Problème au démarrage ??? resolu

La section attend toutes les questions, impressions, avis ou astuces ou informations sur Windows Vista, Windows 7, Windows 8. Les problèmes aussi...

Modérateur: Modérateurs

Problème au démarrage ??? resolu

Messagepar tayson » 21 Mar 2008 10:14

Bonjour**

J'ai un probleme avec mon ordinateur, quand il demarre il y a une fenetre qui s'ouvre, Win Secure, je ne sait pas de quel programme il s'agit, et c'est en anglais, mais je n'arrive pas a la fermee je la ferme et elle s'ouvre a nouveau,j'arrive a la fermee et pour que elle ne s'ouvre plus avec le panneau de configuration. quel qu'un pourrait m'aider, pour pouvoir me debarrasser de ça.Merci beaucoup

**=Edit/_DELL_
Dernière édition par tayson le 22 Mar 2008 19:28, édité 1 fois.
tayson
 
Messages: 46
Inscription: 22 Jan 2008 20:29

Re: probleme, au demarrage????

Messagepar Falkra » 21 Mar 2008 19:59

Virus et compagnie ça.

Pour voir ce qui tourne sur ta machine et pouvoir nettoyer les infections présentes, il nous faut faire quelques tests.

Voici comment démarrer.
:arrow: Poste un rapport Hijackthis (v2.0.2) dans ta prochaine réponse stp :
Voici un tuto avec les liens nécessaires :
http://www.libellules.ch/poster_log_hijackthis.php
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: probleme, au demarrage????

Messagepar tayson » 21 Mar 2008 22:33

voila, je fais ce que tu m'a dit, ça donne ça:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:23, on 21.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\EDSMSNFIX.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\vVX3000.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Piratrax\piratrax.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Palm\Hotsync.exe
C:\Users\MARIAJ~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Sony Corporation\VirtualExpander\VirtualExpander.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eNet\WriteAcerAdapterKey.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\mariajose\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [Piratrax] C:\Program Files\Piratrax\piratrax.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: VirtualExpander.lnk = C:\Users\mariajose\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8355408-E9C6-47BF-BAC6-0EE3A73BAE41}: NameServer = 195.186.1.111,195.186.4.111
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13909 bytes
tayson
 
Messages: 46
Inscription: 22 Jan 2008 20:29

Re: probleme, au demarrage????

Messagepar Falkra » 21 Mar 2008 22:54

Re. :)

il y a deux types d'infections sur la machine. On va faire dans l'ordre.

  • Télécharge BTFix de Bibi26.
  • Dézippe l'archive sur ton Bureau.
  • Ouvre le dossier BTFix.
  • Double clique sur BTFix.exe.
  • Clique sur Rechercher.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse, ne nettoie pas directement, on vérifie d'abord ce qui est listé.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: probleme, au demarrage????

Messagepar tayson » 21 Mar 2008 23:22

voila:
BTFix 1.088 (par bibi26) - 21/03/2008 23:16:35 - Analyse
Lancé depuis C:\Users\mariajose\Desktop\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- [Heuristique : Search Settings] C:\Windows\Installer\d3933a.msi
- C:\Windows\system32\WhoisCL.exe
- C:\Program Files\Search Settings\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\

---> Analyse terminée
tayson
 
Messages: 46
Inscription: 22 Jan 2008 20:29

Re: probleme, au demarrage????

Messagepar Falkra » 21 Mar 2008 23:30

  • Lance BTFix par clic droit, "exécuter en tant que..." "administrateur".
  • Clique sur Nettoyer.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

Je contacte bibi26, tout n'est pas pris en charge ou détecté on dirait. Ton cas permet de faire avancer l'outil.
@ toute
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: probleme, au demarrage????

Messagepar tayson » 21 Mar 2008 23:51

voila
BTFix 1.088 (par bibi26) - 21/03/2008 23:48:32 - Nettoyage - Mode normal
Lancé depuis C:\Users\mariajose\Desktop\BTFix\BTFix.exe

---> Fichiers/dossiers supprimés (Première passe)

- Fichiers temporaires effacés
- [Heuristique : Search Settings] C:\Windows\Installer\d3933a.msi
- C:\Windows\system32\WhoisCL.exe
- C:\Program Files\Search Settings\kb126\res\
- C:\Program Files\Search Settings\kb126\temp\
- C:\Program Files\Search Settings\kb126\
- C:\Program Files\Search Settings\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\SKIN\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\

---> Nettoyage terminé
tayson
 
Messages: 46
Inscription: 22 Jan 2008 20:29

Re: probleme, au demarrage????

Messagepar Falkra » 21 Mar 2008 23:53

Nickel, l'outil avait tout pris en compte, j'ai mal lu le dossier, qui contenait déjà les fichiers.
Juste remonté une petite inscription de registre.

Poste un nouveau log HJT stp. :-D
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: probleme, au demarrage????

Messagepar tayson » 22 Mar 2008 00:06

je ne comprend pas, je dois faire quelque chose maintenant?
tayson
 
Messages: 46
Inscription: 22 Jan 2008 20:29

Re: probleme, au demarrage????

Messagepar Falkra » 22 Mar 2008 00:14

tayson a écrit:je ne comprend pas, je dois faire quelque chose maintenant?


Oui, poste un nouveau rapport HijackThis, pour voir les changements et ce qui reste à nettoyer.
Pour cela, refais la procédure indiquée dans mon premier post.

N'hésite pas à poser des questions. :-D
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: probleme, au demarrage????

