Sujet Précédent Sujet Suivant

Encore un sale virus?

damulien2 Messages postés 11 Statut Membre -  
damulien2 Messages postés 11 Statut Membre -
Bonjour,

Je crois qu'il y a un virus dans mon ordinateur...enfin je ne sais pas trop au juste mais il semble tres mal en point... est ce que quelqu un peut m'aider?

je viens d'enregistrer ce rapport au cas où:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:52, on 12/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\HP_Administrateur\Application Data\MSA\mscj.exe
C:\documents and settings\hp_administrateur\application data\msa\mscj.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Nxajimifetela] rundll32.exe "C:\WINDOWS\dsdmlv.dll",Startup
O4 - HKCU\..\Run: [mscjm.exe] C:\Documents and Settings\HP_Administrateur\Application Data\MSA\mscjm.exe
O4 - HKCU\..\Run: [vd2.exe] C:\Documents and Settings\HP_Administrateur\Application Data\MSA\vd2.exe
O4 - HKCU\..\Run: [ieusr50] rundll32.exe "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\ieusr50\ieusr50.dll", DllInit
O4 - HKCU\..\Run: [mscj.exe] C:\Documents and Settings\HP_Administrateur\Application Data\MSA\mscj.exe
O4 - HKCU\..\Run: [mscj] c:\documents and settings\hp_administrateur\application data\msa\mscj.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
A voir également:

4 réponses

Réponse 1 / 4
Malekal_morte- Messages postés 184348 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 693
 
Salut,

ouaip c'est une poubelle numérique ton PC :)

Sauvegarde tes documents importants.

Désactive les logiciels de protection (Antivirus, Antispywares) puis :

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.

Eventuellement, installe la console de récupération comme cela est conseillé

Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Si le rapport ne passe pas, envoie le sur ce site : http://www.cijoint.fr/
et donne le lien ici :)

Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.

Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
2
damulien2 Messages postés 11 Statut Membre
 
salut, merci de ton aide. J'ai lancé combofixe et installé la console de recuperation mais au moment de redemarer le pc restait bloqué, j ai donc éteint la tour manuellement...au moment de redemarer une sorte de programme de reinstallation de windows s'est lancé...j ai suivi tout ca pas à pas. maintenant le pc fonctionne mieux, il faut dire que je l ai depuis 7 ans et je n avais jamais reinstallé windows ni rien formaté....du coup j'ai fait iun autre rapport qui est ci-dessous, je suppose qu il reste des choses à éliminer mais la procédure que je viens de suivre a certainement changé des parametres...



C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunOnce: [AddRAID] c:\windows\regedit.exe /s c:\hp\bin\Add_RAID\AddRAID2.reg
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 2 / 4
Malekal_morte- Messages postés 184348 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 693
 
Manque le rapport Combofix.
regarde sur C:\Combofix.txt

Rise Against rules :D
0
damulien2 Messages postés 11 Statut Membre
 
salut, je viens de relancer combofix. cette fois ca a marché, voici le rapport . merci.

ComboFix 10-07-15.01 - HP_Administrateur 15/07/2010 20:53:18.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.523 [GMT 2:00]
Lancé depuis: c:\documents and settings\HP_Administrateur.DAMULIEN\Bureau\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrateur\Application Data\MSA
c:\documents and settings\HP_Administrateur\Application Data\MSA\mscj.exe
c:\documents and settings\HP_Administrateur\Application Data\MSA\userid.dat
c:\documents and settings\HP_Administrateur\Application Data\MSA\w2_0.exe
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\ieusr50
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\ieusr50\ieusr50.dll
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Windows Server
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Windows Server\uses32.dat
c:\documents and settings\HP_Administrateur\Local Settings\Temp\BIT11.tmp
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HCBackup\hcpackage.exe
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\BPMNT.dll
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\bspatch.exe
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\bzip2.exe
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\hc_core.dll
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\housecall.bin
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\ICRCHdler.dll
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\libcurl.dll
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\libeay32.dll
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\libexpatw.dll
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\perfiCrcPerfMonMgr.dll
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\ssleay32.dll
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\tmcomm.sys
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\TmEngDrv.dll
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\tmfbeng.dll
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\TSC.exe
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\tscdll32.dll
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\utilClientLoader.dll
c:\documents and settings\HP_Administrateur\Local Settings\Temp\HouseCall\vsapi32.dll
c:\documents and settings\HP_Administrateur\Local Settings\Temp\v~f157.tmp
c:\windows\BackUp
c:\windows\BackUp\T\80829000.DAT
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-06-15 au 2010-07-15 ))))))))))))))))))))))))))))))))))))
.

