Blocage de Vista / HIJACKTHIS
Misha
-
juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention -
juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
Je suis confronté à un souci avec un pc portable vista. celui-ci avait un virus que j'ai dores et déjà erradiqué.
Le pc se bloquait rapidement (la souris bougeait mais impossible de faire quoi que ce soit avec le système d'exploitation). Après avoir scanné le virus, j'ai repoussé ce blocage à une apparition au bout de 20 minutes d'utilisation.
Je ne sais plus trop comment faire, d'autant que Avast que j'avais installé à la base ne veut plus du tout s'exécuter.
J'ai passé HIJACKTHIS, et voilà ce que ça donne (je ne sais pas lire ces données).
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51:41, on 22/03/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\wuauclt.exe
C:\Users\david\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33WAUC7P\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O2 - BHO: (no name) - {343db173-0e5a-4f2a-b7bb-71a49085d70e} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {343db173-0e5a-4f2a-b7bb-71a49085d70e} - (no file)
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\david\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Je suis confronté à un souci avec un pc portable vista. celui-ci avait un virus que j'ai dores et déjà erradiqué.
Le pc se bloquait rapidement (la souris bougeait mais impossible de faire quoi que ce soit avec le système d'exploitation). Après avoir scanné le virus, j'ai repoussé ce blocage à une apparition au bout de 20 minutes d'utilisation.
Je ne sais plus trop comment faire, d'autant que Avast que j'avais installé à la base ne veut plus du tout s'exécuter.
J'ai passé HIJACKTHIS, et voilà ce que ça donne (je ne sais pas lire ces données).
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51:41, on 22/03/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\wuauclt.exe
C:\Users\david\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33WAUC7P\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O2 - BHO: (no name) - {343db173-0e5a-4f2a-b7bb-71a49085d70e} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {343db173-0e5a-4f2a-b7bb-71a49085d70e} - (no file)
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\david\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
A voir également:
- Blocage de Vista / HIJACKTHIS
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Windows vista - Télécharger - Divers Utilitaires
- Blocage messenger - Guide
- Blocage smtp sortant - Forum Freebox
- Clé windows vista - Guide
27 réponses
ComboFix 11-03-24.01 - david 24/03/2011 21:41:11.1.2 - x86 NETWORK
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1548 [GMT 1:00]
Lancé depuis: c:\users\david\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-24 au 2011-03-24 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-24 20:47 . 2011-03-24 20:48 -------- d-----w- c:\users\david\AppData\Local\temp
2011-03-24 20:47 . 2011-03-24 20:47 -------- d-----w- c:\users\Invité\AppData\Local\temp
2011-03-24 20:47 . 2011-03-24 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-23 21:26 . 2011-03-23 21:26 -------- d-----w- C:\Kill'em
2011-03-23 21:26 . 2011-03-24 20:26 -------- d-----w- c:\program files\List_Kill'em
2011-03-23 21:24 . 2011-03-23 21:24 -------- d-----w- C:\1st_Quarantine_L_K
2011-03-22 21:19 . 2011-03-23 20:30 -------- d-----w- C:\FyK
2011-03-22 20:12 . 2011-03-22 20:12 -------- d-----w- c:\windows\system32\Liste Spéciale
2011-03-22 19:42 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-22 18:24 . 2011-03-22 18:24 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2011-03-22 18:10 . 2011-03-22 19:29 -------- d-----w- c:\windows\system32\Quarantine
2011-03-22 16:57 . 2011-03-22 16:57 -------- d-----w- c:\users\david\AppData\Roaming\Malwarebytes
2011-03-22 16:57 . 2011-03-22 16:57 -------- d-----w- c:\programdata\Malwarebytes
2011-03-22 16:57 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-22 16:57 . 2011-03-22 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-22 16:57 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-22 16:26 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C28A706-71FB-433E-B6B1-E7A54263DD72}\mpengine.dll
2011-03-20 19:42 . 2009-06-12 11:18 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-20 19:42 . 2008-01-29 05:32 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-03-20 19:41 . 2011-03-20 19:41 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2011-03-20 19:41 . 2011-03-20 19:41 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2011-03-20 19:40 . 2011-03-20 19:40 -------- d-----w- c:\program files\NortonInstaller
2011-03-20 19:27 . 2011-03-20 19:42 -------- dc----w- c:\windows\system32\DRVSTORE
2011-03-20 18:38 . 2011-03-20 19:41 -------- d-----w- c:\programdata\Norton
2011-03-20 10:07 . 2011-03-20 10:07 -------- d-----w- c:\windows\system32\EventProviders
