Sujet Précédent Sujet Suivant

Iexplore.exe ouvert 12x ==> mémoire saturée

Résolu/Fermé
maurice1212 Messages postés 7 Date d'inscription lundi 12 octobre 2009 Statut Membre Dernière intervention 13 octobre 2009 - 12 oct. 2009 à 07:43
maurice1212 Messages postés 7 Date d'inscription lundi 12 octobre 2009 Statut Membre Dernière intervention 13 octobre 2009 - 13 oct. 2009 à 00:30
Bonjour,

depuis qques jours, mon pc rame. Dans le gestionnaire de tâches, le processuss iexplore.exe est ouvert entre 2 et 12x. Mon antivirus m'a trouvé des merdes mais après désinfection le problème persiste évidemment. Voici mon rapport HijackThis, Si quelqù'u peut m'aider, Merci d'avance... Maurice

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:19:16, on 12/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Test 02\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\IOGEAR\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE
C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsus.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE
C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguidll.exe
C:\WINDOWS\system32\rundll32.exe
J:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://cnfx.wordpress.com/
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: freedomltd browser enhancer - {249D966F-6166-6DC9-4A35-552444185D1F} - C:\WINDOWS\system32\qsgvuzqndkbpgvuu.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: MessengerUpdate - {5948A52A-BA3A-49A8-BCAF-D578502BDA9D} - C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\MsgUpdate.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Trustidle32active] C:\Documents and Settings\All Users\Application Data\FlapFiveTrustIdle\Web hole.exe
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "J:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [hktufintzrorsbix] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\qsgvuzqndkbpgvuu.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [showmore] C:\DOCUME~1\ADMINI~1\APPLIC~1\ISOINT~1\Store coal.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [IgfxSys] rundll32.exe "C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\IgfxSys.dll",StartProtector
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\IOGEAR\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.0_03) -
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.1.0.56.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - J:\Program Files\Test 02\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\ORSP Client\fsorsp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
A voir également:

11 réponses

Réponse 1 / 11
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 572
12 oct. 2009 à 08:18
Salut,

Infection lop entre autre, mais avant :

Télécharge et installe ccleaner

- Durant l'installation, décoche la case proposant la barre d'outils yahoo et celle : " ajouter l'option des mises à jour"

- Une fois installé, fermes toutes les applications en cours et lance ccleaner

- clic -->>option -->> avancé et décoche " effacer les fichiers etc... plus vieux que 48h

- Sélectionne " nettoyeur " >> clic sur Analyse puis nettoyage, puis referme le programme...

---------------------------

Télécharge Combofix et enregistres le sur ton bureau

!\ Désactives la garde ton antivirus /!\


- Déconnecte toi et ferme toutes les applications en cours

- Double clic sur Combofix.exe >> un message apparait > réponds " oui "

- ( installer la console de récupérations)

- Sélectionnes la langue et presse la touche 1 ( yes) pour lancer le scan

/!\ Ne touche ni à la souris, ni au clavier durant le scan, cela pourrait figer l'ordi /!\

- A la fin du scan, Combofix aura besoin de redémarrer pour finir la désinfection, laisse le faire

- Une fois terminé, un rapport s'affiche, poste son contenu que tu peux aussi trouver à c:\combofix.txt

Tutoriel et guide officiel Combofix
1
maurice1212 Messages postés 7 Date d'inscription lundi 12 octobre 2009 Statut Membre Dernière intervention 13 octobre 2009
12 oct. 2009 à 20:56
Salut et merci de ta promptitude. Voici le log de combofix :

ComboFix 09-10-11.03 - Administrator 12/10/2009 20:22.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1033.18.2047.1435 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrator\My Documents\Temporaire\ComboFix.exe
AV: AntiVirus Firewall 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: AntiVirus Firewall 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\inst.exe
c:\documents and settings\Administrator\Application Data\Messenger\Drivers\IgfxSys.dll
c:\documents and settings\Administrator\Application Data\Messenger\Drivers\MsGUpdate.dll
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\lgymkoscyyhfme.exe
c:\windows\system32\qsgvuzqndkbpgvuu.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2009-09-12 au 2009-10-12 ))))))))))))))))))))))))))))))))))))
.

