Page internet " about blank"

Résolu/Fermé
cachou52fr - 12 oct. 2009 à 14:38
 Dan185 - 7 avril 2013 à 04:53
Bonjour,

A l'ouverture d'internet explorer, une autre page publicitaire s'ouvre par dessus ma page orange avec une petite fenêtre au démarrage (About Blank) Comment faire pour empêcher cette publicité forcée. J’ai passé mon anti virus Avira AntiVir à jour, mon anti spyware Spybot et Malwarebyte et rien ne vire ce virus ou expions. Comment faire si vous avez une solution, merci d'avance
A voir également:

29 réponses

eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
12 oct. 2009 à 14:46
Bonjour,

télécharge GenProc http://www.genproc.com/GenProc.exe

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
2
cachou52fr Messages postés 22 Date d'inscription samedi 22 décembre 2007 Statut Membre Dernière intervention 20 juin 2013 3
12 oct. 2009 à 14:52
ok merci a tout de suite avec le rapport, et merci d'avance
1
cachou52fr Messages postés 22 Date d'inscription samedi 22 décembre 2007 Statut Membre Dernière intervention 20 juin 2013 3
12 oct. 2009 à 14:54
Rapport GenProc 2.637 [1] - 12/10/2009 à 14:50:56
@ Windows 7 - Mode normal
@ Internet Explorer (8.0.7100.0) [Navigateur par défaut]

~~ CM DISK ERROR ~~

# Etape 1/ Télécharge :

- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- Lop S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 (Eric 71 & Angeldark) sur ton Bureau.

- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3 (Team IDN) sur ton Bureau.

- ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.


Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Robert *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).


# Etape 2/

Lance Toolbar-S&D situé sur le Bureau. Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

# Etape 3/

Double-clique sur Lop S&D pour lancer l'installation, séléctionne la langue souhaitée, puis choisis l'Option 2 - Suppression - et patiente jusqu'à ce qu'il ait terminé.

# Etape 4/

Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.

# Etape 5/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 6/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport TB.txt situé dans C:\ ;
- Le contenu du rapport lopR.txt situé dans C:\ ;
- Le contenu du rapport Combofix.txt situé dans C:\ ;
- Un nouveau rapport HijackThis https://forums.cnetfrance.fr/tutoriels-securite-informatique/1549-hijackthis-comment-l-utiliser ;
- Un nouveau rapport GenProc ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

~~ Arguments de la procédure ~~


# Détections [1] GenProc 2.637 12/10/2009 à 14:51:12
Lop:le 12/10/2009 à 14:51:43 "C:\Program Files\Multi_Media_France"
Toolbar:le 12/10/2009 à 14:51:44 "C:\Program Files\Multi_Media_France"
TDSS:le 12/10/2009 à 14:51:51 "C:\Windows\System32\ovfst*.???"

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

~~ Fin à 14:53:11 ~~
1
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
12 oct. 2009 à 15:00
Suis la procédure, je reviens en fin d'après midi pour controler tout ça
0
fin de procédure mais a l'ouverture de l'explorer, le probleme est toujours présent
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
12 oct. 2009 à 17:20
# Etape 6/
0
rapport

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows 7 Édition Intégrale ( v6.1.7100 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz )
BIOS : Default System BIOS
USER : Robert ( Administrator )
BOOT : Fail-safe boot
C:\ (Local Disk) - NTFS - Total:60 Go (Free:18 Go)
D:\ (Local Disk) - NTFS - Total:164 Go (Free:62 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 12/10/2009|18:00 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[17/07/2009|13:32] C:\Users\Robert\AppData\Local\ABBYY
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\ACD Systems
[17/07/2009|13:32] C:\Users\Robert\AppData\Local\Adobe
[17/07/2009|13:32] C:\Users\Robert\AppData\Local\Ahead
[17/07/2009|13:32] C:\Users\Robert\AppData\Local\Apple
[17/07/2009|13:32] C:\Users\Robert\AppData\Local\Apple Computer
[17/07/2009|13:03] C:\Users\Robert\AppData\Local\Application Data
[22/08/2009|21:51] C:\Users\Robert\AppData\Local\ApplicationHistory
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\Apps
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\ASUS
[17/07/2009|13:32] C:\Users\Robert\AppData\Local\ATI
[11/10/2009|13:54] C:\Users\Robert\AppData\Local\Corel
[29/07/2009|18:40] C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[28/08/2009|14:07] C:\Users\Robert\AppData\Local\Diagnostics
[11/10/2009|14:03] C:\Users\Robert\AppData\Local\Downloaded Installations
[23/08/2009|21:20] C:\Users\Robert\AppData\Local\ElevatedDiagnostics
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\eMule
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\Frameworkx
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\Frameworkx.com
[22/08/2009|21:50] C:\Users\Robert\AppData\Local\fusioncache.dat
[17/07/2009|13:32] C:\Users\Robert\AppData\Local\G DATA
[25/08/2009|11:16] C:\Users\Robert\AppData\Local\GDIPFONTCACHEV1.DAT
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\Google
[17/07/2009|13:03] C:\Users\Robert\AppData\Local\Historique
[12/10/2009|17:54] C:\Users\Robert\AppData\Local\IconCache.db
[07/08/2009|08:08] C:\Users\Robert\AppData\Local\IsolatedStorage
[17/07/2009|13:32] C:\Users\Robert\AppData\Local\JollyBear
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\Macromedia
[10/10/2009|17:16] C:\Users\Robert\AppData\Local\Microsoft
[17/07/2009|13:34] C:\Users\Robert\AppData\Local\Microsoft Corporation
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\Microsoft Games
[22/05/2008|22:22] C:\Users\Robert\AppData\Local\Microsoft Help
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\Mozilla
[17/07/2009|13:34] C:\Users\Robert\AppData\Local\Nero
[17/07/2009|13:34] C:\Users\Robert\AppData\Local\O&O
[17/07/2009|13:34] C:\Users\Robert\AppData\Local\Oberon Games
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\Opera
[23/05/2008|09:38] C:\Users\Robert\AppData\Local\Panda Software
[17/07/2009|13:34] C:\Users\Robert\AppData\Local\Qurb4
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\ROUTE 66 Sync 9
[17/07/2009|13:34] C:\Users\Robert\AppData\Local\SpookyManor
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\SYSTRAN
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\TechSmith
[12/10/2009|18:00] C:\Users\Robert\AppData\Local\Temp
[17/07/2009|13:03] C:\Users\Robert\AppData\Local\Temporary Internet Files
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\Thunderbird
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\TomTom
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\TwinglyScreensaver
[10/10/2009|16:07] C:\Users\Robert\AppData\Local\VirtualStore
[17/07/2009|13:34] C:\Users\Robert\AppData\Local\WinAVI
[17/07/2009|13:34] C:\Users\Robert\AppData\Local\Windows Live Writer
[17/07/2009|13:34] C:\Users\Robert\AppData\Local\Xara
[17/07/2009|13:34] C:\Users\Robert\AppData\Local\Yahoo

