Rapport hijack / virus encore la???
bubblegum73
Messages postés
7
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Avast a trouve un vir kapucen dans un fichier temp, il a apres plusieurs tentatives pu le mettre en quarantaine. Apres un nettoyage des fichiers temp de l'ordi (mis dans poubelle), voila que vir kapucen n'apparait plus en quarantaine alors qu'il reste présent dans C windows.....
j'ai un rapport hijackthis à vous soumettre pour savoir ou est ce virus (disparu vraiment???)
MERCI!!!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:02:08, on 02/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\CyberLink\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\MEDIADICO\Dico TV5\MDTV5TB.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\CyberLink\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
End of file - 8451 bytes
Avast a trouve un vir kapucen dans un fichier temp, il a apres plusieurs tentatives pu le mettre en quarantaine. Apres un nettoyage des fichiers temp de l'ordi (mis dans poubelle), voila que vir kapucen n'apparait plus en quarantaine alors qu'il reste présent dans C windows.....
j'ai un rapport hijackthis à vous soumettre pour savoir ou est ce virus (disparu vraiment???)
MERCI!!!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:02:08, on 02/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\CyberLink\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\MEDIADICO\Dico TV5\MDTV5TB.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\CyberLink\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
End of file - 8451 bytes
A voir également:
- Rapport hijack / virus encore la???
- Virus mcafee - Accueil - Piratage
- Plan rapport de stage - Guide
- Hijack this - Télécharger - Antivirus & Antimalwares
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
8 réponses
salut tu as des restes de Norton qu'il faut virer :
Désinstaller Produis Symantec :
Désinstalle via Ajout/Suppression de Programmes (si présents) :
* Symantec
* Norton
* LiveUpdate..
Télécharge et exécute le Norton Removal Tool.
Ce produit va désinstaller la majorité des traces des produits Symantec.
ensuite :
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent
▶ Télécharge List&Kill'em et enregistre le sur ton bureau
Il ne necessite pas d'installation
▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
▶laisse travailler l'outil
le rapport va s'afficher , une fois le scan fini
▶colle le contenu dans ta prochaine réponse
Désinstaller Produis Symantec :
Désinstalle via Ajout/Suppression de Programmes (si présents) :
* Symantec
* Norton
* LiveUpdate..
Télécharge et exécute le Norton Removal Tool.
Ce produit va désinstaller la majorité des traces des produits Symantec.
ensuite :
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent
▶ Télécharge List&Kill'em et enregistre le sur ton bureau
Il ne necessite pas d'installation
▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
▶laisse travailler l'outil
le rapport va s'afficher , une fois le scan fini
▶colle le contenu dans ta prochaine réponse
d'abord merci de ta reponse ultra rapide!!!
excuse moi d'avance de mon ignorance mais norton est juste une version d'essai gratuite 3 mois, dois je vraiment la virer de l'ordi?au risque de la perdre definitivement?
merci de ta reponse
excuse moi d'avance de mon ignorance mais norton est juste une version d'essai gratuite 3 mois, dois je vraiment la virer de l'ordi?au risque de la perdre definitivement?
merci de ta reponse
Voici le rapport de listkillem apres avoir viré norton et avast..../ MERCI d'avance de votre réponse!!!
List'em by g3n-h@ckm@n 1.0.4.8
Thx to Chiquitine29.....