2009-10-10 08:14 . 2009-10-10 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2009-10-07 20:40 . 2009-10-07 20:40 -------- d-----w- c:\program files\MSECache
2009-10-05 21:29 . 2009-10-11 15:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Smart-Ads-Solutions
2009-10-05 21:29 . 2009-10-05 21:29 -------- d-----w- c:\program files\Smart-Ads-Solutions
2009-10-05 21:29 . 2009-10-05 21:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Messenger
2009-09-24 22:59 . 2009-09-24 22:59 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 17:39 . 2009-08-20 16:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2009-10-11 15:45 . 2007-01-24 13:19 -------- d-----w- c:\program files\WinAce
2009-10-11 15:41 . 2006-01-19 05:52 -------- d-----w- c:\program files\OpenOffice.org 2.0
2009-10-11 15:37 . 2006-01-31 06:04 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-11 15:36 . 2007-01-14 15:28 -------- d-----w- c:\program files\MediaMonkey
2009-10-11 15:33 . 2009-08-16 18:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Broad Intelligence
2009-10-11 15:31 . 2006-01-25 03:31 -------- d-----w- c:\program files\Java
2009-10-11 15:31 . 2006-01-12 02:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-11 15:28 . 2006-01-23 06:00 -------- d-----w- c:\program files\Canon
2009-10-11 15:23 . 2007-01-31 20:25 -------- d-----w- c:\program files\Microsoft.NET
2009-10-11 15:19 . 2007-01-31 20:28 -------- d-----w- c:\program files\Microsoft Small Business
2009-10-11 15:16 . 2008-09-17 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-10-11 15:16 . 2008-09-17 20:17 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-10-11 06:45 . 2007-02-12 22:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\iso intra burn
2009-10-11 06:40 . 2007-02-12 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\FlapFiveTrustIdle
2009-10-10 08:31 . 2006-02-14 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-10-10 08:08 . 2006-01-30 07:09 -------- d-----w- c:\program files\eMule
2009-10-05 21:32 . 2007-06-25 19:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\F-Secure
2009-09-11 17:08 . 2009-09-11 17:08 24744 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-09-09 22:52 . 2007-01-29 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-20 16:13 . 2009-08-20 16:12 -------- d-----w- c:\program files\Winamp Toolbar
2009-08-20 16:12 . 2009-08-20 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2009-08-16 18:09 . 2009-08-16 18:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenCandy
2009-08-16 17:49 . 2009-08-16 17:28 -------- d-----w- c:\program files\Gabest
2009-08-16 17:44 . 2009-06-11 18:11 -------- d-----w- c:\program files\QuickTime
2009-08-15 19:15 . 2009-08-15 19:15 -------- d-----w- c:\program files\TomTom HOME 2
2009-08-07 17:11 . 2006-01-25 03:18 102184 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2006-03-08 05:56 . 2006-03-08 05:56 113037 ----a-w- c:\program files\DicOOo-1.5.5.sxw
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2005-05-27 147456]
"F-Secure Manager"="c:\program files\Securitoo\Av_Fw\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\Securitoo\Av_Fw\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"WinampAgent"="j:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-06-15 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-04-26 14370816]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2008-1-3 1392640]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\E:\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [10/07/2009 22:43 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [27/01/2006 19:14 79872]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Securitoo\Av_Fw\HIPS\drivers\fshs.sys [10/07/2009 22:42 67808]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [24/04/2007 17:52 16688]
R2 BBDemon;Backbone Service;j:\program files\Test 02\intel_a\code\bin\CATSysDemon.exe [04/05/2007 15:24 36864]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 17:05 92008]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Securitoo\Av_Fw\Anti-Virus\minifilter\fsgk.sys [08/06/2007 21:38 100984]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Securitoo\Av_Fw\ORSP Client\fsorsp.exe [10/07/2009 22:42 55904]
S3 CrystalSysInfo;CrystalSysInfo;\??\j:\program files\MediaCoder\SysInfo.sys --> j:\program files\MediaCoder\SysInfo.sys [?]
S3 SCPSp50;SCPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\SCPSp50.sys [28/11/2006 21:46 27072]
S3 XE102Mp5;XE102Mp5 NDIS Protocol Driver;c:\windows\system32\drivers\XE102Mp5.sys [06/03/2008 22:20 21120]
S3 XE102Sp5;XE102Sp5 NDIS Protocol Driver;c:\windows\system32\drivers\XE102Sp5.sys [06/03/2008 22:20 18176]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Securitoo\Av_Fw\Anti-Virus\win2k\fsfilter.sys [27/01/2006 19:14 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Securitoo\Av_Fw\Anti-Virus\win2k\fsrec.sys [27/01/2006 19:14 25184]
.
Contenu du dossier 'Tâches planifiées'

