Iexplore.exe ouvert 12x ==> mémoire saturée

Résolu
maurice1212 Messages postés 7 Statut Membre -  
maurice1212 Messages postés 7 Statut Membre -
Bonjour,

depuis qques jours, mon pc rame. Dans le gestionnaire de tâches, le processuss iexplore.exe est ouvert entre 2 et 12x. Mon antivirus m'a trouvé des merdes mais après désinfection le problème persiste évidemment. Voici mon rapport HijackThis, Si quelqù'u peut m'aider, Merci d'avance... Maurice

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:19:16, on 12/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Test 02\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\IOGEAR\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE
C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsus.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE
C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguidll.exe
C:\WINDOWS\system32\rundll32.exe
J:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://cnfx.wordpress.com/
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: freedomltd browser enhancer - {249D966F-6166-6DC9-4A35-552444185D1F} - C:\WINDOWS\system32\qsgvuzqndkbpgvuu.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: MessengerUpdate - {5948A52A-BA3A-49A8-BCAF-D578502BDA9D} - C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\MsgUpdate.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Trustidle32active] C:\Documents and Settings\All Users\Application Data\FlapFiveTrustIdle\Web hole.exe
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "J:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [hktufintzrorsbix] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\qsgvuzqndkbpgvuu.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [showmore] C:\DOCUME~1\ADMINI~1\APPLIC~1\ISOINT~1\Store coal.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [IgfxSys] rundll32.exe "C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\IgfxSys.dll",StartProtector
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\IOGEAR\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.0_03) -
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.1.0.56.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - J:\Program Files\Test 02\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\ORSP Client\fsorsp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11370 bytes
Configuration: WIN XP  /  FIREFOX

11 réponses

  1. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Salut,

    Infection lop entre autre, mais avant :

    Télécharge et installe ccleaner

    - Durant l'installation, décoche la case proposant la barre d'outils yahoo et celle : " ajouter l'option des mises à jour"

    - Une fois installé, fermes toutes les applications en cours et lance ccleaner

    - clic -->>option -->> avancé et décoche " effacer les fichiers etc... plus vieux que 48h

    - Sélectionne " nettoyeur " >> clic sur Analyse puis nettoyage, puis referme le programme...

    ---------------------------

    Télécharge Combofix et enregistres le sur ton bureau

    !\ Désactives la garde ton antivirus /!\

    - Déconnecte toi et ferme toutes les applications en cours

    - Double clic sur Combofix.exe >> un message apparait > réponds " oui "

    - ( installer la console de récupérations)

    - Sélectionnes la langue et presse la touche 1 ( yes) pour lancer le scan

    /!\ Ne touche ni à la souris, ni au clavier durant le scan, cela pourrait figer l'ordi /!\

    - A la fin du scan, Combofix aura besoin de redémarrer pour finir la désinfection, laisse le faire

    - Une fois terminé, un rapport s'affiche, poste son contenu que tu peux aussi trouver à c:\combofix.txt

    Tutoriel et guide officiel Combofix
    1
    1. maurice1212 Messages postés 7 Statut Membre
       
      Salut et merci de ta promptitude. Voici le log de combofix :

      ComboFix 09-10-11.03 - Administrator 12/10/2009 20:22.1.2 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1033.18.2047.1435 [GMT 2:00]
      Lancé depuis: c:\documents and settings\Administrator\My Documents\Temporaire\ComboFix.exe
      AV: AntiVirus Firewall 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
      FW: AntiVirus Firewall 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\Administrator\Application Data\inst.exe
      c:\documents and settings\Administrator\Application Data\Messenger\Drivers\IgfxSys.dll
      c:\documents and settings\Administrator\Application Data\Messenger\Drivers\MsGUpdate.dll
      c:\windows\Downloaded Program Files\IDropPTB.dll
      c:\windows\Installer\WMEncoder.msi
      c:\windows\system32\lgymkoscyyhfme.exe
      c:\windows\system32\qsgvuzqndkbpgvuu.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_BOONTY_GAMES
      -------\Service_Boonty Games


      ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-12 au 2009-10-12 ))))))))))))))))))))))))))))))))))))
      .