User : jean (Administrateurs) # PC-DE-JEAN
Update on 29/10/2009 by g3n-h@ckm@n ::::: 18.30
Start at: 21:21:08 | 02/11/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 137,05 Go (62,98 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
Nom de l'image PID Nom de la sessio Num‚ro de s Utilisation
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 Ko
System 4 Services 0 7ÿ636 Ko
smss.exe 440 Services 0 608 Ko
csrss.exe 572 Services 0 5ÿ684 Ko
csrss.exe 632 Console 1 8ÿ632 Ko
wininit.exe 640 Services 0 3ÿ536 Ko
services.exe 676 Services 0 6ÿ292 Ko
lsass.exe 688 Services 0 2ÿ908 Ko
lsm.exe 700 Services 0 3ÿ616 Ko
winlogon.exe 780 Console 1 4ÿ804 Ko
svchost.exe 912 Services 0 5ÿ156 Ko
svchost.exe 992 Services 0 5ÿ672 Ko
svchost.exe 1036 Services 0 32ÿ380 Ko
Ati2evxx.exe 1124 Services 0 4ÿ216 Ko
svchost.exe 1136 Services 0 11ÿ072 Ko
svchost.exe 1184 Services 0 114ÿ408 Ko
svchost.exe 1196 Services 0 25ÿ812 Ko
audiodg.exe 1308 Services 0 13ÿ640 Ko
svchost.exe 1336 Services 0 4ÿ308 Ko
SLsvc.exe 1360 Services 0 9ÿ204 Ko
svchost.exe 1416 Services 0 8ÿ868 Ko
svchost.exe 1560 Services 0 11ÿ936 Ko
Ati2evxx.exe 1584 Console 1 5ÿ780 Ko
spoolsv.exe 1788 Services 0 8ÿ992 Ko
sched.exe 1812 Services 0 1ÿ524 Ko
svchost.exe 1848 Services 0 10ÿ936 Ko
avguard.exe 1296 Services 0 10ÿ876 Ko
CarboniteService.exe 1428 Services 0 37ÿ456 Ko
NBService.exe 1552 Services 0 5ÿ344 Ko
o2flash.exe 1088 Services 0 2ÿ312 Ko
IoctlSvc.exe 692 Services 0 2ÿ536 Ko
svchost.exe 1592 Services 0 4ÿ752 Ko
svchost.exe 2064 Services 0 5ÿ160 Ko
svchost.exe 2100 Services 0 2ÿ100 Ko
SearchIndexer.exe 2180 Services 0 16ÿ932 Ko
taskeng.exe 2332 Services 0 5ÿ636 Ko
VSSVC.exe 2612 Services 0 6ÿ740 Ko
taskeng.exe 2888 Console 1 10ÿ940 Ko
dwm.exe 2720 Console 1 40ÿ496 Ko
explorer.exe 3276 Console 1 68ÿ000 Ko
MSASCui.exe 820 Console 1 7ÿ724 Ko
MOM.exe 3624 Console 1 5ÿ144 Ko
CCC.exe 3828 Console 1 11ÿ788 Ko
SynTPEnh.exe 3764 Console 1 6ÿ564 Ko
PCMAgent.exe 3732 Console 1 6ÿ920 Ko
CLMLSvc.exe 3860 Console 1 8ÿ968 Ko
PMVService.exe 3236 Console 1 5ÿ980 Ko
RtHDVCpl.exe 3872 Console 1 6ÿ372 Ko
CarboniteUI.exe 3900 Console 1 14ÿ432 Ko
jusched.exe 3916 Console 1 6ÿ332 Ko
winampa.exe 3480 Console 1 2ÿ872 Ko
realsched.exe 4072 Console 1 892 Ko
avgnt.exe 3932 Console 1 5ÿ152 Ko
SmpSys.exe 4048 Console 1 5ÿ584 Ko
NMIndexStoreSvr.exe 3940 Console 1 11ÿ848 Ko
NMIndexingService.exe 2408 Services 0 11ÿ184 Ko
svchost.exe 3556 Services 0 7ÿ080 Ko
iexplore.exe 3380 Console 1 29ÿ788 Ko
iexplore.exe 3188 Console 1 66ÿ420 Ko
FlashUtil10c.exe 1484 Console 1 5ÿ360 Ko
rundll32.exe 516 Console 1 6ÿ552 Ko
FirewallControlPanel.exe 2784 Console 1 6ÿ236 Ko
iexplore.exe 3136 Console 1 18ÿ912 Ko
SearchProtocolHost.exe 2964 Services 0 8ÿ400 Ko
