Firefox très lent à s'ouvrir

Résolu

gerard arf Messages postés 18 Statut Membre -
gerard arf Messages postés 18 Statut Membre - 1 déc. 2009 à 22:31

Bonjour,
Si quelqu'un pouvait m'aider, je l'en remercie par avance.
depuis quelques temps, l'ouverture de certains programmes est très longue, notamment Firefox.
J'ai passer l'antivirus AVAST, les anti spy Spyboot et ad aware.
Une info, dans le gestinnira de tache, je retrouve souvent une dizaine de taches iexplorer.exe alors qu'IE n'est pas démaré (je ne m'en sers que très rarement).
Voici le log que je viens de sortir :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:50, on 28/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Clavier+\Clavier.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: D - {E5D279DB-2AF6-3524-BCE5-6E6D7D065042} - C:\WINDOWS\system32\iq38681.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Clavier+] C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Clavier+\Clavier.exe
O4 - HKCU\..\Run: [yiygccy] "c:\documents and settings\hp_administrateur\local settings\application data\yiygccy.exe" yiygccy
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Elmc2di - Intel Corporation - (no file)
O23 - Service: Service Google Update (gupdate1c9d61ef709d730) (gupdate1c9d61ef709d730) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Afficher la suite

A voir également:

Firefox très lent à s'ouvrir
Pc tres lent - Guide
Comment ouvrir un fichier epub ? - Guide
Ouvrir fichier .bin - Guide
Ouvrir fichier .dat - Guide
Mon mac est lent comment le nettoyer - Guide

31 réponses

Réponse 21 / 31

gerard arf Messages postés 18 Statut Membre

Complete scanning result of "iq38681.dll", processed in VirusTotal at 11/28/2009 15:13:27 (CET).

[ file data ]
* name..: iq38681.dll
* size..: 229376
* md5...: 1ddcf498722b9e9cd0d900ed54e99a71
* sha1..: bca16fbedb16e4b7911b7012e195f97e285e4c3d
* peid..: -

[ scan result ]
a-squared 4.5.0.43/20091128 found nothing
AhnLab-V3 5.0.0.2/20091128 found nothing
AntiVir 7.9.1.79/20091127 found nothing
Antiy-AVL 2.0.3.7/20091127 found nothing
Authentium 5.2.0.5/20091127 found nothing
Avast 4.8.1351.0/20091128 found nothing
AVG 8.5.0.426/20091128 found nothing
BitDefender 7.2/20091128 found nothing
CAT-QuickHeal 10.00/20091128 found nothing
ClamAV 0.94.1/20091128 found nothing
Comodo 3067/20091128 found nothing
DrWeb 5.0.0.12182/20091128 found nothing
eTrust-Vet 35.1.7146/20091127 found nothing
F-Prot 4.5.1.85/20091127 found nothing
F-Secure 9.0.15370.0/20091124 found nothing
Fortinet 4.0.14.0/20091128 found nothing
GData 19/20091128 found nothing
Ikarus T3.1.1.74.0/20091128 found nothing
Jiangmin 11.0.800/20091128 found nothing
K7AntiVirus 7.10.906/20091127 found nothing
Kaspersky 7.0.0.125/20091128 found nothing
McAfee 5815/20091127 found nothing
McAfee+Artemis 5815/20091127 found nothing
McAfee-GW-Edition 6.8.5/20091128 found nothing
Microsoft 1.5302/20091128 found nothing
NOD32 4644/20091128 found nothing
Norman 6.03.02/20091127 found nothing
nProtect 2009.1.8.0/20091128 found nothing
Panda 10.0.2.2/20091128 found nothing
PCTools 7.0.3.5/20091128 found nothing
Prevx 3.0/20091128 found nothing
Rising 22.23.05.04/20091128 found nothing
Sophos 4.48.0/20091127 found nothing
Sunbelt 3.2.1858.2/20091127 found nothing
Symantec 1.4.4.12/20091128 found nothing
TheHacker 6.5.0.2.080/20091127 found nothing
TrendMicro 9.100.0.1001/20091128 found nothing
VBA32 3.12.12.0/20091128 found nothing
ViRobot 2009.11.28.2060/20091128 found nothing
VirusBuster 5.0.21.0/20091127 found nothing

Réponse 22 / 31

eZula Messages postés 3509 Statut Contributeur 392

C:\Delme.bat => clic droit sur ce fichier > "modifier". Que contient-il ?