2011-03-20 10:07 . 2011-03-20 10:07 -------- d-----w- C:\072625a539209d8c66000d1fd9acd426
2011-03-20 09:47 . 2011-03-20 18:26 81984 ----a-w- c:\windows\system32\bdod.bin
2011-03-20 09:39 . 2011-03-22 21:14 -------- d-----w- c:\program files\Common Files\Softwin
2011-03-17 07:24 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-17 07:24 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-17 07:24 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-17 07:24 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-17 07:24 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-17 07:24 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-17 07:24 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-17 07:24 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-17 06:36 . 2011-03-17 06:36 -------- d-----w- c:\program files\CCleaner
2011-03-16 17:46 . 2011-03-22 20:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-16 17:46 . 2011-03-22 19:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-16 17:46 . 2011-03-17 07:23 -------- d-----w- c:\programdata\AVAST Software
2011-03-16 17:46 . 2011-03-16 17:46 -------- d-----w- c:\program files\AVAST Software
2011-03-09 17:50 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 17:50 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 17:50 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 17:50 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 17:50 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 17:50 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-25 16:36 . 2011-02-25 16:36 653576 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2010-12-15 12:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2010-12-13 14:26 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-23 17:38 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-01-23 17:38 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-01-08 07:50 . 2011-02-13 18:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57 . 2011-02-13 18:11 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:25 . 2011-02-13 18:12 2038784 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 14:57 . 2011-01-24 11:58 409600 ----a-w- c:\windows\system32\odbc32.dll
2009-11-04 09:14 1168216 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\advcheck.dll
2009-01-26 14:31 2144088 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\EYDFUEW.scr
2009-03-05 15:07 2260480 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\GMMTWN.scr
2009-01-26 14:31 5365592 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\JYLVMNSKJVMMNUNAX.scr
2009-01-26 14:31 1740632 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\SDUpdate.exe
2009-01-26 14:31 1740632 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\XHPTGGXCUIPZMUCHK.scr
2009-11-04 09:14 1168216 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\Spybot - Search & Destroy\advcheck.dll
2009-01-26 14:31 2144088 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\Spybot - Search & Destroy\EYDFUEW.scr
2009-03-05 15:07 2260480 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\Spybot - Search & Destroy\GMMTWN.scr
2009-01-26 14:31 5365592 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\Spybot - Search & Destroy\JYLVMNSKJVMMNUNAX.scr
2009-01-26 14:31 1740632 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\Spybot - Search & Destroy\SDUpdate.exe
2009-01-26 14:31 1740632 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\Spybot - Search & Destroy\XHPTGGXCUIPZMUCHK.scr
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Google Update"="c:\users\david\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-26 136176]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-10 03:59 115816 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
2007-01-13 00:28 431752 ----a-w- c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-28 212280]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - PXHELP20
.
Contenu du dossier 'Tâches planifiées'
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-429214719-1717717497-368671753-1000Core.job
- c:\users\david\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-26 18:03]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-429214719-1717717497-368671753-1000UA.job
- c:\users\david\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-26 18:03]
.
2011-03-20 c:\windows\Tasks\User_Feed_Synchronization-{DA72A968-2E11-46B0-B595-9DDA2A34F4B1}.job
- c:\windows\system32\msfeedssync.exe [2011-03-20 04:47]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{343DB173-0E5A-4F2A-B7BB-71A49085D70E} - (no file)
HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-BDAgent - c:\program files\Softwin\BitDefender10\bdagent.exe
MSConfigStartUp-BDMCon - c:\program files\Softwin\BitDefender10\bdmcon.exe
MSConfigStartUp-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 21:47
Windows 6.0.6001 Service Pack 1 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2011-03-24 21:50:02
ComboFix-quarantined-files.txt 2011-03-24 20:50
.
Avant-CF: 111 164 248 064 octets libres
Après-CF: 111 080 435 712 octets libres
.
- - End Of File - - AE1A42313C9D36F45D8842104D873CA9
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1548 [GMT 1:00]
Lancé depuis: c:\users\david\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-24 au 2011-03-24 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-24 20:47 . 2011-03-24 20:48 -------- d-----w- c:\users\david\AppData\Local\temp
2011-03-24 20:47 . 2011-03-24 20:47 -------- d-----w- c:\users\Invité\AppData\Local\temp
2011-03-24 20:47 . 2011-03-24 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-23 21:26 . 2011-03-23 21:26 -------- d-----w- C:\Kill'em
2011-03-23 21:26 . 2011-03-24 20:26 -------- d-----w- c:\program files\List_Kill'em
2011-03-23 21:24 . 2011-03-23 21:24 -------- d-----w- C:\1st_Quarantine_L_K
2011-03-22 21:19 . 2011-03-23 20:30 -------- d-----w- C:\FyK
2011-03-22 20:12 . 2011-03-22 20:12 -------- d-----w- c:\windows\system32\Liste Spéciale
2011-03-22 19:42 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-22 18:24 . 2011-03-22 18:24 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2011-03-22 18:10 . 2011-03-22 19:29 -------- d-----w- c:\windows\system32\Quarantine
2011-03-22 16:57 . 2011-03-22 16:57 -------- d-----w- c:\users\david\AppData\Roaming\Malwarebytes
2011-03-22 16:57 . 2011-03-22 16:57 -------- d-----w- c:\programdata\Malwarebytes
2011-03-22 16:57 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-22 16:57 . 2011-03-22 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-22 16:57 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-22 16:26 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C28A706-71FB-433E-B6B1-E7A54263DD72}\mpengine.dll
2011-03-20 19:42 . 2009-06-12 11:18 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-20 19:42 . 2008-01-29 05:32 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-03-20 19:41 . 2011-03-20 19:41 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2011-03-20 19:41 . 2011-03-20 19:41 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2011-03-20 19:40 . 2011-03-20 19:40 -------- d-----w- c:\program files\NortonInstaller
2011-03-20 19:27 . 2011-03-20 19:42 -------- dc----w- c:\windows\system32\DRVSTORE
2011-03-20 18:38 . 2011-03-20 19:41 -------- d-----w- c:\programdata\Norton
2011-03-20 10:07 . 2011-03-20 10:07 -------- d-----w- c:\windows\system32\EventProviders
2011-03-20 10:07 . 2011-03-20 10:07 -------- d-----w- C:\072625a539209d8c66000d1fd9acd426
2011-03-20 09:47 . 2011-03-20 18:26 81984 ----a-w- c:\windows\system32\bdod.bin
2011-03-20 09:39 . 2011-03-22 21:14 -------- d-----w- c:\program files\Common Files\Softwin
2011-03-17 07:24 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-17 07:24 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-17 07:24 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-17 07:24 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-17 07:24 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-17 07:24 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-17 07:24 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-17 07:24 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-17 06:36 . 2011-03-17 06:36 -------- d-----w- c:\program files\CCleaner
2011-03-16 17:46 . 2011-03-22 20:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-16 17:46 . 2011-03-22 19:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-16 17:46 . 2011-03-17 07:23 -------- d-----w- c:\programdata\AVAST Software
2011-03-16 17:46 . 2011-03-16 17:46 -------- d-----w- c:\program files\AVAST Software
2011-03-09 17:50 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 17:50 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 17:50 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 17:50 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 17:50 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 17:50 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-25 16:36 . 2011-02-25 16:36 653576 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2010-12-15 12:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2010-12-13 14:26 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-23 17:38 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-01-23 17:38 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-01-08 07:50 . 2011-02-13 18:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57 . 2011-02-13 18:11 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:25 . 2011-02-13 18:12 2038784 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 14:57 . 2011-01-24 11:58 409600 ----a-w- c:\windows\system32\odbc32.dll
2009-11-04 09:14 1168216 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\advcheck.dll
2009-01-26 14:31 2144088 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\EYDFUEW.scr
2009-03-05 15:07 2260480 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\GMMTWN.scr
2009-01-26 14:31 5365592 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\JYLVMNSKJVMMNUNAX.scr
2009-01-26 14:31 1740632 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\SDUpdate.exe
2009-01-26 14:31 1740632 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\XHPTGGXCUIPZMUCHK.scr
2009-11-04 09:14 1168216 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\Spybot - Search & Destroy\advcheck.dll
2009-01-26 14:31 2144088 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\Spybot - Search & Destroy\EYDFUEW.scr
2009-03-05 15:07 2260480 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\Spybot - Search & Destroy\GMMTWN.scr
2009-01-26 14:31 5365592 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\Spybot - Search & Destroy\JYLVMNSKJVMMNUNAX.scr
2009-01-26 14:31 1740632 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\Spybot - Search & Destroy\SDUpdate.exe
2009-01-26 14:31 1740632 --sha-r- c:\windows\System32\Quarantine\Spybot - Search & Destroy .DIR\Spybot - Search & Destroy\XHPTGGXCUIPZMUCHK.scr
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Google Update"="c:\users\david\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-26 136176]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-10 03:59 115816 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
2007-01-13 00:28 431752 ----a-w- c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-28 212280]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - PXHELP20
.
Contenu du dossier 'Tâches planifiées'
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-429214719-1717717497-368671753-1000Core.job
- c:\users\david\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-26 18:03]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-429214719-1717717497-368671753-1000UA.job
- c:\users\david\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-26 18:03]
.
2011-03-20 c:\windows\Tasks\User_Feed_Synchronization-{DA72A968-2E11-46B0-B595-9DDA2A34F4B1}.job
- c:\windows\system32\msfeedssync.exe [2011-03-20 04:47]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{343DB173-0E5A-4F2A-B7BB-71A49085D70E} - (no file)
HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-BDAgent - c:\program files\Softwin\BitDefender10\bdagent.exe
MSConfigStartUp-BDMCon - c:\program files\Softwin\BitDefender10\bdmcon.exe
MSConfigStartUp-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 21:47
Windows 6.0.6001 Service Pack 1 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2011-03-24 21:50:02
ComboFix-quarantined-files.txt 2011-03-24 20:50
.
Avant-CF: 111 164 248 064 octets libres
Après-CF: 111 080 435 712 octets libres
.
- - End Of File - - AE1A42313C9D36F45D8842104D873CA9
L'ordinateur continu de se bloquer de la même manière.
On engage la manière forte? A savoir un format c: ? ^^
Merci en tout cas pour toutes les infos que tu me donnes.
On engage la manière forte? A savoir un format c: ? ^^
Merci en tout cas pour toutes les infos que tu me donnes.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Hummm ouais je pense que le formatage est encore la meilleure solution.
Mais installe seven si possible car seven = vista sans ses bugs ;-)
je reste ici, si tu as un soucis demande moi.
Mais installe seven si possible car seven = vista sans ses bugs ;-)
je reste ici, si tu as un soucis demande moi.
J'ai tout formaté, réinstallé, mis Avast en anti-virus et il m'a trouvé encore un fichier infecté par Win32.KillApp-w sur un fichier hp. J'ai tout viré, y en a marre ^^
J'ai installé Vista par contre, car ce n'est pas mon ordi et je n'ai pas W7 sous la main.
Merci en tout cas à toi pour tout le temps que tu m'as consacré.
J'ai installé Vista par contre, car ce n'est pas mon ordi et je n'ai pas W7 sous la main.
Merci en tout cas à toi pour tout le temps que tu m'as consacré.
