Sujet Précédent Sujet Suivant

Mon PC est devenu lent

Fermé
Jean - 12 oct. 2009 à 17:37
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 12 oct. 2009 à 19:36
Bonjour,
SVP Mon PC est devenu trés lent et je ne sais pas pourquoi.

Sachant que Symantec ne voulait pas être enlevé malgré que j'ai téléchargé le logiciel remove je me suis dit peut être c à cause des résidus symantec

merci

voici hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:48, on 12/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
C:\Program Files\Topro\tppoll.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\aetcrss1.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\CKF\Mes documents\Téléchargements\Norton_Removal_Tool(3).exe
C:\DOCUME~1\CKF\LOCALS~1\Temp\7zS1C.tmp\SymNRT.exe
C:\Documents and Settings\CKF\Mes documents\Téléchargements\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1940427
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.smscut.com/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, explorer.exe,
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (file missing)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [antihost] C:\WINDOWS\system32\ahr.exe
O4 - HKLM\..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O4 - Global Startup: TP-LINK
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F27FBA6-B4E0-4D55-AAF9-7C1F3FCA869E}: NameServer = 193.95.66.10,193.95.67.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5ECB070-B2A2-4CAD-8C93-229384CB13E9}: NameServer = 213.150.189.10,213.150.191.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F27FBA6-B4E0-4D55-AAF9-7C1F3FCA869E}: NameServer = 193.95.66.10,193.95.67.20
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: regedit.dll
O21 - SSODL: JcWvAgsBsuM - {1CAD5DD8-B607-F772-7582-AB3057ECB1BE} - C:\WINDOWS\system32\yzcxn.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service Google Update (gupdate1c9c9aca1ce22ae) (gupdate1c9c9aca1ce22ae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
A voir également:

3 réponses

Réponse 1 / 3
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
12 oct. 2009 à 17:43
slt,



télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Jean
12 oct. 2009 à 18:35
Merci voila le rapport

ComboFix 09-10-11.03 - CKF 12/10/2009 17:22.1.2 - NTFSx86
Lancé depuis: c:\documents and settings\CKF\Mes documents\Téléchargements\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\1pdfdec.dll
c:\documents and settings\CKF\Application Data\inst.exe
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\16dc1be.msi
c:\windows\patch.exe
c:\windows\system32\__c0018BE.exe
c:\windows\system32\__c0029.exe
c:\windows\system32\__c002CD6.exe
c:\windows\system32\__c003D6C.exe
c:\windows\system32\__c004823.exe
c:\windows\system32\__c004AE1.exe
c:\windows\system32\__c005F90.exe
c:\windows\system32\__c006784.exe
c:\windows\system32\__c006952.exe
c:\windows\system32\__c0072AE.exe
c:\windows\system32\Cache
c:\windows\system32\regedit.dll
D:\AUTORUN.INF

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-12 au 2009-10-12 ))))))))))))))))))))))))))))))))))))
.

2009-09-28 17:35 . 2009-10-12 14:49 -------- d-----w- C:\tmp
2009-09-28 17:33 . 2009-10-01 15:29 -------- d-----w- c:\documents and settings\CKF\Local Settings\Application Data\smscut
2009-09-28 17:31 . 2009-09-28 17:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-28 17:30 . 2009-09-28 17:30 -------- d-----w- c:\program files\Java
2009-09-28 17:23 . 2009-09-28 17:33 -------- d-----w- c:\program files\smsCut
2009-09-25 06:56 . 2009-09-25 06:56 221184 ----a-w- c:\windows\system32\bitcap.dll
2009-09-25 06:56 . 2009-09-25 06:56 221184 ----a-w- c:\windows\system32\olecache.dll
2009-09-18 10:09 . 2008-06-19 16:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-09-18 10:05 . 2009-09-18 10:05 -------- d-----w- c:\program files\Panda Security
2009-09-18 09:55 . 2009-09-18 09:56 -------- d-----w- C:\GenProc
2009-09-17 14:23 . 2009-10-12 12:49 -------- d-----w- c:\documents and settings\CKF\Tracing
2009-09-17 14:20 . 2009-09-17 14:20 -------- d-----w- c:\program files\Microsoft
2009-09-17 13:30 . 2009-09-17 13:30 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-17 13:29 . 2009-09-17 14:20 -------- d-----w- c:\program files\Windows Live
2009-09-17 12:47 . 2009-09-17 12:47 -------- d-----w- c:\program files\Fichiers communs\Windows Live