Réponse 23 / 31

gerard arf Messages postés 18 Statut Membre

echo off
:Repeat
del C:\PROGRA~1\EFFACE~1\Uninstal.exe
if exist C:\PROGRA~1\EFFACE~1\Uninstal.exe goto Repeat
rmdir C:\PROGRA~1\EFFACE~1
@cls

Réponse 24 / 31

eZula Messages postés 3509 Statut Contributeur 392

Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
Double clique combofix.exe et suis les instructions.
Installe la console de récupération si proposé et continue.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 31

gerard arf Messages postés 18 Statut Membre

Me voilà de retour et voilà le rapport demandé :

ComboFix 09-11-27.07 - HP_Administrateur 28/11/2009 16:54:39.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.360 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\HP_Administrateur\Mes documents\telechargement\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091128-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Administrateur\Mes documents\Ma musique\chanteurs\Desktop_2.ini
C:\WINDOWS\a3kebook.ini
C:\WINDOWS\akebook.ini
C:\WINDOWS\ANS2000.INI
C:\WINDOWS\kb913800.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\iq38681.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_LOG

((((((((((((((((((((((((((((( Fichiers créés du 2009-10-28 au 2009-11-28 ))))))))))))))))))))))))))))))))))))
.

Réponse 26 / 31

gerard arf Messages postés 18 Statut Membre

Bonjour,

Je viens de repasser Combofix, pas de pb jusqu'au redémarrage de windows où je retrouve la fenêtre combofix indiquant :
Compte rendu en cours de préparation, Ne lancer aucun programme tant que combofix n'est pas fini.
J'ai laisser en attente plus d'une heure et rien ne se passe :
Voici le CR combofix.txt :

ComboFix 09-11-29.03 - HP_Administrateur 30/11/2009 8:24:02.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.518 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\HP_Administrateur\Mes documents\telechargement\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091129-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
C:\Documents and Settings\HP_Administrateur\Mes documents\Ma musique\chanteurs\Desktop_2.ini
C:\WINDOWS\a3kebook.ini
C:\WINDOWS\akebook.ini
C:\WINDOWS\ANS2000.INI
C:\WINDOWS\kb913800.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\iq38681.dll
D:\Autorun.inf

Une copie infectée de C:\WINDOWS\system32\drivers\ntfs.sys a été trouvée et désinfectée
Copie restaurée à partir de - C:\WINDOWS\ServicePackFiles\i386\ntfs.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_LOG

((((((((((((((((((((((((((((( Fichiers créés du 2009-10-28 au 2009-11-30 ))))))))))))))))))))))))))))))))))))

Voici un nouveau Hijack this :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:10:56, on 30/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Clavier+\Clavier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: D - {E5D279DB-2AF6-3524-BCE5-6E6D7D065042} - C:\WINDOWS\system32\iq38681.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Clavier+] C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Clavier+\Clavier.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Elmc2di - Intel Corporation - (no file)
O23 - Service: Service Google Update (gupdate1c9d61ef709d730) (gupdate1c9d61ef709d730) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 27 / 31

gerard arf Messages postés 18 Statut Membre

Après un deuxième essai avec arrêt préalable d'avast, de Zone alarme, de spybot et d' ad-aware, j'ai enfin récupéré un rapport complet que voici :

ComboFix 09-11-29.03 - HP_Administrateur 30/11/2009 10:19.3.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.568 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Mes documents\telechargement\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091129-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

-- Exécution préalable --

Une copie infectée de c:\windows\system32\drivers\ntfs.sys a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\ntfs.sys

--------

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_LOG

((((((((((((((((((((((((((((( Fichiers créés du 2009-10-28 au 2009-11-30 ))))))))))))))))))))))))))))))))))))
.

2009-11-28 17:08 . 2009-11-28 17:08 -------- d-----w- c:\program files\MSXML 4.0
2009-11-28 13:48 . 2009-11-28 13:48 -------- d-----w- c:\program files\VirusTotalUploader2
2009-11-28 11:58 . 2009-11-28 11:58 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-11-28 11:46 . 2009-11-28 12:08 -------- d-----w- c:\program files\Navilog1
2009-11-28 10:45 . 2009-11-28 13:09 -------- d-----w- C:\GenProc
2009-11-26 13:15 . 2009-11-26 13:15 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\IObit
2009-11-26 11:54 . 2009-11-26 11:54 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Uniblue
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Livestation
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Mchid
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Livestation
2009-11-25 20:43 . 2009-11-25 09:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-25 12:32 . 2009-11-25 12:32 149 ----a-w- C:\Delme.bat
2009-11-25 09:29 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-25 09:26 . 2009-11-25 09:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-25 09:26 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-19 09:52 . 2009-11-19 09:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-19 09:51 . 2009-11-19 09:51 152576 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-10 09:18 . 2009-11-10 09:18 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\igraal
2009-11-06 17:10 . 2009-11-06 17:10 -------- d-----w- c:\program files\ZNsoft Corporation

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 09:33 . 2009-09-22 08:04 10457120 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-30 09:13 . 2006-10-17 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-30 08:49 . 2006-12-04 17:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-30 07:45 . 2009-09-22 08:04 122828 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-28 16:18 . 2009-11-28 16:17 1776821 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-11-28 12:17 . 2006-01-02 22:01 -------- d-----w- c:\program files\Google
2009-11-27 18:10 . 2009-11-27 18:11 1788928 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-11-27 18:08 . 2006-12-20 11:09 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-27 17:24 . 2005-10-10 11:39 82066 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-27 17:24 . 2005-10-10 11:39 505658 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-27 16:33 . 2007-03-07 07:23 -------- d-----w- c:\program files\Java
2009-11-27 10:54 . 2008-05-29 12:09 -------- d-----w- c:\program files\WinPcap
2009-11-26 16:34 . 2009-05-29 08:11 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Moniteur neufbox
2009-11-26 15:41 . 2006-10-06 19:29 -------- d-----w- c:\program files\WebExpert3
2009-11-25 17:17 . 2009-09-23 08:18 -------- d-----w- c:\program files\AnimGif3
2009-11-25 14:06 . 2006-01-02 22:05 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-11-25 09:25 . 2008-01-25 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-25 09:25 . 2006-10-06 20:06 -------- d-----w- c:\program files\Lavasoft
2009-11-24 12:57 . 2006-01-02 21:29 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-11-24 12:57 . 2006-01-02 21:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-19 09:39 . 2009-09-23 08:23 -------- d-----w- c:\program files\Popims
2009-11-19 09:38 . 2007-12-25 17:14 -------- d-----w- c:\program files\Panasonic
2009-11-18 16:29 . 2006-10-08 05:49 102976 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 13:47 . 2006-10-14 08:26 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\AdobeUM
2009-11-09 08:06 . 2009-11-10 07:40 859648 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-11-03 20:12 . 2008-07-25 07:50 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\U3
2009-10-29 14:16 . 2009-10-29 14:16 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 07:55 . 2006-10-07 06:13 -------- d-----w- c:\program files\Neuf
2009-10-22 15:42 . 2009-10-22 15:42 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\vlc
2009-10-22 12:45 . 2009-10-22 12:46 1451008 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-10-21 09:44 . 2007-03-17 18:27 -------- d-----w- c:\program files\x264
2009-10-21 09:44 . 2006-10-06 20:31 -------- d-----w- c:\program files\ReadIris
2009-10-21 09:44 . 2008-09-20 15:50 -------- d-----w- c:\program files\9giga Editor
2009-10-21 09:39 . 2009-10-21 09:39 -------- d-----w- c:\program files\DelThumbs
2009-10-14 08:28 . 2006-01-02 21:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-10-13 17:00 . 2006-10-16 13:48 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2006-10-17 17:55 . 2006-10-17 17:55 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Clavier+"="c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Clavier+\Clavier.exe" [2007-10-21 88576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-14 7557120]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ehTray"=c:\windows\ehome\ehtray.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
"HPHUPD08"=c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect
"ftutil2"=rundll32.exe ftutil2.dll,SetWriteCacheMode

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe"=
"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
"c:\\Program Files\\FTPExpert\\FTPXpert.exe"=
"c:\\Program Files\\WinPcap\\rpcapd.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25/11/2009 10:29 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2008 07:26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2008 07:26 20560]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2006 22:31 2825088]
S2 gupdate1c9d61ef709d730;Service Google Update (gupdate1c9d61ef709d730);c:\program files\Google\Update\GoogleUpdate.exe [16/05/2009 13:07 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1184912]
S3 Elmc2di;Elmc2di; [x]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [29/06/2007 01:01 42512]
.
Contenu du dossier 'Tâches planifiées'

2009-11-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:28]

2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 12:07]

2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 12:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\cl1ge2ig.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://arforez.free.fr
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{E5D279DB-2AF6-3524-BCE5-6E6D7D065042} - c:\windows\system32\iq38681.dll
Notify-WgaLogon - (no file)
AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-RealJukebox 1.0 - c:\program files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-TerraExplorer - c:\program files\Skyline\TerraExplorer\Setup.exe [OP]/U

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 10:33
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1808)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Microsoft Office\Office12\1036\GrooveIntlResource.dll
.
Heure de fin: 2009-11-30 10:36
ComboFix-quarantined-files.txt 2009-11-30 09:36

Avant-CF: 46 044 422 144 octets libres
Après-CF: 46 005 809 152 octets libres

- - End Of File - - 6E0107AEE59C6D3B4F199668AAAA9131

Réponse 28 / 31

gerard arf Messages postés 18 Statut Membre

Bonjour,

Personne pour lire ce rapport, eZula est peut-être absent?

Cordialement

gerard arf

Réponse 29 / 31

eZula Messages postés 3509 Statut Contributeur 392

Relance le encore une fois pour voir s'il trouve autre chose

Réponse 30 / 31

gerard arf Messages postés 18 Statut Membre

Voilà le rapport, merci de ton avis

ComboFix 09-11-30.01 - HP_Administrateur 30/11/2009 19:27.5.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.556 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Mes documents\telechargement\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091130-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((((((( Fichiers créés du 2009-10-28 au 2009-11-30 ))))))))))))))))))))))))))))))))))))
.

2009-11-30 13:57 . 2009-11-30 13:57 -------- d-----w- C:\rsit
2009-11-28 17:08 . 2009-11-28 17:08 -------- d-----w- c:\program files\MSXML 4.0
2009-11-28 13:48 . 2009-11-28 13:48 -------- d-----w- c:\program files\VirusTotalUploader2
2009-11-28 11:58 . 2009-11-28 11:58 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-11-28 11:46 . 2009-11-28 12:08 -------- d-----w- c:\program files\Navilog1
2009-11-28 10:45 . 2009-11-28 13:09 -------- d-----w- C:\GenProc
2009-11-26 13:15 . 2009-11-26 13:15 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\IObit
2009-11-26 11:54 . 2009-11-26 11:54 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Uniblue
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Livestation
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Mchid
2009-11-26 10:37 . 2009-11-26 10:37 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Livestation
2009-11-25 20:43 . 2009-11-25 09:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-25 12:32 . 2009-11-25 12:32 149 ----a-w- C:\Delme.bat
2009-11-25 09:29 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-25 09:26 . 2009-11-25 09:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-25 09:26 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-19 09:52 . 2009-11-19 09:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-19 09:51 . 2009-11-19 09:51 152576 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-10 09:18 . 2009-11-10 09:18 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\igraal
2009-11-06 17:10 . 2009-11-06 17:10 -------- d-----w- c:\program files\ZNsoft Corporation