      2009-10-10 08:14 . 2009-10-10 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
      2009-10-07 20:40 . 2009-10-07 20:40 -------- d-----w- c:\program files\MSECache
      2009-10-05 21:29 . 2009-10-11 15:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Smart-Ads-Solutions
      2009-10-05 21:29 . 2009-10-05 21:29 -------- d-----w- c:\program files\Smart-Ads-Solutions
      2009-10-05 21:29 . 2009-10-05 21:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Messenger
      2009-09-24 22:59 . 2009-09-24 22:59 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-10-11 17:39 . 2009-08-20 16:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
      2009-10-11 15:45 . 2007-01-24 13:19 -------- d-----w- c:\program files\WinAce
      2009-10-11 15:41 . 2006-01-19 05:52 -------- d-----w- c:\program files\OpenOffice.org 2.0
      2009-10-11 15:37 . 2006-01-31 06:04 -------- d-----w- c:\program files\Mozilla Thunderbird
      2009-10-11 15:36 . 2007-01-14 15:28 -------- d-----w- c:\program files\MediaMonkey
      2009-10-11 15:33 . 2009-08-16 18:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Broad Intelligence
      2009-10-11 15:31 . 2006-01-25 03:31 -------- d-----w- c:\program files\Java
      2009-10-11 15:31 . 2006-01-12 02:22 -------- d--h--w- c:\program files\InstallShield Installation Information
      2009-10-11 15:28 . 2006-01-23 06:00 -------- d-----w- c:\program files\Canon
      2009-10-11 15:23 . 2007-01-31 20:25 -------- d-----w- c:\program files\Microsoft.NET
      2009-10-11 15:19 . 2007-01-31 20:28 -------- d-----w- c:\program files\Microsoft Small Business
      2009-10-11 15:16 . 2008-09-17 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
      2009-10-11 15:16 . 2008-09-17 20:17 -------- d-----w- c:\program files\Common Files\Autodesk Shared
      2009-10-11 06:45 . 2007-02-12 22:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\iso intra burn
      2009-10-11 06:40 . 2007-02-12 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\FlapFiveTrustIdle
      2009-10-10 08:31 . 2006-02-14 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
      2009-10-10 08:08 . 2006-01-30 07:09 -------- d-----w- c:\program files\eMule
      2009-10-05 21:32 . 2007-06-25 19:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\F-Secure
      2009-09-11 17:08 . 2009-09-11 17:08 24744 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
      2009-09-09 22:52 . 2007-01-29 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
      2009-08-20 16:13 . 2009-08-20 16:12 -------- d-----w- c:\program files\Winamp Toolbar
      2009-08-20 16:12 . 2009-08-20 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar
      2009-08-16 18:09 . 2009-08-16 18:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenCandy
      2009-08-16 17:49 . 2009-08-16 17:28 -------- d-----w- c:\program files\Gabest
      2009-08-16 17:44 . 2009-06-11 18:11 -------- d-----w- c:\program files\QuickTime
      2009-08-15 19:15 . 2009-08-15 19:15 -------- d-----w- c:\program files\TomTom HOME 2
      2009-08-07 17:11 . 2006-01-25 03:18 102184 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
      2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
      2006-03-08 05:56 . 2006-03-08 05:56 113037 ----a-w- c:\program files\DicOOo-1.5.5.sxw
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
      "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
      "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
      "FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2005-05-27 147456]
      "F-Secure Manager"="c:\program files\Securitoo\Av_Fw\Common\FSM32.EXE" [2008-12-04 182936]
      "F-Secure TNB"="c:\program files\Securitoo\Av_Fw\FSGUI\TNBUtil.exe" [2008-12-04 957024]
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
      "WinampAgent"="j:\program files\Winamp\winampa.exe" [2009-07-01 37888]
      "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-06-15 1519616]
      "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-04-26 14370816]
      "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2008-1-3 1392640]
      Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk /p \??\E:\0autocheck autochk *

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
      "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
      "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

      R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [10/07/2009 22:43 33920]
      R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [27/01/2006 19:14 79872]
      R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Securitoo\Av_Fw\HIPS\drivers\fshs.sys [10/07/2009 22:42 67808]
      R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [24/04/2007 17:52 16688]
      R2 BBDemon;Backbone Service;j:\program files\Test 02\intel_a\code\bin\CATSysDemon.exe [04/05/2007 15:24 36864]
      R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 17:05 92008]
      R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Securitoo\Av_Fw\Anti-Virus\minifilter\fsgk.sys [08/06/2007 21:38 100984]
      R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Securitoo\Av_Fw\ORSP Client\fsorsp.exe [10/07/2009 22:42 55904]
      S3 CrystalSysInfo;CrystalSysInfo;\??\j:\program files\MediaCoder\SysInfo.sys --> j:\program files\MediaCoder\SysInfo.sys [?]
      S3 SCPSp50;SCPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\SCPSp50.sys [28/11/2006 21:46 27072]
      S3 XE102Mp5;XE102Mp5 NDIS Protocol Driver;c:\windows\system32\drivers\XE102Mp5.sys [06/03/2008 22:20 21120]
      S3 XE102Sp5;XE102Sp5 NDIS Protocol Driver;c:\windows\system32\drivers\XE102Sp5.sys [06/03/2008 22:20 18176]
      S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Securitoo\Av_Fw\Anti-Virus\win2k\fsfilter.sys [27/01/2006 19:14 39776]
      S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Securitoo\Av_Fw\Anti-Virus\win2k\fsrec.sys [27/01/2006 19:14 25184]
      .
      Contenu du dossier 'Tâches planifiées'

