Ralentissement infection?
Résolu/Fermé
lubidoo
Messages postés
32
Date d'inscription
jeudi 20 mars 2008
Statut
Membre
Dernière intervention
29 décembre 2010
-
28 oct. 2010 à 01:14
lubidoo Messages postés 32 Date d'inscription jeudi 20 mars 2008 Statut Membre Dernière intervention 29 décembre 2010 - 29 oct. 2010 à 01:49
lubidoo Messages postés 32 Date d'inscription jeudi 20 mars 2008 Statut Membre Dernière intervention 29 décembre 2010 - 29 oct. 2010 à 01:49
A voir également:
- Ralentissement infection?
- Ralentissement pc - Guide
- Youtube ralentissement adblock - Accueil - Streaming
- Ios 18 ralentissement - Accueil - IOS
- Intel management engine components ralentissement - Forum Matériel & Système
- Infection ? - Forum Sécurité
7 réponses
Mstr
Messages postés
9973
Date d'inscription
lundi 11 janvier 2010
Statut
Contributeur sécurité
Dernière intervention
28 septembre 2015
1 891
28 oct. 2010 à 11:07
28 oct. 2010 à 11:07
Salut,
Rien de spécial sur le scan HijackThis, cependant, il passe maintenant à côté de beaucoup d'infections...
Pour vraiment vérifier, il faudrait plutôt passer via ZHPDiag par exemple.
J'ai remarqué : The directory 'C:\Users\YM\Documents\Adobe Photoshop CS3 Extended+patch FR+kegen.HwC\' was excluded from scanning!
Les cracks/et keygen sont un des principaux vecteurs d'infections..
Un peu d'info ^^ :
https://forum.malekal.com/viewtopic.php?t=893&start=
Rien de spécial sur le scan HijackThis, cependant, il passe maintenant à côté de beaucoup d'infections...
Pour vraiment vérifier, il faudrait plutôt passer via ZHPDiag par exemple.
J'ai remarqué : The directory 'C:\Users\YM\Documents\Adobe Photoshop CS3 Extended+patch FR+kegen.HwC\' was excluded from scanning!
Les cracks/et keygen sont un des principaux vecteurs d'infections..
Un peu d'info ^^ :
https://forum.malekal.com/viewtopic.php?t=893&start=
midnight477
Messages postés
437
Date d'inscription
mardi 2 février 2010
Statut
Membre
Dernière intervention
14 septembre 2018
109
28 oct. 2010 à 01:18
28 oct. 2010 à 01:18
essaye de faire une défrag, nettoie le registre, fais une analyse complète avec ton antivirus mais si tu dit qu'il met 10 minutes à s'allumer je parirais sur un virus ou alors c'est qu'il à pris un cou quelque part.
lubidoo
Messages postés
32
Date d'inscription
jeudi 20 mars 2008
Statut
Membre
Dernière intervention
29 décembre 2010
28 oct. 2010 à 01:38
28 oct. 2010 à 01:38
Merci,
le registre a été nettoyé et j'ai viré la plupart des trucs au démarrage. La défragmentation est en tâche planifiée et a été exécutée ce matin.
Je viens de lancer un scan antivirus complet, qui devrait s'achever sous peu, il n'y a pas beaucoup de trucs sur cet ordi.
Je ne pense pas qu'il ait pris un coup, elle fait attention à ses choses et me l'aurait dit!
Je voulais télécharger hijackthis et lancer une analyse mais je me demande s'il est toujours d'actualité? Et je ne suis pas assez calée pour comprendre son rapport...
le registre a été nettoyé et j'ai viré la plupart des trucs au démarrage. La défragmentation est en tâche planifiée et a été exécutée ce matin.
Je viens de lancer un scan antivirus complet, qui devrait s'achever sous peu, il n'y a pas beaucoup de trucs sur cet ordi.
Je ne pense pas qu'il ait pris un coup, elle fait attention à ses choses et me l'aurait dit!