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[11/10/2009 22:27][--a------] C:\Windows\tasks\Ad-Aware Update (Daily).job
[05/07/2009 22:54][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[12/10/2009 17:31][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[06/05/2009 11:34][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3314911836-3212641011-1656975525-1000.job
[12/10/2009 17:31][--ah-----] C:\Windows\tasks\SA.DAT
[22/04/2009 10:27][--a------] C:\Windows\tasks\SCHEDLGU.TXT
[12/10/2009 17:33][--a------] C:\Windows\tasks\Google Software Updater.job
[27/04/2009 21:18][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{751E10C5-FC60-416B-9048-DF3209294C73}.job

--------------------\\ Listing des dossiers dans C:\ProgramData

[10/10/2009|16:07] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[17/07/2009|13:14] C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
[17/07/2009|13:13] C:\ProgramData\4D
[17/07/2009|13:13] C:\ProgramData\ACD Systems
[10/10/2009|16:07] C:\ProgramData\Acronis
[10/10/2009|16:07] C:\ProgramData\Activ Software
[17/07/2009|13:13] C:\ProgramData\Adobe
[17/07/2009|13:13] C:\ProgramData\AppData
[10/10/2009|16:07] C:\ProgramData\Apple
[22/04/2009|10:27] C:\ProgramData\Application Data
[17/07/2009|13:13] C:\ProgramData\Arcade Lab
[10/10/2009|16:07] C:\ProgramData\ASUS
[17/07/2009|13:13] C:\ProgramData\ATI
[10/10/2009|17:16] C:\ProgramData\avg9
[10/10/2009|17:31] C:\ProgramData\Avira
[17/07/2009|13:13] C:\ProgramData\Backup
[03/03/2009|20:55] C:\ProgramData\BSD
[17/07/2009|13:13] C:\ProgramData\BSD Concept
[17/07/2009|14:34] C:\ProgramData\Bureau
[17/07/2009|13:13] C:\ProgramData\Ciel
[10/10/2009|16:07] C:\ProgramData\Corel
[22/04/2009|10:27] C:\ProgramData\Desktop
[22/04/2009|10:27] C:\ProgramData\Documents
[10/10/2009|16:07] C:\ProgramData\eMule
[17/07/2009|14:34] C:\ProgramData\Favoris
[22/04/2009|10:27] C:\ProgramData\Favorites
[17/07/2009|13:13] C:\ProgramData\FLEXnet
[21/08/2009|09:30] C:\ProgramData\GoldWave
[10/10/2009|16:07] C:\ProgramData\Google
[12/10/2009|14:22] C:\ProgramData\Google Updater
[22/07/2009|14:44] C:\ProgramData\Iconix
[10/10/2009|16:07] C:\ProgramData\InstallShield
[10/10/2009|16:07] C:\ProgramData\Intel
[10/10/2009|16:07] C:\ProgramData\JollyBear
[11/10/2009|19:37] C:\ProgramData\Lavasoft
[10/10/2009|16:07] C:\ProgramData\Logishrd
[17/07/2009|13:13] C:\ProgramData\Logitech
[17/07/2009|13:13] C:\ProgramData\ma-config.com
[17/07/2009|13:13] C:\ProgramData\Macrovision
[10/10/2009|16:07] C:\ProgramData\Malwarebytes
[17/07/2009|14:34] C:\ProgramData\Menu D‚marrer
[10/10/2009|16:07] C:\ProgramData\Microsoft
[17/07/2009|13:13] C:\ProgramData\Microsoft Corporation
[11/10/2009|00:18] C:\ProgramData\Microsoft Help
[17/07/2009|14:34] C:\ProgramData\ModŠles
[17/07/2009|13:13] C:\ProgramData\MysteryChronicles
[10/10/2009|16:07] C:\ProgramData\Nero
[17/07/2009|13:14] C:\ProgramData\P4G
[10/10/2009|16:07] C:\ProgramData\PC Drivers HeadQuarters
[17/07/2009|13:14] C:\ProgramData\PC SOFT
[17/07/2009|13:14] C:\ProgramData\PlatriumSA
[17/07/2009|13:14] C:\ProgramData\PopCap Games
[17/07/2009|13:14] C:\ProgramData\Sandlot Games
[10/10/2009|16:07] C:\ProgramData\ScanSoft
[10/10/2009|16:07] C:\ProgramData\Seagate
[17/07/2009|13:14] C:\ProgramData\sentinel
[10/10/2009|16:07] C:\ProgramData\SlySoft
[12/10/2009|11:46] C:\ProgramData\Spybot - Search & Destroy
[22/04/2009|10:27] C:\ProgramData\Start Menu
[21/08/2009|20:33] C:\ProgramData\Stylus Studio
[10/10/2009|23:35] C:\ProgramData\SUPERAntiSpyware.com
[10/10/2009|16:07] C:\ProgramData\TechSmith
[12/10/2009|09:45] C:\ProgramData\TEMP
[22/04/2009|10:27] C:\ProgramData\Templates
[17/07/2009|13:14] C:\ProgramData\WindowsSearch
[10/10/2009|16:07] C:\ProgramData\Yahoo!
[10/10/2009|16:07] C:\ProgramData\Zylom

