Pbm ines.exe, fatiefe.exe, svshost.exe...
Mansoura
-
Mansoura -
Mansoura -
Bonjour,
Je rencontre un pbm dès le démarrage de mon pc. Lorsque je vais faire un visus dans la liste des tâches j'ai des process genre : ines.exe, fatiefe.exe, un peu trop de svshost.exe, qui s'ouvrent.... Qu'est-ce que s'est exactement svp? Des virus ou trojans? J'ai lu la réponse à un post où la personne avait le même pbm. J'ai suivi la démarche: hijack, rsit, récup des bloc et là je vous les joins. Comment faire pour que mon pc nettoie et ne rame plus? Merci de votre réponse.
------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by ines at 2009-08-04 12:51:05
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 23 GB (66%) free of 35 GB
Total RAM: 255 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:24, on 04/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE
C:\Documents and Settings\ines\ines.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Fichiers reçus\RSIT.exe
D:\Fichiers reçus\ines.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\DRIVERS\Adobe Reader 9.1\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\DOCUME~1\ines\LOCALS~1\Temp\E_SB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Fichiers reçus\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ines] C:\Documents and Settings\ines\ines.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6235 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-21 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-07 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-07 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-11-03 4800512]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-05-06 198160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-07 148888]
"BigDogPath"=C:\WINDOWS\VM_STI.EXE [2004-06-09 40960]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-21 1948440]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Adobe Reader Speed Launcher"=D:\DRIVERS\Adobe Reader 9.1\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EPSON Stylus SX200 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE [2007-12-13 188928]
"SpybotSD TeaTimer"=D:\Fichiers reçus\Spybot - Search & Destroy\TeaTimer.exe []
"ines"=C:\Documents and Settings\ines\ines.exe [2009-07-26 77824]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Documents and Settings\ines\Menu Démarrer\Programmes\Démarrage
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-21 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a40dc314-3d47-11de-9909-000cf18e0c00}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL maiTreSeRVeR.EXE
======List of files/folders created in the last 2 months======
2009-08-04 12:51:05 ----D---- C:\rsit
2009-08-04 01:35:50 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2009-08-04 01:28:06 ----D---- C:\Program Files\Fichiers communs\Adobe Systems Shared
2009-08-04 01:20:14 ----D---- C:\Program Files\Adobe
2009-07-29 13:52:00 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-07-26 13:23:40 ----D---- C:\WINDOWS\Minidump
2009-07-23 16:35:50 ----D---- C:\Program Files\The Cleaner
2009-07-21 12:42:35 ----HD---- C:\$AVG8.VAULT$
2009-07-21 12:23:51 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-21 12:22:15 ----D---- C:\Program Files\AVG
2009-07-21 12:22:12 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-20 20:47:38 ----D---- C:\Program Files\Kaspersky Lab
2009-07-20 20:29:39 ----D---- C:\KAV
2009-07-18 15:17:18 ----A---- C:\WINDOWS\DEBUGSM.INI
2009-07-17 11:33:52 ----D---- C:\Documents and Settings\ines\Application Data\Uniblue
2009-07-15 20:14:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 20:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 20:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-07 22:14:02 ----HD---- C:\WINDOWS\msdownld.tmp
2009-07-07 22:13:18 ----D---- C:\WINDOWS\ie8updates
2009-07-07 22:10:45 ----D---- C:\WINDOWS\WBEM
2009-07-07 22:08:37 ----HDC---- C:\WINDOWS\ie8
2009-07-07 19:51:21 ----D---- C:\Documents and Settings\ines\Application Data\EPSON
2009-07-05 13:31:26 ----D---- C:\WINDOWS\Sun
2009-06-27 23:04:24 ----A---- C:\WINDOWS\ODBC.INI
2009-06-27 23:02:50 ----D---- C:\Program Files\Microsoft ActiveSync
2009-06-27 23:02:35 ----D---- C:\Program Files\Fichiers communs\Designer
2009-06-27 23:01:13 ----D---- C:\WINDOWS\ShellNew