SearchFilterHost.exe 2400 Services 0 5ÿ004 Ko
List_Killem.exe 1868 Console 1 6ÿ160 Ko
conime.exe 3008 Console 1 3ÿ292 Ko
cmd.exe 888 Console 1 2ÿ420 Ko
WmiPrvSE.exe 1988 Services 0 9ÿ140 Ko
tasklist.exe 2860 Console 1 4ÿ688 Ko
======================
Cles de demarrage "Run"
======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\\Program Files\\Packard Bell\\SetUpMyPC\\SmpSys.exe"
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\
00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,53,\
00,41,00,53,00,43,00,75,00,69,00,2e,00,65,00,78,00,65,00,20,00,2d,00,68,00,\
69,00,64,00,65,00,00,00
"StartCCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PCMAgent"="\"C:\\Program Files\\CyberLink\\PowerCinema\\PCMAgent.exe\""
"CLMLServer"="\"C:\\Program Files\\CyberLink\\PowerCinema\\Kernel\\CLML\\CLMLSvc.exe\""
"PlayMovie"="\"C:\\Program Files\\CyberLink\\PlayMovie\\PMVService.exe\""
"RtHDVCpl"="RtHDVCpl.exe"
"Skytel"="Skytel.exe"
"toolbar_eula_launcher"="C:\\Program Files\\Packard Bell\\GOOGLE_EULA\\EULALauncher.exe"
"Carbonite Backup"="C:\\Program Files\\Carbonite\\Carbonite Backup\\CarboniteUI.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
=====================
cles additionnelles
=====================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
"EnableUIADesktopToggle"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011
===============
===============
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
======
BHO :
======
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
@="AcroIEHelperStub"
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001
==========================
===============
Path : C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Search Settings
¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :
ACER_GTB_V5.EXE-E64198F1.pf
AgAppLaunch.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-3407878868-1435712066-1136158392-1000.db
AgGlUAD_S-1-5-21-3407878868-1435712066-1136158392-1000.db
AgRobust.db
ALUSCHEDULERSVC.EXE-46534E5E.pf
ATI2EVXX.EXE-0327F1E7.pf
BCDEDIT.EXE-10FC5AAB.pf
CARBONITESETUPLITEPBPREINSTAL-2791C637.pf
CCC.EXE-AE792174.pf
CCSVCHST.EXE-E1C1B17A.pf
CMD.EXE-4A81B364.pf
COH32.EXE-4B622D9E.pf
CONSENT.EXE-531BD9EA.pf
CSRSS.EXE-3FE41F7E.pf
DATOR.EXE-C0890A9D.pf
DISKPART.EXE-81F65D05.pf
DLLHOST.EXE-5E46FA0D.pf
DLLHOST.EXE-766398D2.pf
DLLHOST.EXE-8EF34503.pf
DRVINST.EXE-4CB4314A.pf
DWM.EXE-6FFD3DA8.pf
EULA.EXE-E5B0DFF5.pf
EXPLORER.EXE-A80E4F97.pf
FIND.EXE-E2237F6D.pf
FINDSTR.EXE-2E9C6FE2.pf
FINDSTR.EXE-D7A58AA5.pf
FLASHUTIL9F.EXE-B262965D.pf
GOOGLEDESKTOP.EXE-C9B032BF.pf
GOOGLETOOLBAR1USER.EXE-B7E47A27.pf
GOOGLETOOLBARINSTALLER_FR_SIG-C748E36A.pf
GOOGLETOOLBARMANAGER_E582EA55-42B1A95D.pf
GOOGLETOOLBARNOTIFIER.EXE-EB3F2433.pf
