 2,588,160 --a------ c:\windows\System32\UIHub.dll
2009-03-10 18:24 . 2009-03-10 19:13 589,824 --a------ c:\windows\SPInstall.etl
2009-03-10 18:24 . 2008-01-18 23:33 44,032 --a------ c:\windows\System32\cbsra.exe
2009-03-10 17:22 . 2009-03-10 17:22 <REP> d-------- C:\Downloads
2009-03-10 17:21 . 2009-03-12 22:27 <REP> d-------- c:\users\VASSEUR\AppData\Roaming\Free Download Manager
2009-03-10 17:21 . 2009-03-10 17:21 <REP> d-------- c:\users\All Users\FreeDownloadManager.ORG
2009-03-10 17:21 . 2009-03-10 17:21 <REP> d-------- c:\programdata\FreeDownloadManager.ORG
2009-03-10 17:21 . 2009-03-10 17:21 <REP> d-------- c:\program files\Free Download Manager
2009-03-10 16:18 . 2009-03-10 16:37 <REP> d-------- c:\users\VASSEUR\AppData\Roaming\LimeWire
2009-03-10 16:18 . 2009-03-10 16:18 410,984 --a------ c:\windows\System32\deploytk.dll
2009-03-10 16:16 . 2009-03-10 16:36 <REP> d-------- c:\program files\LimeWire
2009-03-09 15:30 . 2009-03-09 15:30 <REP> d-------- c:\program files\Common Files\France Telecom
2009-03-09 15:30 . 2007-07-31 14:57 65,536 --a------ c:\windows\System32\Autodial2000.dll
2009-03-09 15:25 . 2009-03-09 15:25 <REP> d-------- c:\program files\Securitoo
2009-03-09 13:27 . 2009-03-09 15:26 <REP> d-------- c:\program files\SAGEM
2009-03-09 13:10 . 2009-03-09 13:10 <REP> d-------- c:\users\VASSEUR\AppData\Roaming\InstallShield
2009-03-08 16:51 . 2009-03-08 16:51 <REP> d-------- c:\users\VASSEUR\AppData\Roaming\F-Secure
2009-03-08 16:46 . 2008-12-04 14:57 70,944 --a------ c:\windows\System32\drivers\fsdfw.sys
2009-03-08 16:46 . 2008-12-04 14:57 35,552 --a------ c:\windows\System32\drivers\fses.sys
2009-03-08 16:46 . 2009-03-08 17:27 33,408 --a------ c:\windows\System32\drivers\fsbts.sys
2009-03-08 16:44 . 2009-03-08 16:44 <REP> d-------- c:\program files\Orange
2009-03-08 16:43 . 2009-03-08 16:44 <REP> d-------- c:\users\All Users\fssg
2009-03-08 16:43 . 2009-03-08 16:44 <REP> d-------- c:\programdata\fssg
2009-03-08 16:40 . 2009-03-08 16:45 <REP> d-------- c:\users\All Users\f-secure
2009-03-08 16:40 . 2009-03-08 16:45 <REP> d-------- c:\programdata\f-secure
2009-03-05 09:27 . 2009-03-05 09:27 <REP> d-------- c:\program files\Microsoft Silverlight
2009-03-05 09:20 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-05 09:20 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-05 09:20 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-05 09:20 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-04 22:33 . 2009-03-04 22:33 <REP> d-------- c:\program files\Trend Micro
2009-03-04 22:11 . 2009-03-05 08:20 <REP> d-------- c:\program files\kauav
2009-03-04 22:11 . 2003-03-25 02:46 8,704 --a------ c:\windows\System32\sporder.dll
2009-03-04 21:39 . 2009-03-04 21:39 187 --a------ c:\windows\Wininit.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 20:04 14,142 ----a-w c:\users\VASSEUR\AppData\Roaming\wklnhst.dat
2009-03-11 11:01 --------- d-----w c:\program files\Windows Mail
2009-03-10 18:37 --------- d-----w c:\programdata\NVIDIA
2009-03-10 18:35 174 --sha-w c:\program files\desktop.ini
2009-03-10 18:29 --------- d-----w c:\program files\Windows Sidebar
2009-03-10 18:29 --------- d-----w c:\program files\Windows Photo Gallery
2009-03-10 18:29 --------- d-----w c:\program files\Windows Journal
2009-03-10 18:29 --------- d-----w c:\program files\Windows Defender
2009-03-10 18:29 --------- d-----w c:\program files\Windows Collaboration
2009-03-10 18:29 --------- d-----w c:\program files\Windows Calendar
2009-03-10 18:18 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-03-10 18:18 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-03-10 15:36 --------- d-----w c:\program files\Panda Security
2009-03-10 15:35 47,360 ----a-w c:\users\VASSEUR\AppData\Roaming\pcouffin.sys
2009-03-10 15:35 --------- d-----w c:\users\VASSEUR\AppData\Roaming\Vso
2009-03-10 15:34 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-03-10 15:18 --------- d-----w c:\program files\Java
2009-03-09 14:31 --------- d-----w c:\program files\Orange HSS
2009-03-09 14:26 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-05 07:17 --------- d-----w c:\program files\Google
2009-03-04 20:36 --------- d-----w c:\program files\Yahoo!