--------------------\\ Listing des dossiers dans C:\Program Files

[17/07/2009|13:05] C:\Program Files\3D Starstrike
[17/07/2009|13:05] C:\Program Files\3ivx
[17/07/2009|13:05] C:\Program Files\About Font
[17/07/2009|13:05] C:\Program Files\ACD Systems
[17/07/2009|13:05] C:\Program Files\Acronis
[17/07/2009|13:05] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[17/07/2009|13:05] C:\Program Files\Adobe
[17/07/2009|13:05] C:\Program Files\AnvSoft Photo Flash Maker Professional
[17/07/2009|13:05] C:\Program Files\Apple Software Update
[17/07/2009|13:05] C:\Program Files\ASUS
[17/07/2009|13:05] C:\Program Files\ATI
[17/07/2009|13:05] C:\Program Files\ATI Technologies
[17/07/2009|13:06] C:\Program Files\ATK Hotkey
[17/07/2009|13:06] C:\Program Files\ATKGFNEX
[17/07/2009|13:06] C:\Program Files\ATKOSD2
[17/07/2009|13:06] C:\Program Files\Bricks Of Atlantis
[17/07/2009|13:06] C:\Program Files\Bricks Of Camelot
[17/07/2009|13:06] C:\Program Files\BSD Concept
[17/07/2009|13:06] C:\Program Files\Cisco
[17/07/2009|13:06] C:\Program Files\Cluedo
[11/10/2009|19:28] C:\Program Files\Common Files
[17/07/2009|13:08] C:\Program Files\Conduit
[17/07/2009|13:08] C:\Program Files\DIFX
[17/07/2009|13:08] C:\Program Files\DivX
[22/04/2009|12:12] C:\Program Files\DVD Maker
[03/08/2009|14:36] C:\Program Files\Google
[10/10/2009|15:28] C:\Program Files\Grisoft
[17/07/2009|13:09] C:\Program Files\Iconix
[25/08/2009|11:02] C:\Program Files\InstallShield Installation Information
[17/07/2009|13:09] C:\Program Files\Intel
[10/10/2009|16:08] C:\Program Files\Internet Explorer
[17/07/2009|13:09] C:\Program Files\iPod
[11/10/2009|09:44] C:\Program Files\IsoBuster
[31/08/2009|20:54] C:\Program Files\Java
[17/07/2009|13:10] C:\Program Files\K-Lite Codec Pack
[24/07/2009|15:49] C:\Program Files\LameACM
[11/10/2009|22:26] C:\Program Files\Lavasoft
[17/07/2009|13:10] C:\Program Files\LG Electronics
[17/07/2009|13:10] C:\Program Files\Logitech
[17/07/2009|13:10] C:\Program Files\Marvell
[10/10/2009|16:08] C:\Program Files\mes donn‚es
[17/07/2009|13:10] C:\Program Files\Microsoft
[17/07/2009|13:10] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[17/07/2009|13:10] C:\Program Files\Microsoft Games
[10/10/2009|16:08] C:\Program Files\Microsoft IntelliPoint
[17/07/2009|13:10] C:\Program Files\Microsoft Money 2005
[17/07/2009|13:11] C:\Program Files\Microsoft Office
[10/10/2009|17:18] C:\Program Files\Microsoft Silverlight
[17/07/2009|13:11] C:\Program Files\Microsoft SQL Server Compact Edition
[17/07/2009|13:11] C:\Program Files\Microsoft Sync Framework
[17/07/2009|13:11] C:\Program Files\Microsoft Visual Studio
[17/07/2009|13:11] C:\Program Files\Microsoft Visual Studio 8
[17/07/2009|13:11] C:\Program Files\Microsoft Works
[17/07/2009|13:11] C:\Program Files\Microsoft.NET
[17/07/2009|13:00] C:\Program Files\Motorola
[17/07/2009|13:11] C:\Program Files\Mozilla Firefox
[17/07/2009|13:11] C:\Program Files\MSBuild
[17/07/2009|13:11] C:\Program Files\MSN Money Investment Toolbox
[17/07/2009|13:11] C:\Program Files\Nero
[17/07/2009|13:11] C:\Program Files\On2 Technologies
[17/07/2009|13:11] C:\Program Files\Opera
[17/07/2009|13:11] C:\Program Files\P4G
[11/10/2009|09:44] C:\Program Files\pdfforge Toolbar
[10/10/2009|16:08] C:\Program Files\Pense-bete
[17/07/2009|13:11] C:\Program Files\Primelabs
[17/07/2009|13:11] C:\Program Files\QuickTime
[17/07/2009|13:11] C:\Program Files\Real
[17/07/2009|13:11] C:\Program Files\Realtek
[22/04/2009|10:55] C:\Program Files\Reference Assemblies
[17/07/2009|13:11] C:\Program Files\Smart Projects
[17/07/2009|13:11] C:\Program Files\SWiSH Jukebox
[17/07/2009|13:11] C:\Program Files\SWiSH Max2
[17/07/2009|13:11] C:\Program Files\swishmax2
[17/07/2009|13:00] C:\Program Files\Synaptics
[17/07/2009|13:11] C:\Program Files\SystemRequirementsLab
[17/07/2009|13:11] C:\Program Files\Tablet
