Sujet Précédent Sujet Suivant

Impossible d'arreter processus IExplorer !

romladresse -  
 romladresse -
Bonjour,
je sais qu'il existe plusieurs sujets sur le même problème, mais les solutions proposés ne m'ont pas aidé.

Je ne peut arréter le processus internet explorer (en faisant ctrl + alt + sup on voit qu'il y en a deux en cours). J'utilise firefox comme navigateur, mais des pop up Iexplorer s'ouvre régulièrement (même avec des pop up blocker ou super ad blocker).

J'ai scanné avec spybot, sans succés;
De plus j'utilise avast , sans succès non plus.

Je joins mon rapport Hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:13, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\laurent\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\aim dale.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [Soft 1] C:\DOCUME~1\laurent\APPLIC~1\2BASHL~1\StartComp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7423] command /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2874] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?e1498769f39e4e829254a9e00ddb3479
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?e1498769f39e4e829254a9e00ddb3479
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

25 réponses

Précédent
  • 1
  • 2
Réponse 21 / 25
romladresse
 
Rapport combofix

ComboFix 08-04-03.5 - laurent 2008-04-05 4:57:50.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.113 [GMT 2:00]
Endroit: C:\Documents and Settings\laurent\Bureau\KillBagle.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
[i] ADS - system32: deleted 12 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\winsys.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))))))))
.

2008-04-04 18:40 . 2008-04-04 18:40 <REP> d-------- C:\Program Files\IVCsoft
2008-04-04 13:29 . 2008-04-05 04:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 13:29 . 2008-04-04 13:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 13:25 . 2008-04-04 13:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-04 13:25 . 2008-04-04 13:25 <REP> d-------- C:\Documents and Settings\laurent\Application Data\Malwarebytes
2008-04-04 13:25 . 2008-04-04 13:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-04 03:48 . 2008-04-04 03:52 <REP> d-------- C:\Documents and Settings\laurent\dwhelper
2008-04-04 01:39 . 2008-04-04 01:37 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-04 01:37 . 2008-04-04 03:04 <REP> d-------- C:\Documents and Settings\laurent\.housecall6.6
2008-04-04 01:32 . 2008-04-04 01:32 <REP> d-------- C:\Program Files\Panda Security
2008-04-04 01:25 . 2008-04-04 01:25 <REP> d-------- C:\_OTMoveIt
2008-04-03 15:02 . 2008-04-04 13:14 <REP> d-------- C:\Program Files\Lopxp
2008-04-02 00:03 . 2008-04-02 13:29 <REP> d-------- C:\Program Files\Navilog1
2008-04-01 23:54 . 2008-04-01 23:56 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-01 23:47 . 2007-12-07 04:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-01 23:47 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-01 23:47 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-01 23:47 . 2007-12-07 04:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-01 23:47 . 2007-12-07 04:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-01 23:47 . 2007-12-07 04:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-01 23:47 . 2007-12-07 04:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-01 23:47 . 2007-12-07 04:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-01 23:47 . 2007-12-06 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-01 14:41 . 2008-04-01 23:57 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-01 14:36 . 2008-04-01 14:36 <REP> d-------- C:\3ea575f47eddee2aea8ca56933bead
2008-04-01 14:35 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-01 14:34 . 2008-04-01 14:35 <REP> d-------- C:\Program Files\Java
2008-04-01 14:34 . 2008-04-01 14:34 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-03-29 15:30 . 2008-03-29 15:30 <REP> d-------- C:\Documents and Settings\laurent\Application Data\MSNInstaller
2008-03-28 05:53 . 2008-03-28 05:53 <REP> d-------- C:\Documents and Settings\laurent\Application Data\SuperAdBlocker.com
2008-03-28 05:52 . 2008-03-28 05:52 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-03-28 05:52 . 2008-04-02 00:56 <REP> d-------- C:\Program Files\SuperAdBlocker.com
2008-03-27 00:51 . 2008-03-27 00:51 <REP> d-------- C:\Program Files\FastStone Image Viewer
2008-03-27 00:51 . 2008-03-27 00:51 <REP> d-------- C:\Documents and Settings\laurent\Application Data\FastStone
2008-03-26 01:57 . 2008-03-26 01:57 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-03-26 01:54 . 2008-03-26 01:56 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-23 22:15 . 2008-03-23 22:15 <REP> d-------- C:\Program Files\Bullfrog
2008-03-23 21:42 . 2008-03-23 21:42 <REP> d-------- C:\iso
2008-03-23 21:29 . 2008-03-23 21:32 <REP> d-------- C:\MOON
2008-03-17 01:07 . 2008-03-17 01:07 <REP> d-------- C:\Program Files\LimeWire
2008-03-17 01:07 . 2008-04-04 01:20 <REP> d-------- C:\Documents and Settings\laurent\Application Data\LimeWire
2008-03-17 00:31 . 2008-03-24 03:31 <REP> d-------- C:\Program Files\DOSBox-0.72
2008-03-16 21:04 . 2008-03-29 06:26 <REP> d-------- C:\Program Files\Hooligans Demo
2008-03-16 21:04 . 2002-02-06 17:24 232 --a------ C:\WINDOWS\XIIIHoolieDemo.ini
2008-03-16 21:00 . 2008-03-16 21:00 <REP> d-------- C:\Program Files\DNA
2008-03-16 21:00 . 2008-03-16 21:01 <REP> d-------- C:\Program Files\BitTorrent
2008-03-16 21:00 . 2008-04-05 04:57 <REP> d-------- C:\Documents and Settings\laurent\Application Data\DNA
2008-03-05 14:11 . 2008-03-05 14:11 <REP> d-------- C:\Program Files\REGSHAVE
2008-03-05 14:11 . 2004-08-04 01:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-05 14:11 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-05 14:11 . 2004-08-03 23:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-05 14:11 . 2001-08-23 18:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-05 14:10 . 2008-03-05 14:10 <REP> d-------- C:\Program Files\driver finepix
2008-03-05 14:10 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-03-05 14:10 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-03-05 14:10 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-03-05 14:10 . 2002-06-25 11:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-03-05 14:10 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 23:25 --------- d-----w C:\Documents and Settings\laurent\Application Data\2 Bash Long
2008-04-01 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-01 12:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-29 13:30 --------- d-----w C:\Program Files\VSO
2008-03-29 13:30 --------- d-----w C:\Program Files\MP3 WAV Converter
2008-03-29 13:30 --------- d-----w C:\Documents and Settings\laurent\Application Data\Vso
2008-03-29 11:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\2 Bash Long
2008-03-28 04:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-28 03:52 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-27 00:19 --------- d-----w C:\Documents and Settings\laurent\Application Data\BitTorrent
2008-03-23 19:15 --------- d-----w C:\Program Files\eMule
2008-03-16 19:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-28 02:54 --------- d-----r C:\Documents and Settings\laurent\Application Data\Brother
2008-02-28 02:49 --------- d-----w C:\Program Files\Brother
2008-02-28 02:48 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-28 02:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Brother
2008-02-17 17:15 --------- d-----w C:\Program Files\2 Bash Long
2007-06-27 19:02 94,080 ----a-w C:\Documents and Settings\laurent\Application Data\ezplay.sys
2007-06-27 19:02 87,608 ----a-w C:\Documents and Settings\laurent\Application Data\ezpinst.exe
2007-01-15 22:48 47,360 ----a-w C:\Documents and Settings\laurent\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-29 06:05 288576]
"SuperAdBlocker"="C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [2007-08-01 10:28 1564672]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-12-21 11:52 270336]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 03:15 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 04:37 69632]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-12-25 01:16 185896]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 13:58 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-08-01 10:28 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"msacm.ac3acm"= ac3acm.acm
"VIDC.wmv3"= wmv9vcm.dll
"vidc.VP60"= C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"= C:\WINDOWS\system32\vp6vfw.dll
"vidc.tscc"= tsccvid.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 02:38]
R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 12:17]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 17:02]
S3 A4501A;802.11g Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\A4501A.sys []
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 13:50]
S3 PEEK5;PEEK5 Protocol Driver;C:\PROGRA~1\eMule\Incoming\WIFI-D~1\WINAIR~1\WINAIR~1\WINAIR~1\PEEK5.SYS []
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-28 20:43]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-05-29 18:04]
S3 USB_NDIS_51;USB Ndis Cable Modem Network Device Driver;C:\WINDOWS\system32\DRIVERS\bcmndis.sys [2004-08-18 22:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e7aae0c-6294-11db-a036-003054c0076f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{563f05ff-9b53-11db-a0a3-0013d48d5e99}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2cc634c-5162-11db-a01e-0013d48d5e99}]
\Shell\AutoRun\command - G:\ReadMe.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-04 17:17:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 05:02:03
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-05 5:03:48
ComboFix-quarantined-files.txt 2008-04-05 03:03:39
Pre-Run: 127,498,502,144 octets libres
Post-Run: 127,483,002,880 octets libres
.
2008-04-03 01:01:17 --- E O F ---
0
Réponse 22 / 25
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