2009-06-25 14:22:02 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-06-24 17:55:52 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-06-24 17:55:37 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-06-24 17:55:13 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-06-24 17:54:48 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-06-24 17:54:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-06-24 17:54:17 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-06-23 23:04:22 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-06-23 23:04:07 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-06-23 23:03:07 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-06-23 23:02:15 ----D---- C:\Program Files\Windows Media Connect 2
2009-06-23 23:01:36 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-06-23 22:55:42 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-06-23 22:53:48 ----D---- C:\WINDOWS\system32\LogFiles
2009-06-23 22:53:15 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-06-11 14:20:53 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 14:20:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-11 00:41:28 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 00:41:14 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-11 00:41:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 21:41:06 ----D---- C:\Program Files\Philips
2009-06-10 21:41:05 ----A---- C:\WINDOWS\VMCap.exe
2009-06-10 21:41:05 ----A---- C:\WINDOWS\VM_STI.EXE
2009-06-10 21:41:05 ----A---- C:\WINDOWS\amcap.exe
2009-06-10 21:41:04 ----D---- C:\WINDOWS\Options
2009-06-10 21:41:04 ----A---- C:\WINDOWS\system32\VM31bSTI.dll
2009-06-07 23:41:37 ----D---- C:\Documents and Settings\ines\Application Data\OpenOffice.org
2009-06-07 22:58:54 ----D---- C:\Program Files\JRE
2009-06-07 22:56:15 ----D---- C:\Program Files\OpenOffice.org 3
2009-06-07 22:54:57 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-07 22:54:57 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-07 22:54:57 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-06-07 22:54:56 ----A---- C:\WINDOWS\system32\java.exe
2009-06-07 22:54:15 ----D---- C:\Program Files\Java
2009-06-07 22:53:36 ----D---- C:\Documents and Settings\ines\Application Data\Sun
======List of files/folders modified in the last 2 months======
2009-08-04 12:50:58 ----D---- C:\WINDOWS\Prefetch
2009-08-04 12:45:09 ----D---- C:\Program Files\Mozilla Firefox
2009-08-04 12:41:18 ----D---- C:\WINDOWS\Temp
2009-08-04 01:55:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-04 01:40:43 ----SHD---- C:\WINDOWS\Installer
2009-08-04 01:40:23 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-04 01:40:13 ----D---- C:\WINDOWS\system32
2009-08-04 01:34:39 ----D---- C:\Documents and Settings\ines\Application Data\Adobe
2009-08-04 01:28:06 ----D---- C:\Program Files\Fichiers communs
2009-08-04 01:20:14 ----RD---- C:\Program Files
2009-08-01 14:00:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-26 16:39:39 ----SHD---- C:\RECYCLER
2009-07-26 16:18:41 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-26 16:17:17 ----D---- C:\Documents and Settings
2009-07-26 13:23:40 ----D---- C:\WINDOWS
2009-07-21 12:23:50 ----D---- C:\WINDOWS\system32\drivers
2009-07-21 12:21:56 ----D---- C:\WINDOWS\WinSxS
2009-07-21 12:07:08 ----HD---- C:\WINDOWS\inf
2009-07-20 19:59:35 ----D---- C:\Program Files\Microsoft Office
2009-07-20 19:59:35 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-07-16 19:01:10 ----A---- C:\WINDOWS\win.ini
2009-07-16 18:51:02 ----D---- C:\Documents and Settings\ines\Application Data\Skype
2009-07-15 20:14:06 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-15 20:14:04 ----A---- C:\WINDOWS\imsins.BAK
2009-07-15 20:13:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-14 18:13:26 ----D---- C:\Documents and Settings\ines\Application Data\skypePM
2009-07-08 11:05:01 ----D---- C:\WINDOWS\system32\fr-fr
2009-07-08 11:04:59 ----D---- C:\WINDOWS\Help
2009-07-08 11:04:59 ----D---- C:\Program Files\Internet Explorer
2009-07-07 22:10:50 ----D---- C:\WINDOWS\system32\config
2009-07-07 22:10:33 ----D---- C:\WINDOWS\Media
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-02 14:11:02 ----SD---- C:\Documents and Settings\ines\Application Data\Microsoft
2009-06-27 23:01:52 ----D---- C:\Program Files\Fichiers communs\System
2009-06-27 23:01:37 ----RSD---- C:\WINDOWS\Fonts