Je voulais télécharger hijackthis et lancer une analyse mais je me demande s'il est toujours d'actualité? Et je ne suis pas assez calée pour comprendre son rapport...
midnight477
Messages postés
437
Date d'inscription
mardi 2 février 2010
Statut
Membre
Dernière intervention
14 septembre 2018
109
28 oct. 2010 à 01:46
28 oct. 2010 à 01:46
non si tu veux booster et nettoyer un ordi télécharge Tuneup 2010 il est parfait ce logiciel
mpuissance4
Messages postés
14921
Date d'inscription
dimanche 26 juillet 2009
Statut
Contributeur
Dernière intervention
18 août 2024
2 133
28 oct. 2010 à 01:53
28 oct. 2010 à 01:53
bonsoir
post ton rapport et attend un helper sécu si tu as des virus
Cordialement
post ton rapport et attend un helper sécu si tu as des virus
Cordialement
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
lubidoo
Messages postés
32
Date d'inscription
jeudi 20 mars 2008
Statut
Membre
Dernière intervention
29 décembre 2010
28 oct. 2010 à 04:31
28 oct. 2010 à 04:31
re bonsoir
voici le scan antivirus suivi d'un hijack si un âme charitable chevronné veut bien y jeter un oeil :)
Avira AntiVir Personal
Report file date: 27 octobre 2010 19:26
Scanning for 2979531 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista 64 Bit
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PC-DE-YM
Version information:
BUILD.DAT : 9.0.0.422 21701 Bytes 2010-03-09 10:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 2010-01-05 22:48:00
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2009-02-27 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2009-02-20 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2009-02-27 15:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 18:40:37
VBASE001.VDF : 7.10.1.0 1372672 Bytes 2009-11-19 18:41:17
VBASE002.VDF : 7.10.3.1 3143680 Bytes 2010-01-20 20:00:58
VBASE003.VDF : 7.10.3.75 996864 Bytes 2010-01-26 20:01:24
VBASE004.VDF : 7.10.4.203 1579008 Bytes 2010-03-05 20:22:53
VBASE005.VDF : 7.10.6.82 2494464 Bytes 2010-04-15 12:42:55
VBASE006.VDF : 7.10.7.218 2294784 Bytes 2010-06-02 20:27:08
VBASE007.VDF : 7.10.9.165 4840960 Bytes 2010-07-23 00:48:58
VBASE008.VDF : 7.10.11.133 3454464 Bytes 2010-09-13 18:09:12
VBASE009.VDF : 7.10.11.134 2048 Bytes 2010-09-13 18:09:13
VBASE010.VDF : 7.10.11.135 2048 Bytes 2010-09-13 18:09:13
VBASE011.VDF : 7.10.11.136 2048 Bytes 2010-09-13 18:09:13
VBASE012.VDF : 7.10.11.137 2048 Bytes 2010-09-13 18:09:13
VBASE013.VDF : 7.10.11.165 172032 Bytes 2010-09-15 19:41:08
VBASE014.VDF : 7.10.11.202 144384 Bytes 2010-09-18 14:02:42
VBASE015.VDF : 7.10.11.231 129024 Bytes 2010-09-21 14:02:53
VBASE016.VDF : 7.10.12.4 126464 Bytes 2010-09-23 13:10:20
VBASE017.VDF : 7.10.12.38 146944 Bytes 2010-09-27 15:01:16
VBASE018.VDF : 7.10.12.64 133120 Bytes 2010-09-29 23:29:49
VBASE019.VDF : 7.10.12.99 134144 Bytes 2010-10-01 23:29:57
VBASE020.VDF : 7.10.12.122 131584 Bytes 2010-10-05 13:20:33
VBASE021.VDF : 7.10.12.148 119296 Bytes 2010-10-07 14:28:31
VBASE022.VDF : 7.10.12.175 142848 Bytes 2010-10-11 11:26:27
VBASE023.VDF : 7.10.12.198 131584 Bytes 2010-10-13 11:26:47
VBASE024.VDF : 7.10.12.216 133120 Bytes 2010-10-14 12:33:03
VBASE025.VDF : 7.10.12.238 137728 Bytes 2010-10-18 14:43:47
VBASE026.VDF : 7.10.12.254 129536 Bytes 2010-10-20 19:20:12
VBASE027.VDF : 7.10.13.22 137728 Bytes 2010-10-22 19:20:15
VBASE028.VDF : 7.10.13.39 124416 Bytes 2010-10-26 22:41:16
VBASE029.VDF : 7.10.13.40 2048 Bytes 2010-10-26 22:41:16
VBASE030.VDF : 7.10.13.41 2048 Bytes 2010-10-26 22:41:16
VBASE031.VDF : 7.10.13.59 123392 Bytes 2010-10-27 22:41:34
Engineversion : 8.2.4.84
AEVDF.DLL : 8.1.2.1 106868 Bytes 2010-07-31 17:06:22