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 18:37 . 2009-09-22 08:04 10745888 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-30 18:12 . 2009-09-22 08:04 126236 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-30 17:55 . 2006-10-17 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-30 16:49 . 2006-12-04 17:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-28 16:18 . 2009-11-28 16:17 1776821 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-11-28 12:17 . 2006-01-02 22:01 -------- d-----w- c:\program files\Google
2009-11-27 18:10 . 2009-11-27 18:11 1788928 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-11-27 18:08 . 2006-12-20 11:09 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-27 17:24 . 2005-10-10 11:39 82066 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-27 17:24 . 2005-10-10 11:39 505658 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-27 16:33 . 2007-03-07 07:23 -------- d-----w- c:\program files\Java
2009-11-26 16:34 . 2009-05-29 08:11 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Moniteur neufbox
2009-11-26 15:41 . 2006-10-06 19:29 -------- d-----w- c:\program files\WebExpert3
2009-11-25 17:17 . 2009-09-23 08:18 -------- d-----w- c:\program files\AnimGif3
2009-11-25 14:06 . 2006-01-02 22:05 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-11-25 09:25 . 2008-01-25 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-25 09:25 . 2006-10-06 20:06 -------- d-----w- c:\program files\Lavasoft
2009-11-24 12:57 . 2006-01-02 21:29 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-11-24 12:57 . 2006-01-02 21:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-19 09:39 . 2009-09-23 08:23 -------- d-----w- c:\program files\Popims
2009-11-19 09:38 . 2007-12-25 17:14 -------- d-----w- c:\program files\Panasonic
2009-11-18 16:29 . 2006-10-08 05:49 102976 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 13:47 . 2006-10-14 08:26 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\AdobeUM
2009-11-09 08:06 . 2009-11-10 07:40 859648 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-11-03 20:12 . 2008-07-25 07:50 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\U3
2009-10-29 14:16 . 2009-10-29 14:16 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 07:55 . 2006-10-07 06:13 -------- d-----w- c:\program files\Neuf
2009-10-22 15:42 . 2009-10-22 15:42 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\vlc
2009-10-22 12:45 . 2009-10-22 12:46 1451008 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-10-21 09:44 . 2007-03-17 18:27 -------- d-----w- c:\program files\x264
2009-10-21 09:44 . 2006-10-06 20:31 -------- d-----w- c:\program files\ReadIris
2009-10-21 09:44 . 2008-09-20 15:50 -------- d-----w- c:\program files\9giga Editor
2009-10-21 09:39 . 2009-10-21 09:39 -------- d-----w- c:\program files\DelThumbs
2009-10-14 08:28 . 2006-01-02 21:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-10-13 17:00 . 2006-10-16 13:48 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2006-10-17 17:55 . 2006-10-17 17:55 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-11-30_09.33.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-30 18:14 . 2009-11-30 18:14 16384 c:\windows\Temp\Perflib_Perfdata_774.dat
+ 2009-11-30 18:14 . 2009-11-30 18:14 16384 c:\windows\Temp\Perflib_Perfdata_280.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Clavier+"="c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Clavier+\Clavier.exe" [2007-10-21 88576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-14 7557120]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ehTray"=c:\windows\ehome\ehtray.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
"HPHUPD08"=c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect
"ftutil2"=rundll32.exe ftutil2.dll,SetWriteCacheMode

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe"=
"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
"c:\\Program Files\\FTPExpert\\FTPXpert.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25/11/2009 10:29 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2008 07:26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2008 07:26 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1184912]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2006 22:31 2825088]
S2 gupdate1c9d61ef709d730;Service Google Update (gupdate1c9d61ef709d730);c:\program files\Google\Update\GoogleUpdate.exe [16/05/2009 13:07 133104]
S3 Elmc2di;Elmc2di; [x]
.
Contenu du dossier 'Tâches planifiées'

2009-11-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:28]

2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 12:07]

2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 12:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\cl1ge2ig.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://arforez.free.fr
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
Heure de fin: 2009-11-30 19:41
ComboFix-quarantined-files.txt 2009-11-30 18:40
ComboFix2.txt 2009-11-30 09:36

Avant-CF: 52 567 728 128 octets libres
Après-CF: 52 528 160 768 octets libres

- - End Of File - - EFB928C969135B58BEB6E7F974E4D3BE

Réponse 31 / 31

eZula Messages postés 3509 Statut Contributeur 392

fais ce scan en ligne (coche toutes les cases à chaque fois) https://www.eset.com/
A la fin, colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt

Discussions similaires

Méssage Firefox ''Couldn't load XPCOM''

Firefox très lent à s'ouvrir

31 réponses

Votre réponse

Discussions similaires

Newsletters