Mon PC est devenu lent

Jean -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
SVP Mon PC est devenu trés lent et je ne sais pas pourquoi.

Sachant que Symantec ne voulait pas être enlevé malgré que j'ai téléchargé le logiciel remove je me suis dit peut être c à cause des résidus symantec

merci

voici hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:48, on 12/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
C:\Program Files\Topro\tppoll.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\aetcrss1.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\CKF\Mes documents\Téléchargements\Norton_Removal_Tool(3).exe
C:\DOCUME~1\CKF\LOCALS~1\Temp\7zS1C.tmp\SymNRT.exe
C:\Documents and Settings\CKF\Mes documents\Téléchargements\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1940427
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.smscut.com/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, explorer.exe,
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (file missing)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [antihost] C:\WINDOWS\system32\ahr.exe
O4 - HKLM\..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O4 - Global Startup: TP-LINK
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F27FBA6-B4E0-4D55-AAF9-7C1F3FCA869E}: NameServer = 193.95.66.10,193.95.67.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5ECB070-B2A2-4CAD-8C93-229384CB13E9}: NameServer = 213.150.189.10,213.150.191.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F27FBA6-B4E0-4D55-AAF9-7C1F3FCA869E}: NameServer = 193.95.66.10,193.95.67.20
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: regedit.dll
O21 - SSODL: JcWvAgsBsuM - {1CAD5DD8-B607-F772-7582-AB3057ECB1BE} - C:\WINDOWS\system32\yzcxn.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service Google Update (gupdate1c9c9aca1ce22ae) (gupdate1c9c9aca1ce22ae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 12065 bytes
Configuration: Windows XP
Firefox 3.5.2

3 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
    1. Jean
       
      Merci voila le rapport

      ComboFix 09-10-11.03 - CKF 12/10/2009 17:22.1.2 - NTFSx86
      Lancé depuis: c:\documents and settings\CKF\Mes documents\Téléchargements\ComboFix.exe
      AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

      AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\All Users\Application Data\1pdfdec.dll
      c:\documents and settings\CKF\Application Data\inst.exe
      c:\windows\Downloaded Program Files\bdcore.dll
      c:\windows\Downloaded Program Files\libfn.dll
      c:\windows\Installer\16dc1be.msi
      c:\windows\patch.exe
      c:\windows\system32\__c0018BE.exe
      c:\windows\system32\__c0029.exe
      c:\windows\system32\__c002CD6.exe
      c:\windows\system32\__c003D6C.exe
      c:\windows\system32\__c004823.exe
      c:\windows\system32\__c004AE1.exe
      c:\windows\system32\__c005F90.exe
      c:\windows\system32\__c006784.exe
      c:\windows\system32\__c006952.exe
      c:\windows\system32\__c0072AE.exe
      c:\windows\system32\Cache
      c:\windows\system32\regedit.dll
      D:\AUTORUN.INF

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-12 au 2009-10-12 ))))))))))))))))))))))))))))))))))))
      .

      2009-09-28 17:35 . 2009-10-12 14:49 -------- d-----w- C:\tmp
      2009-09-28 17:33 . 2009-10-01 15:29 -------- d-----w- c:\documents and settings\CKF\Local Settings\Application Data\smscut
      2009-09-28 17:31 . 2009-09-28 17:30 411368 ----a-w- c:\windows\system32\deploytk.dll
      2009-09-28 17:30 . 2009-09-28 17:30 -------- d-----w- c:\program files\Java
      2009-09-28 17:23 . 2009-09-28 17:33 -------- d-----w- c:\program files\smsCut
      2009-09-25 06:56 . 2009-09-25 06:56 221184 ----a-w- c:\windows\system32\bitcap.dll
      2009-09-25 06:56 . 2009-09-25 06:56 221184 ----a-w- c:\windows\system32\olecache.dll
      2009-09-18 10:09 . 2008-06-19 16:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
      2009-09-18 10:05 . 2009-09-18 10:05 -------- d-----w- c:\program files\Panda Security
      2009-09-18 09:55 . 2009-09-18 09:56 -------- d-----w- C:\GenProc
      2009-09-17 14:23 . 2009-10-12 12:49 -------- d-----w- c:\documents and settings\CKF\Tracing
      2009-09-17 14:20 . 2009-09-17 14:20 -------- d-----w- c:\program files\Microsoft
      2009-09-17 13:30 . 2009-09-17 13:30 -------- d-----w- c:\program files\Windows Live SkyDrive
      2009-09-17 13:29 . 2009-09-17 14:20 -------- d-----w- c:\program files\Windows Live
      2009-09-17 12:47 . 2009-09-17 12:47 -------- d-----w- c:\program files\Fichiers communs\Windows Live

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-10-12 13:50 . 2007-05-14 15:04 -------- d-----w- c:\documents and settings\CKF\Application Data\Skype
      2009-10-12 07:53 . 2008-03-24 08:49 -------- d-----w- c:\documents and settings\CKF\Application Data\skypePM
      2009-09-29 11:54 . 2007-07-10 12:13 -------- d-----w- c:\program files\FiscaVision
      2009-09-22 12:20 . 2009-09-05 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-09-11 13:07 . 2009-08-19 08:23 -------- d-----w- c:\documents and settings\CKF\Application Data\FileZilla
      2009-09-11 12:31 . 2008-12-25 15:05 -------- d-----w- c:\program files\ESET
      2009-09-11 08:32 . 2009-09-11 08:32 -------- d-----w- c:\program files\Windows Installer Clean Up
      2009-09-11 08:32 . 2009-09-11 08:32 -------- d-----w- c:\program files\MSECACHE
      2009-09-10 13:54 . 2009-09-05 11:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-09-10 13:53 . 2009-09-05 11:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-09-05 11:52 . 2009-09-05 11:52 -------- d-----w- c:\documents and settings\CKF\Application Data\Malwarebytes
      2009-09-05 11:51 . 2009-09-05 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-09-05 11:27 . 2007-06-03 10:11 -------- d-----w- c:\program files\RM to MP3 Converter
      2009-09-05 11:08 . 2008-06-21 07:20 -------- d-----w- c:\program files\Hotspot Shield
      2009-09-01 13:12 . 2009-09-01 13:12 226816 ----a-w- c:\windows\system32\olemon.dll
      2009-09-01 13:09 . 2009-09-01 13:09 226816 ----a-w- c:\windows\system32\sysutil.dll
      2009-08-26 12:04 . 2001-08-28 10:00 564506 ----a-w- c:\windows\system32\perfh00C.dat
      2009-08-26 12:04 . 2001-08-28 10:00 111174 ----a-w- c:\windows\system32\perfc00C.dat
      2009-08-19 08:23 . 2009-08-19 08:22 -------- d-----w- c:\program files\FileZilla FTP Client
      2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
      2009-05-12 13:44 . 2009-05-12 13:42 2951000 ----a-w- c:\program files\FLV PlayerFCSetup.exe
      2009-05-12 13:42 . 2009-05-12 13:38 9810664 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
      2009-05-12 13:37 . 2009-05-12 13:26 21433208 ----a-w- c:\program files\FLV PlayerRCSetup.exe
      .

      ------- Sigcheck -------

      [7] 2004-08-19 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lsass.exe
      [-] 2004-08-19 . 85E1AE7E1D73401CB08EF8620F79D3C5 . 14848 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
      [-] 2002-08-29 . B7B1C150AFF59455DB4DF082815F88F5 . 11776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\lsass.exe

      [7] 2004-08-19 . 63DCDE1A0D86EEB8924D6738FF616EAD . 108544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\services.exe
      [-] 2004-08-19 . E048088F07EC4E6D99D7ACC1B4F2E0B5 . 110592 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
      [-] 2001-08-28 . FC0691097471EE374907E1024EDCBD43 . 101888 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\services.exe

      [7] 2004-08-19 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\svchost.exe
      [-] 2004-08-19 . D4E1C51B2193ACA4CB34D834B8BC967F . 17408 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
      [-] 2001-08-28 . 333A4DB8410D8E24DB06D6AEBECDC7C2 . 12800 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\svchost.exe

      [7] 2004-08-19 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
      [-] 2004-08-19 . AA8CA6FBDDD1DD97EC2B9D7BA2A938DB . 510464 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
      [-] 2002-08-29 . 71820BC9EE6653C8748922459DFC384D . 520704 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{88f8c352-20c7-4051-aaa1-5466cd5e5f63}"= "c:\program files\smscut\tbsmsc.dll" [2009-04-01 2086936]

      [HKEY_CLASSES_ROOT\clsid\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]
      2009-04-01 13:27 2086936 ----a-w- c:\program files\smsCut\tbsmsc.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{88f8c352-20c7-4051-aaa1-5466cd5e5f63}"= "c:\program files\smscut\tbsmsc.dll" [2009-04-01 2086936]

      [HKEY_CLASSES_ROOT\clsid\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{88F8C352-20C7-4051-AAA1-5466CD5E5F63}"= "c:\program files\smscut\tbsmsc.dll" [2009-04-01 2086936]

      [HKEY_CLASSES_ROOT\clsid\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-05 39408]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
      "ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-04-18 48752]
      "GW Port Controller"="c:\program files\Samsung\SmarThru\PORTCTRL.EXE" [2004-02-09 163840]
      "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
      "tppoll"="c:\program files\Topro\tppoll.exe" [2005-03-02 24576]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-06-13 198160]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-28 149280]
      "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-01 16208384]
      "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
      "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-06-06 544768]
      "CertificateRegistration"="aetcrss1.exe" - c:\windows\system32\aetcrss1.exe [2008-06-02 208896]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2008-4-2 622592]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\TP-LINK
      TL-WN322G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN322G Wireless Utility\ZDWlan.exe [2009-5-20 491520]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "DisableCAD"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Shareaza\\Shareaza.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

