[VISTA] Explorer plante à répétition

Résolu
lechatpotte Messages postés 37 Statut Membre -  
shouka Messages postés 106 Statut Membre -
Bonjour/bonsoir/hello,

j'ai un souci avec Vista et Explorer. Ce dernier ne cesse de planter depuis 3 jours. Dès que je passe sur Internet, il plante périodiquement toutes les 5-10min...

Je vous poste ci-dessous mon rapport Hijack.
Pouvez-vous m'aider ? Je vous remercie d'avance !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:40, on 13/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe
C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe
C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe
C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe
C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\windows\system32\rundll32.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.EXE
C:\Users\Louis-Nicolas.HP\Téléchargements\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D39F49BB-7816-4024-BD6D-C4D37A49165B} - C:\Windows\system32\xxywUNFu.dll (file missing)
O2 - BHO: {a55ac3c7-40b6-e8eb-7de4-08928979007f} - {f7009798-2980-4ed7-be8e-6b047c3ca55a} - C:\Windows\system32\nxugskeg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [BM1d51e36d] Rundll32.exe "C:\Windows\system32\astqewum.dll",s
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9972 bytes


--

De tout j'veux prendre, deux fois et avec de la sauce !
Configuration: Windows Vista
Firefox 3.0

18 réponses

  1. shouka Messages postés 106 Statut Membre 30
     
    Hum... salut :)
    Je te conseil d'utiliser Mozilla Firefox :P
    0
    1. lechatpotte Messages postés 37 Statut Membre
       
      Salut

      merci...

      si tu regardes en-dessous de mon post... J'AI Firefox...

      Merci...
      0
  2. lechatpotte Messages postés 37 Statut Membre
     
    Bonjour,

    personne ne peut m'aider ?
    J'aimerai éviter de formater pour ça...

    merci !
    0
  3. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier : C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

    _________________
    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le Bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  4. lechatpotte Messages postés 37 Statut Membre
     
    Fichier 14515.exe reçu le 2008.06.14 09:36:50 (CET)

    Résultat: 22/32 (68.75%)

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.6.13.1 2008.06.13 -
    AntiVir 7.8.0.55 2008.06.13 TR/Dldr.Agent.shg
    Authentium 5.1.0.4 2008.06.14 W32/Downloader.F.gen!Eldorado
    Avast 4.8.1195.0 2008.06.14 Win32:Trojan-gen {Other}
    AVG 7.5.0.516 2008.06.13 Downloader.Generic7.RVO
    BitDefender 7.2 2008.06.14 BehavesLike:Trojan.Downloader
    CAT-QuickHeal 9.50 2008.06.13 TrojanDownloader.Agent.shg
    ClamAV 0.92.1 2008.06.14 -
    DrWeb 4.44.0.09170 2008.06.13 -
    eSafe 7.0.15.0 2008.06.12 suspicious Trojan/Worm
    eTrust-Vet 31.6.5873 2008.06.14 -
    Ewido 4.0 2008.06.13 -
    F-Prot 4.4.4.56 2008.06.12 W32/Downloader.F.gen!Eldorado
    F-Secure 6.70.13260.0 2008.06.13 Trojan-Downloader.Win32.Agent.shg
    Fortinet 3.14.0.0 2008.06.14 W32/Agent.SHG!tr.dldr
    GData 2.0.7306.1023 2008.06.14 Trojan-Downloader.Win32.Agent.shg
    Ikarus T3.1.1.26.0 2008.06.14 Trojan-Downloader.Win32.Agent.shg
    Kaspersky 7.0.0.125 2008.06.14 Trojan-Downloader.Win32.Agent.shg
    McAfee 5317 2008.06.13 Generic Packed
    Microsoft 1.3604 2008.06.14 TrojanDownloader:Win32/Cratorr.gen!A
    NOD32v2 3186 2008.06.13 -
    Norman 5.80.02 2008.06.13 W32/Downloader.NKM
    Panda 9.0.0.4 2008.06.13 Trj/Downloader.MDW
    Prevx1 V2 2008.06.14 Adware
    Rising 20.48.50.00 2008.06.14 -
    Sophos 4.30.0 2008.06.14 Mal/Generic-A
    Sunbelt 3.0.1145.1 2008.06.05 -
    Symantec 10 2008.06.14 Downloader
    TheHacker 6.2.92.349 2008.06.13 Trojan/Downloader.Agent.shg
    VBA32 3.12.6.7 2008.06.14 -
    VirusBuster 4.3.26:9 2008.06.12 -
    Webwasher-Gateway 6.6.2 2008.06.13 Trojan.Dldr.Agent.shg
    Information additionnelle
    File size: 119296 bytes
    MD5...: 39d637238556565cb906f57331b69cec
    SHA1..: b3d0c9bd916cd8d46113060f616a96fa55247e8a
    SHA256: 90b06c934700cc9b64c2c5ed535b473c88c1127a1bdf7f9bba195ae96a46104b
    SHA512: 0a1e456c5e203745a376aac19f7fd22486ec33df06acb5460fdfb33aa6176eaf
    d363587cb79eba8453c9abd36fa9c35d78b6eec4a919a2a6743fcd6268f8603e
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x43d6a0
    timedatestamp.....: 0x484af946 (Sat Jun 07 21:10:30 2008)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    UPX0 0x1000 0x20000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    UPX1 0x21000 0x1d000 0x1ca00 7.92 4f59a0cb2711fdff7e2a2b3d50c77e7a
    .rsrc 0x3e000 0x1000 0x400 2.57 3e8c06c49d74eecb36ea95cfd3df49df

    ( 7 imports )
    > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
    > ADVAPI32.dll: RegCloseKey
    > gdiplus.dll: GdipFree
    > ole32.dll: CreateStreamOnHGlobal
    > RPCRT4.dll: UuidToStringA
    > USER32.dll: EndPaint
    > WININET.dll: InternetOpenA

    ( 0 exports )
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=37A547F900801AAFD2BA01CC24778900EE7F9298
    packers (Kaspersky): PE_Patch.UPX, UPX
    packers (Avast): UPX

    Je passe à Combofix

    A tout de suite.