2009-03-04 20:36 --------- d-----w c:\program files\PENDULO Studios
2009-03-04 20:36 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-12 15:11 --------- d-----w c:\users\VASSEUR\AppData\Roaming\Yahoo!
2009-02-12 15:11 --------- d-----w c:\program files\CCleaner
2009-02-12 08:31 --------- d-----w c:\program files\MaCuisineLapeyre
2009-02-09 03:10 2,033,152 ----a-w c:\windows\System32\win32k.sys
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-27 08:52 127,112 ----a-w c:\users\VASSEUR\AppData\Roaming\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"SystrayORAHSS"="c:\program files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 94208]
"ORAHSSSessionManager"="c:\program files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 102400]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"F-Secure TNB"="c:\program files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"F-Secure Manager"="c:\program files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2008-12-04 182936]
"DoroServer"="c:\program files\DoroPDFWriter\DoroServer.exe" [2006-12-29 106496]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 136600]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"Skytel"="Skytel.exe" [2007-08-03 c:\windows\SkyTel.exe]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 c:\windows\KHALMNPR.Exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FA02C6F9-7AD8-40C0-A4FD-55BB19BEA623}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2AACEB4F-7703-4351-B05D-D578B2FB9769}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2A0D2020-38BD-4C18-83C2-548B81A1F16E}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{87529E5C-F45B-4C8A-84F9-96EB4F59F958}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{629C8AEB-54D0-4F59-8B62-DC5837C3A1F0}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{8909FFB2-8EE6-433F-ABC9-A1E0BA4D64B5}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{1E65D66E-0CD7-4309-AB6A-2CC60F2C30C7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F6EE13B9-A272-492D-BCBA-3BAECE6252ED}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{16676BC3-2F09-4498-ADEC-49E989201421}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{039F7774-589B-4646-A1E8-5AC6578B9D32}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{4187D433-AC55-4011-95E0-2384C6CAF911}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{88F26A72-088E-4606-958D-7B43AE1A4AF9}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{9075B533-1421-41AD-A3C1-0C44F1D86454}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{82361BDC-7F1D-4944-B2D7-1103D4CFB263}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{CD5055F0-F1DD-425F-9D1F-340BEDCAC52F}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{1D6A446F-7E4C-4E6E-B0CD-FBFC7884474A}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{6319563E-CE6C-4B00-9F8B-149EBBB36D05}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{1EFF9071-CBBB-431F-AE8B-2C785B7539EB}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{5715F394-E404-4E78-9365-708EE0242B46}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\Orange HSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [2009-03-08 33408]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Orange\AntivirusFirewall\HIPS\drivers\fshs.sys [2009-03-08 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2009-03-08 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-03-08 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsvista.sys [2009-03-08 12384]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\System32\drivers\athru6.sys [2007-12-14 871936]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2009-03-08 84616]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [2009-02-09 449536]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe [2009-03-08 55904]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2008-03-21 28224]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [2009-03-08 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [2009-03-08 25184]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6eb6c041-dcb7-11dc-be0e-001d9202628a}]
\shell\AutoRun\command - I:\setup.exe AUTORUN=1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7b05522-b555-11dd-bab0-001d9202628a}]
\shell\AutoRun\command - I:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7b05528-b555-11dd-bab0-001d9202628a}]
\shell\AutoRun\command - J:\AUTORUN.EXE
.
Contenu du dossier 'Tâches planifiées'
2009-03-13 c:\windows\Tasks\User_Feed_Synchronization-{08A23F42-CA99-4AFA-A3DA-889030436FAE}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 23:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
LSP: c:\program files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL
TCP: {31CDE8E1-E230-424D-AD7F-E5B563B931BC} = 80.10.246.2,80.10.246.129
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-14 11:59:21
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(952)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc32.dll
- - - - - - - > 'lsass.exe'(688)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc32.dll
- - - - - - - > 'csrss.exe'(580)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc32.dll
- - - - - - - > 'csrss.exe'(640)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc32.dll
.
Heure de fin: 2009-03-14 12:00:14
ComboFix-quarantined-files.txt 2009-03-14 11:00:11
Avant-CF: 820 189 917 184 octets libres
Après-CF: 820,180,766,720 octets libres
216 --- E O F --- 2009-03-11 11:17:37
ComboFix 09-03-10.03 - ** 2009-03-14 11:57:19.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3325.2215 [GMT 1:00]
Lancé depuis: c:\users\VASSEUR\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\VASSEUR\AppData\Roaming\inst.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-14 au 2009-03-14 ))))))))))))))))))))))))))))))))))))
.
2009-03-11 11:47 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-11 11:47 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-11 11:47 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-11 11:47 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-11 11:47 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-11 11:47 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-11 11:47 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-11 11:47 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-11 11:37 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-03-11 11:37 . 2008-04-12 04:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-03-11 11:37 . 2008-04-05 02:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-03-11 11:37 . 2008-04-05 04:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-03-11 10:27 . 2009-03-11 10:27 <REP> d-------- C:\rsit
2009-03-10 19:26 . 2009-03-10 19:26 <REP> d-------- C:\PerfLogs
2009-03-10 19:13 . 2009-03-10 19:07 152,576 --a------ c:\windows\System32\SPWizUI.dll
2009-03-10 19:13 . 2009-03-10 19:07 47,560 --a------ c:\windows\System32\SPReview.exe
2009-03-10 18:29 . 2008-01-18 23:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
2009-03-10 18:29 . 2008-01-18 23:33 193,024 --a------ c:\windows\System32\recdisc.exe
2009-03-10 18:29 . 2008-01-18 23:36 142,336 --a------ c:\windows\System32\spp.dll
2009-03-10 18:29 . 2008-01-18 23:36 28,160 --a------ c:\windows\System32\sxproxy.dll
2009-03-10 18:29 . 2008-01-18 23:36 6,656 --a------ c:\windows\System32\sdspres.dll
2009-03-10 18:27 . 2008-01-18 21:31 8,322,048 --a------ c:\windows\System32\spwizimg.dll
2009-03-10 18:26 . 2008-01-18 23:36 2,588,160 --a------ c:\windows\System32\UIHub.dll
2009-03-10 18:24 . 2009-03-10 19:13 589,824 --a------ c:\windows\SPInstall.etl
2009-03-10 18:24 . 2008-01-18 23:33 44,032 --a------ c:\windows\System32\cbsra.exe
2009-03-10 17:22 . 2009-03-10 17:22 <REP> d-------- C:\Downloads
2009-03-10 17:21 . 2009-03-12 22:27 <REP> d-------- c:\users\VASSEUR\AppData\Roaming\Free Download Manager
2009-03-10 17:21 . 2009-03-10 17:21 <REP> d-------- c:\users\All Users\FreeDownloadManager.ORG
2009-03-10 17:21 . 2009-03-10 17:21 <REP> d-------- c:\programdata\FreeDownloadManager.ORG
2009-03-10 17:21 . 2009-03-10 17:21 <REP> d-------- c:\program files\Free Download Manager
2009-03-10 16:18 . 2009-03-10 16:37 <REP> d-------- c:\users\VASSEUR\AppData\Roaming\LimeWire
2009-03-10 16:18 . 2009-03-10 16:18 410,984 --a------ c:\windows\System32\deploytk.dll
2009-03-10 16:16 . 2009-03-10 16:36 <REP> d-------- c:\program files\LimeWire
2009-03-09 15:30 . 2009-03-09 15:30 <REP> d-------- c:\program files\Common Files\France Telecom
2009-03-09 15:30 . 2007-07-31 14:57 65,536 --a------ c:\windows\System32\Autodial2000.dll
2009-03-09 15:25 . 2009-03-09 15:25 <REP> d-------- c:\program files\Securitoo
2009-03-09 13:27 . 2009-03-09 15:26 <REP> d-------- c:\program files\SAGEM
2009-03-09 13:10 . 2009-03-09 13:10 <REP> d-------- c:\users\VASSEUR\AppData\Roaming\InstallShield
2009-03-08 16:51 . 2009-03-08 16:51 <REP> d-------- c:\users\VASSEUR\AppData\Roaming\F-Secure
2009-03-08 16:46 . 2008-12-04 14:57 70,944 --a------ c:\windows\System32\drivers\fsdfw.sys
2009-03-08 16:46 . 2008-12-04 14:57 35,552 --a------ c:\windows\System32\drivers\fses.sys
2009-03-08 16:46 . 2009-03-08 17:27 33,408 --a------ c:\windows\System32\drivers\fsbts.sys
2009-03-08 16:44 . 2009-03-08 16:44 <REP> d-------- c:\program files\Orange
2009-03-08 16:43 . 2009-03-08 16:44 <REP> d-------- c:\users\All Users\fssg
2009-03-08 16:43 . 2009-03-08 16:44 <REP> d-------- c:\programdata\fssg
2009-03-08 16:40 . 2009-03-08 16:45 <REP> d-------- c:\users\All Users\f-secure
2009-03-08 16:40 . 2009-03-08 16:45 <REP> d-------- c:\programdata\f-secure
2009-03-05 09:27 . 2009-03-05 09:27 <REP> d-------- c:\program files\Microsoft Silverlight
2009-03-05 09:20 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-05 09:20 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-05 09:20 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-05 09:20 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-04 22:33 . 2009-03-04 22:33 <REP> d-------- c:\program files\Trend Micro
2009-03-04 22:11 . 2009-03-05 08:20 <REP> d-------- c:\program files\kauav
2009-03-04 22:11 . 2003-03-25 02:46 8,704 --a------ c:\windows\System32\sporder.dll
2009-03-04 21:39 . 2009-03-04 21:39 187 --a------ c:\windows\Wininit.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 20:04 14,142 ----a-w c:\users\VASSEUR\AppData\Roaming\wklnhst.dat
2009-03-11 11:01 --------- d-----w c:\program files\Windows Mail
2009-03-10 18:37 --------- d-----w c:\programdata\NVIDIA
2009-03-10 18:35 174 --sha-w c:\program files\desktop.ini
2009-03-10 18:29 --------- d-----w c:\program files\Windows Sidebar
2009-03-10 18:29 --------- d-----w c:\program files\Windows Photo Gallery
2009-03-10 18:29 --------- d-----w c:\program files\Windows Journal
2009-03-10 18:29 --------- d-----w c:\program files\Windows Defender
2009-03-10 18:29 --------- d-----w c:\program files\Windows Collaboration
2009-03-10 18:29 --------- d-----w c:\program files\Windows Calendar
2009-03-10 18:18 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-03-10 18:18 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-03-10 15:36 --------- d-----w c:\program files\Panda Security
2009-03-10 15:35 47,360 ----a-w c:\users\VASSEUR\AppData\Roaming\pcouffin.sys
2009-03-10 15:35 --------- d-----w c:\users\VASSEUR\AppData\Roaming\Vso
2009-03-10 15:34 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-03-10 15:18 --------- d-----w c:\program files\Java
2009-03-09 14:31 --------- d-----w c:\program files\Orange HSS
2009-03-09 14:26 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-05 07:17 --------- d-----w c:\program files\Google
2009-03-04 20:36 --------- d-----w c:\program files\Yahoo!