GOOGLETOOLBARUSER_32.EXE-4E14BB2A.pf
GOOGLEUPDATERSERVICE.EXE-09540BCD.pf
GOOGLEUPDATERSERVICE_5898FABC-C264E242.pf
GTB6769.TMP.EXE-9E6865A9.pf
GT_F_BT.EXE-B40F03FF.pf
GUSC486.TMP-AEE46302.pf
HDREGAPP.EXE-277BE0AF.pf
HOMEURL.EXE-3CF6B538.pf
IE4UINIT.EXE-3A7E0C67.pf
IEUNATT.EXE-94DA8E02.pf
IEUSER.EXE-7C0FE221.pf
IEXPLORE.EXE-908C99F8.pf
Layout.ini
LOGIT.EXE-C75D84CE.pf
LOGONUI.EXE-09140401.pf
MIXINI.EXE-F5FCB331.pf
MOBSYNC.EXE-C5E2284F.pf
MOUNTLBL.EXE-8A82BA0C.pf
MOUNTLBL.EXE-E7B369A4.pf
MOVIEMK.EXE-0E4D00C6.pf
MSFEEDSSYNC.EXE-6E6FBDF4.pf
MSIB9DE.TMP-BFE1E2D0.pf
MSIEXEC.EXE-A2D55CB6.pf
NAVW32.EXE-C5F07365.pf
NISOPTUI.EXE-04063FDA.pf
NTOSBOOT-B00DFAAD.pf
OAA.EXE-CC0C1053.pf
PARTNER.EXE-AB30CF51.pf
PBSCHED.EXE-72B7A852.pf
PfSvPerfStats.bin
PHOTOSHOP ELEMENTS 6.0.EXE-CB5ACA63.pf
PIFCRAWL.EXE-2010CCA5.pf
PLAYMOVIE.EXE-0952C6DD.pf
POWERCINEMA.EXE-C5C464F5.pf
ReadyBoot
REG.EXE-E7E8BD26.pf
REGEDIT.EXE-90FEEA06.pf
REGSVR32.EXE-8461DBEE.pf
RUNDLL32.EXE-1CABF2F5.pf
RUNDLL32.EXE-6CBCEA65.pf
RUNDLL32.EXE-70FA13F0.pf
RUNDLL32.EXE-7438E4D5.pf
RUNDLL32.EXE-757B1569.pf
RUNDLL32.EXE-A6251510.pf
RUNDLL32.EXE-B9DCC00E.pf
RUNDLL32.EXE-C211633D.pf
RUNDLL32.EXE-E17DF7E6.pf
RUNDLL32.EXE-ECD444D4.pf
RUNONCE.EXE-D0649312.pf
SEARCHFILTERHOST.EXE-77482212.pf
SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
SEARCHWITHGOOGLEUPDATE.EXE-C3733E61.pf
SEARCHWITHGOOGLEUPDATE_C5C67D-852A03F4.pf
SECMAN32.EXE-B76F1CEF.pf
SERVICES.EXE-511D36F4.pf
SETMODE.EXE-B71FD09A.pf
SETUP.EXE-D7975360.pf
SETUPUGC.EXE-E3C49C28.pf
SETUP_WM.EXE-674F654A.pf
SIDEBSET.EXE-E9E57CD8.pf
SMPSYS.EXE-AE695FB8.pf
SMSS.EXE-E9C28FC6.pf
SPECIALISE.EXE-6D274E25.pf
SPOOLSV.EXE-D1F6B8B6.pf
SSAUTORN.EXE-352C149C.pf
SVCHOST.EXE-05F624AB.pf
SVCHOST.EXE-17944F30.pf
SVCHOST.EXE-61AE5AB6.pf
SVCHOST.EXE-63699C7D.pf
SVCHOST.EXE-7CFEDEA3.pf
SVCHOST.EXE-FEDB32D0.pf
SWGCB4B.TMP-278A82AA.pf
SYMCUW.EXE-4741EE71.pf
SYMLCSV1.EXE-F9E09A11.pf
SYMLCSVC.EXE-638B5D92.pf
SYMLCSVC.EXE-6FCCB913.pf
SYNTPENH.EXE-E6DC1353.pf
TASKENG.EXE-48D4E289.pf
TRUSTEDINSTALLER.EXE-3CC531E5.pf
UNREGMP2.EXE-2294B148.pf
USERINIT.EXE-2257A3E7.pf
VDS.EXE-6E7946F9.pf
VDSLDR.EXE-6B089E8B.pf
VERCLSID.EXE-7C52E31C.pf
VSSVC.EXE-B8AFC319.pf
WAITFOR.EXE-F8F93A54.pf
WERCON.EXE-E36BD04E.pf
WERFAULT.EXE-E69F695A.pf
WERMGR.EXE-0F2AC88C.pf
WININIT.EXE-5322684A.pf
WINLOGON.EXE-B020DC41.pf
WINMAIL.EXE-1092D371.pf
WINWORD.EXE-C91725A1.pf
WMIADAP.EXE-F8DFDFA2.pf
WMIC.EXE-A7D06383.pf
WMIPRVSE.EXE-1628051C.pf
WMPLAYER.EXE-BAD6BD53.pf
WSCRIPT.EXE-52CF1F0C.pf
WSCSTUB.EXE-0ED6AD2A.pf
WSQMCONS.EXE-118B52B7.pf
WUAUCLT.EXE-70318591.pf
WUSETUPV.EXE-C61614F3.pf
XCOPY.EXE-41E6513F.pf
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
List'em by g3n-h@ckm@n 1.0.4.8
Thx to Chiquitine29.....
User : jean (Administrateurs) # PC-DE-JEAN
Update on 29/10/2009 by g3n-h@ckm@n ::::: 18.30
Start at: 21:21:08 | 02/11/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 137,05 Go (62,98 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
Nom de l'image PID Nom de la sessio Num‚ro de s Utilisation
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 Ko
System 4 Services 0 7ÿ636 Ko
smss.exe 440 Services 0 608 Ko
csrss.exe 572 Services 0 5ÿ684 Ko
csrss.exe 632 Console 1 8ÿ632 Ko
wininit.exe 640 Services 0 3ÿ536 Ko
services.exe 676 Services 0 6ÿ292 Ko
lsass.exe 688 Services 0 2ÿ908 Ko
lsm.exe 700 Services 0 3ÿ616 Ko
winlogon.exe 780 Console 1 4ÿ804 Ko
svchost.exe 912 Services 0 5ÿ156 Ko
svchost.exe 992 Services 0 5ÿ672 Ko
svchost.exe 1036 Services 0 32ÿ380 Ko
Ati2evxx.exe 1124 Services 0 4ÿ216 Ko
svchost.exe 1136 Services 0 11ÿ072 Ko
svchost.exe 1184 Services 0 114ÿ408 Ko
svchost.exe 1196 Services 0 25ÿ812 Ko
audiodg.exe 1308 Services 0 13ÿ640 Ko
svchost.exe 1336 Services 0 4ÿ308 Ko
SLsvc.exe 1360 Services 0 9ÿ204 Ko
svchost.exe 1416 Services 0 8ÿ868 Ko
svchost.exe 1560 Services 0 11ÿ936 Ko
Ati2evxx.exe 1584 Console 1 5ÿ780 Ko
spoolsv.exe 1788 Services 0 8ÿ992 Ko
sched.exe 1812 Services 0 1ÿ524 Ko
svchost.exe 1848 Services 0 10ÿ936 Ko
avguard.exe 1296 Services 0 10ÿ876 Ko
CarboniteService.exe 1428 Services 0 37ÿ456 Ko
NBService.exe 1552 Services 0 5ÿ344 Ko
o2flash.exe 1088 Services 0 2ÿ312 Ko
IoctlSvc.exe 692 Services 0 2ÿ536 Ko
svchost.exe 1592 Services 0 4ÿ752 Ko
svchost.exe 2064 Services 0 5ÿ160 Ko
svchost.exe 2100 Services 0 2ÿ100 Ko
SearchIndexer.exe 2180 Services 0 16ÿ932 Ko
taskeng.exe 2332 Services 0 5ÿ636 Ko
VSSVC.exe 2612 Services 0 6ÿ740 Ko
taskeng.exe 2888 Console 1 10ÿ940 Ko
dwm.exe 2720 Console 1 40ÿ496 Ko
explorer.exe 3276 Console 1 68ÿ000 Ko
MSASCui.exe 820 Console 1 7ÿ724 Ko
MOM.exe 3624 Console 1 5ÿ144 Ko
CCC.exe 3828 Console 1 11ÿ788 Ko
SynTPEnh.exe 3764 Console 1 6ÿ564 Ko
PCMAgent.exe 3732 Console 1 6ÿ920 Ko
CLMLSvc.exe 3860 Console 1 8ÿ968 Ko
PMVService.exe 3236 Console 1 5ÿ980 Ko
RtHDVCpl.exe 3872 Console 1 6ÿ372 Ko
CarboniteUI.exe 3900 Console 1 14ÿ432 Ko
jusched.exe 3916 Console 1 6ÿ332 Ko
winampa.exe 3480 Console 1 2ÿ872 Ko
realsched.exe 4072 Console 1 892 Ko
avgnt.exe 3932 Console 1 5ÿ152 Ko
SmpSys.exe 4048 Console 1 5ÿ584 Ko
NMIndexStoreSvr.exe 3940 Console 1 11ÿ848 Ko
NMIndexingService.exe 2408 Services 0 11ÿ184 Ko
svchost.exe 3556 Services 0 7ÿ080 Ko
iexplore.exe 3380 Console 1 29ÿ788 Ko
iexplore.exe 3188 Console 1 66ÿ420 Ko
FlashUtil10c.exe 1484 Console 1 5ÿ360 Ko
rundll32.exe 516 Console 1 6ÿ552 Ko
FirewallControlPanel.exe 2784 Console 1 6ÿ236 Ko
iexplore.exe 3136 Console 1 18ÿ912 Ko
SearchProtocolHost.exe 2964 Services 0 8ÿ400 Ko
SearchFilterHost.exe 2400 Services 0 5ÿ004 Ko
List_Killem.exe 1868 Console 1 6ÿ160 Ko
conime.exe 3008 Console 1 3ÿ292 Ko
cmd.exe 888 Console 1 2ÿ420 Ko
WmiPrvSE.exe 1988 Services 0 9ÿ140 Ko
tasklist.exe 2860 Console 1 4ÿ688 Ko
======================
Cles de demarrage "Run"
======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\\Program Files\\Packard Bell\\SetUpMyPC\\SmpSys.exe"
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\
00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,53,\
00,41,00,53,00,43,00,75,00,69,00,2e,00,65,00,78,00,65,00,20,00,2d,00,68,00,\
69,00,64,00,65,00,00,00
"StartCCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PCMAgent"="\"C:\\Program Files\\CyberLink\\PowerCinema\\PCMAgent.exe\""
"CLMLServer"="\"C:\\Program Files\\CyberLink\\PowerCinema\\Kernel\\CLML\\CLMLSvc.exe\""
"PlayMovie"="\"C:\\Program Files\\CyberLink\\PlayMovie\\PMVService.exe\""
"RtHDVCpl"="RtHDVCpl.exe"
"Skytel"="Skytel.exe"
"toolbar_eula_launcher"="C:\\Program Files\\Packard Bell\\GOOGLE_EULA\\EULALauncher.exe"
"Carbonite Backup"="C:\\Program Files\\Carbonite\\Carbonite Backup\\CarboniteUI.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
=====================
cles additionnelles
=====================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
"EnableUIADesktopToggle"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011
===============
===============
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
======
BHO :
======
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
@="AcroIEHelperStub"
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001
==========================
===============
Path : C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Search Settings
¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :
ACER_GTB_V5.EXE-E64198F1.pf
AgAppLaunch.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-3407878868-1435712066-1136158392-1000.db
AgGlUAD_S-1-5-21-3407878868-1435712066-1136158392-1000.db
AgRobust.db
ALUSCHEDULERSVC.EXE-46534E5E.pf
ATI2EVXX.EXE-0327F1E7.pf
BCDEDIT.EXE-10FC5AAB.pf
CARBONITESETUPLITEPBPREINSTAL-2791C637.pf
CCC.EXE-AE792174.pf
CCSVCHST.EXE-E1C1B17A.pf
CMD.EXE-4A81B364.pf
COH32.EXE-4B622D9E.pf
CONSENT.EXE-531BD9EA.pf
CSRSS.EXE-3FE41F7E.pf
DATOR.EXE-C0890A9D.pf
DISKPART.EXE-81F65D05.pf
DLLHOST.EXE-5E46FA0D.pf
DLLHOST.EXE-766398D2.pf
DLLHOST.EXE-8EF34503.pf
DRVINST.EXE-4CB4314A.pf
DWM.EXE-6FFD3DA8.pf
EULA.EXE-E5B0DFF5.pf