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 2010-09-17 21:18:43
AESCN.DLL : 8.1.6.1 127347 Bytes 2010-05-12 23:34:45
AESBX.DLL : 8.1.3.1 254324 Bytes 2010-04-24 14:45:05
AERDL.DLL : 8.1.9.2 635252 Bytes 2010-09-22 14:03:29
AEPACK.DLL : 8.2.3.11 471416 Bytes 2010-10-11 14:57:54
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 2010-07-27 00:50:56
AEHEUR.DLL : 8.1.2.36 2974072 Bytes 2010-10-25 19:20:22
AEHELP.DLL : 8.1.14.0 246134 Bytes 2010-10-11 14:55:32
AEGEN.DLL : 8.1.3.23 401779 Bytes 2010-10-01 23:30:21
AEEMU.DLL : 8.1.2.0 393588 Bytes 2010-04-24 14:44:59
AECORE.DLL : 8.1.17.0 196982 Bytes 2010-09-25 13:10:42
AEBB.DLL : 8.1.1.0 53618 Bytes 2010-04-24 14:44:57
AVWINLL.DLL : 9.0.0.3 18177 Bytes 2008-12-12 13:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 2010-01-05 22:48:00
AVREP.DLL : 8.0.0.7 159784 Bytes 2010-02-19 23:53:59
AVREG.DLL : 9.0.0.0 36609 Bytes 2008-12-05 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 2009-03-24 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 2009-01-30 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 2009-01-28 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2009-02-02 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 2008-12-05 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 2009-05-15 20:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 2010-01-05 22:48:00
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Skipped files.......................: C:\Users\YM\Documents\Adobe Photoshop CS3 Extended+patch FR+kegen.HwC,
Start of the scan: 27 octobre 2010 19:26
Starting search for hidden objects.
The driver could not be initialized.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '0' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '0' Module(s) have been scanned
Scan process 'GoogleToolbarUser_32.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '0' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned
Scan process 'unsecapp.exe' - '0' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '0' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '0' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '0' Module(s) have been scanned
Scan process 'WeatherEye.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '0' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '0' Module(s) have been scanned
Scan process 'WLIDSVCM.EXE' - '0' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'TVSched.exe' - '1' Module(s) have been scanned
Scan process 'TVCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '0' Module(s) have been scanned
Scan process 'dwm.exe' - '0' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'BLService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'agr64svc.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'lpksetup.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'hpservice.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'SLsvc.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'stacsv64.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '0' Module(s) have been scanned
Scan process 'lsm.exe' - '0' Module(s) have been scanned
Scan process 'lsass.exe' - '0' Module(s) have been scanned
Scan process 'services.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'wininit.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'smss.exe' - '0' Module(s) have been scanned
21 processes with 21 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '35' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
The directory 'C:\Users\YM\Documents\Adobe Photoshop CS3 Extended+patch FR+kegen.HwC\' was excluded from scanning!
C:\Users\YM\Music\iTunes\iTunes Music\Les Classels - En marchant sur la plage.wma
[DETECTION] Is the TR/Dldr.Wimad.1395 Trojan
C:\Windows\SoftwareDistribution\Download\49de16e153f1bfd16c80639367665021\BIT6835.tmp
[0] Archive type: CAB (Microsoft)
--> package_273_for_kb967723~31bf3856ad364e35~amd64~~6.0.1.7.cat
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'D:\' <RECOVERY>
Beginning disinfection:
C:\Users\YM\Music\iTunes\iTunes Music\Les Classels - En marchant sur la plage.wma
[DETECTION] Is the TR/Dldr.Wimad.1395 Trojan
[NOTE] The file was moved to '4d3bdb89.qua'!
End of the scan: 27 octobre 2010 22:08
Used time: 2:21:52 Hour(s)
The scan has been done completely.
38034 Scanned directories
681571 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
681569 Files not concerned
2942 Archives were scanned
3 Warnings
2 Notes
Hijackthis maintenant:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:07, on 2010-10-27
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\YM\AppData\Local\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp-consumer.my.aol.qc.ca/?icid=notebook
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp-consumer.my.aol.qc.ca/?icid=notebook
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-consumer.my.aol.qc.ca/?icid=notebook
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Users\YM\AppData\Local\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
voici le scan antivirus suivi d'un hijack si un âme charitable chevronné veut bien y jeter un oeil :)
Avira AntiVir Personal
Report file date: 27 octobre 2010 19:26
Scanning for 2979531 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista 64 Bit
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PC-DE-YM
Version information:
BUILD.DAT : 9.0.0.422 21701 Bytes 2010-03-09 10:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 2010-01-05 22:48:00
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2009-02-27 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2009-02-20 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2009-02-27 15:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 18:40:37
VBASE001.VDF : 7.10.1.0 1372672 Bytes 2009-11-19 18:41:17
VBASE002.VDF : 7.10.3.1 3143680 Bytes 2010-01-20 20:00:58
VBASE003.VDF : 7.10.3.75 996864 Bytes 2010-01-26 20:01:24
VBASE004.VDF : 7.10.4.203 1579008 Bytes 2010-03-05 20:22:53
VBASE005.VDF : 7.10.6.82 2494464 Bytes 2010-04-15 12:42:55
VBASE006.VDF : 7.10.7.218 2294784 Bytes 2010-06-02 20:27:08
VBASE007.VDF : 7.10.9.165 4840960 Bytes 2010-07-23 00:48:58
VBASE008.VDF : 7.10.11.133 3454464 Bytes 2010-09-13 18:09:12
VBASE009.VDF : 7.10.11.134 2048 Bytes 2010-09-13 18:09:13
VBASE010.VDF : 7.10.11.135 2048 Bytes 2010-09-13 18:09:13
VBASE011.VDF : 7.10.11.136 2048 Bytes 2010-09-13 18:09:13
VBASE012.VDF : 7.10.11.137 2048 Bytes 2010-09-13 18:09:13
VBASE013.VDF : 7.10.11.165 172032 Bytes 2010-09-15 19:41:08
VBASE014.VDF : 7.10.11.202 144384 Bytes 2010-09-18 14:02:42
VBASE015.VDF : 7.10.11.231 129024 Bytes 2010-09-21 14:02:53
VBASE016.VDF : 7.10.12.4 126464 Bytes 2010-09-23 13:10:20
VBASE017.VDF : 7.10.12.38 146944 Bytes 2010-09-27 15:01:16
VBASE018.VDF : 7.10.12.64 133120 Bytes 2010-09-29 23:29:49
VBASE019.VDF : 7.10.12.99 134144 Bytes 2010-10-01 23:29:57
VBASE020.VDF : 7.10.12.122 131584 Bytes 2010-10-05 13:20:33
VBASE021.VDF : 7.10.12.148 119296 Bytes 2010-10-07 14:28:31
VBASE022.VDF : 7.10.12.175 142848 Bytes 2010-10-11 11:26:27
VBASE023.VDF : 7.10.12.198 131584 Bytes 2010-10-13 11:26:47
VBASE024.VDF : 7.10.12.216 133120 Bytes 2010-10-14 12:33:03
VBASE025.VDF : 7.10.12.238 137728 Bytes 2010-10-18 14:43:47
VBASE026.VDF : 7.10.12.254 129536 Bytes 2010-10-20 19:20:12
VBASE027.VDF : 7.10.13.22 137728 Bytes 2010-10-22 19:20:15
VBASE028.VDF : 7.10.13.39 124416 Bytes 2010-10-26 22:41:16
VBASE029.VDF : 7.10.13.40 2048 Bytes 2010-10-26 22:41:16