2009-10-11 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\SECURI~1\Av_Fw\ANTI-V~1\fsav.exe [2006-01-27 13:57]

2009-10-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-08 20:18]
.
.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.forexstart.net/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Envoyer à &Bluetooth - c:\program files\IOGEAR\Logiciel Bluetooth\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Securitoo\Av_Fw\FSPS\program\FSLSP.DLL
DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\guhf47vn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?hl=fr
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\guhf47vn.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\guhf47vn.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - plugin: c:\progra~1\palmOne\PACKAG~1\NPInstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----

FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{249D966F-6166-6DC9-4A35-552444185D1F} - c:\windows\system32\qsgvuzqndkbpgvuu.dll
HKCU-Run-showmore - c:\docume~1\ADMINI~1\APPLIC~1\ISOINT~1\Store coal.exe
HKCU-Run-IgfxSys - c:\documents and settings\Administrator\Application Data\Messenger\Drivers\IgfxSys.dll
HKLM-Run-Trustidle32active - c:\documents and settings\All Users\Application Data\FlapFiveTrustIdle\Web hole.exe
HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
HKLM-Run-hktufintzrorsbix - c:\windows\system32\qsgvuzqndkbpgvuu.dll
AddRemove-EasyBurning - c:\program files\EasyBurning\Uninst Easy_Burning.exe
AddRemove-HijackThis - c:\documents and settings\Administrator\Desktop\HiJackThis\HijackThis.exe
AddRemove-lgymkoscyyhfme - c:\windows\system32\lgymkoscyyhfme.exe
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-RAW Importer - i:\progra~2\Actify\IMPORT~1\UNWISE.EXE
AddRemove-STL Importer - i:\progra~2\Actify\IMPORT~1\UNWISE.EXE
AddRemove-TDS Importer - i:\progra~2\Actify\IMPORT~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 20:33
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\program files\Securitoo\Av_Fw\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(928)
c:\program files\Securitoo\Av_Fw\FSPS\program\FSLSP.DLL
c:\program files\Securitoo\Av_Fw\FWES\Program\fsdc32.dll

- - - - - - - > 'explorer.exe'(1320)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSFR.DLL
c:\program files\Securitoo\Av_Fw\Spam Control\fsscoepl.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(848)
c:\program files\Securitoo\Av_Fw\FWES\Program\fsdc32.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\IOGEAR\Logiciel Bluetooth\bin\btwdins.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
c:\program files\Securitoo\Av_Fw\Common\FSMA32.EXE
c:\program files\Securitoo\Av_Fw\Anti-Virus\fsgk32.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Securitoo\Av_Fw\Common\FSMB32.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Securitoo\Av_Fw\Common\FCH32.EXE
c:\program files\Securitoo\Av_Fw\Anti-Virus\fsqh.exe
c:\program files\Securitoo\Av_Fw\Common\FAMEH32.EXE
c:\program files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe
c:\program files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe
c:\program files\Securitoo\Av_Fw\FWES\program\fsdfwd.exe
c:\program files\Securitoo\Av_Fw\FSAUA\program\fsus.exe
c:\progra~1\SECURI~1\Av_Fw\ANTI-V~1\fsav32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\SECURI~1\Av_Fw\FSGUI\fsguidll.exe
.
**************************************************************************
.
Heure de fin: 2009-10-12 20:36 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-12 18:35

Avant-CF: 17 562 533 888 bytes free
Après-CF: 17 425 666 048 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

236 --- E O F --- 2009-09-09 22:55
0
Réponse 2 / 11
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 572
12 oct. 2009 à 21:10
Supprime Combofix et C:\qoobox


Télécharge RSIT " Random's System Information Tool " sur ton bureau :