2009-06-27 23:01:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-27 22:58:52 ----D---- C:\WINDOWS\system
2009-06-24 17:54:45 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-24 16:14:41 ----D---- C:\Program Files\Windows Media Player
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-13 12:10:06 ----D---- C:\Program Files\Fichiers communs\logishrd
2009-06-13 12:10:05 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2009-06-10 21:49:10 ----D---- C:\WINDOWS\twain_32
2009-06-10 21:40:46 ----HD---- C:\Program Files\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-21 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-21 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-21 108552]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2008-07-26 41752]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-11-03 1330940]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 ZSMC301b;Philips SPC210NC Webcam; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2005-02-26 91527]
S3 camvid20;Philips ToUcam Camera; Video; C:\WINDOWS\system32\DRIVERS\camdrv21.sys [2001-08-17 223232]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-07-26 2570520]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2005-06-17 379456]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-21 298776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-07 152984]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-11-03 73728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-08-04 72704]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
-----------------EOF-----------------
Je rencontre un pbm dès le démarrage de mon pc. Lorsque je vais faire un visus dans la liste des tâches j'ai des process genre : ines.exe, fatiefe.exe, un peu trop de svshost.exe, qui s'ouvrent.... Qu'est-ce que s'est exactement svp? Des virus ou trojans? J'ai lu la réponse à un post où la personne avait le même pbm. J'ai suivi la démarche: hijack, rsit, récup des bloc et là je vous les joins. Comment faire pour que mon pc nettoie et ne rame plus? Merci de votre réponse.
------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by ines at 2009-08-04 12:51:05
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 23 GB (66%) free of 35 GB
Total RAM: 255 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:24, on 04/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE
C:\Documents and Settings\ines\ines.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Fichiers reçus\RSIT.exe
D:\Fichiers reçus\ines.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\DRIVERS\Adobe Reader 9.1\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\DOCUME~1\ines\LOCALS~1\Temp\E_SB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Fichiers reçus\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ines] C:\Documents and Settings\ines\ines.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6235 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-21 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-07 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-07 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-11-03 4800512]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-05-06 198160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-07 148888]
"BigDogPath"=C:\WINDOWS\VM_STI.EXE [2004-06-09 40960]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-21 1948440]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Adobe Reader Speed Launcher"=D:\DRIVERS\Adobe Reader 9.1\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EPSON Stylus SX200 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE [2007-12-13 188928]
"SpybotSD TeaTimer"=D:\Fichiers reçus\Spybot - Search & Destroy\TeaTimer.exe []
"ines"=C:\Documents and Settings\ines\ines.exe [2009-07-26 77824]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Documents and Settings\ines\Menu Démarrer\Programmes\Démarrage
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-21 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a40dc314-3d47-11de-9909-000cf18e0c00}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL maiTreSeRVeR.EXE
======List of files/folders created in the last 2 months======
2009-08-04 12:51:05 ----D---- C:\rsit
2009-08-04 01:35:50 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2009-08-04 01:28:06 ----D---- C:\Program Files\Fichiers communs\Adobe Systems Shared