[17/07/2009|13:11] C:\Program Files\TomTom International B.V
[12/10/2009|09:51] C:\Program Files\TuneUp Utilities 2009
[07/08/2009|08:08] C:\Program Files\Virtual Earth 3D
[17/07/2009|13:12] C:\Program Files\VSO
[17/07/2009|13:12] C:\Program Files\Windows Collaboration
[22/04/2009|12:01] C:\Program Files\Windows Defender
[22/04/2009|12:12] C:\Program Files\Windows Journal
[10/10/2009|19:17] C:\Program Files\Windows Live
[17/07/2009|13:12] C:\Program Files\Windows Live Safety Center
[17/07/2009|13:12] C:\Program Files\Windows Live SkyDrive
[22/04/2009|12:01] C:\Program Files\Windows Mail
[22/04/2009|12:01] C:\Program Files\Windows Media Player
[17/07/2009|14:34] C:\Program Files\Windows NT
[22/04/2009|12:01] C:\Program Files\Windows Photo Viewer
[10/10/2009|16:08] C:\Program Files\Windows Sidebar
[17/07/2009|13:12] C:\Program Files\WinRAR
[17/07/2009|13:12] C:\Program Files\Wireless Console 2
[17/07/2009|13:12] C:\Program Files\XviD
[17/07/2009|13:12] C:\Program Files\Yahoo!
[17/07/2009|13:12] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[17/07/2009|13:06] C:\Program Files\Common Files\ACD Systems
[10/10/2009|18:58] C:\Program Files\Common Files\Acronis
[17/07/2009|13:07] C:\Program Files\Common Files\Adobe
[17/07/2009|13:07] C:\Program Files\Common Files\Adobe AIR
[17/07/2009|13:07] C:\Program Files\Common Files\Apple
[17/07/2009|13:08] C:\Program Files\Common Files\Borland Shared
[17/07/2009|13:08] C:\Program Files\Common Files\Corel
[17/07/2009|13:08] C:\Program Files\Common Files\DESIGNER
[17/07/2009|13:08] C:\Program Files\Common Files\DivX Shared
[10/10/2009|23:01] C:\Program Files\Common Files\Iconix
[17/07/2009|13:08] C:\Program Files\Common Files\iGrafx
[17/07/2009|13:08] C:\Program Files\Common Files\InstallShield
[17/07/2009|13:08] C:\Program Files\Common Files\Java
[17/07/2009|13:08] C:\Program Files\Common Files\L&H
[17/07/2009|13:08] C:\Program Files\Common Files\LogiShrd
[17/07/2009|13:08] C:\Program Files\Common Files\Macromedia
[17/07/2009|13:08] C:\Program Files\Common Files\Macromedia Shared
[17/07/2009|13:08] C:\Program Files\Common Files\Macrovision Shared
[03/08/2009|12:06] C:\Program Files\Common Files\microsoft shared
[17/07/2009|13:08] C:\Program Files\Common Files\MimarSinan
[17/07/2009|13:08] C:\Program Files\Common Files\Nero
[23/05/2008|09:41] C:\Program Files\Common Files\Panda Software
[17/07/2009|13:08] C:\Program Files\Common Files\PX Storage Engine
[17/07/2009|13:08] C:\Program Files\Common Files\Real
[17/07/2009|13:08] C:\Program Files\Common Files\Scansoft Shared
[22/04/2009|08:17] C:\Program Files\Common Files\Services
[17/07/2009|13:08] C:\Program Files\Common Files\SourceTec
[22/04/2009|08:17] C:\Program Files\Common Files\SpeechEngines
[17/07/2009|13:08] C:\Program Files\Common Files\SureThing Shared
[17/07/2009|13:08] C:\Program Files\Common Files\SWiSHzone.com
[17/07/2009|13:08] C:\Program Files\Common Files\Symantec Shared
[22/04/2009|12:01] C:\Program Files\Common Files\System
[17/07/2009|13:08] C:\Program Files\Common Files\Windows Live
[17/07/2009|13:08] C:\Program Files\Common Files\WindowsLiveInstaller
[12/10/2009|09:41] C:\Program Files\Common Files\Wise Installation Wizard
[17/07/2009|13:08] C:\Program Files\Common Files\Xara
[17/07/2009|13:08] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 8 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 18:00:27
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:1][D:1]-> C:\Users\Robert\AppData\Local\Temp
[F:3][D:1]-> C:\Users\Robert\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2][D:0]-> C:\Users\Robert\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:8][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 12/10/2009|15:30 - Option : [2]
2 - "C:\Lop SD\LopR_2.txt" - 12/10/2009|17:29 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 12/10/2009|18:01 - Option : [2]

--------------------\\ Fin du rapport a 18:01:17
[ UAC => 1 ]
0
Je n'ai pas le rapport TB.txt et ni le rapport Combofix.txt . avec combofix j' eu un message d'erreur " windows ne trouve pas NircmdB.exe . vérifiez que vous avez entré le nom correct, puis réessayez
0
je n'ai pas le rapport TB.txt et ni le rapport Combofix.txt . avec combofix j' eu un message d'erreur " windows ne trouve pas NircmdB.exe . vérifiez que vous avez entré le nom correct, puis réessayez
0
nouveau rapport HijackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:14, on 12/10/2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\UTIL\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\oodtray.exe
C:\UTIL\Antivirus\Avira\AntiVir Desktop\avgnt.exe
D:\Logiciels Divers\Acronis\TrueImageMonitor.exe
D:\Logiciels Divers\Paint shop pro 12\CorelIOMonitor.exe
C:\UTIL\RocketDock\RocketDock.exe
C:\UTIL\GadWin\PrintScreen.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Logiciels Divers\CircleDock0.9.2Alpha8.1\CircleDock.exe
C:\Program Files\Pense-bete\pb79f.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\UTIL\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bing.com/?toHttps=1&redig=F6E03C3CC058415AA40F1BC2D47E2332
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Logiciels Divers\Snagit\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\UTIL\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Logiciels Divers\Snagit\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\UTIL\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\UTIL\Antivirus\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Logiciels Divers\Acronis\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Service Scheduler2 Acronis] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] D:\Logiciels Divers\Paint shop pro 12\CorelIOMonitor.exe
O4 - HKCU\..\Run: [RocketDock] "C:\UTIL\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\UTIL\GadWin\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: CircleDock.exe.lnk = D:\Logiciels Divers\CircleDock0.9.2Alpha8.1\CircleDock.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - (no file)
O9 - Extra 'Tools' menuitem: Email ID Préférences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - (no file)
O9 - Extra 'Tools' menuitem: À propos de Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\UTIL\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\UTIL\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - D:\Logiciels Divers\Antidote 2008\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - D:\Logiciels Divers\Antidote 2008\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - D:\Logiciels Divers\Antidote 2008\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://www.gamespy.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/hardwaredetection_3_1_2_0.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Service Scheduler2 Acronis (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\UTIL\Antivirus\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\UTIL\Antivirus\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\UTIL\Antivirus\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\UTIL\Antivirus\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c95c85dab44e17) (gupdate1c95c85dab44e17) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\Iconix\IconixService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\UTIL\Ma configue\maconfservice.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\UTIL\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\UTIL\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Unknown owner - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Logiciels Divers\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
0
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
12 oct. 2009 à 18:36
désactive antivir, et reprends le téléchargement de combofix, ainsi que la manip
0
Toujours pareil sans l'anti virus
0
je suis sous Windows 7 !
0
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
12 oct. 2009 à 19:25
dans ce cas retélécharge-le en mode sans échec avec prise ne charge réseau
0
bon j'ai tout re téléchargé sans échec et le probleme est pareil( ne trouve pas NircmdB.exe)
0
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
12 oct. 2009 à 22:16
bon, dernier essai, toujours en ss échec, télécharge-le, renomme-le braviax.exe et lance-le
0
j'ai resolu le probleme avec : outils < option internet > general - suppression de " about blank " et afficher une autre page d'accueil. ensuite > demarrer - executer msconfig et dans la section services et demarrage decocher about blank.
Un logiciel gratuit tel que Glary Utilities et les sections demarrage ou processus en cours peuvent resoudre le pbme. bonne chance
0
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
12 oct. 2009 à 22:39
TDSS:le 12/10/2009 à 14:51:51 "C:\Windows\System32\ovfst*.???"
0
toujours le meme probleme
0
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
13 oct. 2009 à 11:23
Télécharge Sysprot https://3c416dfc-a-62cb3a1a-s-sites.googlegroups.com/site/sysprotantirootkit/Home/SysProt.zip?attachauth=ANoY7cqxnzQSAOweMB1j1RjBx63qHLQnx1RrB041ebnNnUkA2E7iUZlFXPn94FP1IUHBJSwoSr5WblYwsVBjiyaDOKhebdI3IV9oewennApIgI_z92W9PJmfwsnozJcQn66wJBG1RP0eCl1Xv_HZjeP-n-Pf2uHskwiOLYePagIzgigsE9RUmK40KwAL0DRxju5sEcAU_uOSbkivGezpyqu7eDpAxIo2TUMVmuDywLmABSKQ80dw0gw%3D&attredirects=2
dézippe-le et lance l'exécutable
vas dans l'onglet "Log" et coche ttes les cases, ainsi que "Hidden objects only", puis "create log"
patiente qques instants, sélectionne "all drives " lorsque c'est demandé" et à la fin poste le rapport SysProtLog.txt qui est dans le même dossier que Sysprot.Exe
0
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: ROBERT:49795
Remote Address: SPYNET2.MICROSOFT.COM:HTTPS
Type: TCP
Process: 6856 (PID)
State: ESTABLISHED

Local Address: ROBERT:49792
Remote Address: WWW-GOOGLE-ANALYTICS.L.GOOGLE.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49786
Remote Address: 81.52.140.16:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49785
Remote Address: 81.52.140.16:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49778
Remote Address: 81.52.140.16:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49770
Remote Address: A350.G.AKAMAI.NET:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49764
Remote Address: PAGEAD.L.GOOGLE.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49762
Remote Address: PAGEAD.L.GOOGLE.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49761
Remote Address: PAGEAD.L.GOOGLE.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49756
Remote Address: A2.X.AKAMAI.NET:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49754
Remote Address: A2.X.AKAMAI.NET:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49753
Remote Address: A2.X.AKAMAI.NET:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49744
Remote Address: A1727.B.AKAMAI.NET:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49738
Remote Address: WWW.ABCOMPTEUR.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:49717
Remote Address: A4.BING.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49690
Remote Address: C.ATDMT.COM.NSATC.NET:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49686
Remote Address: PAGEAD.L.DOUBLECLICK.NET:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49685
Remote Address: PAGEAD.L.GOOGLE.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49682
Remote Address: C.LIVE.COM.NSATC.NET:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49660
Remote Address: WWW.BING.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49658
Remote Address: PAGEAD.L.GOOGLE.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49646
Remote Address: WWW.BING.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:49640
Remote Address: WWW.BING.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: ROBERT:50300
Remote Address: LOCALHOST:49157
Type: TCP
Process: 3148 (PID)
State: ESTABLISHED

Local Address: ROBERT:49791
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49782
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49781
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49780
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: CLOSE_WAIT

Local Address: ROBERT:49779
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: CLOSE_WAIT

Local Address: ROBERT:49776
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49769
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49763
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49760
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49759
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49755
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49752
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49751
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49743
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49715
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49689
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49684
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49683
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49681
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49672
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: CLOSE_WAIT

Local Address: ROBERT:49661
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: CLOSE_WAIT

Local Address: ROBERT:49659
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49656
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49639
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49157
Remote Address: LOCALHOST:50300
Type: TCP
Process: 3048 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49793
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49791
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49787
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49782
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49781
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49780
Type: TCP
Process: 4356 (PID)
State: FIN_WAIT2

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49779
Type: TCP
Process: 4356 (PID)
State: FIN_WAIT2

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49776
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49775
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49773
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49771
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49769
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49767
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49765
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49763
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49760
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49759
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49757
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49755
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49752
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49751
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49747
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49743
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49715
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49689
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49684
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49683
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49681
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49672
Type: TCP
Process: 4356 (PID)
State: FIN_WAIT2

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49661
Type: TCP
Process: 4356 (PID)
State: FIN_WAIT2

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49659
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49656
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49639
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: 2424 (PID)
State: LISTENING

Local Address: ROBERT:50300
Remote Address: 0.0.0.0:0
Type: TCP
Process: 3148 (PID)
State: LISTENING

Local Address: ROBERT:49161
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4656 (PID)
State: LISTENING

Local Address: ROBERT:49158
Remote Address: 0.0.0.0:0
Type: TCP
Process: 844 (PID)
State: LISTENING

Local Address: ROBERT:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: 876 (PID)
State: LISTENING

Local Address: ROBERT:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: 668 (PID)
State: LISTENING

Local Address: ROBERT:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1436 (PID)
State: LISTENING

Local Address: ROBERT:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1264 (PID)
State: LISTENING

Local Address: ROBERT:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: 792 (PID)
State: LISTENING

Local Address: ROBERT:44110
Remote Address: 0.0.0.0:0
Type: TCP
Process: 3884 (PID)
State: LISTENING

Local Address: ROBERT:44080
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4356 (PID)
State: LISTENING

Local Address: ROBERT:WSD
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: ROBERT:MS-WBT-SERVER
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1660 (PID)
State: LISTENING

Local Address: ROBERT:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: ROBERT:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1136 (PID)
State: LISTENING

Local Address: ROBERT:64891
Remote Address: NA
Type: UDP
Process: 2644 (PID)
State: NA

Local Address: ROBERT:SSDP
Remote Address: NA
Type: UDP
Process: 2644 (PID)
State: NA

Local Address: ROBERT:138
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

Local Address: ROBERT:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

Local Address: ROBERT:64892
Remote Address: NA
Type: UDP
Process: 2644 (PID)
State: NA

Local Address: ROBERT:63032
Remote Address: NA
Type: UDP
Process: 6648 (PID)
State: NA

Local Address: ROBERT:61248
Remote Address: NA
Type: UDP
Process: 7408 (PID)
State: NA

Local Address: ROBERT:50957
Remote Address: NA
Type: UDP
Process: 4304 (PID)
State: NA

Local Address: ROBERT:SSDP
Remote Address: NA
Type: UDP
Process: 2644 (PID)
State: NA

Local Address: ROBERT:50955
Remote Address: NA
Type: UDP
Process: 1568 (PID)
State: NA

Local Address: ROBERT:49152
Remote Address: NA
Type: UDP
Process: 2644 (PID)
State: NA

Local Address: ROBERT:LLMNR
Remote Address: NA
Type: UDP
Process: 1660 (PID)
State: NA

Local Address: ROBERT:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: 1436 (PID)
State: NA

Local Address: ROBERT:WS-DISCOVERY
Remote Address: NA
Type: UDP
Process: 2644 (PID)
State: NA

Local Address: ROBERT:WS-DISCOVERY
Remote Address: NA
Type: UDP
Process: 1568 (PID)
State: NA

Local Address: ROBERT:WS-DISCOVERY
Remote Address: NA
Type: UDP
Process: 1568 (PID)
State: NA

Local Address: ROBERT:WS-DISCOVERY
Remote Address: NA
Type: UDP
Process: 2644 (PID)
State: NA