- Ferme toutes les applications en cours et double clic sur RSIT.exe
- Sélectionne " Continue " à l'écran >> RSIT va analyser le pc et vérifier si l'outil hijackthis ( version à jour) est présent sur le pc, si ce n'est pas le cas, RSIT le téléchargera >> acceptes la licence
- Une fois l'analyse terminée, 2 rapports.txt s'ouvrent :
--> log.txt à l'écran
--> info.txt dans la barre des tâches
- Postes le contenu des 2 rapports
0
Réponse 3 / 11
maurice1212 Messages postés 7 Date d'inscription lundi 12 octobre 2009 Statut Membre Dernière intervention 13 octobre 2009
12 oct. 2009 à 21:43
Log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-10-12 21:41:46
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 17 GB (21%) free of 78 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:41:58, on 12/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Test 02\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\IOGEAR\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe
C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsus.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguidll.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\My Documents\Temporaire\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://cnfx.wordpress.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "J:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\IOGEAR\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.0_03) -
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.1.0.56.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - J:\Program Files\Test 02\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\ORSP Client\fsorsp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 4 / 11
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 572
12 oct. 2009 à 22:30
- Télécharge Malwarebytes' Anti-Malware :
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

- Installe le > double-clic sur Mbam-setup.exe, à la fin de l'installation, il se mettra automatiquement à jour
- Une fois installé, fermes toutes les applications en cours et lances Malwarebytes
- Exécute un examen rapide du pc ( tu n'auras pas accés à internet pendant l'analyse)
- A la fin du scan clic sur " Afficher les résultats ", si Malwarebytes a trouvé des infections >> clic sur " Supprimer la sélection "
- Si il a besoin de redémarrer le pc pour finir la désinfection, acceptes
- Un rapport s'établira, postes son contenu.
----------------------------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
maurice1212 Messages postés 7 Date d'inscription lundi 12 octobre 2009 Statut Membre Dernière intervention 13 octobre 2009
12 oct. 2009 à 22:58
Le log de Malewarebytes :


Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2948
Windows 5.1.2600 Service Pack 3

12/10/2009 22:46:09
mbam-log-2009-10-12 (22-46-09).txt

Type de recherche: Examen rapide
Eléments examinés: 104586
Temps écoulé: 5 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{bbcc290a-5e32-4e54-80db-f0f3f3892444} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{d8c0508c-e235-4d9e-a27e-c8bb5f527dc9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MessengerUpdateProject.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\Aud32 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Messenger\Sys (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\conf.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\phuninst.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\pub.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\serial.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\Aud32\gani.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\Aud32\msgasst84.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\Aud32\msgutil84.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\Aud32\smartasf27.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Messenger\Sys\mu.dll (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 6 / 11
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 572
12 oct. 2009 à 23:11
Vide la quarantaine de Malwarebytes --> onglet " Quarantaine " supprime tout, puis redémarre le pc.


pour vérifier,


- Télécharge LopSD et enregistres le sur ton bureau:

- Désactives la garde de ton antivirus et antispyware

- Double clique sur l'icône de ton bureau pour lancer l'install

- Une fois installé, fermes toutes les applications en cours

- Double-clique sur lopsd.exe et choisis la langue puis valides par "Entrée "

- Au menu, choisis l'option1 et patientes jusqu'à la fin du scan

- Un rapport sera généré, postes son contenu

Note : le rapport est également à c:\lopR.txt
0
Réponse 7 / 11
maurice1212 Messages postés 7 Date d'inscription lundi 12 octobre 2009 Statut Membre Dernière intervention 13 octobre 2009
12 oct. 2009 à 23:35
Rapport LopSD :


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : BIOS Date: 06/14/05 16:54:30 Ver: 08.00.10
USER : Administrator ( Administrator )
BOOT : Normal boot
Antivirus : AntiVirus Firewall 8.01 8.01 (Not Activated)
Firewall : AntiVirus Firewall 8.01 8.01 (Activated)
C:\ (Local Disk) - NTFS - Total:76 Go (Free:16 Go)
D:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (Local Disk) - NTFS - Total:189 Go (Free:161 Go)
J:\ (Local Disk) - NTFS - Total:189 Go (Free:117 Go)
K:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 12/10/2009|23:30 )