VBASE030.VDF : 7.10.13.41 2048 Bytes 2010-10-26 22:41:16
VBASE031.VDF : 7.10.13.59 123392 Bytes 2010-10-27 22:41:34
Engineversion : 8.2.4.84
AEVDF.DLL : 8.1.2.1 106868 Bytes 2010-07-31 17:06:22
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 2010-09-17 21:18:43
AESCN.DLL : 8.1.6.1 127347 Bytes 2010-05-12 23:34:45
AESBX.DLL : 8.1.3.1 254324 Bytes 2010-04-24 14:45:05
AERDL.DLL : 8.1.9.2 635252 Bytes 2010-09-22 14:03:29
AEPACK.DLL : 8.2.3.11 471416 Bytes 2010-10-11 14:57:54
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 2010-07-27 00:50:56
AEHEUR.DLL : 8.1.2.36 2974072 Bytes 2010-10-25 19:20:22
AEHELP.DLL : 8.1.14.0 246134 Bytes 2010-10-11 14:55:32
AEGEN.DLL : 8.1.3.23 401779 Bytes 2010-10-01 23:30:21
AEEMU.DLL : 8.1.2.0 393588 Bytes 2010-04-24 14:44:59
AECORE.DLL : 8.1.17.0 196982 Bytes 2010-09-25 13:10:42
AEBB.DLL : 8.1.1.0 53618 Bytes 2010-04-24 14:44:57
AVWINLL.DLL : 9.0.0.3 18177 Bytes 2008-12-12 13:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 2010-01-05 22:48:00
AVREP.DLL : 8.0.0.7 159784 Bytes 2010-02-19 23:53:59
AVREG.DLL : 9.0.0.0 36609 Bytes 2008-12-05 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 2009-03-24 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 2009-01-30 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 2009-01-28 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2009-02-02 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 2008-12-05 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 2009-05-15 20:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 2010-01-05 22:48:00
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Skipped files.......................: C:\Users\YM\Documents\Adobe Photoshop CS3 Extended+patch FR+kegen.HwC,
Start of the scan: 27 octobre 2010 19:26
Starting search for hidden objects.
The driver could not be initialized.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '0' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '0' Module(s) have been scanned
Scan process 'GoogleToolbarUser_32.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '0' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned
Scan process 'unsecapp.exe' - '0' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '0' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '0' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '0' Module(s) have been scanned
Scan process 'WeatherEye.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '0' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '0' Module(s) have been scanned
Scan process 'WLIDSVCM.EXE' - '0' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'TVSched.exe' - '1' Module(s) have been scanned
Scan process 'TVCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '0' Module(s) have been scanned
Scan process 'dwm.exe' - '0' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'BLService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'agr64svc.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'lpksetup.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'hpservice.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'SLsvc.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'stacsv64.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '0' Module(s) have been scanned
Scan process 'lsm.exe' - '0' Module(s) have been scanned
Scan process 'lsass.exe' - '0' Module(s) have been scanned
Scan process 'services.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'wininit.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'smss.exe' - '0' Module(s) have been scanned
21 processes with 21 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '35' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
The directory 'C:\Users\YM\Documents\Adobe Photoshop CS3 Extended+patch FR+kegen.HwC\' was excluded from scanning!
C:\Users\YM\Music\iTunes\iTunes Music\Les Classels - En marchant sur la plage.wma
[DETECTION] Is the TR/Dldr.Wimad.1395 Trojan
C:\Windows\SoftwareDistribution\Download\49de16e153f1bfd16c80639367665021\BIT6835.tmp
[0] Archive type: CAB (Microsoft)
--> package_273_for_kb967723~31bf3856ad364e35~amd64~~6.0.1.7.cat
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'D:\' <RECOVERY>
Beginning disinfection:
C:\Users\YM\Music\iTunes\iTunes Music\Les Classels - En marchant sur la plage.wma
[DETECTION] Is the TR/Dldr.Wimad.1395 Trojan
[NOTE] The file was moved to '4d3bdb89.qua'!
End of the scan: 27 octobre 2010 22:08
Used time: 2:21:52 Hour(s)
The scan has been done completely.
38034 Scanned directories
681571 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
681569 Files not concerned
2942 Archives were scanned
3 Warnings
2 Notes
Hijackthis maintenant:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:07, on 2010-10-27
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\YM\AppData\Local\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp-consumer.my.aol.qc.ca/?icid=notebook
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp-consumer.my.aol.qc.ca/?icid=notebook
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-consumer.my.aol.qc.ca/?icid=notebook
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Users\YM\AppData\Local\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
lubidoo
Messages postés
32
Date d'inscription
jeudi 20 mars 2008
Statut
Membre
Dernière intervention
29 décembre 2010
28 oct. 2010 à 14:41
28 oct. 2010 à 14:41
Bonjour et merci de prendre un peu de temps!
j'ai fait un scan ZHPDiag voici le lien:
http://www.cijoint.fr/cjlink.php?file=cj201010/cijzV0sYkb.txt
Pour ce qui est du crack.... ou la la... je ne suis même pas sure que ma mère soit au courant que ce soit sur son portable!!! elle a peine à utiliser Excell alors photoshop loll, je vais le virer et lui indiquer le lien de malekal :)
je crois qu'il y a vraiment quelque chose qui tourne... juste de passer d'une fenêtre à l'autre prends un temps fou, le gestionnaire indique qu'il y a plus de 2go de ram utilisés en tout temps. en attendant une réponse je vais passer un memtest juste au cas où et ouvrir le portable pour nettoyer le ventilo, ça ne peut pas faire de tort.
Merci
j'ai fait un scan ZHPDiag voici le lien:
http://www.cijoint.fr/cjlink.php?file=cj201010/cijzV0sYkb.txt
Pour ce qui est du crack.... ou la la... je ne suis même pas sure que ma mère soit au courant que ce soit sur son portable!!! elle a peine à utiliser Excell alors photoshop loll, je vais le virer et lui indiquer le lien de malekal :)
je crois qu'il y a vraiment quelque chose qui tourne... juste de passer d'une fenêtre à l'autre prends un temps fou, le gestionnaire indique qu'il y a plus de 2go de ram utilisés en tout temps. en attendant une réponse je vais passer un memtest juste au cas où et ouvrir le portable pour nettoyer le ventilo, ça ne peut pas faire de tort.
Merci
lubidoo
Messages postés
32
Date d'inscription
jeudi 20 mars 2008
Statut
Membre
Dernière intervention
29 décembre 2010
29 oct. 2010 à 01:49
29 oct. 2010 à 01:49
up!
Memtest n'a rien donné et le ventilo pas vraiment sale...svp quelqu'un pourrait lire le rapport?
Merci :)
Memtest n'a rien donné et le ventilo pas vraiment sale...svp quelqu'un pourrait lire le rapport?
Merci :)