Local Address: ROBERT:500
Remote Address: NA
Type: UDP
Process: 1436 (PID)
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found
0
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: ROBERT:49795
Remote Address: SPYNET2.MICROSOFT.COM:HTTPS
Type: TCP
Process: 6856 (PID)
State: ESTABLISHED

Local Address: ROBERT:49792
Remote Address: WWW-GOOGLE-ANALYTICS.L.GOOGLE.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49786
Remote Address: 81.52.140.16:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49785
Remote Address: 81.52.140.16:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49778
Remote Address: 81.52.140.16:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49770
Remote Address: A350.G.AKAMAI.NET:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49764
Remote Address: PAGEAD.L.GOOGLE.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49762
Remote Address: PAGEAD.L.GOOGLE.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49761
Remote Address: PAGEAD.L.GOOGLE.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49756
Remote Address: A2.X.AKAMAI.NET:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49754
Remote Address: A2.X.AKAMAI.NET:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49753
Remote Address: A2.X.AKAMAI.NET:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49744
Remote Address: A1727.B.AKAMAI.NET:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49738
Remote Address: WWW.ABCOMPTEUR.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:49717
Remote Address: A4.BING.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49690
Remote Address: C.ATDMT.COM.NSATC.NET:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49686
Remote Address: PAGEAD.L.DOUBLECLICK.NET:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49685
Remote Address: PAGEAD.L.GOOGLE.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49682
Remote Address: C.LIVE.COM.NSATC.NET:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49660
Remote Address: WWW.BING.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49658
Remote Address: PAGEAD.L.GOOGLE.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:49646
Remote Address: WWW.BING.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:49640
Remote Address: WWW.BING.COM:HTTP
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: ROBERT:50300
Remote Address: LOCALHOST:49157
Type: TCP
Process: 3148 (PID)
State: ESTABLISHED

Local Address: ROBERT:49791
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49782
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49781
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49780
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: CLOSE_WAIT

Local Address: ROBERT:49779
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: CLOSE_WAIT

Local Address: ROBERT:49776
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49769
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49763
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49760
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49759
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49755
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49752
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49751
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49743
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49715
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49689
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49684
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49683
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49681
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49672
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: CLOSE_WAIT

Local Address: ROBERT:49661
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: CLOSE_WAIT

Local Address: ROBERT:49659
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49656
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49639
Remote Address: LOCALHOST:44080
Type: TCP
Process: 6648 (PID)
State: ESTABLISHED

Local Address: ROBERT:49157
Remote Address: LOCALHOST:50300
Type: TCP
Process: 3048 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49793
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49791
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49787
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49782
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49781
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49780
Type: TCP
Process: 4356 (PID)
State: FIN_WAIT2

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49779
Type: TCP
Process: 4356 (PID)
State: FIN_WAIT2

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49776
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49775
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49773
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49771
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49769
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49767
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49765
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49763
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49760
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49759
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49757
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49755
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49752
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49751
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49747
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49743
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49715
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49689
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49684
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49683
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49681
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49672
Type: TCP
Process: 4356 (PID)
State: FIN_WAIT2

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49661
Type: TCP
Process: 4356 (PID)
State: FIN_WAIT2

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49659
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49656
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:44080
Remote Address: LOCALHOST:49639
Type: TCP
Process: 4356 (PID)
State: ESTABLISHED

Local Address: ROBERT:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: 2424 (PID)
State: LISTENING

Local Address: ROBERT:50300
Remote Address: 0.0.0.0:0
Type: TCP
Process: 3148 (PID)
State: LISTENING

Local Address: ROBERT:49161
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4656 (PID)
State: LISTENING

Local Address: ROBERT:49158
Remote Address: 0.0.0.0:0
Type: TCP
Process: 844 (PID)
State: LISTENING

Local Address: ROBERT:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: 876 (PID)
State: LISTENING

Local Address: ROBERT:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: 668 (PID)
State: LISTENING

Local Address: ROBERT:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1436 (PID)
State: LISTENING

Local Address: ROBERT:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1264 (PID)
State: LISTENING

Local Address: ROBERT:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: 792 (PID)
State: LISTENING

Local Address: ROBERT:44110
Remote Address: 0.0.0.0:0
Type: TCP
Process: 3884 (PID)
State: LISTENING

Local Address: ROBERT:44080
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4356 (PID)
State: LISTENING

Local Address: ROBERT:WSD
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: ROBERT:MS-WBT-SERVER
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1660 (PID)
State: LISTENING

Local Address: ROBERT:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: ROBERT:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1136 (PID)
State: LISTENING

Local Address: ROBERT:64891
Remote Address: NA
Type: UDP
Process: 2644 (PID)
State: NA

Local Address: ROBERT:SSDP
Remote Address: NA
Type: UDP
Process: 2644 (PID)
State: NA

Local Address: ROBERT:138
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

Local Address: ROBERT:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

Local Address: ROBERT:64892
Remote Address: NA
Type: UDP
Process: 2644 (PID)
State: NA

Local Address: ROBERT:63032
Remote Address: NA
Type: UDP
Process: 6648 (PID)
State: NA

Local Address: ROBERT:61248
Remote Address: NA
Type: UDP
Process: 7408 (PID)
State: NA

Local Address: ROBERT:50957
Remote Address: NA
Type: UDP
Process: 4304 (PID)
State: NA

Local Address: ROBERT:SSDP
Remote Address: NA
Type: UDP
Process: 2644 (PID)
State: NA

Local Address: ROBERT:50955
Remote Address: NA
Type: UDP
Process: 1568 (PID)
State: NA

Local Address: ROBERT:49152
Remote Address: NA
Type: UDP
Process: 2644 (PID)
State: NA