2009-03-04 20:36 --------- d-----w c:\program files\PENDULO Studios
2009-03-04 20:36 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-12 15:11 --------- d-----w c:\users\VASSEUR\AppData\Roaming\Yahoo!
2009-02-12 15:11 --------- d-----w c:\program files\CCleaner
2009-02-12 08:31 --------- d-----w c:\program files\MaCuisineLapeyre
2009-02-09 03:10 2,033,152 ----a-w c:\windows\System32\win32k.sys
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-27 08:52 127,112 ----a-w c:\users\VASSEUR\AppData\Roaming\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"SystrayORAHSS"="c:\program files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 94208]
"ORAHSSSessionManager"="c:\program files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 102400]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"F-Secure TNB"="c:\program files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"F-Secure Manager"="c:\program files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2008-12-04 182936]
"DoroServer"="c:\program files\DoroPDFWriter\DoroServer.exe" [2006-12-29 106496]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 136600]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"Skytel"="Skytel.exe" [2007-08-03 c:\windows\SkyTel.exe]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 c:\windows\KHALMNPR.Exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FA02C6F9-7AD8-40C0-A4FD-55BB19BEA623}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2AACEB4F-7703-4351-B05D-D578B2FB9769}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2A0D2020-38BD-4C18-83C2-548B81A1F16E}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{87529E5C-F45B-4C8A-84F9-96EB4F59F958}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{629C8AEB-54D0-4F59-8B62-DC5837C3A1F0}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{8909FFB2-8EE6-433F-ABC9-A1E0BA4D64B5}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{1E65D66E-0CD7-4309-AB6A-2CC60F2C30C7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F6EE13B9-A272-492D-BCBA-3BAECE6252ED}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{16676BC3-2F09-4498-ADEC-49E989201421}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{039F7774-589B-4646-A1E8-5AC6578B9D32}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{4187D433-AC55-4011-95E0-2384C6CAF911}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{88F26A72-088E-4606-958D-7B43AE1A4AF9}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{9075B533-1421-41AD-A3C1-0C44F1D86454}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{82361BDC-7F1D-4944-B2D7-1103D4CFB263}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{CD5055F0-F1DD-425F-9D1F-340BEDCAC52F}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{1D6A446F-7E4C-4E6E-B0CD-FBFC7884474A}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{6319563E-CE6C-4B00-9F8B-149EBBB36D05}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{1EFF9071-CBBB-431F-AE8B-2C785B7539EB}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{5715F394-E404-4E78-9365-708EE0242B46}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\Orange HSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [2009-03-08 33408]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Orange\AntivirusFirewall\HIPS\drivers\fshs.sys [2009-03-08 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2009-03-08 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-03-08 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsvista.sys [2009-03-08 12384]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\System32\drivers\athru6.sys [2007-12-14 871936]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2009-03-08 84616]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [2009-02-09 449536]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe [2009-03-08 55904]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2008-03-21 28224]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [2009-03-08 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [2009-03-08 25184]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6eb6c041-dcb7-11dc-be0e-001d9202628a}]
\shell\AutoRun\command - I:\setup.exe AUTORUN=1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7b05522-b555-11dd-bab0-001d9202628a}]
\shell\AutoRun\command - I:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7b05528-b555-11dd-bab0-001d9202628a}]
\shell\AutoRun\command - J:\AUTORUN.EXE
.
Contenu du dossier 'Tâches planifiées'
2009-03-13 c:\windows\Tasks\User_Feed_Synchronization-{08A23F42-CA99-4AFA-A3DA-889030436FAE}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 23:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
LSP: c:\program files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL
TCP: {31CDE8E1-E230-424D-AD7F-E5B563B931BC} = 80.10.246.2,80.10.246.129
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-14 11:59:21
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(952)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc32.dll
- - - - - - - > 'lsass.exe'(688)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc32.dll
- - - - - - - > 'csrss.exe'(580)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc32.dll
- - - - - - - > 'csrss.exe'(640)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc32.dll
.
Heure de fin: 2009-03-14 12:00:14
ComboFix-quarantined-files.txt 2009-03-14 11:00:11
Avant-CF: 820 189 917 184 octets libres
Après-CF: 820,180,766,720 octets libres
216 --- E O F --- 2009-03-11 11:17:37
Voila voila :
Logfile of random's system information tool 1.05 (written by random/random)
Run by * at 2009-03-14 18:02:58
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 782 GB (84%) free of 934 GB
Total RAM: 3325 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:20, on 14/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\vVX1000.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\DoroPDFWriter\DoroServer.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Windows\system32\conime.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\VASSEUR\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\VASSEUR.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Windows Live\Messenger\HTC.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [DoroServer] C:\Program Files\DoroPDFWriter\DoroServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31CDE8E1-E230-424D-AD7F-E5B563B931BC}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{31CDE8E1-E230-424D-AD7F-E5B563B931BC}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Logfile of random's system information tool 1.05 (written by random/random)
Run by * at 2009-03-14 18:02:58
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 782 GB (84%) free of 934 GB
Total RAM: 3325 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:20, on 14/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\vVX1000.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\DoroPDFWriter\DoroServer.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Windows\system32\conime.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\VASSEUR\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\VASSEUR.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Windows Live\Messenger\HTC.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [DoroServer] C:\Program Files\DoroPDFWriter\DoroServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31CDE8E1-E230-424D-AD7F-E5B563B931BC}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{31CDE8E1-E230-424D-AD7F-E5B563B931BC}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
il manque un bout du log.txt !
clic ici http://www.cijoint.fr/cjlink.php?file=cj200903/cijDoZwudK.txt et fait ce qui est dit pour recuperer le fichier et fait ce que je t'ai mit dedans et poste le rapport
puis
la mise a jour de tes logiciels
- Par windows update OBLIGATOIRE
puis pour d'autres produits et logiciels sachant qu'il faut que tu desinstalle les ancienne versions des produits que tu met a jour :
- Soit par le biais de ce site internet il faut installer l'active X puis clic start scan et le site montre d'une croix rouge les faille de sécurité pour quelques produits important installé sur le PC comme java, IE, windows, flashplayer, adobe...les + importantes
https://www.flexera.com/products/operations/software-vulnerability-management.html
- Soit on peut aussi passer par un logiciel a installer qui scan le PC et affiche TOUTES les mises a jour des logiciels et produits installé sur le PC
https://filehippo.com/windows/tuning-utilities/
as tu encore des problemes ?
clic ici http://www.cijoint.fr/cjlink.php?file=cj200903/cijDoZwudK.txt et fait ce qui est dit pour recuperer le fichier et fait ce que je t'ai mit dedans et poste le rapport
puis
la mise a jour de tes logiciels
- Par windows update OBLIGATOIRE
puis pour d'autres produits et logiciels sachant qu'il faut que tu desinstalle les ancienne versions des produits que tu met a jour :
- Soit par le biais de ce site internet il faut installer l'active X puis clic start scan et le site montre d'une croix rouge les faille de sécurité pour quelques produits important installé sur le PC comme java, IE, windows, flashplayer, adobe...les + importantes
https://www.flexera.com/products/operations/software-vulnerability-management.html
- Soit on peut aussi passer par un logiciel a installer qui scan le PC et affiche TOUTES les mises a jour des logiciels et produits installé sur le PC
https://filehippo.com/windows/tuning-utilities/
as tu encore des problemes ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
salut poplus, en effet ça va vachement mieux et je t'en remercie.
L'ordi est beaucoup plus rapide, et "reflechi" moins.
En ce qui concerne les dernieres manip que tu me dictes, elles sont un peu trop compliqué pour moi ...
Mais finalement quels etaient les failles du systeme ??
en tout cas poplus, merci beaucoup pour le temps que tu as passé à resoudre mes problemes.
L'ordi est beaucoup plus rapide, et "reflechi" moins.
En ce qui concerne les dernieres manip que tu me dictes, elles sont un peu trop compliqué pour moi ...
Mais finalement quels etaient les failles du systeme ??
en tout cas poplus, merci beaucoup pour le temps que tu as passé à resoudre mes problemes.