2009-08-04 01:20:14 ----D---- C:\Program Files\Adobe
2009-07-29 13:52:00 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-07-26 13:23:40 ----D---- C:\WINDOWS\Minidump
2009-07-23 16:35:50 ----D---- C:\Program Files\The Cleaner
2009-07-21 12:42:35 ----HD---- C:\$AVG8.VAULT$
2009-07-21 12:23:51 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-21 12:22:15 ----D---- C:\Program Files\AVG
2009-07-21 12:22:12 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-20 20:47:38 ----D---- C:\Program Files\Kaspersky Lab
2009-07-20 20:29:39 ----D---- C:\KAV
2009-07-18 15:17:18 ----A---- C:\WINDOWS\DEBUGSM.INI
2009-07-17 11:33:52 ----D---- C:\Documents and Settings\ines\Application Data\Uniblue
2009-07-15 20:14:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 20:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 20:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-07 22:14:02 ----HD---- C:\WINDOWS\msdownld.tmp
2009-07-07 22:13:18 ----D---- C:\WINDOWS\ie8updates
2009-07-07 22:10:45 ----D---- C:\WINDOWS\WBEM
2009-07-07 22:08:37 ----HDC---- C:\WINDOWS\ie8
2009-07-07 19:51:21 ----D---- C:\Documents and Settings\ines\Application Data\EPSON
2009-07-05 13:31:26 ----D---- C:\WINDOWS\Sun
2009-06-27 23:04:24 ----A---- C:\WINDOWS\ODBC.INI
2009-06-27 23:02:50 ----D---- C:\Program Files\Microsoft ActiveSync
2009-06-27 23:02:35 ----D---- C:\Program Files\Fichiers communs\Designer
2009-06-27 23:01:13 ----D---- C:\WINDOWS\ShellNew
2009-06-25 14:22:02 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-06-24 17:55:52 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-06-24 17:55:37 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-06-24 17:55:13 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-06-24 17:54:48 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-06-24 17:54:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-06-24 17:54:17 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-06-23 23:04:22 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-06-23 23:04:07 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-06-23 23:03:07 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-06-23 23:02:15 ----D---- C:\Program Files\Windows Media Connect 2
2009-06-23 23:01:36 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-06-23 22:55:42 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-06-23 22:53:48 ----D---- C:\WINDOWS\system32\LogFiles
2009-06-23 22:53:15 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-06-11 14:20:53 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 14:20:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-11 00:41:28 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 00:41:14 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-11 00:41:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 21:41:06 ----D---- C:\Program Files\Philips
2009-06-10 21:41:05 ----A---- C:\WINDOWS\VMCap.exe
2009-06-10 21:41:05 ----A---- C:\WINDOWS\VM_STI.EXE
2009-06-10 21:41:05 ----A---- C:\WINDOWS\amcap.exe
2009-06-10 21:41:04 ----D---- C:\WINDOWS\Options
2009-06-10 21:41:04 ----A---- C:\WINDOWS\system32\VM31bSTI.dll
2009-06-07 23:41:37 ----D---- C:\Documents and Settings\ines\Application Data\OpenOffice.org
2009-06-07 22:58:54 ----D---- C:\Program Files\JRE
2009-06-07 22:56:15 ----D---- C:\Program Files\OpenOffice.org 3
2009-06-07 22:54:57 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-07 22:54:57 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-07 22:54:57 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-06-07 22:54:56 ----A---- C:\WINDOWS\system32\java.exe
2009-06-07 22:54:15 ----D---- C:\Program Files\Java
2009-06-07 22:53:36 ----D---- C:\Documents and Settings\ines\Application Data\Sun
======List of files/folders modified in the last 2 months======
2009-08-04 12:50:58 ----D---- C:\WINDOWS\Prefetch
2009-08-04 12:45:09 ----D---- C:\Program Files\Mozilla Firefox
2009-08-04 12:41:18 ----D---- C:\WINDOWS\Temp
2009-08-04 01:55:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-04 01:40:43 ----SHD---- C:\WINDOWS\Installer
2009-08-04 01:40:23 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-04 01:40:13 ----D---- C:\WINDOWS\system32
2009-08-04 01:34:39 ----D---- C:\Documents and Settings\ines\Application Data\Adobe
2009-08-04 01:28:06 ----D---- C:\Program Files\Fichiers communs