--------------------\\ Listing des dossiers dans APPLIC~1

[14/06/2009|23:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[02/02/2006|08:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
[20/07/2008|12:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[10/02/2006|08:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Arcsoft
[20/09/2008|08:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Autodesk
[11/10/2009|17:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Broad Intelligence
[07/09/2008|10:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\cadenas
[29/04/2006|08:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\CD-LabelPrint
[21/12/2006|18:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Compta Flash
[08/01/2008|19:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\DassaultSystemes
[30/11/2007|20:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Delcam
[17/09/2008|21:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Download Manager
[14/12/2006|00:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\EBP
[11/01/2007|00:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\eFax Messenger
[05/10/2009|23:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\F-Secure
[14/09/2006|21:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[14/03/2007|21:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\HASCO
[25/01/2006|05:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[29/01/2006|05:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\HotSync
[12/01/2006|03:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[06/03/2008|22:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
[11/10/2009|08:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\iso intra burn
[28/01/2006|12:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\ispnews
[21/02/2006|20:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[12/10/2009|22:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[02/06/2008|21:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
[12/10/2009|22:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Messenger
[25/07/2009|09:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[30/06/2008|21:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[16/08/2009|20:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\OpenCandy
[22/03/2009|21:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\OpenOffice.org2
[28/01/2006|21:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\PEX
[31/12/2007|00:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\pshape7
[02/06/2008|21:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[27/01/2006|18:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\RibbonSoft
[23/02/2007|01:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\SchottSysteme
[30/11/2007|18:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\SF_Settings
[11/10/2009|17:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Smart-Ads-Solutions
[11/03/2009|21:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[31/01/2006|08:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
[31/01/2006|07:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\The Bat!
[31/01/2006|08:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Thunderbird
[18/07/2009|14:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\TomTom
[19/04/2006|22:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ulead Systems
[02/03/2006|08:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
[03/02/2009|22:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Vso
[28/01/2006|21:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Wannadoo
[11/10/2009|19:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Winamp

[14/02/2006|04:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\4D
[03/03/2007|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[11/06/2009|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[11/10/2009|17:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[23/08/2006|09:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[23/01/2006|08:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[09/01/2008|23:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAKO
[21/12/2007|02:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DassaultSystemes
[10/10/2009|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[11/10/2009|08:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FlapFiveTrustIdle
[10/07/2009|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\f-secure
[10/07/2009|22:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
[18/12/2008|01:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[29/01/2006|05:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotSync
[30/11/2006|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installation de eFax Messenger 4.0
[13/02/2006|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[12/10/2009|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[11/10/2009|17:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/09/2009|00:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[25/03/2006|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[17/01/2008|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[01/10/2007|22:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SchottSysteme
[27/03/2009|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Seagate
[10/09/2006|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SF_Settings
[10/10/2009|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
[12/01/2006|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[18/07/2009|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
[12/01/2006|23:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[20/08/2009|18:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
[16/07/2006|10:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[13/09/2008|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip

[12/01/2006|03:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[12/01/2006|03:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[12/10/2007|14:52] C:\DOCUME~1\MPO~1.CON\APPLIC~1\Adobe
[12/10/2007|14:53] C:\DOCUME~1\MPO~1.CON\APPLIC~1\HotSync
[12/10/2007|14:51] C:\DOCUME~1\MPO~1.CON\APPLIC~1\Identities
[12/10/2007|14:52] C:\DOCUME~1\MPO~1.CON\APPLIC~1\ispnews
[12/10/2007|14:49] C:\DOCUME~1\MPO~1.CON\APPLIC~1\Microsoft
[12/10/2007|15:06] C:\DOCUME~1\MPO~1.CON\APPLIC~1\Mozilla
[12/10/2007|14:52] C:\DOCUME~1\MPO~1.CON\APPLIC~1\Real
[12/10/2007|15:06] C:\DOCUME~1\MPO~1.CON\APPLIC~1\Talkback
[12/10/2007|15:06] C:\DOCUME~1\MPO~1.CON\APPLIC~1\Thunderbird

[31/01/2007|22:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[12/10/2009 23:27][--a------] C:\WINDOWS\tasks\WGASetup.job
[12/10/2009 00:00][--a------] C:\WINDOWS\tasks\Scheduled scanning task.job
[12/10/2009 23:26][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[19/01/2006|07:50] C:\Program Files\7-Zip
[10/09/2006|10:48] C:\Program Files\Actify
[03/03/2007|10:57] C:\Program Files\Adobe
[29/04/2006|13:28] C:\Program Files\Ahead
[12/03/2009|00:12] C:\Program Files\Boonty
[20/04/2009|21:07] C:\Program Files\CAMPUS
[11/10/2009|17:28] C:\Program Files\Canon
[12/10/2009|20:24] C:\Program Files\Common Files
[12/01/2006|03:16] C:\Program Files\ComPlus Applications
[31/12/2006|10:33] C:\Program Files\ComptaOne
[16/01/2007|21:17] C:\Program Files\dBpowerAMP
[20/04/2008|10:36] C:\Program Files\DIFX
[20/02/2006|23:46] C:\Program Files\DivX
[19/02/2006|12:08] C:\Program Files\DVD Shrink
[20/09/2008|09:08] C:\Program Files\DWG TrueView 2009
[05/01/2007|21:23] C:\Program Files\EasyBurning
[07/03/2007|23:23] C:\Program Files\EBP
[30/11/2006|23:21] C:\Program Files\eFax Messenger 4.0
[10/10/2009|10:08] C:\Program Files\eMule
[31/03/2009|23:20] C:\Program Files\FreePDF_XP
[16/08/2009|19:49] C:\Program Files\Gabest
[20/04/2006|22:29] C:\Program Files\GBSoft
[24/01/2006|09:14] C:\Program Files\GhostScript
[10/06/2009|00:10] C:\Program Files\Google
[25/07/2009|10:31] C:\Program Files\HASCO
[13/04/2009|22:36] C:\Program Files\ICEOWS
[11/10/2009|17:31] C:\Program Files\InstallShield Installation Information
[12/01/2006|04:20] C:\Program Files\Intel
[26/08/2008|23:06] C:\Program Files\Internet Explorer
[25/09/2006|21:43] C:\Program Files\IOGEAR
[03/02/2009|22:32] C:\Program Files\iWizz
[11/10/2009|17:31] C:\Program Files\Java
[12/01/2006|04:24] C:\Program Files\Marvell
[11/10/2009|17:36] C:\Program Files\MediaMonkey
[26/08/2008|23:11] C:\Program Files\Messenger
[26/07/2009|10:39] C:\Program Files\Meusburger Katalog
[12/01/2006|03:20] C:\Program Files\microsoft frontpage
[17/09/2008|22:26] C:\Program Files\Microsoft Office
[11/10/2009|17:19] C:\Program Files\Microsoft Small Business
[18/03/2009|01:05] C:\Program Files\Microsoft SQL Server
[11/01/2008|21:58] C:\Program Files\Microsoft Visual Studio
[11/01/2008|21:59] C:\Program Files\Microsoft Works
[17/09/2008|22:29] C:\Program Files\Microsoft WSE
[11/10/2009|17:23] C:\Program Files\Microsoft.NET
[21/06/2009|13:18] C:\Program Files\Mindscape
[26/08/2008|23:06] C:\Program Files\Movie Maker
[21/09/2007|09:54] C:\Program Files\MozBackup
[12/10/2009|22:57] C:\Program Files\Mozilla Firefox
[11/10/2009|17:37] C:\Program Files\Mozilla Thunderbird
[17/09/2008|22:23] C:\Program Files\MSBuild
[07/10/2009|22:40] C:\Program Files\MSECache
[05/09/2009|17:34] C:\Program Files\MSN
[12/01/2006|03:15] C:\Program Files\MSN Gaming Zone
[04/06/2006|20:34] C:\Program Files\MSN Messenger
[19/11/2006|23:53] C:\Program Files\MSXML 4.0
[28/03/2007|22:30] C:\Program Files\MSXML 6.0
[10/04/2008|00:04] C:\Program Files\NETGEAR WGX102 Configuration Utility
[13/04/2008|11:34] C:\Program Files\NETGEAR XE102 Powerline Encryption Utility
[26/08/2008|23:03] C:\Program Files\NetMeeting
[11/10/2009|20:17] C:\Program Files\Online Services
[11/10/2009|17:41] C:\Program Files\OpenOffice.org 2.0
[11/03/2009|21:29] C:\Program Files\OpenProj
[13/08/2009|15:29] C:\Program Files\Outlook Express
[29/07/2004|04:58] C:\Program Files\Palm_OS_54_Simulator
[19/02/2008|22:29] C:\Program Files\palmOne
[01/02/2006|06:59] C:\Program Files\Passware
[24/01/2006|04:26] C:\Program Files\Profile
[16/08/2009|19:44] C:\Program Files\QuickTime
[29/06/2006|23:08] C:\Program Files\Real
[13/01/2006|00:52] C:\Program Files\Realtek
[17/09/2008|22:20] C:\Program Files\Reference Assemblies
[24/08/2006|12:25] C:\Program Files\ReflexiveArcade
[28/08/2006|21:51] C:\Program Files\SchottSysteme
[27/03/2009|19:31] C:\Program Files\Seagate
[27/01/2006|19:10] C:\Program Files\Securitoo
[05/10/2009|23:29] C:\Program Files\Smart-Ads-Solutions
[12/01/2006|21:35] C:\Program Files\SmartSound Software
[15/04/2006|18:03] C:\Program Files\Sony Corporation
[15/08/2009|21:15] C:\Program Files\TomTom HOME 2
[18/07/2009|14:51] C:\Program Files\TomTom International B.V
[12/10/2009|21:41] C:\Program Files\trend micro
[23/08/2006|20:33] C:\Program Files\Trymedia
[12/01/2006|21:33] C:\Program Files\Ulead Systems
[17/09/2008|22:27] C:\Program Files\Uninstall Information
[02/03/2006|08:02] C:\Program Files\VideoLAN
[03/02/2009|22:29] C:\Program Files\VSO
[14/10/2006|12:02] C:\Program Files\Wanadoo
[16/01/2007|21:18] C:\Program Files\WComptys
[11/10/2009|17:45] C:\Program Files\WinAce
[20/08/2009|18:13] C:\Program Files\Winamp Toolbar
[12/01/2006|21:34] C:\Program Files\Windows Media Components
[25/02/2007|21:12] C:\Program Files\Windows Media Connect 2
[26/08/2008|23:03] C:\Program Files\Windows Media Player
[26/08/2008|23:03] C:\Program Files\Windows NT
[12/01/2006|03:19] C:\Program Files\WindowsUpdate
[23/03/2006|20:50] C:\Program Files\WinRAR
[12/01/2006|03:20] C:\Program Files\xerox
[11/01/2007|00:18] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[03/03/2007|11:03] C:\Program Files\Common Files\Adobe
[29/04/2006|13:28] C:\Program Files\Common Files\Ahead
[11/10/2009|17:16] C:\Program Files\Common Files\Autodesk Shared
[26/02/2006|21:54] C:\Program Files\Common Files\AVSMedia
[23/08/2006|09:54] C:\Program Files\Common Files\BOONTY Shared
[20/09/2008|09:06] C:\Program Files\Common Files\Delcam
[17/09/2008|22:26] C:\Program Files\Common Files\DESIGNER
[12/01/2006|21:33] C:\Program Files\Common Files\InstallShield
[29/04/2006|13:29] C:\Program Files\Common Files\LightScribe
[13/02/2006|04:42] C:\Program Files\Common Files\Macrovision Shared
[11/10/2009|17:23] C:\Program Files\Common Files\Microsoft Shared
[12/01/2006|03:17] C:\Program Files\Common Files\MSSoap
[15/04/2006|18:03] C:\Program Files\Common Files\muvee Technologies
[29/04/2006|13:29] C:\Program Files\Common Files\Nero
[24/05/2009|13:32] C:\Program Files\Common Files\Nosibay
[11/01/2006|19:06] C:\Program Files\Common Files\ODBC
[02/06/2008|21:13] C:\Program Files\Common Files\Real
[24/03/2006|04:39] C:\Program Files\Common Files\SchottSysteme
[12/01/2006|03:17] C:\Program Files\Common Files\Services
[11/01/2006|19:06] C:\Program Files\Common Files\SpeechEngines
[26/08/2008|23:03] C:\Program Files\Common Files\System
[12/01/2006|21:35] C:\Program Files\Common Files\Ulead Systems

--------------------\\ Process

( 46 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 23:31:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1\.jpi_cache\file\1.0\crack.au-27356da7-1f81e1f6.au
C:\DOCUME~1\ADMINI~1\.jpi_cache\file\1.0\crack.au-27356da7-1f81e1f6.idx
C:\DOCUME~1\ADMINI~1\My Documents\My Music\[Palm] RealDice.Multiplayer.Championship.Poker.Texas.Holdem.Edition.v1.1.PalmOS.Incl.Keygen-HERET.ZIP
C:\DOCUME~1\ADMINI~1\My Documents\My Music\Jarre\Jean Michel Jarre - Aero - 2004\DTS player & info\DTS Tools ( DVD Audio 5.1 AC To DTS )\DTS Tools ( DVD Audio 5.1 AC To DTS )\SurCode CD-pro DTS 1.0.9\Crack
C:\DOCUME~1\ADMINI~1\My Documents\My Music\Jarre\Jean Michel Jarre - Aero - 2004\DTS player & info\DTS Tools ( DVD Audio 5.1 AC To DTS )\DTS Tools ( DVD Audio 5.1 AC To DTS )\SurCode CD-pro DTS 1.0.9\Crack\freezy3k.nfo
C:\DOCUME~1\ADMINI~1\My Documents\My Music\Jarre\Jean Michel Jarre - Aero - 2004\DTS player & info\DTS Tools ( DVD Audio 5.1 AC To DTS )\DTS Tools ( DVD Audio 5.1 AC To DTS )\SurCode CD-pro DTS 1.0.9\Crack\sccdprodts.exe
C:\DOCUME~1\ADMINI~1\My Documents\Temporaire\Keygen


[F:1][D:2]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:3][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:79][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 12/10/2009|23:32 - Option : [1]

--------------------\\ Fin du rapport a 23:32:18
0
Réponse 8 / 11
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 572
12 oct. 2009 à 23:54
Ok, ça a l'air d'être propre, mis à part les cracks qui risquent de réinfecter le pc dés que tu les exécuteras...

fais un scan en ligne avec Bitdefender ( avec Internet explorer) :

https://www.bitdefender.com/toolbox/

Sous vista, tu dois faire un clic-droit sur le raccourci d'internet explorer et l'exécuter en tant qu'administrateur.

Sers-toi de ce tutoriel tout y est expliqué.

A la fin du scan, sauvegarde le rapport et poste le sur le forum stp
0
Réponse 9 / 11
maurice1212 Messages postés 7 Date d'inscription lundi 12 octobre 2009 Statut Membre Dernière intervention 13 octobre 2009
13 oct. 2009 à 00:00
Euh... je n'utilise que Firefox, je suppose que je peux me passer de Bitdefender ?
0
Réponse 10 / 11
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 572
13 oct. 2009 à 00:12
Ok, si tu penses que tout va bien,

télécharge Toolscleaner2 sur ton bureau
http://pc-system.fr/

- Clique sur " Recherche " et patientes
- Clique ensuite sur" supprimer " pour finaliser
- Supprimes Toolscleaner


Ouvre Ccleaner --> Clique sur " Registre " --> Chercher des erreurs --> réparer les erreurs --> recommence jusqu'à ce qu'il n'y ai plus d'erreurs , tu peux dire non à la sauvegarde.
Puis clique sur " Nettoyeur " --> analyse + nettoyage

Afin de vérifier si tes applications sont bien à jour dans un souci de sécurité ( faille de sécurité), je te conseille de faire un scan de vulnérabilté :

Scan de vulnérabilité secunia

https://www.malekal.com/tester-la-vulnerabilite-de-son-systeme-2/

Si tu estimes que tout est rentré dans l'ordre, tu peux mettre le topic en " Résolu "

@ + et bon surf
0
Réponse 11 / 11
maurice1212 Messages postés 7 Date d'inscription lundi 12 octobre 2009 Statut Membre Dernière intervention 13 octobre 2009
13 oct. 2009 à 00:30
Ça a l'air d'être OK, Merci beaucoup d'avoir pris de ton temps pour me tirer de ce mauvais pas. J'espère ne pas avoir affaire avec toi dans les prochains temps.... A (pas) bientôt.
0

Discussions similaires

Supprimer un fichier ouvert dans systeme.
kakashiles -
yly -

12 réponses
comment vider la mémoire tampon du PC?
AKADIRI -
perrido -

19 réponses
combien d'espace memoire occupe un entier ...
diddy_19 -
kamla -

7 réponses
Mémoire "validée" (ram)
dadodasyra -
Malekal_morte- -

8 réponses
Revoir un snap après plusieurs heures
Azerty61 -
Patate_masquer -

1 réponse