      2009-10-11 c:\windows\Tasks\Scheduled scanning task.job
      - c:\progra~1\SECURI~1\Av_Fw\ANTI-V~1\fsav.exe [2006-01-27 13:57]

      2009-10-12 c:\windows\Tasks\WGASetup.job
      - c:\windows\system32\KB905474\wgasetup.exe [2009-04-08 20:18]
      .
      .
      ------- Examen supplémentaire -------
      .
      uSearch Page = hxxp://www.google.com
      uStart Page = hxxp://www.forexstart.net/
      uSearch Bar = hxxp://www.google.com/ie
      mDefault_Search_URL = hxxp://www.google.com/ie
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      mSearchAssistant = hxxp://www.google.com/ie
      IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
      IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
      IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
      IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
      IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
      IE: Envoyer à &Bluetooth - c:\program files\IOGEAR\Logiciel Bluetooth\btsendto_ie_ctx.htm
      IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      LSP: c:\program files\Securitoo\Av_Fw\FSPS\program\FSLSP.DLL
      DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
      FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\guhf47vn.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
      FF - prefs.js: browser.search.selectedEngine - Ask
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?hl=fr
      FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
      FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\guhf47vn.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
      FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\guhf47vn.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
      FF - plugin: c:\progra~1\palmOne\PACKAG~1\NPInstal.dll
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

      ---- PARAMETRES FIREFOX ----

      FF - user.js: browser.sessionstore.resume_from_crash - false
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      BHO-{249D966F-6166-6DC9-4A35-552444185D1F} - c:\windows\system32\qsgvuzqndkbpgvuu.dll
      HKCU-Run-showmore - c:\docume~1\ADMINI~1\APPLIC~1\ISOINT~1\Store coal.exe
      HKCU-Run-IgfxSys - c:\documents and settings\Administrator\Application Data\Messenger\Drivers\IgfxSys.dll
      HKLM-Run-Trustidle32active - c:\documents and settings\All Users\Application Data\FlapFiveTrustIdle\Web hole.exe
      HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
      HKLM-Run-hktufintzrorsbix - c:\windows\system32\qsgvuzqndkbpgvuu.dll
      AddRemove-EasyBurning - c:\program files\EasyBurning\Uninst Easy_Burning.exe
      AddRemove-HijackThis - c:\documents and settings\Administrator\Desktop\HiJackThis\HijackThis.exe
      AddRemove-lgymkoscyyhfme - c:\windows\system32\lgymkoscyyhfme.exe
      AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
      AddRemove-RAW Importer - i:\progra~2\Actify\IMPORT~1\UNWISE.EXE
      AddRemove-STL Importer - i:\progra~2\Actify\IMPORT~1\UNWISE.EXE
      AddRemove-TDS Importer - i:\progra~2\Actify\IMPORT~1\UNWISE.EXE



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-10-12 20:33
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(872)
      c:\program files\Securitoo\Av_Fw\FWES\Program\fsdc32.dll

      - - - - - - - > 'lsass.exe'(928)
      c:\program files\Securitoo\Av_Fw\FSPS\program\FSLSP.DLL
      c:\program files\Securitoo\Av_Fw\FWES\Program\fsdc32.dll

      - - - - - - - > 'explorer.exe'(1320)
      c:\windows\system32\nview.dll
      c:\windows\system32\NVWRSFR.DLL
      c:\program files\Securitoo\Av_Fw\Spam Control\fsscoepl.dll
      c:\windows\system32\nvwddi.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\btncopy.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll

      - - - - - - - > 'csrss.exe'(848)
      c:\program files\Securitoo\Av_Fw\FWES\Program\fsdc32.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\program files\IOGEAR\Logiciel Bluetooth\bin\btwdins.exe
      c:\windows\system32\drivers\CDAC11BA.EXE
      c:\program files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
      c:\program files\Securitoo\Av_Fw\Common\FSMA32.EXE
      c:\program files\Securitoo\Av_Fw\Anti-Virus\fsgk32.exe
      c:\program files\Common Files\LightScribe\LSSrvc.exe
      c:\program files\Securitoo\Av_Fw\Common\FSMB32.EXE
      c:\windows\system32\nvsvc32.exe
      c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      c:\program files\Securitoo\Av_Fw\Common\FCH32.EXE
      c:\program files\Securitoo\Av_Fw\Anti-Virus\fsqh.exe
      c:\program files\Securitoo\Av_Fw\Common\FAMEH32.EXE
      c:\program files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe
      c:\program files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe
      c:\program files\Securitoo\Av_Fw\FWES\program\fsdfwd.exe
      c:\program files\Securitoo\Av_Fw\FSAUA\program\fsus.exe
      c:\progra~1\SECURI~1\Av_Fw\ANTI-V~1\fsav32.exe
      c:\windows\system32\wscntfy.exe
      c:\windows\system32\rundll32.exe
      c:\windows\system32\rundll32.exe
      c:\windows\system32\rundll32.exe
      c:\progra~1\SECURI~1\Av_Fw\FSGUI\fsguidll.exe
      .
      **************************************************************************
      .
      Heure de fin: 2009-10-12 20:36 - La machine a redémarré
      ComboFix-quarantined-files.txt 2009-10-12 18:35

      Avant-CF: 17 562 533 888 bytes free
      Après-CF: 17 425 666 048 octets libres

      WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

      236 --- E O F --- 2009-09-09 22:55
      0
  2. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Supprime Combofix et C:\qoobox

    Télécharge RSIT " Random's System Information Tool " sur ton bureau :

    - Ferme toutes les applications en cours et double clic sur RSIT.exe
    - Sélectionne " Continue " à l'écran >> RSIT va analyser le pc et vérifier si l'outil hijackthis ( version à jour) est présent sur le pc, si ce n'est pas le cas, RSIT le téléchargera >> acceptes la licence
    - Une fois l'analyse terminée, 2 rapports.txt s'ouvrent :
    --> log.txt à l'écran
    --> info.txt dans la barre des tâches
    - Postes le contenu des 2 rapports
    0
  3. maurice1212 Messages postés 7 Statut Membre
     
    Log.txt :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrator at 2009-10-12 21:41:46
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 17 GB (21%) free of 78 GB
    Total RAM: 2047 MB (77% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:41:58, on 12/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    J:\Program Files\Test 02\intel_a\code\bin\CATSysDemon.exe
    C:\Program Files\IOGEAR\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe
    C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe
    C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
    C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsus.exe
    C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\FreePDF_XP\fpassist.exe
    C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguidll.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrator\My Documents\Temporaire\RSIT.exe
    C:\Program Files\trend micro\Administrator.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://cnfx.wordpress.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] "J:\Program Files\Winamp\winampa.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\IOGEAR\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.0_03) -
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.1.0.56.cab
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - J:\Program Files\Test 02\intel_a\code\bin\CATSysDemon.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\ORSP Client\fsorsp.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    0
  4. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    - Télécharge Malwarebytes' Anti-Malware :
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    - Installe le > double-clic sur Mbam-setup.exe, à la fin de l'installation, il se mettra automatiquement à jour
    - Une fois installé, fermes toutes les applications en cours et lances Malwarebytes
    - Exécute un examen rapide du pc ( tu n'auras pas accés à internet pendant l'analyse)
    - A la fin du scan clic sur " Afficher les résultats ", si Malwarebytes a trouvé des infections >> clic sur " Supprimer la sélection "
    - Si il a besoin de redémarrer le pc pour finir la désinfection, acceptes
    - Un rapport s'établira, postes son contenu.
    ----------------------------------
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. maurice1212 Messages postés 7 Statut Membre
     
    Le log de Malewarebytes :

    Malwarebytes' Anti-Malware 1.41
    Version de la base de données: 2948
    Windows 5.1.2600 Service Pack 3

    12/10/2009 22:46:09
    mbam-log-2009-10-12 (22-46-09).txt

    Type de recherche: Examen rapide
    Eléments examinés: 104586
    Temps écoulé: 5 minute(s), 7 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 9

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{bbcc290a-5e32-4e54-80db-f0f3f3892444} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{d8c0508c-e235-4d9e-a27e-c8bb5f527dc9} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\MessengerUpdateProject.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\Aud32 (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\Messenger\Sys (Trojan.Agent) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\conf.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\phuninst.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\pub.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\serial.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\Aud32\gani.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\Aud32\msgasst84.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\Aud32\msgutil84.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\Messenger\Drivers\Aud32\smartasf27.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\Messenger\Sys\mu.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    0
  7. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Vide la quarantaine de Malwarebytes --> onglet " Quarantaine " supprime tout, puis redémarre le pc.

    pour vérifier,

    - Télécharge LopSD et enregistres le sur ton bureau:

    - Désactives la garde de ton antivirus et antispyware

    - Double clique sur l'icône de ton bureau pour lancer l'install

    - Une fois installé, fermes toutes les applications en cours

    - Double-clique sur lopsd.exe et choisis la langue puis valides par "Entrée "

    - Au menu, choisis l'option1 et patientes jusqu'à la fin du scan

    - Un rapport sera généré, postes son contenu

    Note : le rapport est également à c:\lopR.txt
    0
  8. maurice1212 Messages postés 7 Statut Membre
     
    Rapport LopSD :

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
    BIOS : BIOS Date: 06/14/05 16:54:30 Ver: 08.00.10
    USER : Administrator ( Administrator )
    BOOT : Normal boot
    Antivirus : AntiVirus Firewall 8.01 8.01 (Not Activated)
    Firewall : AntiVirus Firewall 8.01 8.01 (Activated)
    C:\ (Local Disk) - NTFS - Total:76 Go (Free:16 Go)
    D:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (Local Disk) - NTFS - Total:189 Go (Free:161 Go)
    J:\ (Local Disk) - NTFS - Total:189 Go (Free:117 Go)
    K:\ (USB)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( 12/10/2009|23:30 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [14/06/2009|23:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
    [02/02/2006|08:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
    [20/07/2008|12:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
    [10/02/2006|08:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Arcsoft
    [20/09/2008|08:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Autodesk
    [11/10/2009|17:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Broad Intelligence
    [07/09/2008|10:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\cadenas
    [29/04/2006|08:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\CD-LabelPrint
    [21/12/2006|18:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Compta Flash
    [08/01/2008|19:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\DassaultSystemes
    [30/11/2007|20:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Delcam
    [17/09/2008|21:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Download Manager
    [14/12/2006|00:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\EBP
    [11/01/2007|00:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\eFax Messenger
    [05/10/2009|23:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\F-Secure
    [14/09/2006|21:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
    [14/03/2007|21:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\HASCO
    [25/01/2006|05:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
    [29/01/2006|05:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\HotSync
    [12/01/2006|03:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [06/03/2008|22:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
    [11/10/2009|08:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\iso intra burn
    [28/01/2006|12:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\ispnews
    [21/02/2006|20:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [12/10/2009|22:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
    [02/06/2008|21:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
    [12/10/2009|22:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Messenger
    [25/07/2009|09:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [30/06/2008|21:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
    [16/08/2009|20:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\OpenCandy
    [22/03/2009|21:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\OpenOffice.org2
    [28/01/2006|21:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\PEX
    [31/12/2007|00:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\pshape7
    [02/06/2008|21:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
    [27/01/2006|18:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\RibbonSoft
    [23/02/2007|01:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\SchottSysteme
    [30/11/2007|18:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\SF_Settings
    [11/10/2009|17:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Smart-Ads-Solutions
    [11/03/2009|21:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
    [31/01/2006|08:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
    [31/01/2006|07:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\The Bat!
    [31/01/2006|08:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Thunderbird
    [18/07/2009|14:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\TomTom
    [19/04/2006|22:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ulead Systems
    [02/03/2006|08:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
    [03/02/2009|22:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Vso
    [28/01/2006|21:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Wannadoo
    [11/10/2009|19:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Winamp

    [14/02/2006|04:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\4D
    [03/03/2007|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [11/06/2009|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [11/10/2009|17:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
    [23/08/2006|09:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
    [23/01/2006|08:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
    [09/01/2008|23:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAKO
    [21/12/2007|02:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DassaultSystemes
    [10/10/2009|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [11/10/2009|08:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FlapFiveTrustIdle
    [10/07/2009|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\f-secure
    [10/07/2009|22:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
    [18/12/2008|01:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [29/01/2006|05:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotSync
    [30/11/2006|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installation de eFax Messenger 4.0
    [13/02/2006|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
    [12/10/2009|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [11/10/2009|17:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [10/09/2009|00:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [25/03/2006|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [17/01/2008|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
    [01/10/2007|22:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SchottSysteme
    [27/03/2009|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Seagate
    [10/09/2006|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SF_Settings
    [10/10/2009|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
    [12/01/2006|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
    [18/07/2009|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
    [12/01/2006|23:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
    [20/08/2009|18:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
    [16/07/2006|10:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [13/09/2008|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip

    [12/01/2006|03:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [12/01/2006|03:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [12/10/2007|14:52] C:\DOCUME~1\MPO~1.CON\APPLIC~1\Adobe
    [12/10/2007|14:53] C:\DOCUME~1\MPO~1.CON\APPLIC~1\HotSync
    [12/10/2007|14:51] C:\DOCUME~1\MPO~1.CON\APPLIC~1\Identities
    [12/10/2007|14:52] C:\DOCUME~1\MPO~1.CON\APPLIC~1\ispnews
    [12/10/2007|14:49] C:\DOCUME~1\MPO~1.CON\APPLIC~1\Microsoft
    [12/10/2007|15:06] C:\DOCUME~1\MPO~1.CON\APPLIC~1\Mozilla
    [12/10/2007|14:52] C:\DOCUME~1\MPO~1.CON\APPLIC~1\Real
    [12/10/2007|15:06] C:\DOCUME~1\MPO~1.CON\APPLIC~1\Talkback
    [12/10/2007|15:06] C:\DOCUME~1\MPO~1.CON\APPLIC~1\Thunderbird

    [31/01/2007|22:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [12/10/2009 23:27][--a------] C:\WINDOWS\tasks\WGASetup.job
    [12/10/2009 00:00][--a------] C:\WINDOWS\tasks\Scheduled scanning task.job
    [12/10/2009 23:26][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [04/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [19/01/2006|07:50] C:\Program Files\7-Zip
    [10/09/2006|10:48] C:\Program Files\Actify
    [03/03/2007|10:57] C:\Program Files\Adobe
    [29/04/2006|13:28] C:\Program Files\Ahead
    [12/03/2009|00:12] C:\Program Files\Boonty
    [20/04/2009|21:07] C:\Program Files\CAMPUS
    [11/10/2009|17:28] C:\Program Files\Canon
    [12/10/2009|20:24] C:\Program Files\Common Files
    [12/01/2006|03:16] C:\Program Files\ComPlus Applications
    [31/12/2006|10:33] C:\Program Files\ComptaOne
    [16/01/2007|21:17] C:\Program Files\dBpowerAMP
    [20/04/2008|10:36] C:\Program Files\DIFX
    [20/02/2006|23:46] C:\Program Files\DivX
    [19/02/2006|12:08] C:\Program Files\DVD Shrink
    [20/09/2008|09:08] C:\Program Files\DWG TrueView 2009
    [05/01/2007|21:23] C:\Program Files\EasyBurning
    [07/03/2007|23:23] C:\Program Files\EBP
    [30/11/2006|23:21] C:\Program Files\eFax Messenger 4.0
    [10/10/2009|10:08] C:\Program Files\eMule
    [31/03/2009|23:20] C:\Program Files\FreePDF_XP
    [16/08/2009|19:49] C:\Program Files\Gabest
    [20/04/2006|22:29] C:\Program Files\GBSoft
    [24/01/2006|09:14] C:\Program Files\GhostScript
    [10/06/2009|00:10] C:\Program Files\Google
    [25/07/2009|10:31] C:\Program Files\HASCO
    [13/04/2009|22:36] C:\Program Files\ICEOWS
    [11/10/2009|17:31] C:\Program Files\InstallShield Installation Information
    [12/01/2006|04:20] C:\Program Files\Intel
    [26/08/2008|23:06] C:\Program Files\Internet Explorer
    [25/09/2006|21:43] C:\Program Files\IOGEAR
    [03/02/2009|22:32] C:\Program Files\iWizz
    [11/10/2009|17:31] C:\Program Files\Java
    [12/01/2006|04:24] C:\Program Files\Marvell
    [11/10/2009|17:36] C:\Program Files\MediaMonkey
    [26/08/2008|23:11] C:\Program Files\Messenger
    [26/07/2009|10:39] C:\Program Files\Meusburger Katalog
    [12/01/2006|03:20] C:\Program Files\microsoft frontpage
    [17/09/2008|22:26] C:\Program Files\Microsoft Office
    [11/10/2009|17:19] C:\Program Files\Microsoft Small Business
    [18/03/2009|01:05] C:\Program Files\Microsoft SQL Server
    [11/01/2008|21:58] C:\Program Files\Microsoft Visual Studio
    [11/01/2008|21:59] C:\Program Files\Microsoft Works
    [17/09/2008|22:29] C:\Program Files\Microsoft WSE
    [11/10/2009|17:23] C:\Program Files\Microsoft.NET
    [21/06/2009|13:18] C:\Program Files\Mindscape
    [26/08/2008|23:06] C:\Program Files\Movie Maker
    [21/09/2007|09:54] C:\Program Files\MozBackup
    [12/10/2009|22:57] C:\Program Files\Mozilla Firefox
    [11/10/2009|17:37] C:\Program Files\Mozilla Thunderbird
    [17/09/2008|22:23] C:\Program Files\MSBuild
    [07/10/2009|22:40] C:\Program Files\MSECache
    [05/09/2009|17:34] C:\Program Files\MSN
    [12/01/2006|03:15] C:\Program Files\MSN Gaming Zone
    [04/06/2006|20:34] C:\Program Files\MSN Messenger
    [19/11/2006|23:53] C:\Program Files\MSXML 4.0
    [28/03/2007|22:30] C:\Program Files\MSXML 6.0
    [10/04/2008|00:04] C:\Program Files\NETGEAR WGX102 Configuration Utility
    [13/04/2008|11:34] C:\Program Files\NETGEAR XE102 Powerline Encryption Utility
    [26/08/2008|23:03] C:\Program Files\NetMeeting
    [11/10/2009|20:17] C:\Program Files\Online Services
    [11/10/2009|17:41] C:\Program Files\OpenOffice.org 2.0
    [11/03/2009|21:29] C:\Program Files\OpenProj
    [13/08/2009|15:29] C:\Program Files\Outlook Express
    [29/07/2004|04:58] C:\Program Files\Palm_OS_54_Simulator
    [19/02/2008|22:29] C:\Program Files\palmOne
    [01/02/2006|06:59] C:\Program Files\Passware
    [24/01/2006|04:26] C:\Program Files\Profile
    [16/08/2009|19:44] C:\Program Files\QuickTime
    [29/06/2006|23:08] C:\Program Files\Real
    [13/01/2006|00:52] C:\Program Files\Realtek
    [17/09/2008|22:20] C:\Program Files\Reference Assemblies
    [24/08/2006|12:25] C:\Program Files\ReflexiveArcade
    [28/08/2006|21:51] C:\Program Files\SchottSysteme
    [27/03/2009|19:31] C:\Program Files\Seagate
    [27/01/2006|19:10] C:\Program Files\Securitoo
    [05/10/2009|23:29] C:\Program Files\Smart-Ads-Solutions
    [12/01/2006|21:35] C:\Program Files\SmartSound Software
    [15/04/2006|18:03] C:\Program Files\Sony Corporation
    [15/08/2009|21:15] C:\Program Files\TomTom HOME 2
    [18/07/2009|14:51] C:\Program Files\TomTom International B.V
    [12/10/2009|21:41] C:\Program Files\trend micro
    [23/08/2006|20:33] C:\Program Files\Trymedia
    [12/01/2006|21:33] C:\Program Files\Ulead Systems
    [17/09/2008|22:27] C:\Program Files\Uninstall Information
    [02/03/2006|08:02] C:\Program Files\VideoLAN
    [03/02/2009|22:29] C:\Program Files\VSO
    [14/10/2006|12:02] C:\Program Files\Wanadoo
    [16/01/2007|21:18] C:\Program Files\WComptys
    [11/10/2009|17:45] C:\Program Files\WinAce
    [20/08/2009|18:13] C:\Program Files\Winamp Toolbar
    [12/01/2006|21:34] C:\Program Files\Windows Media Components
    [25/02/2007|21:12] C:\Program Files\Windows Media Connect 2
    [26/08/2008|23:03] C:\Program Files\Windows Media Player
    [26/08/2008|23:03] C:\Program Files\Windows NT
    [12/01/2006|03:19] C:\Program Files\WindowsUpdate
    [23/03/2006|20:50] C:\Program Files\WinRAR
    [12/01/2006|03:20] C:\Program Files\xerox
    [11/01/2007|00:18] C:\Program Files\Yahoo!

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [03/03/2007|11:03] C:\Program Files\Common Files\Adobe
    [29/04/2006|13:28] C:\Program Files\Common Files\Ahead
    [11/10/2009|17:16] C:\Program Files\Common Files\Autodesk Shared
    [26/02/2006|21:54] C:\Program Files\Common Files\AVSMedia
    [23/08/2006|09:54] C:\Program Files\Common Files\BOONTY Shared
    [20/09/2008|09:06] C:\Program Files\Common Files\Delcam
    [17/09/2008|22:26] C:\Program Files\Common Files\DESIGNER
    [12/01/2006|21:33] C:\Program Files\Common Files\InstallShield
    [29/04/2006|13:29] C:\Program Files\Common Files\LightScribe
    [13/02/2006|04:42] C:\Program Files\Common Files\Macrovision Shared
    [11/10/2009|17:23] C:\Program Files\Common Files\Microsoft Shared
    [12/01/2006|03:17] C:\Program Files\Common Files\MSSoap
    [15/04/2006|18:03] C:\Program Files\Common Files\muvee Technologies
    [29/04/2006|13:29] C:\Program Files\Common Files\Nero
    [24/05/2009|13:32] C:\Program Files\Common Files\Nosibay
    [11/01/2006|19:06] C:\Program Files\Common Files\ODBC
    [02/06/2008|21:13] C:\Program Files\Common Files\Real
    [24/03/2006|04:39] C:\Program Files\Common Files\SchottSysteme
    [12/01/2006|03:17] C:\Program Files\Common Files\Services
    [11/01/2006|19:06] C:\Program Files\Common Files\SpeechEngines
    [26/08/2008|23:03] C:\Program Files\Common Files\System
    [12/01/2006|21:35] C:\Program Files\Common Files\Ulead Systems

    --------------------\\ Process

    ( 46 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-10-12 23:31:20
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\ADMINI~1\.jpi_cache\file\1.0\crack.au-27356da7-1f81e1f6.au
    C:\DOCUME~1\ADMINI~1\.jpi_cache\file\1.0\crack.au-27356da7-1f81e1f6.idx
    C:\DOCUME~1\ADMINI~1\My Documents\My Music\[Palm] RealDice.Multiplayer.Championship.Poker.Texas.Holdem.Edition.v1.1.PalmOS.Incl.Keygen-HERET.ZIP
    C:\DOCUME~1\ADMINI~1\My Documents\My Music\Jarre\Jean Michel Jarre - Aero - 2004\DTS player & info\DTS Tools ( DVD Audio 5.1 AC To DTS )\DTS Tools ( DVD Audio 5.1 AC To DTS )\SurCode CD-pro DTS 1.0.9\Crack
    C:\DOCUME~1\ADMINI~1\My Documents\My Music\Jarre\Jean Michel Jarre - Aero - 2004\DTS player & info\DTS Tools ( DVD Audio 5.1 AC To DTS )\DTS Tools ( DVD Audio 5.1 AC To DTS )\SurCode CD-pro DTS 1.0.9\Crack\freezy3k.nfo
    C:\DOCUME~1\ADMINI~1\My Documents\My Music\Jarre\Jean Michel Jarre - Aero - 2004\DTS player & info\DTS Tools ( DVD Audio 5.1 AC To DTS )\DTS Tools ( DVD Audio 5.1 AC To DTS )\SurCode CD-pro DTS 1.0.9\Crack\sccdprodts.exe
    C:\DOCUME~1\ADMINI~1\My Documents\Temporaire\Keygen

    [F:1][D:2]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    [F:3][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
    [F:79][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 12/10/2009|23:32 - Option : [1]

    --------------------\\ Fin du rapport a 23:32:18
    0
  9. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Ok, ça a l'air d'être propre, mis à part les cracks qui risquent de réinfecter le pc dés que tu les exécuteras...

    fais un scan en ligne avec Bitdefender ( avec Internet explorer) :

    https://www.bitdefender.com/toolbox/

    Sous vista, tu dois faire un clic-droit sur le raccourci d'internet explorer et l'exécuter en tant qu'administrateur.

    Sers-toi de ce tutoriel tout y est expliqué.

    A la fin du scan, sauvegarde le rapport et poste le sur le forum stp
    0
  10. maurice1212 Messages postés 7 Statut Membre
     
    Euh... je n'utilise que Firefox, je suppose que je peux me passer de Bitdefender ?
    0
  11. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Ok, si tu penses que tout va bien,

    télécharge Toolscleaner2 sur ton bureau
    http://pc-system.fr/

    - Clique sur " Recherche " et patientes
    - Clique ensuite sur" supprimer " pour finaliser
    - Supprimes Toolscleaner

    Ouvre Ccleaner --> Clique sur " Registre " --> Chercher des erreurs --> réparer les erreurs --> recommence jusqu'à ce qu'il n'y ai plus d'erreurs , tu peux dire non à la sauvegarde.
    Puis clique sur " Nettoyeur " --> analyse + nettoyage

    Afin de vérifier si tes applications sont bien à jour dans un souci de sécurité ( faille de sécurité), je te conseille de faire un scan de vulnérabilté :

    Scan de vulnérabilité secunia

    https://www.malekal.com/tester-la-vulnerabilite-de-son-systeme-2/

    Si tu estimes que tout est rentré dans l'ordre, tu peux mettre le topic en " Résolu "

    @ + et bon surf
    0
  12. maurice1212 Messages postés 7 Statut Membre
     
    Ça a l'air d'être OK, Merci beaucoup d'avoir pris de ton temps pour me tirer de ce mauvais pas. J'espère ne pas avoir affaire avec toi dans les prochains temps.... A (pas) bientôt.
    0