Mayday Mon ordinateur plante !
littls8euz
-
Littlsk8euz -
Littlsk8euz -
Bonjour,
Mon ordinateur portable plante au bout d'une demi heure d'utilisation, je ne sais plus quoi faire !
Un ami m'a conseillé votre forum. J'ai fait un scan Hijackthis...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:12, on 27/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Avast4\ashDisp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Mon ordinateur portable plante au bout d'une demi heure d'utilisation, je ne sais plus quoi faire !
Un ami m'a conseillé votre forum. J'ai fait un scan Hijackthis...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:12, on 27/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Avast4\ashDisp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:
- Mayday Mon ordinateur plante !
- Mon ordinateur rame - Guide
- Comment réinitialiser un ordinateur - Guide
- Clavier de l'ordinateur - Guide
- Parametres de mon ordinateur - Guide
- # Sur ordinateur - Guide
9 réponses
Salut,
Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:
http://deckard.geekstogo.com/dss.exe
(choisis enregistrer, puis Bureau comme emplacement)
Ferme toutes les applications en cours.
Double-clic sur DSS.exe pour lancer l'outil.
Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.
A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.
Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé ( extra.txt ), poste le aussi dans ta réponse.
Les rapports sont ici :
(!) C:\Deckard\System Scanner\main.txt
(!) C:\Deckard\System Scanner\extra.txt
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:
http://deckard.geekstogo.com/dss.exe
(choisis enregistrer, puis Bureau comme emplacement)
Ferme toutes les applications en cours.
Double-clic sur DSS.exe pour lancer l'outil.
Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.
A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.
Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé ( extra.txt ), poste le aussi dans ta réponse.
Les rapports sont ici :
(!) C:\Deckard\System Scanner\main.txt
(!) C:\Deckard\System Scanner\extra.txt
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
lu
fixe ca
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
fait un scan avec avast
si ton ordinateur a toujours planté le problème viens des tes mémoires
++
fixe ca
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
fait un scan avec avast
si ton ordinateur a toujours planté le problème viens des tes mémoires
++
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Merci merci beaucoup !!!!
J'ai "fixer" ça : O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe , merci Laurent
et voilà le rapport de BSS demandé par Chiquitine29 :
Deckard's System Scanner v20071014.68
Run by happy go lucky on 2008-07-27 19:13:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
7: 2008-07-27 09:55:37 UTC - RP300 - Point de contrôle planifié
6: 2008-07-26 06:30:07 UTC - RP299 - Windows Update
5: 2008-07-25 07:55:02 UTC - RP298 - Windows Update
4: 2008-07-24 08:32:56 UTC - RP297 - Point de contrôle planifié
3: 2008-07-23 08:26:21 UTC - RP296 - Windows Update
-- First Restore Point --
1: 2008-07-21 11:34:04 UTC - RP294 - Service Pack 1 de Windows Vista
Backed up registry hives.
Performed disk cleanup.
[color=red]System Drive C: has 17.97 GiB (less than 15%) free.[/color]
-- HijackThis (run as happy go lucky.exe) --------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:34, on 27/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Avast4\ashDisp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mobsync.exe
C:\Users\happy go lucky\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\happy go lucky.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
J'ai "fixer" ça : O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe , merci Laurent
et voilà le rapport de BSS demandé par Chiquitine29 :
Deckard's System Scanner v20071014.68
Run by happy go lucky on 2008-07-27 19:13:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
7: 2008-07-27 09:55:37 UTC - RP300 - Point de contrôle planifié
6: 2008-07-26 06:30:07 UTC - RP299 - Windows Update
5: 2008-07-25 07:55:02 UTC - RP298 - Windows Update
4: 2008-07-24 08:32:56 UTC - RP297 - Point de contrôle planifié
3: 2008-07-23 08:26:21 UTC - RP296 - Windows Update
-- First Restore Point --
1: 2008-07-21 11:34:04 UTC - RP294 - Service Pack 1 de Windows Vista
Backed up registry hives.
Performed disk cleanup.