Local Address: ROBERT:LLMNR
Remote Address: NA
Type: UDP
Process: 1660 (PID)
State: NA

Local Address: ROBERT:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: 1436 (PID)
State: NA

Local Address: ROBERT:WS-DISCOVERY
Remote Address: NA
Type: UDP
Process: 2644 (PID)
State: NA

Local Address: ROBERT:WS-DISCOVERY
Remote Address: NA
Type: UDP
Process: 1568 (PID)
State: NA

Local Address: ROBERT:WS-DISCOVERY
Remote Address: NA
Type: UDP
Process: 1568 (PID)
State: NA

Local Address: ROBERT:WS-DISCOVERY
Remote Address: NA
Type: UDP
Process: 2644 (PID)
State: NA

Local Address: ROBERT:500
Remote Address: NA
Type: UDP
Process: 1436 (PID)
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found
0
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
13 oct. 2009 à 18:15
---> Télécharge Gmer http://www2.gmer.net/gmer.zip sur ton Bureau.

---> Extrais le contenu de l'archive puis renomme gmer.exe en tib.exe (Le .exe n'est pas forcément visible).
sur ton burreau

---> Double-clique sur tib.exe.

---> si tu as un message warning
comme celui la
http://www.genproc.com/gmer.JPG
clique non puis save, et enregistre sur ton Bureau "gmer.txt".

---> Double-clique sur "gmer.txt", le rapport apparaît, poste-le.
0
GMER 1.0.15.15125 - http://www.gmer.net
Rootkit quick scan 2009-10-13 18:34:48
Windows 6.1.7100
Running: tib.exe; Driver: C:\Users\Robert\AppData\Local\Temp\pwldrpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
0
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
13 oct. 2009 à 19:12
Dans une fenêtre de commande écris cette instruction et poste le résultat

dir C:\Windows\System32\ovfst*.???
0
je comprend pas ?
0
dans Exécuter que je dois écrire cette instruction ?
0
Microsoft Windows [version 6.1.7100]
Copyright (c) 2009 Microsoft Corporation. Tous droits réservés.

C:\Users\Robert>dir C:\Windows\system32\ovfst*.???
Le volume dans le lecteur C s'appelle VistaOS
Le numéro de série du volume est DC80-476F

Répertoire de C:\Windows\system32

Fichier introuvable

C:\Users\Robert>
0
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
13 oct. 2009 à 20:26
Relance GenProc et dis moi si tu as toujours ton problème
0
Rapport GenProc 2.637 [2] - 13/10/2009 à 20:37:10
@ Windows 7 - Mode normal
@ Internet Explorer (8.0.7100.0) [Navigateur par défaut]

~~ CM DISK ERROR ~~

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :


# Etape 1/ Télécharge :
ToolsCleaner! http://pc-system.fr/ (A.Rothstein & Dj QUIOU) sur ton Bureau.

# Etape 2/
- Double-clique sur ToolsCleaner2.exe pour le lancer.
- Clique sur Recherche et laisse le scan agir.
- Clique sur Suppression pour finaliser.
- Tu peux, si tu le souhaites, te servir des Options Facultatives.
- Clique sur Quitter pour obtenir le rapport C:\TCleaner.txt


# Etape 3/
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt




~~~~ INFORMATION COMPLEMENTAIRE ~~~~


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:10, on 13/10/2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\System32\oodtray.exe
C:\UTIL\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Logiciels Divers\Paint shop pro 12\CorelIOMonitor.exe
C:\UTIL\Antivirus\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
D:\Logiciels Divers\Acronis\TrueImageMonitor.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\UTIL\GadWin\PrintScreen.exe
C:\UTIL\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Logiciels Divers\CircleDock0.9.2Alpha8.1\CircleDock.exe
C:\Program Files\Pense-bete\pb79f.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\Explorer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\GenProc\outil\Robert_GenProc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bing.com/?toHttps=1&redig=F6E03C3CC058415AA40F1BC2D47E2332
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Logiciels Divers\Snagit\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\UTIL\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Logiciels Divers\Snagit\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\UTIL\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] D:\Logiciels Divers\Paint shop pro 12\CorelIOMonitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\UTIL\Antivirus\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Logiciels Divers\Acronis\TimounterMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Logiciels Divers\Acronis\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\UTIL\GadWin\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [RocketDock] "C:\UTIL\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: CircleDock.exe.lnk = D:\Logiciels Divers\CircleDock0.9.2Alpha8.1\CircleDock.exe
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - (no file)
O9 - Extra 'Tools' menuitem: Email ID Préférences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - (no file)
O9 - Extra 'Tools' menuitem: À propos de Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\UTIL\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\UTIL\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - D:\Logiciels Divers\Antidote 2008\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - D:\Logiciels Divers\Antidote 2008\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - D:\Logiciels Divers\Antidote 2008\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://www.gamespy.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/hardwaredetection_3_1_2_0.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Service Scheduler2 Acronis (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\UTIL\Antivirus\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\UTIL\Antivirus\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\UTIL\Antivirus\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\UTIL\Antivirus\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c95c85dab44e17) (gupdate1c95c85dab44e17) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\Iconix\IconixService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\UTIL\Ma configue\maconfservice.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\UTIL\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\UTIL\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Unknown owner - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Logiciels Divers\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
0
cachou52fr > cachou52fr
14 oct. 2009 à 14:38
bonjour,
le probleme est toujours présent a l'ouverture d'internet explorer
0
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
13 oct. 2009 à 20:57
fais le scan nod32 suggéré
0