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 13:50 . 2007-05-14 15:04 -------- d-----w- c:\documents and settings\CKF\Application Data\Skype
2009-10-12 07:53 . 2008-03-24 08:49 -------- d-----w- c:\documents and settings\CKF\Application Data\skypePM
2009-09-29 11:54 . 2007-07-10 12:13 -------- d-----w- c:\program files\FiscaVision
2009-09-22 12:20 . 2009-09-05 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-11 13:07 . 2009-08-19 08:23 -------- d-----w- c:\documents and settings\CKF\Application Data\FileZilla
2009-09-11 12:31 . 2008-12-25 15:05 -------- d-----w- c:\program files\ESET
2009-09-11 08:32 . 2009-09-11 08:32 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-09-11 08:32 . 2009-09-11 08:32 -------- d-----w- c:\program files\MSECACHE
2009-09-10 13:54 . 2009-09-05 11:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-09-05 11:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-05 11:52 . 2009-09-05 11:52 -------- d-----w- c:\documents and settings\CKF\Application Data\Malwarebytes
2009-09-05 11:51 . 2009-09-05 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-05 11:27 . 2007-06-03 10:11 -------- d-----w- c:\program files\RM to MP3 Converter
2009-09-05 11:08 . 2008-06-21 07:20 -------- d-----w- c:\program files\Hotspot Shield
2009-09-01 13:12 . 2009-09-01 13:12 226816 ----a-w- c:\windows\system32\olemon.dll
2009-09-01 13:09 . 2009-09-01 13:09 226816 ----a-w- c:\windows\system32\sysutil.dll
2009-08-26 12:04 . 2001-08-28 10:00 564506 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-26 12:04 . 2001-08-28 10:00 111174 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-19 08:23 . 2009-08-19 08:22 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-05-12 13:44 . 2009-05-12 13:42 2951000 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2009-05-12 13:42 . 2009-05-12 13:38 9810664 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2009-05-12 13:37 . 2009-05-12 13:26 21433208 ----a-w- c:\program files\FLV PlayerRCSetup.exe
.

------- Sigcheck -------

[7] 2004-08-19 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2004-08-19 . 85E1AE7E1D73401CB08EF8620F79D3C5 . 14848 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2002-08-29 . B7B1C150AFF59455DB4DF082815F88F5 . 11776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[7] 2004-08-19 . 63DCDE1A0D86EEB8924D6738FF616EAD . 108544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-19 . E048088F07EC4E6D99D7ACC1B4F2E0B5 . 110592 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
[-] 2001-08-28 . FC0691097471EE374907E1024EDCBD43 . 101888 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\services.exe

[7] 2004-08-19 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2004-08-19 . D4E1C51B2193ACA4CB34D834B8BC967F . 17408 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2001-08-28 . 333A4DB8410D8E24DB06D6AEBECDC7C2 . 12800 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[7] 2004-08-19 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-19 . AA8CA6FBDDD1DD97EC2B9D7BA2A938DB . 510464 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2002-08-29 . 71820BC9EE6653C8748922459DFC384D . 520704 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88f8c352-20c7-4051-aaa1-5466cd5e5f63}"= "c:\program files\smscut\tbsmsc.dll" [2009-04-01 2086936]

[HKEY_CLASSES_ROOT\clsid\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]
2009-04-01 13:27 2086936 ----a-w- c:\program files\smsCut\tbsmsc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88f8c352-20c7-4051-aaa1-5466cd5e5f63}"= "c:\program files\smscut\tbsmsc.dll" [2009-04-01 2086936]

[HKEY_CLASSES_ROOT\clsid\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88F8C352-20C7-4051-AAA1-5466CD5E5F63}"= "c:\program files\smscut\tbsmsc.dll" [2009-04-01 2086936]