2010-07-14 23:37 . 2010-05-06 10:33 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-14 23:37 . 2010-05-06 10:33 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-14 23:37 . 2010-05-06 10:33 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-14 23:37 . 2010-05-06 10:33 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-14 23:37 . 2010-05-06 10:33 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-14 23:37 . 2010-05-06 10:33 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-14 23:37 . 2010-05-06 10:33 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-14 23:36 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-14 23:35 . 2010-07-14 23:36 -------- d-----w- c:\windows\system32\fr-FR
2010-07-14 23:32 . 2010-07-14 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-14 19:29 . 2010-07-14 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-14 19:29 . 2010-07-14 19:29 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-07-13 22:14 . 2010-07-13 22:14 -------- d-----w- c:\windows\Hewlett-Packard
2010-07-13 22:11 . 2010-07-13 22:11 -------- d-----w- C:\SystemRoot
2010-07-13 21:38 . 2010-07-13 21:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\Symantec
2010-07-13 04:18 . 2010-07-14 23:48 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-13 04:18 . 2010-07-13 04:31 -------- d-----r- c:\windows\system32\config\systemprofile\Menu Démarrer
2010-07-12 23:03 . 2004-08-03 21:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-07-12 23:03 . 2004-08-03 21:07 59264 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-07-12 22:55 . 2010-07-15 00:02 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-07-12 22:53 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-12 22:53 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\dllcache\bthport.sys
2010-07-12 22:53 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-07-12 22:52 . 2010-02-24 12:31 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-12 22:51 . 2010-02-16 19:33 2060416 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-07-12 22:51 . 2010-02-16 19:32 2018816 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-12 22:51 . 2010-02-16 19:33 2183424 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-12 22:51 . 2010-02-16 19:32 2139136 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-12 22:10 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-12 22:10 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-07-12 21:03 . 2010-07-12 21:03 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-12 20:45 . 2001-08-23 15:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-12 20:45 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-12 20:28 . 2010-07-12 20:28 -------- d-----w- c:\program files\SymNetDrv
2010-07-12 20:15 . 2010-07-12 20:15 -------- d-----w- c:\windows\system32\LogFiles
2010-07-12 19:52 . 2010-07-14 23:55 -------- d-----w- c:\documents and settings\HP_Administrateur.DAMULIEN
2010-07-12 19:51 . 2006-08-22 14:38 2600960 ----a-w- c:\windows\system32\config\systemprofile\Application Data\U3\0CA02C6081B2B93D\Launchpad.exe
2010-07-12 19:51 . 2006-05-24 11:36 1003520 ----a-w- c:\windows\system32\config\systemprofile\Application Data\U3\0CA02C6081B2B93D\u3dapi10.dll
2010-07-12 19:51 . 2006-05-24 11:36 110592 ----a-w- c:\windows\system32\config\systemprofile\Application Data\U3\0CA02C6081B2B93D\cleanup.exe
2010-07-12 19:51 . 2006-05-24 11:36 1650688 ----a-w- c:\windows\system32\config\systemprofile\Application Data\U3\0CA02C6081B2B93D\LPSecurityExtension.dll
2010-07-12 19:50 . 2008-10-07 15:43 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\FarStone
2010-07-12 19:50 . 2007-07-12 20:23 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\U3
2010-07-12 19:50 . 2005-01-02 04:55 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-12 19:50 . 2005-01-02 04:39 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-12 19:50 . 2005-01-02 04:24 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ATI
2010-07-11 13:01 . 2010-07-11 13:01 -------- d-----w- c:\program files\Fichiers communs\Skype
2010-07-11 11:25 . 2010-07-11 11:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-10 15:27 . 2010-07-10 15:29 -------- d-----w- C:\divx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 18:15 . 2005-01-02 04:54 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2010-07-14 23:49 . 2009-02-24 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-14 23:32 . 2006-11-15 02:19 -------- d-----w- c:\program files\Alwil Software
2010-07-14 20:05 . 2005-01-02 04:38 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-07-14 04:46 . 2005-10-10 19:39 64484 ----a-w- c:\windows\system32\perfc00C.dat
2010-07-14 04:46 . 2005-10-10 19:39 446566 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-14 00:49 . 2005-01-02 04:25 -------- d-----w- c:\program files\HP
2010-07-14 00:49 . 2005-01-02 04:36 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-13 01:58 . 2005-01-02 04:47 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2010-07-12 23:03 . 2005-01-02 04:55 -------- d-----w- c:\program files\Norton Internet Security
2010-07-12 21:14 . 2006-11-23 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-12 21:02 . 2005-01-02 04:50 -------- d-----w- c:\program files\Google
2010-07-12 20:29 . 2005-01-02 04:54 -------- d-----w- c:\program files\Symantec
2010-07-12 19:58 . 2010-07-12 19:58 1916 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ER024AA-ABF m7345.fr_YC_0Pavi_QCZB613_E61FRemMPC5_48_IEMERY_SASUSTek Computer INC._V1.05_B3.10_T060307_WXP2_L40C_M1023_J250_7Intel_8Pentium D_92.8_#060414_N168C001B_Z_G10027146.MRK
2010-07-12 18:53 . 2009-12-27 03:12 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\WTablet
2010-07-12 16:57 . 2008-05-30 22:47 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-12 01:49 . 2008-09-08 23:22 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Skype
2010-07-11 22:03 . 2008-09-08 23:26 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\skypePM
2010-07-11 13:01 . 2008-09-08 23:22 -------- d-----r- c:\program files\Skype
2010-07-11 13:01 . 2008-09-08 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-06-14 14:30 . 2004-08-10 19:00 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-07 21:27 . 2008-12-22 20:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-31 19:18 . 2010-03-09 01:43 443912 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Real\Update\setup3.10\setup.exe
2010-05-19 18:15 . 2006-11-13 21:08 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Apple Computer
2010-05-19 17:08 . 2010-05-19 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-19 17:07 . 2009-09-19 14:44 -------- d-----w- c:\program files\iPod
2010-05-19 17:07 . 2008-01-18 10:20 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-05-19 17:00 . 2009-03-29 13:52 -------- d-----w- c:\program files\Bonjour
2010-05-19 16:57 . 2010-05-19 16:57 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-19 16:55 . 2008-09-08 15:40 -------- d-----w- c:\program files\Safari
2010-05-19 16:50 . 2010-05-19 16:50 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-05-06 10:33 . 2004-08-10 19:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:26 . 2004-08-10 19:00 1851008 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:47 . 2004-08-10 19:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2006-04-28 19:24 . 2006-04-28 19:24 604 ---ha-w- c:\program files\STLL Notifier
2006-04-21 21:02 . 2006-04-21 21:02 251 ----a-w- c:\program files\wt3d.ini
.
0
damulien2 Messages postés 11 Statut Membre
 