[color=red]System Drive C: has 17.97 GiB (less than 15%) free.[/color]
-- HijackThis (run as happy go lucky.exe) --------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:34, on 27/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Avast4\ashDisp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mobsync.exe
C:\Users\happy go lucky\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\happy go lucky.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Et voilà un scan avec ComboFix :
ComboFix 08-07-27.2 - happy go lucky 2008-07-27 20:23:36.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1307 [GMT 2:00]
Endroit: C:\Users\happy go lucky\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\x64
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-27 to 2008-07-27 ))))))))))))))))))))))))))))))))))))
.
2008-07-27 19:13 . 2008-07-27 19:13 <REP> d-------- C:\Deckard
2008-07-27 17:55 . 2008-07-27 17:55 <REP> d-------- C:\Program Files\Trend Micro
2008-07-26 11:19 . 2008-07-26 11:19 <REP> d-------- C:\Users\All Users\WindowsSearch
2008-07-26 11:19 . 2008-07-26 11:19 <REP> d-------- C:\ProgramData\WindowsSearch
2008-07-26 08:33 . 2008-05-27 06:59 106,605 --a------ C:\WINDOWS\System32\StructuredQuerySchema.bin
2008-07-26 08:33 . 2008-05-27 07:17 34,816 --a------ C:\WINDOWS\System32\msscb.dll
2008-07-26 08:33 . 2008-05-27 06:59 18,904 --a------ C:\WINDOWS\System32\StructuredQuerySchemaTrivial.bin
2008-07-26 08:33 . 2008-05-27 07:17 11,776 --a------ C:\WINDOWS\System32\msshooks.dll
2008-07-23 13:38 . 2008-07-23 13:38 0 --ah----- C:\WINDOWS\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-23 10:56 . 2008-03-03 15:05 54,672 --a------ C:\WINDOWS\System32\vsutil_loc040c.dll
2008-07-23 10:55 . 2008-07-23 10:56 <REP> d-------- C:\WINDOWS\System32\ZoneLabs
2008-07-23 10:55 . 2008-03-03 15:05 1,086,952 --a------ C:\WINDOWS\System32\zpeng24.dll
2008-07-23 10:55 . 2008-07-27 20:16 352,615 --ah----- C:\WINDOWS\System32\drivers\vsconfig.xml
2008-07-23 10:55 . 2008-03-03 15:06 279,440 --------- C:\WINDOWS\System32\drivers\vsdatant.sys
2008-07-23 10:55 . 2008-03-03 15:06 279,440 --a------ C:\WINDOWS\System32\drivers\~GLH0014.TMP
2008-07-21 19:45 . 2008-07-21 19:45 <REP> d-------- C:\PerfLogs
2008-07-20 20:03 . 2008-01-19 09:33 2,623,488 --a------ C:\WINDOWS\System32\SLsvc.exe
2008-07-20 20:03 . 2008-01-19 09:36 1,541,120 --a------ C:\WINDOWS\System32\onex.dll
2008-07-20 20:03 . 2008-01-19 09:42 51,768 --a------ C:\WINDOWS\System32\PSHED.DLL
2008-07-20 20:01 . 2008-01-19 05:12 3,662,296 --a------ C:\WINDOWS\System32\locale.nls
2008-07-20 20:00 . 2008-01-19 09:38 4,595,712 --a------ C:\WINDOWS\System32\AuthFWSnapin.dll
2008-07-20 19:59 . 2008-01-19 09:33 8,139,264 --a------ C:\WINDOWS\System32\ssBranded.scr
2008-07-20 19:58 . 2008-01-19 09:35 3,072,000 --a------ C:\WINDOWS\System32\networkmap.dll
2008-07-20 19:57 . 2008-01-19 09:32 5,714,432 --a------ C:\WINDOWS\System32\logon.scr
2008-07-20 19:56 . 2008-01-19 08:06 8,147,456 --a------ C:\WINDOWS\System32\wmploc.DLL
2008-07-20 19:55 . 2008-01-19 09:36 704,512 --a------ C:\WINDOWS\System32\SmiEngine.dll
2008-07-20 19:55 . 2008-01-19 09:36 357,888 --a------ C:\WINDOWS\System32\wbemcomn.dll
2008-07-20 19:55 . 2008-01-19 09:36 139,264 --a------ C:\WINDOWS\System32\SmiInstaller.dll
2008-07-20 19:54 . 2008-01-19 09:34 305,152 --a------ C:\WINDOWS\System32\msdelta.dll
2008-07-20 19:54 . 2008-01-19 09:34 258,560 --a------ C:\WINDOWS\System32\dpx.dll
2008-07-20 19:54 . 2008-01-19 09:34 246,784 --a------ C:\WINDOWS\System32\drvstore.dll
2008-07-20 19:54 . 2008-01-19 09:36 218,624 --a------ C:\WINDOWS\System32\wdscore.dll
2008-07-20 19:54 . 2008-01-19 09:33 130,560 --a------ C:\WINDOWS\System32\PkgMgr.exe
2008-07-20 19:54 . 2008-01-19 09:35 35,328 --a------ C:\WINDOWS\System32\mspatcha.dll
2008-07-13 23:20 . 2008-07-13 23:20 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-07-13 10:45 . 2008-06-26 03:45 12,240,896 --a------ C:\WINDOWS\System32\NlsLexicons0007.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 06:55 --------- d-----w C:\Program Files\Avast4
2008-07-23 12:31 --------- d-----w C:\Users\happy go lucky\AppData\Roaming\Roxio
2008-07-21 18:00 174 --sha-w C:\Program Files\desktop.ini
2008-07-21 17:47 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-21 17:47 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-21 17:47 --------- d-----w C:\Program Files\Windows Mail
2008-07-21 17:47 --------- d-----w C:\Program Files\Windows Journal
2008-07-21 17:47 --------- d-----w C:\Program Files\Windows Defender
2008-07-21 17:47 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-21 17:47 --------- d-----w C:\Program Files\Windows Calendar
2008-07-21 11:48 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-21 11:48 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-13 21:19 --------- d-----w C:\Program Files\CONEXANT
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-11 09:28 --------- d-----w C:\Program Files\Paint Shop Pro 7
2008-06-06 10:21 --------- d-----w C:\Program Files\EA GAMES
2008-06-05 15:45 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-05 15:39 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-06-05 15:39 --------- d-----w C:\Users\happy go lucky\AppData\Roaming\DAEMON Tools
2008-06-05 15:14 --------- d-----w C:\Program Files\MagicISO
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2008-04-29 03:49 237,568 ----a-w C:\Windows\System32\UCI32A29.dll
2007-10-29 14:14 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-29 14:14 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-29 14:14 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 02:05 1045800]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 17:32 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 13:39 46704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-21 09:42 77824]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"hpqSRMon"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 09:55 80896]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= sx_cam_i420.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\Windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 09:33 125952 C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-07-14 01:41 20034600 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a------ 2007-11-20 16:29 360448 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-02 23:56 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9F52E23E-4154-4DB5-8609-58AA1E02D315}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{4D2D0EEC-4903-40DF-AB0E-0E5ADA0BC6A5}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{5ED450E0-A572-491D-9C0A-1AD78B504DEB}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{8DD2E0DE-A515-4BCC-A2E2-008CEDC83768}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{26B3FB1E-F7DF-496A-B71C-49DA7B9C9AFA}"= UDP:C:\Users\happy go lucky\AppData\Local\Temp\{286509F3-CBFF-4036-9649-886A580DBDE1}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{D3DD292A-C627-4B77-AD30-FE2EDB275CC9}"= TCP:C:\Users\happy go lucky\AppData\Local\Temp\{286509F3-CBFF-4036-9649-886A580DBDE1}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{40AF74B4-FA12-497C-B30F-25DA73E89727}"= UDP:C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{34034F24-57E5-4D27-A88A-C46206298556}"= TCP:C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{67D62862-D56A-4B9B-B8FB-E32D3ADD1B3A}"= UDP:C:\Program Files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:TerraTec tvtv Setup
"{38ED0E09-F843-4230-BF8C-66AFE4B29220}"= TCP:C:\Program Files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:TerraTec tvtv Setup
"{4A2BFF7E-D9CE-462F-B92C-8B72241A1EAE}"= UDP:C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:TerraTec Home Cinema
"{3D3F30CD-35FA-4236-9FC8-A26E24E29924}"= TCP:C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:TerraTec Home Cinema
"{1E807B48-239C-42DB-A5F9-4AB53848347E}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5D1A71A7-222E-4484-9278-CA9531CE4979}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DE7D0053-DAF3-4BFA-8B5D-A8CDAA550081}"= UDP:C:\Users\happy go lucky\AppData\Local\Temp\{44B65D28-C5D9-4EEC-9C75-772B0C8C03F9}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{7668633A-2377-4162-830C-C89D862677EF}"= TCP:C:\Users\happy go lucky\AppData\Local\Temp\{44B65D28-C5D9-4EEC-9C75-772B0C8C03F9}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{CBB0911F-52E0-480A-BA5B-5C968F74FCC3}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4FEDA9E4-8262-49E6-AADE-B852C5E01EA0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E259CCAB-0192-4063-AAC4-C0AEA65ADC47}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6351D354-7655-4DD2-9500-AE83E0B73689}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{AE1F985C-2A2E-4531-B501-9C9B712DC3F7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D8E40AF8-A72B-4D24-BDA7-59A0545BD231}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{0A06CF19-5A79-4525-A166-8D9A6F266B4C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{99F240CA-4D42-4829-B20D-27F55232E1C3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 05:10]
S3 AF05BDA;Cinergy T USB XE service;C:\Windows\system32\DRIVERS\AF05BDA.sys [2006-12-05 17:11]
S3 AVEO;WEB13AB;C:\Windows\system32\DRIVERS\AVEOdcnt.sys [2007-07-30 14:48]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\loader.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{155e9bc7-3316-11dd-a750-001b240911a3}]
\shell\AutoRun\command - F:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{978a1c84-3854-11dd-b90b-001b240911a3}]
\shell\Auto\command - cmd /C launch.bat
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b452ddb-f97a-11dc-a387-001b240911a3}]
\shell\AutoRun\command - F:\loader.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be98daf1-8abc-11dc-b474-001b240911a3}]
\shell\AutoRun\command - explorer.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2007-12-26 C:\Windows\Tasks\HPCeeScheduleForhappy go lucky.job - C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-30 17:08]
2008-06-27 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - happy go lucky.job - C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca"???happy go lucky?<This is a schedule scan task from Norton Internet Security.??? []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=PRESARIO&pf=laptop
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 20:28:12
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
C:\Windows\TEMP\TMP0000005D3F29EF48B7365EF9
Scan terminé avec succès
Les fichiers cachés: 1
**************************************************************************
.
Temps d'accomplissement: 2008-07-27 20:29:58
ComboFix-quarantined-files.txt 2008-07-27 18:29:50
Pre-Run: 18,989,932,544 octets libres
Post-Run: 18,972,184,576 octets libres
231 --- E O F --- 2008-07-26 06:34:13
Merci pour votre temps
Littlsk8euz
ComboFix 08-07-27.2 - happy go lucky 2008-07-27 20:23:36.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1307 [GMT 2:00]
Endroit: C:\Users\happy go lucky\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\x64
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-27 to 2008-07-27 ))))))))))))))))))))))))))))))))))))
.
2008-07-27 19:13 . 2008-07-27 19:13 <REP> d-------- C:\Deckard
2008-07-27 17:55 . 2008-07-27 17:55 <REP> d-------- C:\Program Files\Trend Micro
2008-07-26 11:19 . 2008-07-26 11:19 <REP> d-------- C:\Users\All Users\WindowsSearch
2008-07-26 11:19 . 2008-07-26 11:19 <REP> d-------- C:\ProgramData\WindowsSearch
2008-07-26 08:33 . 2008-05-27 06:59 106,605 --a------ C:\WINDOWS\System32\StructuredQuerySchema.bin
2008-07-26 08:33 . 2008-05-27 07:17 34,816 --a------ C:\WINDOWS\System32\msscb.dll
2008-07-26 08:33 . 2008-05-27 06:59 18,904 --a------ C:\WINDOWS\System32\StructuredQuerySchemaTrivial.bin
2008-07-26 08:33 . 2008-05-27 07:17 11,776 --a------ C:\WINDOWS\System32\msshooks.dll
2008-07-23 13:38 . 2008-07-23 13:38 0 --ah----- C:\WINDOWS\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-23 10:56 . 2008-03-03 15:05 54,672 --a------ C:\WINDOWS\System32\vsutil_loc040c.dll
2008-07-23 10:55 . 2008-07-23 10:56 <REP> d-------- C:\WINDOWS\System32\ZoneLabs
2008-07-23 10:55 . 2008-03-03 15:05 1,086,952 --a------ C:\WINDOWS\System32\zpeng24.dll
2008-07-23 10:55 . 2008-07-27 20:16 352,615 --ah----- C:\WINDOWS\System32\drivers\vsconfig.xml
2008-07-23 10:55 . 2008-03-03 15:06 279,440 --------- C:\WINDOWS\System32\drivers\vsdatant.sys
2008-07-23 10:55 . 2008-03-03 15:06 279,440 --a------ C:\WINDOWS\System32\drivers\~GLH0014.TMP
2008-07-21 19:45 . 2008-07-21 19:45 <REP> d-------- C:\PerfLogs
2008-07-20 20:03 . 2008-01-19 09:33 2,623,488 --a------ C:\WINDOWS\System32\SLsvc.exe
2008-07-20 20:03 . 2008-01-19 09:36 1,541,120 --a------ C:\WINDOWS\System32\onex.dll
2008-07-20 20:03 . 2008-01-19 09:42 51,768 --a------ C:\WINDOWS\System32\PSHED.DLL
2008-07-20 20:01 . 2008-01-19 05:12 3,662,296 --a------ C:\WINDOWS\System32\locale.nls
2008-07-20 20:00 . 2008-01-19 09:38 4,595,712 --a------ C:\WINDOWS\System32\AuthFWSnapin.dll
2008-07-20 19:59 . 2008-01-19 09:33 8,139,264 --a------ C:\WINDOWS\System32\ssBranded.scr
2008-07-20 19:58 . 2008-01-19 09:35 3,072,000 --a------ C:\WINDOWS\System32\networkmap.dll
2008-07-20 19:57 . 2008-01-19 09:32 5,714,432 --a------ C:\WINDOWS\System32\logon.scr
2008-07-20 19:56 . 2008-01-19 08:06 8,147,456 --a------ C:\WINDOWS\System32\wmploc.DLL
2008-07-20 19:55 . 2008-01-19 09:36 704,512 --a------ C:\WINDOWS\System32\SmiEngine.dll
2008-07-20 19:55 . 2008-01-19 09:36 357,888 --a------ C:\WINDOWS\System32\wbemcomn.dll
2008-07-20 19:55 . 2008-01-19 09:36 139,264 --a------ C:\WINDOWS\System32\SmiInstaller.dll
2008-07-20 19:54 . 2008-01-19 09:34 305,152 --a------ C:\WINDOWS\System32\msdelta.dll
2008-07-20 19:54 . 2008-01-19 09:34 258,560 --a------ C:\WINDOWS\System32\dpx.dll
2008-07-20 19:54 . 2008-01-19 09:34 246,784 --a------ C:\WINDOWS\System32\drvstore.dll
2008-07-20 19:54 . 2008-01-19 09:36 218,624 --a------ C:\WINDOWS\System32\wdscore.dll
2008-07-20 19:54 . 2008-01-19 09:33 130,560 --a------ C:\WINDOWS\System32\PkgMgr.exe
2008-07-20 19:54 . 2008-01-19 09:35 35,328 --a------ C:\WINDOWS\System32\mspatcha.dll
2008-07-13 23:20 . 2008-07-13 23:20 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-07-13 10:45 . 2008-06-26 03:45 12,240,896 --a------ C:\WINDOWS\System32\NlsLexicons0007.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 06:55 --------- d-----w C:\Program Files\Avast4
2008-07-23 12:31 --------- d-----w C:\Users\happy go lucky\AppData\Roaming\Roxio
2008-07-21 18:00 174 --sha-w C:\Program Files\desktop.ini
2008-07-21 17:47 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-21 17:47 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-21 17:47 --------- d-----w C:\Program Files\Windows Mail
2008-07-21 17:47 --------- d-----w C:\Program Files\Windows Journal
2008-07-21 17:47 --------- d-----w C:\Program Files\Windows Defender
2008-07-21 17:47 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-21 17:47 --------- d-----w C:\Program Files\Windows Calendar
2008-07-21 11:48 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-21 11:48 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-13 21:19 --------- d-----w C:\Program Files\CONEXANT
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-11 09:28 --------- d-----w C:\Program Files\Paint Shop Pro 7
2008-06-06 10:21 --------- d-----w C:\Program Files\EA GAMES
2008-06-05 15:45 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-05 15:39 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-06-05 15:39 --------- d-----w C:\Users\happy go lucky\AppData\Roaming\DAEMON Tools
2008-06-05 15:14 --------- d-----w C:\Program Files\MagicISO
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2008-04-29 03:49 237,568 ----a-w C:\Windows\System32\UCI32A29.dll
2007-10-29 14:14 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-29 14:14 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-29 14:14 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 02:05 1045800]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 17:32 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 13:39 46704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-21 09:42 77824]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"hpqSRMon"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 09:55 80896]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= sx_cam_i420.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\Windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 09:33 125952 C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-07-14 01:41 20034600 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a------ 2007-11-20 16:29 360448 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-02 23:56 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9F52E23E-4154-4DB5-8609-58AA1E02D315}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{4D2D0EEC-4903-40DF-AB0E-0E5ADA0BC6A5}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{5ED450E0-A572-491D-9C0A-1AD78B504DEB}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{8DD2E0DE-A515-4BCC-A2E2-008CEDC83768}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{26B3FB1E-F7DF-496A-B71C-49DA7B9C9AFA}"= UDP:C:\Users\happy go lucky\AppData\Local\Temp\{286509F3-CBFF-4036-9649-886A580DBDE1}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{D3DD292A-C627-4B77-AD30-FE2EDB275CC9}"= TCP:C:\Users\happy go lucky\AppData\Local\Temp\{286509F3-CBFF-4036-9649-886A580DBDE1}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{40AF74B4-FA12-497C-B30F-25DA73E89727}"= UDP:C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{34034F24-57E5-4D27-A88A-C46206298556}"= TCP:C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{67D62862-D56A-4B9B-B8FB-E32D3ADD1B3A}"= UDP:C:\Program Files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:TerraTec tvtv Setup
"{38ED0E09-F843-4230-BF8C-66AFE4B29220}"= TCP:C:\Program Files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:TerraTec tvtv Setup
"{4A2BFF7E-D9CE-462F-B92C-8B72241A1EAE}"= UDP:C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:TerraTec Home Cinema
"{3D3F30CD-35FA-4236-9FC8-A26E24E29924}"= TCP:C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:TerraTec Home Cinema
"{1E807B48-239C-42DB-A5F9-4AB53848347E}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5D1A71A7-222E-4484-9278-CA9531CE4979}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DE7D0053-DAF3-4BFA-8B5D-A8CDAA550081}"= UDP:C:\Users\happy go lucky\AppData\Local\Temp\{44B65D28-C5D9-4EEC-9C75-772B0C8C03F9}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{7668633A-2377-4162-830C-C89D862677EF}"= TCP:C:\Users\happy go lucky\AppData\Local\Temp\{44B65D28-C5D9-4EEC-9C75-772B0C8C03F9}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{CBB0911F-52E0-480A-BA5B-5C968F74FCC3}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4FEDA9E4-8262-49E6-AADE-B852C5E01EA0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E259CCAB-0192-4063-AAC4-C0AEA65ADC47}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6351D354-7655-4DD2-9500-AE83E0B73689}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{AE1F985C-2A2E-4531-B501-9C9B712DC3F7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D8E40AF8-A72B-4D24-BDA7-59A0545BD231}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{0A06CF19-5A79-4525-A166-8D9A6F266B4C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{99F240CA-4D42-4829-B20D-27F55232E1C3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 05:10]
S3 AF05BDA;Cinergy T USB XE service;C:\Windows\system32\DRIVERS\AF05BDA.sys [2006-12-05 17:11]
S3 AVEO;WEB13AB;C:\Windows\system32\DRIVERS\AVEOdcnt.sys [2007-07-30 14:48]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\loader.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{155e9bc7-3316-11dd-a750-001b240911a3}]
\shell\AutoRun\command - F:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{978a1c84-3854-11dd-b90b-001b240911a3}]
\shell\Auto\command - cmd /C launch.bat
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b452ddb-f97a-11dc-a387-001b240911a3}]
\shell\AutoRun\command - F:\loader.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be98daf1-8abc-11dc-b474-001b240911a3}]
\shell\AutoRun\command - explorer.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2007-12-26 C:\Windows\Tasks\HPCeeScheduleForhappy go lucky.job - C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-30 17:08]
2008-06-27 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - happy go lucky.job - C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca"???happy go lucky?<This is a schedule scan task from Norton Internet Security.??? []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=PRESARIO&pf=laptop
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 20:28:12
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
C:\Windows\TEMP\TMP0000005D3F29EF48B7365EF9
Scan terminé avec succès
Les fichiers cachés: 1
**************************************************************************
.
Temps d'accomplissement: 2008-07-27 20:29:58
ComboFix-quarantined-files.txt 2008-07-27 18:29:50
Pre-Run: 18,989,932,544 octets libres
Post-Run: 18,972,184,576 octets libres
231 --- E O F --- 2008-07-26 06:34:13
Merci pour votre temps
Littlsk8euz
Télécharge RavAntivirus d'Evosla sur ton bureau : http://ww25.evosla.com/compteur.php?soft=rav_antivirus
- Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir avant de lancer ce FIX
- Clique droit sur le fichier .ZIP, puis "Extraire vers" Bureau.
- Doucle-clique sur "RAV.exe" pour lancer le fix.
- Laisse le programme agir : il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
- En cas d'infections un rapport sera généré : poste le dans ta prochaine réponse stp.
- Ensuite : retire tes disques amovibles et redémarre le PC.
- Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir avant de lancer ce FIX
- Clique droit sur le fichier .ZIP, puis "Extraire vers" Bureau.
- Doucle-clique sur "RAV.exe" pour lancer le fix.
- Laisse le programme agir : il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
- En cas d'infections un rapport sera généré : poste le dans ta prochaine réponse stp.
- Ensuite : retire tes disques amovibles et redémarre le PC.
Bonjour,
je ne me suis pas manifestée pendant 20 jours car j'étais en vacances.
J'ai bien lancé un scan RAV, il a trouvé une infection au bout de quelques minutes, l'a corrigée, puis il a continué à scanner indéfiniment mon ordi. Je n'ai pas trouvé le rapport.
Malheureusement mon ordi continue à planter. En gros, au bout d'une vingtaine de minute, firefox ne répond plus, et je perds internet. (msn et internet explorer n'arrivent plus à se connecter non plus). Je suis obligée de redémarrer... et c'est reparti pour un tour.
Ce que je ne comprends pas c'est pourquoi il plante au bout de 20 minutes. Si internet était mal configuré ou si Zonealarm et avast ne s'entendait pas, je devrais le savoir tout de suite....
J'ai essayé chez une amie (avec une autre Livebox) et le résultat est le même. ça doit bien venir de mon ordinateur.
Avez vous d'autres tuyaux pour m'aider ?
Bizzz
Littlsk8euz
je ne me suis pas manifestée pendant 20 jours car j'étais en vacances.
J'ai bien lancé un scan RAV, il a trouvé une infection au bout de quelques minutes, l'a corrigée, puis il a continué à scanner indéfiniment mon ordi. Je n'ai pas trouvé le rapport.
Malheureusement mon ordi continue à planter. En gros, au bout d'une vingtaine de minute, firefox ne répond plus, et je perds internet. (msn et internet explorer n'arrivent plus à se connecter non plus). Je suis obligée de redémarrer... et c'est reparti pour un tour.
Ce que je ne comprends pas c'est pourquoi il plante au bout de 20 minutes. Si internet était mal configuré ou si Zonealarm et avast ne s'entendait pas, je devrais le savoir tout de suite....
J'ai essayé chez une amie (avec une autre Livebox) et le résultat est le même. ça doit bien venir de mon ordinateur.
Avez vous d'autres tuyaux pour m'aider ?
Bizzz
Littlsk8euz