Mettre a jour java:
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
_________

si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans puis réactive là : https://www.informatruc.com

________

encore des problèmes?

recolle un hijackthis aussi mais explique tes problemes surtout!!!
0
Réponse 23 / 25
romladresse
 
Bonjour,

désolé pour le retard, mais déménagement oblige, j'ai mis du temps à récup la connexion.

C ok pour le processus Iexplorer, j'ai simplement un problème de ralentissement maintenant. Mon ordinateur rame que ce soit pour ouvrir une application ou pour changer de page.

En tout cas merci pour ton aide précieuse.
0
Réponse 24 / 25
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
recolle un hijackthis
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 25
romladresse
 
En fait cela dépend des moments. Pour l'instant aucune saccade (je viens d'allumer l'ordi).Mais hier beaucoup effectivement. Enfin tout ca pour dire que ce n'est pas régulier.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:21, on 15/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\laurent\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?e1498769f39e4e829254a9e00ddb3479
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?e1498769f39e4e829254a9e00ddb3479
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
0

Discussions similaires

processus inactif du systeme
edsurf64 -
mick8 -

29 réponses
Uc à 100 %, processus inactif a 99 %
nono22461 -
nono22461 -

6 réponses
C'est quoi le processus inactif du system ?
siltex -
Utilisateur anonyme -

5 réponses
processus hote windows rundll32
ladypink13 -
flo39400 -

1 réponse
Processus de la déclaration TVA
comptabilit -
rgsr5 -

3 réponses