EXPLORER.EXE-A80E4F97.pf
FIND.EXE-E2237F6D.pf
FINDSTR.EXE-2E9C6FE2.pf
FINDSTR.EXE-D7A58AA5.pf
FLASHUTIL9F.EXE-B262965D.pf
GOOGLEDESKTOP.EXE-C9B032BF.pf
GOOGLETOOLBAR1USER.EXE-B7E47A27.pf
GOOGLETOOLBARINSTALLER_FR_SIG-C748E36A.pf
GOOGLETOOLBARMANAGER_E582EA55-42B1A95D.pf
GOOGLETOOLBARNOTIFIER.EXE-EB3F2433.pf
GOOGLETOOLBARUSER_32.EXE-4E14BB2A.pf
GOOGLEUPDATERSERVICE.EXE-09540BCD.pf
GOOGLEUPDATERSERVICE_5898FABC-C264E242.pf
GTB6769.TMP.EXE-9E6865A9.pf
GT_F_BT.EXE-B40F03FF.pf
GUSC486.TMP-AEE46302.pf
HDREGAPP.EXE-277BE0AF.pf
HOMEURL.EXE-3CF6B538.pf
IE4UINIT.EXE-3A7E0C67.pf
IEUNATT.EXE-94DA8E02.pf
IEUSER.EXE-7C0FE221.pf
IEXPLORE.EXE-908C99F8.pf
Layout.ini
LOGIT.EXE-C75D84CE.pf
LOGONUI.EXE-09140401.pf
MIXINI.EXE-F5FCB331.pf
MOBSYNC.EXE-C5E2284F.pf
MOUNTLBL.EXE-8A82BA0C.pf
MOUNTLBL.EXE-E7B369A4.pf
MOVIEMK.EXE-0E4D00C6.pf
MSFEEDSSYNC.EXE-6E6FBDF4.pf
MSIB9DE.TMP-BFE1E2D0.pf
MSIEXEC.EXE-A2D55CB6.pf
NAVW32.EXE-C5F07365.pf
NISOPTUI.EXE-04063FDA.pf
NTOSBOOT-B00DFAAD.pf
OAA.EXE-CC0C1053.pf
PARTNER.EXE-AB30CF51.pf
PBSCHED.EXE-72B7A852.pf
PfSvPerfStats.bin
PHOTOSHOP ELEMENTS 6.0.EXE-CB5ACA63.pf
PIFCRAWL.EXE-2010CCA5.pf
PLAYMOVIE.EXE-0952C6DD.pf
POWERCINEMA.EXE-C5C464F5.pf
ReadyBoot
REG.EXE-E7E8BD26.pf
REGEDIT.EXE-90FEEA06.pf
REGSVR32.EXE-8461DBEE.pf
RUNDLL32.EXE-1CABF2F5.pf
RUNDLL32.EXE-6CBCEA65.pf
RUNDLL32.EXE-70FA13F0.pf
RUNDLL32.EXE-7438E4D5.pf
RUNDLL32.EXE-757B1569.pf
RUNDLL32.EXE-A6251510.pf
RUNDLL32.EXE-B9DCC00E.pf
RUNDLL32.EXE-C211633D.pf
RUNDLL32.EXE-E17DF7E6.pf
RUNDLL32.EXE-ECD444D4.pf
RUNONCE.EXE-D0649312.pf
SEARCHFILTERHOST.EXE-77482212.pf
SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
SEARCHWITHGOOGLEUPDATE.EXE-C3733E61.pf
SEARCHWITHGOOGLEUPDATE_C5C67D-852A03F4.pf
SECMAN32.EXE-B76F1CEF.pf
SERVICES.EXE-511D36F4.pf
SETMODE.EXE-B71FD09A.pf
SETUP.EXE-D7975360.pf
SETUPUGC.EXE-E3C49C28.pf
SETUP_WM.EXE-674F654A.pf
SIDEBSET.EXE-E9E57CD8.pf
SMPSYS.EXE-AE695FB8.pf
SMSS.EXE-E9C28FC6.pf
SPECIALISE.EXE-6D274E25.pf
SPOOLSV.EXE-D1F6B8B6.pf
SSAUTORN.EXE-352C149C.pf
SVCHOST.EXE-05F624AB.pf
SVCHOST.EXE-17944F30.pf
SVCHOST.EXE-61AE5AB6.pf
SVCHOST.EXE-63699C7D.pf
SVCHOST.EXE-7CFEDEA3.pf
SVCHOST.EXE-FEDB32D0.pf
SWGCB4B.TMP-278A82AA.pf
SYMCUW.EXE-4741EE71.pf
SYMLCSV1.EXE-F9E09A11.pf
SYMLCSVC.EXE-638B5D92.pf
SYMLCSVC.EXE-6FCCB913.pf
SYNTPENH.EXE-E6DC1353.pf
TASKENG.EXE-48D4E289.pf
TRUSTEDINSTALLER.EXE-3CC531E5.pf
UNREGMP2.EXE-2294B148.pf
USERINIT.EXE-2257A3E7.pf
VDS.EXE-6E7946F9.pf
VDSLDR.EXE-6B089E8B.pf
VERCLSID.EXE-7C52E31C.pf
VSSVC.EXE-B8AFC319.pf
WAITFOR.EXE-F8F93A54.pf
WERCON.EXE-E36BD04E.pf
WERFAULT.EXE-E69F695A.pf
WERMGR.EXE-0F2AC88C.pf
WININIT.EXE-5322684A.pf
WINLOGON.EXE-B020DC41.pf
WINMAIL.EXE-1092D371.pf
WINWORD.EXE-C91725A1.pf
WMIADAP.EXE-F8DFDFA2.pf
WMIC.EXE-A7D06383.pf
WMIPRVSE.EXE-1628051C.pf
WMPLAYER.EXE-BAD6BD53.pf
WSCRIPT.EXE-52CF1F0C.pf
WSCSTUB.EXE-0ED6AD2A.pf
WSQMCONS.EXE-118B52B7.pf
WUAUCLT.EXE-70318591.pf
WUSETUPV.EXE-C61614F3.pf
XCOPY.EXE-41E6513F.pf
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voila le rapport n2, sans parefeu/antivirus.
ps :quand je fais une recherche de fichier dans l'ordi "win kapucen", il y a un resultat positif dans C/windows/system32/win", c'est grave docteur !?!
merci de vos reponses!!!
===============
Path : C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr1.dat
¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :
AgAppLaunch.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-3407878868-1435712066-1136158392-1000.db
AgGlUAD_S-1-5-21-3407878868-1435712066-1136158392-1000.db
AgRobust.db
CARBONITESETUPLITEPBPREINSTAL-2791C637.pf
GOOGLETOOLBARINSTALLER_FR_SIG-C748E36A.pf
GOOGLETOOLBARMANAGER_E582EA55-42B1A95D.pf
GOOGLEUPDATERSERVICE_5898FABC-C264E242.pf
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot
SEARCHWITHGOOGLEUPDATE_C5C67D-852A03F4.pf
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
ps :quand je fais une recherche de fichier dans l'ordi "win kapucen", il y a un resultat positif dans C/windows/system32/win", c'est grave docteur !?!
merci de vos reponses!!!
===============
Path : C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr1.dat
¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :
AgAppLaunch.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-3407878868-1435712066-1136158392-1000.db
AgGlUAD_S-1-5-21-3407878868-1435712066-1136158392-1000.db
AgRobust.db
CARBONITESETUPLITEPBPREINSTAL-2791C637.pf
GOOGLETOOLBARINSTALLER_FR_SIG-C748E36A.pf
GOOGLETOOLBARMANAGER_E582EA55-42B1A95D.pf
GOOGLEUPDATERSERVICE_5898FABC-C264E242.pf
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot
SEARCHWITHGOOGLEUPDATE_C5C67D-852A03F4.pf
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
-> ▶ Scan BitDefender
▶ Fais une analyse antivirus en ligne sur BitDefender on line avec Internet Explorer
▶ Clique en bas à gauche sur Scan on line.
▶ Accepte la licence et laisse-le installer l'Active x..
▶ Laisse-toi guider. Colle son rapport ici.
Aide
▶ Fais une analyse antivirus en ligne sur BitDefender on line avec Internet Explorer
▶ Clique en bas à gauche sur Scan on line.
▶ Accepte la licence et laisse-le installer l'Active x..
▶ Laisse-toi guider. Colle son rapport ici.
Aide