    Merci beaucoup !
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    fermer ton topic sur Zebulon, pas la peine que l'on travaille à 2 sur ton problème.

    merci.
    0
  7. lechatpotte Messages postés 37 Statut Membre
     
    ComboFix 08-06-12.2 - Louis-Nicolas 2008-06-14 9:47:28.1 - NTFSx86
    Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.1676 [GMT 2:00]
    Endroit: C:\Users\Louis-Nicolas.HP\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
    C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
    C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc
    C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe
    C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\s
    C:\Windows\Fonts\CALIBRIB.TTF
    C:\Windows\system32\aupmjaaf.dll
    C:\Windows\system32\ddcDstSK.dll
    C:\Windows\system32\ddcDuVnn.dll
    C:\Windows\system32\faajmpua.ini
    C:\Windows\system32\kyagpbnp.dll
    C:\Windows\system32\lpbgvokp.dll
    C:\Windows\system32\nxtpcqgr.ini
    C:\Windows\system32\nxugskeg.dll
    C:\Windows\system32\racfbvbs.dll
    C:\Windows\system32\rnmjvalt.ini
    C:\Windows\system32\tlavjmnr.dll
    C:\Windows\system32\uenjgifv.ini
    C:\Windows\System32\uFNUwyxx.ini
    C:\WINDOWS\System32\uFNUwyxx.ini2
    C:\Windows\system32\urqPfGWN.dll
    C:\Windows\system32\vohfceua.dll
    C:\Windows\system32\x64
    D:\Autorun.inf

    ----- BITS: Possible sites infect‚s -----

    hxxp://theinstalls.com
    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-14 00:07 . 2008-06-14 00:07 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\Infineon
    2008-06-14 00:07 . 2008-06-14 00:07 <REP> d-------- C:\Users\All Users\Infineon
    2008-06-14 00:07 . 2008-06-14 00:07 <REP> d-------- C:\ProgramData\Infineon
    2008-06-14 00:00 . 2008-06-14 00:00 <REP> d-------- C:\Users\LOUIS-~1~HP\AppData
    2008-06-14 00:00 . 2008-06-14 00:00 <REP> d-------- C:\Users\LOUIS-~1~HP
    2008-06-13 23:59 . 2005-11-08 10:21 45,056 --a------ C:\WINDOWS\FPDRV_Ver.dll
    2008-06-13 23:46 . 2008-06-13 23:46 <REP> d-------- C:\Program Files\OpenAL
    2008-06-13 23:46 . 2008-06-13 23:46 413,696 --a------ C:\WINDOWS\System32\wrap_oal.dll
    2008-06-13 23:46 . 2008-06-13 23:46 110,592 --a------ C:\WINDOWS\System32\OpenAL32.dll
    2008-06-13 20:29 . 2008-06-13 20:29 95 --a------ C:\WINDOWS\wininit.ini
    2008-06-13 20:09 . 2008-06-13 20:33 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-06-13 20:09 . 2008-06-13 20:33 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-06-13 20:09 . 2008-06-13 20:33 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-12 20:31 . 2008-06-14 08:48 <REP> d-------- C:\Program Files\uTorrent
    2008-06-12 19:57 . 2008-06-12 19:57 <REP> d-------- C:\Program Files\CCleaner
    2008-06-12 18:29 . 2008-06-13 23:00 <REP> d-------- C:\Users\Louis-Nicolas.HP\dwhelper
    2008-06-12 07:34 . 2008-06-14 09:19 <REP> dr------- C:\Users\Louis-Nicolas.HP\T‚l‚chargements
    2008-06-11 23:24 . 2008-06-11 23:24 <REP> d-------- C:\Program Files\Apple Software Update
    2008-06-11 21:55 . 2008-06-11 22:22 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\LimeWire
    2008-06-09 19:01 . 2008-06-09 19:01 0 --a------ C:\WINDOWS\QuickInstall.INI
    2008-06-09 18:58 . 2008-06-09 18:58 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\Leadertech
    2008-06-09 18:56 . 2008-06-09 18:56 <REP> d-------- C:\Users\All Users\HotSync
    2008-06-09 18:56 . 2008-06-09 18:56 <REP> d-------- C:\ProgramData\HotSync
    2008-06-09 18:56 . 2008-06-09 18:53 53,248 --a------ C:\WINDOWS\PalmDevC.dll
    2008-06-09 18:55 . 2008-06-12 10:25 <REP> d-------- C:\Program Files\palmOne
    2008-06-09 18:54 . 2008-06-09 18:54 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\HotSync
    2008-06-09 18:53 . 2008-06-09 18:53 <REP> dr------- C:\WINDOWS\System32\config\systemprofile\Videos
    2008-06-09 18:53 . 2008-06-09 18:53 <REP> dr------- C:\WINDOWS\System32\config\systemprofile\Searches
    2008-06-09 18:53 . 2008-06-09 18:53 <REP> dr------- C:\WINDOWS\System32\config\systemprofile\Saved Games
    2008-06-09 18:53 . 2008-06-09 18:53 <REP> dr------- C:\WINDOWS\System32\config\systemprofile\Pictures
    2008-06-09 18:53 . 2008-06-09 18:53 <REP> dr------- C:\WINDOWS\System32\config\systemprofile\Links
    2008-06-09 18:53 . 2008-06-09 18:53 <REP> dr------- C:\WINDOWS\System32\config\systemprofile\Downloads
    2008-06-09 18:53 . 2008-06-09 18:53 <REP> dr------- C:\WINDOWS\System32\config\systemprofile\Documents
    2008-06-08 22:40 . 2008-06-14 09:18 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\uTorrent
    2008-06-08 18:36 . 2008-06-08 18:36 <REP> d-------- C:\WINDOWS\System32\avsplugin
    2008-06-08 18:36 . 2008-06-08 18:36 <REP> d-------- C:\Program Files\Smallvideosoft
    2008-06-08 18:36 . 2007-03-12 17:49 7,277,568 --a------ C:\WINDOWS\System32\iPodmedia.dll
    2008-06-08 18:36 . 2004-05-26 20:37 719,872 --a------ C:\WINDOWS\System32\devil.dll
    2008-06-08 18:36 . 2006-10-17 22:29 487,479 --a------ C:\WINDOWS\System32\SkinMagic.dll
    2008-06-08 18:36 . 2006-12-31 10:16 313,344 --a------ C:\WINDOWS\System32\avisynth.dll
    2008-06-08 18:36 . 2007-02-16 07:10 60,273 --a------ C:\WINDOWS\System32\pthreadGC2.dll
    2008-06-08 01:49 . 2008-06-08 01:34 29,480 --a------ C:\WINDOWS\System32\msxml3a.dll
    2008-06-08 01:31 . 2008-06-08 01:31 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\InterVideo
    2008-06-07 23:00 . 2008-06-08 01:52 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\CyberLink
    2008-06-07 22:59 . 2008-06-08 01:53 <REP> d-------- C:\Users\All Users\CyberLink
    2008-06-07 22:59 . 2008-06-08 01:53 <REP> d-------- C:\ProgramData\CyberLink
    2008-06-07 22:59 . 2008-06-08 01:57 <REP> d-------- C:\Program Files\CyberLink
    2008-06-06 19:18 . 2008-06-06 19:21 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\Mobile Master
    2008-06-04 18:36 . 2008-06-04 18:36 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\Apple Computer
    2008-06-04 18:36 . 2008-06-04 18:36 <REP> d-------- C:\Program Files\iTunes
    2008-06-04 18:36 . 2008-06-12 19:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-04 18:36 . 2008-06-12 18:32 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-04 18:34 . 2008-06-04 18:36 <REP> d-------- C:\Users\All Users\Apple Computer
    2008-06-04 18:34 . 2008-06-04 18:36 <REP> d-------- C:\ProgramData\Apple Computer
    2008-06-04 18:34 . 2008-06-04 18:35 <REP> d-------- C:\Program Files\QuickTime
    2008-06-04 18:32 . 2008-06-04 18:32 <REP> d-------- C:\Users\All Users\Apple
    2008-06-04 18:32 . 2008-06-04 18:32 <REP> d-------- C:\ProgramData\Apple
    2008-06-04 18:32 . 2008-06-04 18:32 <REP> d-------- C:\Program Files\Common Files\Apple
    2008-05-30 17:54 . 2008-06-13 23:53 <REP> d-------- C:\Program Files\Warzone 2100
    2008-05-28 22:20 . 2008-03-08 04:08 4,240,384 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll
    2008-05-28 22:20 . 2008-03-08 06:21 1,695,744 --a------ C:\WINDOWS\System32\gameux.dll
    2008-05-27 20:34 . 2008-05-27 20:34 <REP> d-------- C:\Users\Louis-Nicolas.HP\Bluetooth Software
    2008-05-27 19:36 . 2008-05-27 19:36 <REP> d-------- C:\Users\All Users\ESET
    2008-05-27 19:36 . 2008-05-27 19:36 <REP> d-------- C:\ProgramData\ESET
    2008-05-27 19:36 . 2008-05-27 19:36 <REP> d-------- C:\Program Files\ESET
    2008-05-27 19:33 . 2008-05-27 19:33 <REP> d-------- C:\WINDOWS\System32\es-MX
    2008-05-27 19:33 . 2008-05-27 19:33 <REP> d-------- C:\WINDOWS\System32\es-AR
    2008-05-27 19:33 . 2008-05-27 19:33 <REP> d-------- C:\Program Files\WIDCOMM
    2008-05-27 19:33 . 2007-12-12 13:12 233,472 --a------ C:\WINDOWS\System32\BtwRSupport.dll
    2008-05-27 19:33 . 2007-12-12 13:12 80,936 --a------ C:\WINDOWS\System32\drivers\btwavdt.sys
    2008-05-27 19:33 . 2007-12-12 13:12 80,424 --a------ C:\WINDOWS\System32\drivers\btwaudio.sys
    2008-05-27 19:33 . 2007-12-12 13:12 16,168 --a------ C:\WINDOWS\System32\drivers\btwrchid.sys
    2008-05-27 15:06 . 2008-05-27 15:06 13,478 --a------ C:\photo.jpg
    2008-05-27 15:03 . 2008-06-08 22:34 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\FileZilla
    2008-05-27 15:03 . 2008-05-27 15:03 <REP> d-------- C:\Program Files\FileZilla FTP Client
    2008-05-26 21:14 . 2008-03-31 11:59 2,529,280 --a------ C:\WINDOWS\System32\Mechanical Clock 3D Screensaver.exe
    2008-05-26 21:14 . 2008-03-28 18:39 848,896 --a------ C:\WINDOWS\System32\Mechanical_Clock_3D_Screensaver.scr
    2008-05-26 19:43 . 2008-05-26 20:08 <REP> d-------- C:\Program Files\Project64 1.6
    2008-05-24 12:10 . 2008-05-24 12:10 <REP> d-------- C:\WINDOWS\System32\3Planesoft
    2008-05-24 12:10 . 2008-05-24 12:10 <REP> d-------- C:\Program Files\The Lost Watch 3D Screensaver
    2008-05-24 12:10 . 2008-05-26 21:14 <REP> d-------- C:\Program Files\3Planesoft Screensaver Manager
    2008-05-24 12:08 . 2008-06-12 20:00 <REP> d-------- C:\Program Files\Snowball
    2008-05-20 19:09 . 2008-05-20 19:09 56 --ah----- C:\WINDOWS\System32\ezsidmv.dat
    2008-05-19 19:02 . 2008-05-19 19:02 <REP> d-------- C:\Users\All Users\BVRP Software
    2008-05-19 19:02 . 2008-05-19 22:10 <REP> d-------- C:\Users\All Users\Avanquest Bluetooth SDK
    2008-05-19 19:02 . 2008-05-19 19:02 <REP> d-------- C:\ProgramData\BVRP Software
    2008-05-19 19:02 . 2008-05-19 22:10 <REP> d-------- C:\ProgramData\Avanquest Bluetooth SDK
    2008-05-19 18:48 . 2008-05-19 18:48 <REP> d-------- C:\Users\All Users\Sony Ericsson
    2008-05-19 18:48 . 2008-05-19 18:48 <REP> d-------- C:\ProgramData\Sony Ericsson
    2008-05-19 18:48 . 2008-05-19 18:48 <REP> d-------- C:\Program Files\Sony Ericsson
    2008-05-18 11:47 . 2004-10-20 17:23 21,344 --a------ C:\WINDOWS\System32\drivers\fbxusb32.sys
    2008-05-17 10:42 . 2008-05-17 10:42 <REP> d-------- C:\WINDOWS\Sun
    2008-05-15 22:52 . 2008-05-15 22:52 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\Thunderbird
    2008-05-15 22:52 . 2008-05-15 22:52 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\Talkback
    2008-05-15 22:52 . 2008-05-15 22:52 0 --a------ C:\WINDOWS\nsreg.dat
    2008-05-15 22:51 . 2008-05-15 22:51 <REP> d-------- C:\Program Files\Mozilla Thunderbird
    2008-05-15 18:34 . 2008-05-15 18:34 <REP> d-------- C:\Program Files\Media Player Classic
    2008-05-15 18:32 . 2008-05-15 18:32 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\Media Player Classic
    2008-05-14 20:33 . 2008-05-14 20:33 <REP> d-------- C:\Program Files\PDFCreator
    2008-05-14 20:33 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\System32\pdfcmnnt.dll
    2008-05-14 20:33 . 1998-07-13 01:08 141,312 --a------ C:\WINDOWS\System32\MSCMCFR.DLL
    2008-05-14 20:33 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\System32\MSMAPI32.OCX
    2008-05-14 20:33 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\System32\MSMPIDE.DLL
    2008-05-14 18:46 . 2008-05-14 18:46 <REP> d-------- C:\WINDOWS\System32\Adobe
    2008-05-14 18:30 . 2008-05-14 18:30 <REP> d-------- C:\Users\All Users\Office Genuine Advantage
    2008-05-14 18:30 . 2008-05-14 18:30 <REP> d-------- C:\ProgramData\Office Genuine Advantage
    2008-05-14 09:43 . 2008-05-14 09:43 <REP> d-------- C:\Users\Louis-Nicolas.HP\All Users
    2008-05-14 09:40 . 2008-05-14 09:40 <REP> d-------- C:\Users\All Users\Adobe Systems
    2008-05-14 09:40 . 2008-05-14 09:40 <REP> d-------- C:\ProgramData\Adobe Systems
    2008-05-14 09:33 . 2008-05-14 09:33 <REP> d-------- C:\Program Files\Common Files\Adobe Systems Shared

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-13 22:06 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-06-13 12:42 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\TeraCopy
    2008-06-12 17:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-12 07:01 --------- d-----w C:\Program Files\Windows Mail
    2008-06-11 19:49 --------- d-----w C:\Program Files\adslTV
    2008-06-09 16:54 16,694 ----a-w C:\Windows\system32\drivers\PalmUSBD.sys
    2008-06-07 20:58 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-06-07 19:16 --------- d-----w C:\ProgramData\Roxio
    2008-06-05 19:21 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\Skype
    2008-06-05 19:09 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\skypePM
    2008-06-04 11:26 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-20 16:36 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-05-19 20:08 --------- d-----w C:\Program Files\Analog Devices
    2008-05-18 14:32 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\Roxio
    2008-05-17 19:05 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2008-05-14 07:34 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-05-13 20:25 --------- d-----w C:\ProgramData\Sonic
    2008-05-13 17:59 --------- d-----w C:\ProgramData\Skype
    2008-05-13 17:59 --------- d-----w C:\Program Files\Skype
    2008-05-13 17:59 --------- d-----w C:\Program Files\Common Files\Skype
    2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
    2008-05-09 17:21 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\Winamp
    2008-05-09 17:02 --------- d-----w C:\Program Files\Winamp
    2008-05-09 16:15 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2008-05-08 18:08 --------- d-----w C:\ProgramData\Messenger Plus!
    2008-05-08 15:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-05-08 12:39 --------- d-----w C:\Program Files\MSBuild
    2008-05-08 12:39 --------- d-----w C:\Program Files\Microsoft Works
    2008-05-08 12:33 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2008-05-08 12:08 174 --sha-w C:\Program Files\desktop.ini
    2008-05-08 11:53 --------- d-----w C:\Program Files\Windows Sidebar
    2008-05-08 11:53 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-05-08 11:53 --------- d-----w C:\Program Files\Windows Journal
    2008-05-08 11:53 --------- d-----w C:\Program Files\Windows Defender
    2008-05-08 11:53 --------- d-----w C:\Program Files\Windows Collaboration
    2008-05-08 11:53 --------- d-----w C:\Program Files\Windows Calendar
    2008-05-08 11:16 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-05-08 11:15 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-05-08 10:28 47,560 ----a-w C:\Windows\System32\SPReview.exe
    2008-05-08 10:28 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
    2008-05-08 09:06 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\Todae
    2008-05-08 07:12 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-05-07 22:20 --------- d-----w C:\Program Files\TeraCopy
    2008-05-07 22:07 201,728 ----a-w C:\Windows\System32\PolarClock3.scr
    2008-05-07 19:45 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-05-07 18:28 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\SampleView
    2008-05-06 19:44 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-05-06 17:23 --------- d-----w C:\Program Files\Microsoft SQL Server
    2008-05-06 17:19 --------- d-----w C:\Program Files\Microsoft Small Business
    2008-05-06 16:58 --------- d-----w C:\Program Files\Windows Live
    2008-05-06 16:57 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-05-06 16:46 --------- d-----w C:\ProgramData\WLInstaller
    2008-05-06 16:43 --------- d-----w C:\ProgramData\eMule
    2008-05-06 16:41 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\eMule
    2008-05-06 16:41 --------- d-----w C:\Program Files\eMule
    2008-05-05 19:53 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\vlc
    2008-05-05 19:07 --------- d-----w C:\ProgramData\Symantec
    2008-05-05 19:06 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
    2008-05-05 19:06 8,014 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
    2008-05-05 19:06 109,744 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
    2008-05-05 19:06 --------- d-----w C:\Program Files\Symantec
    2008-05-05 19:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-05-05 19:04 --------- d-----w C:\Program Files\Symantec AntiVirus
    2008-05-05 18:31 988,216 ----a-w C:\Windows\System32\winload.exe
    2008-05-05 18:31 927,288 ----a-w C:\Windows\System32\winresume.exe
    2008-05-05 18:31 615,992 ----a-w C:\Windows\System32\ci.dll
    2008-05-05 18:31 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-05-05 18:31 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
    2008-05-05 18:31 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-05-05 18:31 378,368 ----a-w C:\Windows\System32\srcore.dll
    2008-05-05 18:31 318,464 ----a-w C:\Windows\System32\rstrui.exe
    2008-05-05 18:31 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-05-05 18:31 14,848 ----a-w C:\Windows\System32\srdelayed.exe
    2008-05-05 18:30 295,936 ----a-w C:\Windows\System32\gdi32.dll
    2008-05-05 18:30 2,032,128 ----a-w C:\Windows\System32\win32k.sys
    2008-05-05 18:27 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
    2008-05-05 18:22 --------- d-----w C:\Program Files\MSXML 4.0
    2008-05-05 17:53 --------- d-----w C:\Program Files\Google
    2008-05-05 17:41 --------- d-----w C:\Program Files\Java
    2008-05-05 17:35 --------- d-----w C:\ProgramData\LightScribe
    2008-05-05 17:29 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\Hewlett-Packard
    2008-05-05 17:25 --------- d-----w C:\ProgramData\InstallShield
    2008-05-05 17:21 0 --sha-r C:\Windows\system32\drivers\103C_HP_bNB_6710b (GR679ET#ABF)_Y5336AN_0U_QCNU8061925_E434581-053_4A_I30C0_SHP_V71.2E_68DDU F.10_T080111_WV6-0_L40C_M3063_J120_7Intel_86FD_92.00_#070705_N14E41693;80864222_(GR679ET#ABF)_XMOBILE_CN10_Z_2F.10.MRK
    2008-05-05 17:21 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\InstallShield
    2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe
    2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
    2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
    2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
    2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
    2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll
    2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
    2008-03-28 15:08 458,752 ----a-w C:\Windows\System32\3Planesoft_Screensaver_Manager.scr
    2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
    2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D39F49BB-7816-4024-BD6D-C4D37A49165B}]
    C:\Windows\system32\xxywUNFu.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 15:52 145184]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:31 1033512]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 13:21 472632]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]
    "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 16:17 163840]
    "CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 19:12 17920]
    "HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
    "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 17:12 107112]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-28 06:34 134808]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 17:14 1183744]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
    "IFXSPMGT"="C:\Windows\system32\ifxspmgt.exe" [2008-01-25 17:38 677144]
    "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "ST Recovery Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

    C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-04 14:13:34 727592]
    PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-05-14 20:33:26 2641920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=APSHook.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1368809013-4150264858-3263198695-1006]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{CFD8B6E7-4F26-42F6-85FB-6F2BFC54609A}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{F38ACC61-2BC0-4D13-A0B8-D93534C2051C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "{9CBEF395-65E4-464D-933A-128846126CEF}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
    "{2764153E-F0CC-46F4-B533-BD1CBC6318B4}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
    "{4155C64B-910D-4D35-906C-04A1F9CF1672}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
    "{6D24CD59-36D8-45FE-8999-9243EA233BC8}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
    "{BACF10E0-2D07-4AB6-927A-178E6587482E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{A92F063B-6B63-4EA8-B8CE-C851CD60A948}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
    "UDP Query User{75C29964-E191-4D34-9F15-8CD6A8C5CC44}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
    "{B88610D9-B671-41BA-8831-0CAF2ED4B7BF}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{9B588E09-2376-4A93-9789-C51B060A0168}"= UDP:C:\Program Files\Mozilla Thunderbird\thunderbird.exe:Mozilla Thunderbird
    "{F4D1C0D7-6D62-439A-B086-10994C7A39C3}"= TCP:C:\Program Files\Mozilla Thunderbird\thunderbird.exe:Mozilla Thunderbird
    "TCP Query User{6F4917C3-54F3-4042-B314-5CAEC28EDC3B}C:\\windows\\sminst\\scheduler.exe"= UDP:C:\windows\sminst\scheduler.exe:Scheduler
    "UDP Query User{39987474-50E1-4D76-83D8-70CABC34EB21}C:\\windows\\sminst\\scheduler.exe"= TCP:C:\windows\sminst\scheduler.exe:Scheduler
    "{12684A7E-5429-48A9-9C48-30AEA3C2AECA}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{4327E10A-8F4E-47CA-877D-FD1C0C32ADC6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{467A74AD-8C77-429C-AF17-706958B97D3E}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{5C7FF9C6-B89C-4241-AFCB-5B8E2A87A885}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{2F6B0119-37C3-4216-ADD6-A5F51939ED9F}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{16AF401B-2CBA-44B2-8897-E4E7D40D1FF9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{6876BBDA-9A9A-433C-8363-BC0313646D5E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{08524DBD-C4B2-47BB-9343-6E7C81648473}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "DisabledInterfaces"= {CE6C2780-2E77-4C87-AEF1-BDC78D03CCCF}

    R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
    R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys [2007-07-24 08:21]
    R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 10:44]
    R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-18 23:33]
    R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-18 23:33]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2007-01-05 03:00]
    R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
    R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 16:52]
    S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-12-12 13:12]
    S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-12-12 13:12]
    S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-12-12 13:12]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]
    S3 ovt530;Hercules Webcam Deluxe;C:\Windows\system32\Drivers\ov530vid.sys [2005-03-15 17:04]
    S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    Cognizance REG_MULTI_SZ ASBroker ASChannel
    GPSvcGroup REG_MULTI_SZ GPSvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-14 09:54:25
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\System32\audiodg.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\System32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\System32\IFXTCS.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\System32\IfxPsdSv.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
    C:\WINDOWS\SMINST\Scheduler.exe
    C:\Program Files\Symantec AntiVirus\VPTray.exe
    C:\WINDOWS\System32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\WINDOWS\servicing\TrustedInstaller.exe
    C:\WINDOWS\System32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-14 10:01:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-14 08:00:51

    Pre-Run: 24,498,106,368 octets libres
    Post-Run: 24,081,633,280 octets libres

    396 --- E O F --- 2008-06-11 16:07:00
    0
  8. lechatpotte Messages postés 37 Statut Membre
     
    Déolé pour l'autre poste sur Zebulon.

    Ca m'a l'air tout bon cette fois.

    Explorer ne plante plus. Je n'ai plus 150 processus en rab.
    Très bon le ComboFix. Je garde, même si j'espère ne pas avoir à m'en reservir.

    Un très grand merci. Je peux enfin taper mon rapport.

    Cordialement.
    0
  9. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    je voudrais vérifier un fichier :

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier : C:\WINDOWS\System32\SkinMagic.dll

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

    Remets aussi un rapport Hijackthis.
    0
  10. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    on se croise.

    Il ne faut pas garder Combofix.

    C'est un outil en perpétuelle évolution.

    Il faut toujours utiliser la dernière version (et je te déconseille de l'utiliser sans qu'il te soit demandé).

    Tu as noté aussi que Combofix décèle un site comme à risques.
    0
  11. lechatpotte Messages postés 37 Statut Membre
     
    Ok pour Combofix
    je l'ai supprimé.

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.6.13.1 2008.06.13 -
    AntiVir 7.8.0.55 2008.06.13 -
    Authentium 5.1.0.4 2008.06.14 -
    Avast 4.8.1195.0 2008.06.14 -
    AVG 7.5.0.516 2008.06.13 -
    BitDefender 7.2 2008.06.14 -
    CAT-QuickHeal 9.50 2008.06.13 -
    ClamAV 0.92.1 2008.06.14 -
    DrWeb 4.44.0.09170 2008.06.14 -
    eSafe 7.0.15.0 2008.06.12 -
    eTrust-Vet 31.6.5873 2008.06.14 -
    Ewido 4.0 2008.06.13 -
    F-Prot 4.4.4.56 2008.06.12 -
    F-Secure 6.70.13260.0 2008.06.13 -
    Fortinet 3.14.0.0 2008.06.14 -
    GData 2.0.7306.1023 2008.06.14 -
    Ikarus T3.1.1.26.0 2008.06.14 -
    Kaspersky 7.0.0.125 2008.06.14 -
    McAfee 5317 2008.06.13 -
    Microsoft 1.3604 2008.06.14 -
    NOD32v2 3186 2008.06.13 -
    Norman 5.80.02 2008.06.13 -
    Panda 9.0.0.4 2008.06.13 -
    Prevx1 V2 2008.06.14 -
    Rising 20.48.50.00 2008.06.14 -
    Sophos 4.30.0 2008.06.14 -
    Sunbelt 3.0.1145.1 2008.06.05 -
    Symantec 10 2008.06.14 -
    TheHacker 6.2.92.349 2008.06.13 -
    VBA32 3.12.6.7 2008.06.14 -
    VirusBuster 4.3.26:9 2008.06.12 -
    Webwasher-Gateway 6.6.2 2008.06.14 -
    Information additionnelle
    File size: 487479 bytes
    MD5...: 44deb2bc321316308333665f893216e9
    SHA1..: db4b94e851b7c8df5b2ad19e5ed5c2dca475548b
    SHA256: 972fe0dea67fd9f2557372d702cd42b1c0d67af14b9c894a5dcad90b9da5a729
    SHA512: 3c8ffeb7b50b5e5176bf355f78b20671ce4f95d7b30e2c9244be432f25243a8d
    72258ddf7a52c019ad0e822780c7edf6d17b9a617046439f9fecd826667c6230
    PEiD..: Armadillo v1.xx - v2.xx
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x1000174d
    timedatestamp.....: 0x4534e8b1 (Tue Oct 17 14:29:05 2006)
    machinetype.......: 0x14c (I386)

    ( 5 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x5eb1a 0x5f000 6.54 b25bdf6cf299ef32329c9a1a7b224a2e
    .rdata 0x60000 0x9948 0xa000 5.22 ff4cec2377c1481caaa9255ff104fdf6
    .data 0x6a000 0x183bd 0x6000 3.62 2a2d39cad14f400c9fd27b8a786128b2
    .rsrc 0x83000 0x3e8 0x1000 1.05 3578603ca0f1ad4834d7cde59ebfa051
    .reloc 0x84000 0x5d6c 0x6000 6.53 c3164851e9f539a9c76a16f7164b4598

    ( 7 imports )
    > KERNEL32.dll: SetEnvironmentVariableA, CompareStringW, lstrcpynA, GetLocaleInfoW, lstrcmpiA, CompareStringA, lstrcmpA, GetTimeZoneInformation, LockResource, LoadResource, FindResourceA, SizeofResource, lstrcatA, GetTempFileNameA, GetTempPathA, FreeLibrary, GetProcessHeap, GlobalUnlock, lstrlenA, GlobalAlloc, GetTickCount, CreateEventA, TerminateThread, WaitForSingleObject, CloseHandle, SetEvent, EnumSystemLocalesA, GetUserDefaultLCID, MulDiv, GetSystemTime, GetSystemInfo, GetCurrentProcessId, VirtualQuery, WriteProcessMemory, VirtualProtect, FlushInstructionCache, GetWindowsDirectoryA, RaiseException, HeapSize, ReadFile, SetFilePointer, SetUnhandledExceptionFilter, FlushFileBuffers, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CreateFileA, CreateFileW, SetConsoleCtrlHandler, SetEndOfFile, InterlockedExchange, ExitProcess, GetVersion, GetCommandLineA, lstrcpyA, GetModuleHandleA, GetLocaleInfoA, IsValidCodePage, IsValidLocale, Sleep, InterlockedIncrement, InterlockedDecrement, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, RtlUnwind, LoadLibraryA, IsBadWritePtr, HeapReAlloc, VirtualAlloc, GetOEMCP, GetACP, GetCPInfo, UnhandledExceptionFilter, HeapAlloc, FatalAppExitA, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, HeapFree, WriteFile, GetProcAddress, HeapDestroy, VirtualFree, HeapCreate, GetEnvironmentStrings, GetEnvironmentVariableA, GetEnvironmentStringsW, FreeEnvironmentStringsA, WideCharToMultiByte, FreeEnvironmentStringsW, GetStartupInfoA, GetModuleFileNameA, DeleteCriticalSection, SetHandleCount, GetFileType, GetStdHandle, TlsGetValue, GetCurrentThread, GetLastError, TlsAlloc, SetLastError, TlsFree, GetCurrentProcess, TlsSetValue, GetCurrentThreadId, DeleteFileA, TerminateProcess, CreateThread, GlobalLock, GetVersionExA
    > USER32.dll: LockWindowUpdate, DestroyMenu, EnableMenuItem, GetSystemMenu, DrawIconEx, GetClassLongA, wsprintfA, InflateRect, EnableScrollBar, GetScrollInfo, GetScrollPos, GetScrollRange, SetScrollInfo, SetScrollPos, SetScrollRange, ShowScrollBar, GetDC, GetIconInfo, GetCursor, SetWindowLongA, CharUpperBuffA, IsWindowEnabled, LoadStringA, CallWindowProcA, CallWindowProcW, IsWindowUnicode, SetWindowLongW, GetWindowLongW, DrawFrameControl, DestroyIcon, DrawStateA, EnumChildWindows, SetFocus, EnableWindow, SetRect, GetWindowWord, DrawIcon, ValidateRect, GetSubMenu, GetMenuItemID, EqualRect, IsMenu, DrawMenuBar, CharLowerA, CharUpperA, DestroyCursor, LoadImageA, SetCursor, CopyIcon, CopyRect, MapWindowPoints, GetMessagePos, GetWindowRgn, GetCapture, DrawTextExA, CreateIconIndirect, GetMenuItemInfoA, CreatePopupMenu, GetMenuItemCount, SetCapture, ScreenToClient, IsWindowVisible, GetCursorPos, InsertMenuItemA, DestroyWindow, DrawEdge, FillRect, BeginPaint, EndPaint, ClientToScreen, PtInRect, KillTimer, InvalidateRect, SetTimer, UpdateWindow, UnregisterClassA, LoadCursorA, RegisterClassExA, CreateWindowExA, ShowCaret, GetFocus, HideCaret, GetKeyState, CopyAcceleratorTableA, GetMenu, IsRectEmpty, GetWindowInfo, GetWindow, IsZoomed, MoveWindow, ShowWindow, PostMessageA, ReleaseDC, GetWindowDC, GetClientRect, GetWindowTextA, DrawTextA, SetWindowRgn, SetWindowPos, RemovePropA, SetPropA, RedrawWindow, DefWindowProcA, GetSysColorBrush, GetSysColor, DispatchMessageA, GetMessageA, IsWindow, UnhookWindowsHookEx, SetWindowsHookExA, GetParent, GetWindowLongA, GetActiveWindow, GetClassNameA, GetPropA, GetMenuState, GetDesktopWindow, ReleaseCapture, SendMessageA, CallNextHookEx, OffsetRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, GetSystemMetrics, SetMenu
    > GDI32.dll: GetDCOrgEx, GetClipBox, DeleteObject, CreateFontIndirectA, SetBkMode, SelectObject, CreateRectRgn, OffsetRgn, CombineRgn, BitBlt, GetStockObject, CreateRectRgnIndirect, GetTextExtentPointA, ExtCreateRegion, CreateSolidBrush, DeleteDC, GetDIBits, GetRegionData, GetObjectA, SetBkColor, CreateICA, RealizePalette, SelectPalette, CreateBitmap, CreateCompatibleBitmap, CreateCompatibleDC, GetDeviceCaps, Polygon, RestoreDC, StretchBlt, SaveDC, CreateDIBitmap, CreateDIBSection, SetDIBitsToDevice, SetStretchBltMode, ExtSelectClipRgn, RectVisible, StretchDIBits, PtInRegion, GetTextExtentPoint32A, ExcludeClipRect, GetPixel, SetPixel, LineTo, MoveToEx, Rectangle, CreatePen, TextOutA, SelectClipRgn, IntersectClipRect, GetRgnBox, GetTextMetricsA, ExtTextOutA, UnrealizeObject, PatBlt, SetBrushOrgEx, SetTextColor, CreatePatternBrush
    > IMAGEHLP.dll: ImageDirectoryEntryToData
    > ADVAPI32.dll: RegOpenKeyExA, RegCloseKey, RegQueryValueA
    > SHELL32.dll: ExtractIconExA
    > COMCTL32.dll: ImageList_Remove, ImageList_GetImageCount, ImageList_Destroy, ImageList_GetIcon, ImageList_Create, _TrackMouseEvent, ImageList_GetIconSize, ImageList_DrawEx, ImageList_Draw, ImageList_AddMasked

    ( 59 exports )
    CloseSkinData, CreateBitmapFromSkinImage, CreateImageList, CreateSkinImageRectRegion, CreateSkinImageSectionRegion, DisableWindowScrollbarSkin, DrawSkinImageRect, DrawSkinImageSection, DrawSkinTextEffect, EnableCaptionButtons, EnableWindowScrollbarSkin, ExitSkinMagicLib, GetCaptionButtonState, GetLibVersion, GetSkinBool, GetSkinClientRect, GetSkinColor, GetSkinControlBkColor, GetSkinControlColor, GetSkinControlFont, GetSkinControlID, GetSkinControlRect, GetSkinDWORD, GetSkinFont, GetSkinImageSectionMargins, GetSkinInt, GetSkinMagicErrorCode, GetSkinMenu, GetSkinObjectText, GetSkinString, GetSkinSysColor, GetSkinSysColorBrush, GetSkinTransparentColor, HideTooltip, InitSkinMagicLib, LoadSkinFile, LoadSkinFromResource, OpenSkinData, RedrawCaptionStatic, RegisterSkinWindow, RemoveDialogSkin, RemoveWindowSkin, SetCaptionButtonState, SetCaptionButtonTooltip, SetControlSkin, SetControlTooltip, SetDialogSkin, SetShapeWindowSkin, SetSingleDialogSkin, SetSkinMenu, SetSkinObjectText, SetSkinWindowAccelerator, SetWindowMainMenuImage, SetWindowSkin, ShowSkinObject, ShowTooltipPoint, TrackSkinPopupMenu, TrackSkinPopupMenuEx, UnregisterSkinWindow

    ________________________________________________
    ________________________________________________
    ________________________________________________
    Hijack rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:29:21, on 14/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\WINDOWS\SMINST\scheduler.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Symantec AntiVirus\VPTray.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\PDFCreator\PDFCreator.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Users\Louis-Nicolas.HP\Téléchargements\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {D39F49BB-7816-4024-BD6D-C4D37A49165B} - C:\Windows\system32\xxywUNFu.dll (file missing)
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: APSHook.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
    O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\System32\IFXTCS.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Personal Secure Drive service for encrypted drives (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    0
  12. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    autre vérification :

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier : C:\Windows\system32\Hpservice.exe

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant
    0
  13. lechatpotte Messages postés 37 Statut Membre
     