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 36975]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-10-02 57344]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"SSC_UserPrompt"="c:\program files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-10 218240]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-21 58984]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2010-07-12 100056]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Default User\Menu D'marrer\Programmes\D'marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

c:\documents and settings\Default User\Menu D'marrer\Programmes\D'marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

c:\documents and settings\HP_Administrateur\Menu D'marrer\Programmes\D'marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Barre d''tat systSme d'ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-10-2 57344]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2007-2-7 98304]

c:\documents and settings\Default User\Menu D'marrer\Programmes\D'marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2005 06:21 2799488]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [02/01/2005 06:20 468768]
S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [02/01/2005 06:20 449920]
.
Contenu du dossier 'Tâches planifiées'

2010-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-07-12 c:\windows\Tasks\Connexion facile à Internet.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 18:23]

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3778942988-2256036209-3217440487-1007Core.job
- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-24 19:29]

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3778942988-2256036209-3217440487-1007UA.job
- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-24 19:29]

2008-11-18 c:\windows\Tasks\Sibelius.job
- c:\progra~1\SIBELI~1\SIBELI~1\Sibelius.exe [2007-07-14 14:00]

2008-11-18 c:\windows\Tasks\Windows Media Player.job
- c:\progra~1\WINDOW~1\wmplayer.exe [2004-08-10 00:31]
.
.
------- Examen supplémentaire -------
.
IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-PCDrProfiler - (no file)
0
damulien2 Messages postés 11 Statut Membre
 
**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-07-15 21:02:02
ComboFix-quarantined-files.txt 2010-07-15 19:01
ComboFix2.txt 2009-02-24 00:22

Avant-CF: 145 486 401 536 octets libres
Après-CF: 145 556 414 464 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 58AF061EEADED0DF348C7DEDC59AA78E
0
damulien2 Messages postés 11 Statut Membre
 
voilà...pffff.....bon courage! ça parait fou à analyser tout ça. merci encore.
julien
0
Réponse 3 / 4
damulien2 Messages postés 11 Statut Membre
 
merci je crois que c est mieux maintenant :)
0
Réponse 4 / 4
roroo07 Messages postés 504 Date d'inscription   Statut Membre Dernière intervention   15
 
telecharge un logiciel que permet de faire du vide (du trie ) voici un lien

http://www.01net.com/contenu/2562/ta_fiches/10-trucs-pour-faire-le-menage-a-fond-de-votre-pc-362-1

voila bonne chance
-1

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
clips4sale securisee ou pas ???
julien -
Clipcrushsale -

7 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses