Pc ralenti -> infection
Résolu/Fermé
blasterofmetal
Messages postés
415
Date d'inscription
jeudi 1 mai 2008
Statut
Membre
Dernière intervention
29 août 2013
-
28 oct. 2009 à 12:21
blasterofmetal Messages postés 415 Date d'inscription jeudi 1 mai 2008 Statut Membre Dernière intervention 29 août 2013 - 29 oct. 2009 à 19:17
blasterofmetal Messages postés 415 Date d'inscription jeudi 1 mai 2008 Statut Membre Dernière intervention 29 août 2013 - 29 oct. 2009 à 19:17
A voir également:
- Pc ralenti -> infection
- Benchmark pc - Guide
- Pc ralenti - Guide
- Ecran noir pc - Guide
- Reinitialiser pc - Guide
- Télécharger musique gratuitement sur pc - Télécharger - Conversion & Extraction
32 réponses
olivier114
Messages postés
1552
Date d'inscription
mercredi 4 mars 2009
Statut
Membre
Dernière intervention
26 novembre 2013
104
29 oct. 2009 à 14:07
29 oct. 2009 à 14:07
bon je pense que ton pc doit avoir un rootkit qui traine par la.
▶ Télécharge mbr.exe de Gmer sur le Bureau : http://www2.gmer.net/mbr/mbr.exe
▶ Désactive toutes tes protections et coupe la connexion.
▶ Double clique sur mbr.exe et laisse l'outil travailler : un rapport nommé mbr.log sera généré
▶ Poste son rapport dans ta prochaine réponse stp
▶ Télécharge mbr.exe de Gmer sur le Bureau : http://www2.gmer.net/mbr/mbr.exe
▶ Désactive toutes tes protections et coupe la connexion.
▶ Double clique sur mbr.exe et laisse l'outil travailler : un rapport nommé mbr.log sera généré
▶ Poste son rapport dans ta prochaine réponse stp
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
725
29 oct. 2009 à 14:12
29 oct. 2009 à 14:12
Re,
Et ça c'est toujours présent :
C:\Program Files\Winsudate\gibusr.exe
C:\Program Files\Winsudate\gibsvc.exe
O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
"WinUsr"=C:\Program Files\Winsudate\gibusr.exe [2009-09-21 88304]
2009-09-21 14:22:53 ----D---- C:\Program Files\Winsudate
R2 WinSvc;Gestionnaire de mise à jour Winsudate; C:\Program Files\Winsudate\gibsvc.exe [2009-09-21 70896]
@blasterofmetal, fais ceci :
-+-+-+-> OTMoveIt <-+-+-+-
[x] Télécharge OTMoveIt (de Old_Timer) à cette adresse : https://www.luanagames.com/index.fr.html sur ton Bureau.
[x] Double-clique sur OTMoveIt.exe.
[x] Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
[x] Copie le texte en gras ci dessous et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved
:processes
explorer.exe
gibsvc.exe
gibusr.exe
:services
Winsudate
Winsvc
:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinUsr"=-
:files
C:\Program Files\Winsudate
:commands
[emptytemp]
[purity]
[start explorer]
[x] Clique sur MoveIt! pour lancer la suppression.
[x] Si OTMoveIt propose de redémarrer ton PC, accepte.
[x] Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.
[x] Dans ta future réponse, envoie le rapport de OTMoveIt situé sous C:\_OTMoveIt\MovedFiles
Et ça c'est toujours présent :
C:\Program Files\Winsudate\gibusr.exe
C:\Program Files\Winsudate\gibsvc.exe
O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
"WinUsr"=C:\Program Files\Winsudate\gibusr.exe [2009-09-21 88304]
2009-09-21 14:22:53 ----D---- C:\Program Files\Winsudate
R2 WinSvc;Gestionnaire de mise à jour Winsudate; C:\Program Files\Winsudate\gibsvc.exe [2009-09-21 70896]
@blasterofmetal, fais ceci :
-+-+-+-> OTMoveIt <-+-+-+-
[x] Télécharge OTMoveIt (de Old_Timer) à cette adresse : https://www.luanagames.com/index.fr.html sur ton Bureau.
[x] Double-clique sur OTMoveIt.exe.
[x] Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
[x] Copie le texte en gras ci dessous et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved
:processes
explorer.exe
gibsvc.exe
gibusr.exe
:services
Winsudate
Winsvc
:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinUsr"=-
:files
C:\Program Files\Winsudate
:commands
[emptytemp]
[purity]
[start explorer]
[x] Clique sur MoveIt! pour lancer la suppression.
[x] Si OTMoveIt propose de redémarrer ton PC, accepte.
[x] Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.
[x] Dans ta future réponse, envoie le rapport de OTMoveIt situé sous C:\_OTMoveIt\MovedFiles
blasterofmetal
Messages postés
415
Date d'inscription
jeudi 1 mai 2008
Statut
Membre
Dernière intervention
29 août 2013
64
29 oct. 2009 à 14:38
29 oct. 2009 à 14:38
OTMOVEIT
========== PROCESSES ==========
Process explorer.exe killed successfully.
Unable to kill process: gibsvc.exe
Process gibusr.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service Winsudate .
Service Winsvc stopped successfully.
Service Winsvc deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinUsr deleted successfully.
========== FILES ==========
C:\Program Files\Winsudate moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\etilqs_8M7yuQJQy7ckzZMJX7Xz scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\Perflib_Perfdata_6d4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\Perflib_Perfdata_e78.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\Perflib_Perfdata_ecc.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\~DF1C68.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\~DF1CA8.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\~DFE00B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\~DFF8FB.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_180.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 10292009_142354
Files moved on Reboot...
File C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\etilqs_8M7yuQJQy7ckzZMJX7Xz not found!
File C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\Perflib_Perfdata_6d4.dat not found!
File C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\Perflib_Perfdata_e78.dat not found!
File C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\Perflib_Perfdata_ecc.dat not found!
File C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\~DF1C68.tmp not found!
File C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\~DF1CA8.tmp not found!
File C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\~DFE00B.tmp not found!
File C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\~DFF8FB.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_180.dat not found!
C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\urlclassifier3.sqlite moved successfully.
========== PROCESSES ==========
Process explorer.exe killed successfully.
Unable to kill process: gibsvc.exe
Process gibusr.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service Winsudate .
Service Winsvc stopped successfully.
Service Winsvc deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinUsr deleted successfully.
========== FILES ==========
C:\Program Files\Winsudate moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\etilqs_8M7yuQJQy7ckzZMJX7Xz scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\Perflib_Perfdata_6d4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\Perflib_Perfdata_e78.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\Perflib_Perfdata_ecc.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\~DF1C68.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\~DF1CA8.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\~DFE00B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\~DFF8FB.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_180.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 10292009_142354
Files moved on Reboot...
File C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\etilqs_8M7yuQJQy7ckzZMJX7Xz not found!
File C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\Perflib_Perfdata_6d4.dat not found!
File C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\Perflib_Perfdata_e78.dat not found!
File C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\Perflib_Perfdata_ecc.dat not found!
File C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\~DF1C68.tmp not found!
File C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\~DF1CA8.tmp not found!
File C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\~DFE00B.tmp not found!
File C:\DOCUME~1\PROPRI~3.FAM\LOCALS~1\Temp\~DFF8FB.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_180.dat not found!
C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Local Settings\Application Data\Mozilla\Firefox\Profiles\q7spisns.default\urlclassifier3.sqlite moved successfully.
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
725
29 oct. 2009 à 14:39
29 oct. 2009 à 14:39
Peux-tu refaire un RSIT stp
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
blasterofmetal
Messages postés
415
Date d'inscription
jeudi 1 mai 2008
Statut
Membre
Dernière intervention
29 août 2013
64
29 oct. 2009 à 14:43
29 oct. 2009 à 14:43
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
725
29 oct. 2009 à 14:44
29 oct. 2009 à 14:44
C'était inutile de faire un scan avec MBR, refais un RSIT stp
blasterofmetal
Messages postés
415
Date d'inscription
jeudi 1 mai 2008
Statut
Membre
Dernière intervention
29 août 2013
64
29 oct. 2009 à 14:52
29 oct. 2009 à 14:52
Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2009-10-29 14:46:17
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 16 GB (30%) free of 53 GB
Total RAM: 767 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:41, on 29/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsus.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe
C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Bureau\RSIT.exe
C:\Program Files\trend micro\Propriétaire.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SB8.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pl12je.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp10.photoprintit.de/microsite/1156/defaults/activex/ImageUploader3.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C762A03-C9A5-414C-8C53-36D32BC14FCD}: NameServer = 192.168.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
Run by Propriétaire at 2009-10-29 14:46:17
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 16 GB (30%) free of 53 GB
Total RAM: 767 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:41, on 29/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsus.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe
C:\Documents and Settings\Propriétaire.FAMILLE-QDS3TN1\Bureau\RSIT.exe
C:\Program Files\trend micro\Propriétaire.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SB8.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pl12je.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp10.photoprintit.de/microsite/1156/defaults/activex/ImageUploader3.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C762A03-C9A5-414C-8C53-36D32BC14FCD}: NameServer = 192.168.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
725
29 oct. 2009 à 14:54
29 oct. 2009 à 14:54
Comment se porte le PC ?
blasterofmetal
Messages postés
415
Date d'inscription
jeudi 1 mai 2008
Statut
Membre
Dernière intervention
29 août 2013
64
29 oct. 2009 à 14:57
29 oct. 2009 à 14:57
Ca m'a l'air pas mal.
En tout cas, c'est de mieux en mieux.
Après comment être sure qu'il n'y a plus rien ?
En tout cas, c'est de mieux en mieux.
Après comment être sure qu'il n'y a plus rien ?
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
725
29 oct. 2009 à 15:06
29 oct. 2009 à 15:06
Parce que je te le dis ^^
On va faire du nettoyage maintenant :
relance otmoveit et copie/colle ceci :
:services
mbr
Clique sur " moveit! " et poste le rapport
---------------------------
1 - Nettoyage :
- Télécharge ATF-Cleaner
- Suis le tutoriel disponible à cette adresse
- Renouvelle l'opération régulièrement
-----------------
-+-+-+-> Tools Cleaner <-+-+-+-
[o] Afin de supprimer tout les logiciels qui ont été utilisés pour ta désinfection,
[o] Télécharge ToolsCleaner sur ton bureau à cette adresse : https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
[o] Double-clique sur « Toolscleaner.exe »
[o] Clique sur "restauration" pour créer un point de restauration.
[o] Puis clique sur « recherche »
[o] Quand la recherche sera terminée, clique sur "suppression".
[o] A la fin (il y aura des indications dans le cadre en-dessous), clique sur "quitter" et poste le rapport qui se trouve dans C:\Tcleaner.txt
On va faire du nettoyage maintenant :
relance otmoveit et copie/colle ceci :
:services
mbr
Clique sur " moveit! " et poste le rapport
---------------------------
1 - Nettoyage :
- Télécharge ATF-Cleaner
- Suis le tutoriel disponible à cette adresse
- Renouvelle l'opération régulièrement
-----------------
-+-+-+-> Tools Cleaner <-+-+-+-
[o] Afin de supprimer tout les logiciels qui ont été utilisés pour ta désinfection,
[o] Télécharge ToolsCleaner sur ton bureau à cette adresse : https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
[o] Double-clique sur « Toolscleaner.exe »
[o] Clique sur "restauration" pour créer un point de restauration.
[o] Puis clique sur « recherche »
[o] Quand la recherche sera terminée, clique sur "suppression".
[o] A la fin (il y aura des indications dans le cadre en-dessous), clique sur "quitter" et poste le rapport qui se trouve dans C:\Tcleaner.txt
blasterofmetal
Messages postés
415
Date d'inscription
jeudi 1 mai 2008
Statut
Membre
Dernière intervention
29 août 2013
64
29 oct. 2009 à 19:14
29 oct. 2009 à 19:14
========== SERVICES/DRIVERS ==========
Unable to stop service mbr .
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 10292009_191356
Unable to stop service mbr .
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 10292009_191356
blasterofmetal
Messages postés
415
Date d'inscription
jeudi 1 mai 2008
Statut
Membre
Dernière intervention
29 août 2013
64
29 oct. 2009 à 19:17
29 oct. 2009 à 19:17
Ok tout est fait.
On peut considerer le probleme comme reglé ?
On peut considerer le probleme comme reglé ?