      R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [18/09/2009 11:09 28544]
      R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [05/02/2009 22:56 117208]
      R3 DCamUSBIntel;USB Video Camera;c:\windows\system32\drivers\TP6800.sys [21/12/2007 07:54 201032]
      R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [25/02/2009 10:48 31704]
      S2 gupdate1c9c9aca1ce22ae;Service Google Update (gupdate1c9c9aca1ce22ae);c:\program files\Google\Update\GoogleUpdate.exe [30/04/2009 16:59 133104]
      S3 cxbu1wdm;OEM USB Smart Card Reader;c:\windows\system32\drivers\cxbu1wdm.sys [05/08/2008 07:08 93312]
      S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [09/05/2005 09:46 127584]

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
      c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll
      .
      Contenu du dossier 'Tâches planifiées'

      2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 15:59]

      2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 15:59]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1940427
      uSearch Page = hxxp://www.google.com
      uSearch Bar = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: Chercher avec Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      TCP: {6F27FBA6-B4E0-4D55-AAF9-7C1F3FCA869E} = 193.95.66.10,193.95.67.20
      TCP: {A5ECB070-B2A2-4CAD-8C93-229384CB13E9} = 213.150.189.10,213.150.191.9
      Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
      Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
      DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
      FF - ProfilePath - c:\documents and settings\CKF\Application Data\Mozilla\Firefox\Profiles\823c131f.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1940427&SearchSource=3&q={searchTerms}
      FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1940427
      FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1940427&SearchSource=2&q=
      FF - prefs.js: network.proxy.type - 2
      FF - component: c:\documents and settings\CKF\Application Data\Mozilla\Firefox\Profiles\823c131f.default\extensions\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}\components\FFExternalAlert.dll
      FF - component: c:\documents and settings\CKF\Application Data\Mozilla\Firefox\Profiles\823c131f.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
      FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
      .
      .
      ------- Associations de fichier -------
      .
      inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\Hotspot Shield\hssie\HssIE.dll
      HKLM-Run-antihost - c:\windows\system32\ahr.exe
      HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
      SSODL-JcWvAgsBsuM-{1CAD5DD8-B607-F772-7582-AB3057ECB1BE} - c:\windows\system32\yzcxn.dll
      Notify-WgaLogon - (no file)
      AddRemove-Radio_Fr - c:\program files\Radio Fr Solo\Uninstall.exe



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-10-12 17:29
      Windows 5.1.2600 Service Pack 2 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:ôwjY*]
      "DisplayName"="??8\17?\11\09"
      "DeviceDesc"="??8\17?\11\09"
      "ProviderName"="???\11?\17?\11??"
      "MFG"="???????"
      "ReinstallString"=".10.1000.7"
      "DeviceInstanceIds"=multi:"c:\\windows\\temp\\sbdrv\\smbus\\smbusati.inf\00"
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(1504)
      c:\windows\system32\Ati2evxx.dll
      .
      Heure de fin: 2009-10-12 17:31
      ComboFix-quarantined-files.txt 2009-10-12 16:31

      Avant-CF: 21 354 168 320 octets libres
      Après-CF: 23 021 338 624 octets libres

      WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

      219 --- E O F --- 2008-04-24 07:53
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    tu utilise la barre smsCut?

    colle un rapport avec malwarebyte que tu as (un scan rapide suffira)

    puis

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
    1. Jean
       
      Logfile of random's system information tool 1.06 (written by random/random)
      Run by CKF at 2009-10-12 17:52:20
      Microsoft Windows XP Professionnel Service Pack 2
      System drive C: has 22 GB (44%) free of 50 GB
      Total RAM: 383 MB (26% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:52:33, on 12/10/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Symantec AntiVirus\DefWatch.exe
      C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
      C:\WINDOWS\system32\inetsrv\inetinfo.exe
      C:\Program Files\Google\Update\GoogleUpdate.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\WINDOWS\system32\aetcrss1.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\notepad.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\System32\dllhost.exe
      C:\WINDOWS\system32\inetsrv\DavCData.exe
      C:\Documents and Settings\CKF\Mes documents\Téléchargements\RSIT.exe
      C:\Documents and Settings\CKF\Mes documents\Téléchargements\CKF.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1940427
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
      R3 - URLSearchHook: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O2 - BHO: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
      O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O3 - Toolbar: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
      O4 - Global Startup: TP-LINK
      O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
      O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{6F27FBA6-B4E0-4D55-AAF9-7C1F3FCA869E}: NameServer = 193.95.66.10,193.95.67.20
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A5ECB070-B2A2-4CAD-8C93-229384CB13E9}: NameServer = 213.150.189.10,213.150.191.9
      O17 - HKLM\System\CS1\Services\Tcpip\..\{6F27FBA6-B4E0-4D55-AAF9-7C1F3FCA869E}: NameServer = 193.95.66.10,193.95.67.20
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
      O23 - Service: Service Google Update (gupdate1c9c9aca1ce22ae) (gupdate1c9c9aca1ce22ae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    rappel :

    tu utilise la barre smsCut?

    colle un rapport avec malwarebyte que tu as (un scan rapide suffira)
    0