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.6.13.1 2008.06.13 -
    AntiVir 7.8.0.55 2008.06.14 -
    Authentium 5.1.0.4 2008.06.14 -
    Avast 4.8.1195.0 2008.06.14 -
    AVG 7.5.0.516 2008.06.13 -
    BitDefender 7.2 2008.06.14 -
    CAT-QuickHeal 9.50 2008.06.13 -
    ClamAV 0.92.1 2008.06.14 -
    DrWeb 4.44.0.09170 2008.06.14 -
    eSafe 7.0.15.0 2008.06.12 -
    eTrust-Vet 31.6.5873 2008.06.14 -
    Ewido 4.0 2008.06.14 -
    F-Prot 4.4.4.56 2008.06.12 -
    F-Secure 6.70.13260.0 2008.06.13 -
    Fortinet 3.14.0.0 2008.06.14 -
    GData 2.0.7306.1023 2008.06.14 -
    Ikarus T3.1.1.26.0 2008.06.14 -
    Kaspersky 7.0.0.125 2008.06.14 -
    McAfee 5317 2008.06.13 -
    Microsoft 1.3604 2008.06.14 -
    NOD32v2 3186 2008.06.13 -
    Norman 5.80.02 2008.06.13 -
    Panda 9.0.0.4 2008.06.13 -
    Prevx1 V2 2008.06.14 -
    Rising 20.48.50.00 2008.06.14 -
    Sophos 4.30.0 2008.06.14 -
    Sunbelt 3.0.1145.1 2008.06.05 -
    Symantec 10 2008.06.14 -
    TheHacker 6.2.92.349 2008.06.13 -
    VBA32 3.12.6.7 2008.06.14 -
    VirusBuster 4.3.26:9 2008.06.12 -
    Webwasher-Gateway 6.6.2 2008.06.14 -
    Information additionnelle
    File size: 18944 bytes
    MD5...: a3a9c44e2a75984e80ebe4181e9d1cf9
    SHA1..: 1edc52f0cf2fb9087ea16174b8070fd7546e9e22
    SHA256: f019fdbba372603db49ac84c634b22460d8bd2a68d61db30601f0c9636716895
    SHA512: 244b58b3dd48cd1177396286853b56fc2f85d0b6e0943134b40220b89abfcec9
    be33cb51fdaa317168c8feacc24feefbf08eec2dbf92711341b150ae5cf7872d
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x1003c98
    timedatestamp.....: 0x459ea8ee (Fri Jan 05 19:37:18 2007)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x3bbc 0x3c00 5.56 299b803eefcd9933e73bc6f6e32fd558
    .data 0x5000 0x4a4 0x200 1.23 eeddbec4fa68ebc67999cbf2ddd7faf9
    .rsrc 0x6000 0x258 0x400 3.16 7fa9ec498d255c53fc486b39c4716564
    .reloc 0x7000 0x3de 0x400 5.76 ccbee4392a7d293bb52b925698ba61d6

    ( 7 imports )
    > ADVAPI32.dll: CloseServiceHandle, OpenServiceW, OpenSCManagerW, ReportEventW, RegisterEventSourceW, DeregisterEventSource, RegOpenKeyW, RegCloseKey, RegSetValueExW, RegCreateKeyW, CreateServiceW, DeleteService, SetServiceStatus, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, ConvertSidToStringSidW, GetTokenInformation
    > KERNEL32.dll: SetEvent, OutputDebugStringW, GetCurrentThreadId, GetModuleFileNameW, GetLastError, Sleep, CloseHandle, CreateEventW, SetConsoleCtrlHandler, GetModuleHandleW, GetCommandLineW, SetProcessShutdownParameters, GetProcessShutdownParameters, DebugBreak, LocalFree, LocalAlloc, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedCompareExchange, UnhandledExceptionFilter, InterlockedExchange
    > MFC42u.dll: -, -, -, -
    > msvcrt.dll: _unlock, __dllonexit, _lock, _onexit, __1type_info@@UAE@XZ, _except_handler4_common, _XcptFilter, exit, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _terminate@@YAXXZ, _wcsicmp, vswprintf, wprintf, memset, wcsncpy, _exit, _cexit, __wgetmainargs, _controlfp, __CxxFrameHandler3, swprintf
    > accelerometerDLL.dll: _SessionChange@@YGKPAXPBGE@Z, _NotifyAccelerometerAboutPower@@YGKPAXK@Z, _FindAccelerometerDevice@@YGEPAPAX@Z
    > USER32.dll: RegisterDeviceNotificationW, UnregisterDeviceNotification
    > WTSAPI32.dll: WTSQueryUserToken

    ( 0 exports )
    0
  14. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    merci, car ce fichier n'est pas bien connu. On va le référencer comme légitime.

    On nettoie :

    Relance HijackThis.

    Choisis Do a scan only

    Coche la case devant les lignes suivantes

    O2 - BHO: (no name) - {D39F49BB-7816-4024-BD6D-C4D37A49165B} - C:\Windows\system32\xxywUNFu.dll (file missing)

    Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

    Clique sur fix checked.

    Ferme Hijackthis.

    * Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.

    http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
    hxxp://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe

    Fais un clic droit et exécuter en tant qu'administrateur.

    * Clique sur Recherche et laisse le scan se terminer.

    * Clique, sur Suppression pour finaliser.

    * Tu peux, si tu le souhaites, te servir des Options facultatives.

    * Clique sur Quitter, pour que le rapport puisse se créer.

    * Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
    0
  15. lechatpotte Messages postés 37 Statut Membre
     
    -->- Recherche:

    C:\Qoobox: trouvé !
    C:\Program Files\WIDCOMM\Bluetooth Software\gzip.exe: trouvé !
    C:\Users\Louis-Nicolas.HP\Téléchargements\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Program Files\WIDCOMM\Bluetooth Software\gzip.exe: supprimé !
    C:\Users\Louis-Nicolas.HP\Téléchargements\HijackThis.exe: ERREUR DE SUPPRESSION !!
    C:\Qoobox: supprimé !

    voilou :)
    0
  16. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    supprime Toolscleaner sur ton Bureau et C:\Tcleaner.txt.

    Je mets le topic en résolu.

    Bon surf.
    0
  17. lechatpotte Messages postés 37 Statut Membre
     
    C'est très sympa pour ton aide !

    Je t'en remercie !

    Bonne navigation à toi ^^
    0
  18. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    de rien pour l'aide.

    On n'a pas eu l'occasion d'en discuter, mais une menace nouvelle vient d'apparaître sur les routeurs (et box). Si tu es concerné, lis ceci :

    Si tu as un routeur (ou une box), as-tu changé le mot de passe par défaut ? Sinon, fais le rapidement : un trojan s'attaque au mot de passe des routeurs en cherchant si le mot de passe ne figure pas dans une liste prétablie. Si oui, il prend le contrôle de l'ordi (et de la totalité du réseau). Un bon mot de passe doit avoir au moins 8 caractères et comprendre des lettres (en majuscule et en minuscule), des chiffres et des caractères spéciaux (é, #, ...). Il doit être conservé soigneusement (pour être retrouvé en cas d'oubli) ailleurs que sur un support informatique.
    0
  19. shouka Messages postés 106 Statut Membre 30
     
    Euh moi j'ai ma box numéricable.. et j'ai la conexion par wifi, et je n'ai pas mis de mot de passe :S
    C'est à dire quand je veux me connecter, y'a écrit MAISON et je me connecte direct^^
    Faut que je change le mot de passe??
    0