[HKEY_CLASSES_ROOT\clsid\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-04-18 48752]
"GW Port Controller"="c:\program files\Samsung\SmarThru\PORTCTRL.EXE" [2004-02-09 163840]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"tppoll"="c:\program files\Topro\tppoll.exe" [2005-03-02 24576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-06-13 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-28 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-01 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-06-06 544768]
"CertificateRegistration"="aetcrss1.exe" - c:\windows\system32\aetcrss1.exe [2008-06-02 208896]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2008-4-2 622592]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\TP-LINK
TL-WN322G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN322G Wireless Utility\ZDWlan.exe [2009-5-20 491520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [18/09/2009 11:09 28544]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [05/02/2009 22:56 117208]
R3 DCamUSBIntel;USB Video Camera;c:\windows\system32\drivers\TP6800.sys [21/12/2007 07:54 201032]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [25/02/2009 10:48 31704]
S2 gupdate1c9c9aca1ce22ae;Service Google Update (gupdate1c9c9aca1ce22ae);c:\program files\Google\Update\GoogleUpdate.exe [30/04/2009 16:59 133104]
S3 cxbu1wdm;OEM USB Smart Card Reader;c:\windows\system32\drivers\cxbu1wdm.sys [05/08/2008 07:08 93312]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [09/05/2005 09:46 127584]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll
.
Contenu du dossier 'Tâches planifiées'

2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 15:59]

2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 15:59]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1940427
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Chercher avec Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {6F27FBA6-B4E0-4D55-AAF9-7C1F3FCA869E} = 193.95.66.10,193.95.67.20
TCP: {A5ECB070-B2A2-4CAD-8C93-229384CB13E9} = 213.150.189.10,213.150.191.9
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\CKF\Application Data\Mozilla\Firefox\Profiles\823c131f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1940427&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1940427
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1940427&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\CKF\Application Data\Mozilla\Firefox\Profiles\823c131f.default\extensions\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\CKF\Application Data\Mozilla\Firefox\Profiles\823c131f.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.
.
------- Associations de fichier -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\Hotspot Shield\hssie\HssIE.dll
HKLM-Run-antihost - c:\windows\system32\ahr.exe
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
SSODL-JcWvAgsBsuM-{1CAD5DD8-B607-F772-7582-AB3057ECB1BE} - c:\windows\system32\yzcxn.dll
Notify-WgaLogon - (no file)
AddRemove-Radio_Fr - c:\program files\Radio Fr Solo\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 17:29
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:ôwjY*]
"DisplayName"="??8\17?\11\09"
"DeviceDesc"="??8\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.7"
"DeviceInstanceIds"=multi:"c:\\windows\\temp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1504)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-10-12 17:31
ComboFix-quarantined-files.txt 2009-10-12 16:31

Avant-CF: 21 354 168 320 octets libres
Après-CF: 23 021 338 624 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

219 --- E O F --- 2008-04-24 07:53
0
Réponse 2 / 3
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
12 oct. 2009 à 18:48
ok

tu utilise la barre smsCut?

colle un rapport avec malwarebyte que tu as (un scan rapide suffira)


puis



Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Jean
12 oct. 2009 à 18:54
Logfile of random's system information tool 1.06 (written by random/random)
Run by CKF at 2009-10-12 17:52:20
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 22 GB (44%) free of 50 GB
Total RAM: 383 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:33, on 12/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\aetcrss1.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\inetsrv\DavCData.exe
C:\Documents and Settings\CKF\Mes documents\Téléchargements\RSIT.exe
C:\Documents and Settings\CKF\Mes documents\Téléchargements\CKF.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1940427
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: smscut Toolbar - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - C:\Program Files\smscut\tbsmsc.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O4 - Global Startup: TP-LINK
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F27FBA6-B4E0-4D55-AAF9-7C1F3FCA869E}: NameServer = 193.95.66.10,193.95.67.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5ECB070-B2A2-4CAD-8C93-229384CB13E9}: NameServer = 213.150.189.10,213.150.191.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F27FBA6-B4E0-4D55-AAF9-7C1F3FCA869E}: NameServer = 193.95.66.10,193.95.67.20
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service Google Update (gupdate1c9c9aca1ce22ae) (gupdate1c9c9aca1ce22ae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
0
Réponse 3 / 3
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
12 oct. 2009 à 19:36
rappel :


tu utilise la barre smsCut?

colle un rapport avec malwarebyte que tu as (un scan rapide suffira)
0