2009-08-04 01:20:14 ----RD---- C:\Program Files
2009-08-01 14:00:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-26 16:39:39 ----SHD---- C:\RECYCLER
2009-07-26 16:18:41 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-26 16:17:17 ----D---- C:\Documents and Settings
2009-07-26 13:23:40 ----D---- C:\WINDOWS
2009-07-21 12:23:50 ----D---- C:\WINDOWS\system32\drivers
2009-07-21 12:21:56 ----D---- C:\WINDOWS\WinSxS
2009-07-21 12:07:08 ----HD---- C:\WINDOWS\inf
2009-07-20 19:59:35 ----D---- C:\Program Files\Microsoft Office
2009-07-20 19:59:35 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-07-16 19:01:10 ----A---- C:\WINDOWS\win.ini
2009-07-16 18:51:02 ----D---- C:\Documents and Settings\ines\Application Data\Skype
2009-07-15 20:14:06 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-15 20:14:04 ----A---- C:\WINDOWS\imsins.BAK
2009-07-15 20:13:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-14 18:13:26 ----D---- C:\Documents and Settings\ines\Application Data\skypePM
2009-07-08 11:05:01 ----D---- C:\WINDOWS\system32\fr-fr
2009-07-08 11:04:59 ----D---- C:\WINDOWS\Help
2009-07-08 11:04:59 ----D---- C:\Program Files\Internet Explorer
2009-07-07 22:10:50 ----D---- C:\WINDOWS\system32\config
2009-07-07 22:10:33 ----D---- C:\WINDOWS\Media
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-02 14:11:02 ----SD---- C:\Documents and Settings\ines\Application Data\Microsoft
2009-06-27 23:01:52 ----D---- C:\Program Files\Fichiers communs\System
2009-06-27 23:01:37 ----RSD---- C:\WINDOWS\Fonts
2009-06-27 23:01:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-27 22:58:52 ----D---- C:\WINDOWS\system
2009-06-24 17:54:45 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-24 16:14:41 ----D---- C:\Program Files\Windows Media Player
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-13 12:10:06 ----D---- C:\Program Files\Fichiers communs\logishrd
2009-06-13 12:10:05 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2009-06-10 21:49:10 ----D---- C:\WINDOWS\twain_32
2009-06-10 21:40:46 ----HD---- C:\Program Files\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-21 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-21 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-21 108552]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2008-07-26 41752]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-11-03 1330940]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 ZSMC301b;Philips SPC210NC Webcam; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2005-02-26 91527]
S3 camvid20;Philips ToUcam Camera; Video; C:\WINDOWS\system32\DRIVERS\camdrv21.sys [2001-08-17 223232]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-07-26 2570520]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2005-06-17 379456]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-21 298776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-07 152984]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-11-03 73728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-08-04 72704]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
-----------------EOF-----------------
Configuration: Windows XP Firefox 3.0.12
A voir également:
- Pbm ines.exe, fatiefe.exe, svshost.exe...
- Pbm installation avec installshield wizard - Forum Logiciels
- Pbm pour ouvrir image bmp - Forum Graphisme
- Pbm de son nero wave editor ✓ - Forum Audio
- Premiere pro : pbm pilote audio - Forum carte son
- PBM scanner canoscan 646U sous vista - Forum scanner
1 réponse
Salut ,
Infecté effectivement :
• Télécharge et install UsbFix
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l'option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
Infecté effectivement :
• Télécharge et install UsbFix
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l'option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
Je t'ai répondu suite à ton mail me donnant la procédure à suivre pour détecter les trucs du ramage dans mon pc.
Y a "gen hackman" qui m'a demandé si s'était moi qui avait envoyé "♦G3и-н@¢км@и™©®♦ " juste après que je t'ai répondu, et je lui ai dit que NON... Bref, as-tu des news pour mon pbm stp ? Merci bien.
Je ne sais pas si tu es en vacances ou koi, mais je n'ai toujours pas eu de nouvelles pour mon pbm.
J'ai suivi ta procédure et t'ai envoyé les blocs. J'attens ta rép! Merci bien.