Messagepar tayson » 22 Mar 2008 00:27

voila le nouveau rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:25:12, on 22.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\EDSMSNFIX.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\vVX3000.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Piratrax\piratrax.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Palm\Hotsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Sony Corporation\VirtualExpander\VirtualExpander.exe
C:\Users\MARIAJ~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\mariajose\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [Piratrax] C:\Program Files\Piratrax\piratrax.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: VirtualExpander.lnk = C:\Users\mariajose\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8355408-E9C6-47BF-BAC6-0EE3A73BAE41}: NameServer = 195.186.1.111,195.186.4.111
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12560 bytes
tayson
 
Messages: 46
Inscription: 22 Jan 2008 20:29

Re: probleme, au demarrage????

Messagepar Falkra » 22 Mar 2008 00:46

Si tu as envie de dormir, pas de souci hein. :wink:
Il reste une infection (puis sécurisation/prévention).

Vista n'acceptera pas un des outils qui s'en débarrasse facilement.
On sort un gros calibre qui l'aura, mais c'est du ros, moins on s'en sert, mieux c'est.

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).
  • Double-clique combofix.exe afin de l'exécuter et suis les instructions.
  • Lorsque l'analyse sera complétée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: probleme, au demarrage????

Messagepar tayson » 22 Mar 2008 09:24

en premier BONJOUR, j'ai fais ce que tu m'a dit en dernier et ça donne:

ComboFix 08-03-21.2 - mariajose 2008-03-22 9:13:51.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.174 [GMT 1:00]
Endroit: C:\Users\mariajose\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\Users\mariajose\AppData\Local\ervazrog.dat
C:\Users\mariajose\AppData\Local\ervazrog.exe
c:\Users\mariajose\AppData\Local\ervazrog_nav.dat
c:\Users\mariajose\AppData\Local\ervazrog_navps.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))))))
.

2008-03-21 09:36 . 2008-03-21 16:14 5,196 --a------ C:\Windows\System32\PerfStringBackup.TMP
2008-03-19 16:47 . 2004-08-30 21:00 1,470,464 --a------ C:\Windows\System32\WinSecure.exe
2008-03-19 16:47 . 2008-03-22 09:04 37,888 --a------ C:\Windows\System32\rar.exe
2008-03-19 16:07 . 2008-03-19 16:07 <REP> d-------- C:\Program Files\Safari
2008-03-17 16:37 . 2008-03-17 16:37 <REP> d-------- C:\Program Files\eMule
2008-03-16 19:55 . 2008-03-16 19:55 <REP> d-------- C:\Program Files\Micro Application
2008-03-16 19:55 . 2008-03-16 20:00 40 --a------ C:\Windows\NAVIGMA.INI
2008-03-15 11:03 . 2007-12-04 17:10 16,640 --a------ C:\Windows\System32\drivers\PalmUSBD.sys
2008-03-15 11:02 . 2008-03-15 11:02 <REP> d-------- C:\Users\mariajose\AppData\Roaming\Arcsoft
2008-03-15 11:01 . 2008-03-15 11:01 <REP> d-------- C:\Users\mariajose\AppData\Roaming\HotSync
2008-03-15 11:01 . 2008-03-15 11:01 <REP> d-------- C:\Users\All Users\HotSync
2008-03-15 11:01 . 2008-03-15 11:01 <REP> d-------- C:\ProgramData\HotSync
2008-03-15 11:00 . 2008-03-21 23:02 <REP> d-------- C:\Program Files\Palm
2008-03-09 19:07 . 2008-03-09 19:09 28 --a------ C:\Windows\wazpnmp.sys
2008-03-08 12:02 . 2008-03-08 12:02 104,608 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT
2008-03-07 13:40 . 2008-03-07 13:40 13,035 --a------ C:\Windows\System32\drivers\SymRedir.cat
2008-03-07 13:40 . 2008-03-07 13:40 1,358 --a------ C:\Windows\System32\drivers\SymRedir.inf
2008-03-07 13:39 . 2008-03-07 13:39 191,536 --a------ C:\Windows\System32\drivers\symtdi.sys
2008-03-07 13:39 . 2008-03-07 13:39 145,968 --a------ C:\Windows\System32\drivers\symfw.sys
2008-03-07 13:39 . 2008-03-07 13:39 39,984 --a------ C:\Windows\System32\drivers\symids.sys
2008-03-07 13:39 . 2008-03-07 13:39 37,936 --a------ C:\Windows\System32\drivers\symndisv.sys
2008-03-07 13:39 . 2008-03-07 13:39 27,696 --a------ C:\Windows\System32\drivers\symredrv.sys
2008-03-07 13:39 . 2008-03-07 13:39 12,848 --a------ C:\Windows\System32\drivers\symdns.sys
2008-03-03 23:20 . 2003-03-18 21:20 1,060,864 --a------ C:\Windows\System32\MFC71.dll
2008-03-03 23:20 . 1998-06-16 23:00 516,173 --a------ C:\Windows\System32\MSVCP60D.DLL
2008-03-03 23:20 . 1998-06-16 23:00 385,100 --a------ C:\Windows\System32\MSVCRTD.DLL
2008-03-03 23:20 . 2000-11-29 02:07 307,200 --a------ C:\Windows\System32\msvcr70.dll
2008-03-03 23:20 . 2003-08-07 15:01 237,568 --a------ C:\Windows\System32\lame_enc.dll
2008-03-03 15:40 . 2008-03-22 09:02 54,156 --ah----- C:\Windows\QTFont.qfn
2008-03-03 15:40 . 2008-03-07 20:07 1,409 --a------ C:\Windows\QTFont.for
2008-03-02 20:44 . 1998-06-24 00:00 164,144 --a------ C:\Windows\System32\COMCT232.OCX
2008-03-02 20:43 . 2008-03-03 23:20 <REP> d-------- C:\Program Files\Free Audio Pack
2008-03-02 20:25 . 2008-03-03 15:32 <REP> d-------- C:\audiograbber
2008-03-02 19:52 . 2008-03-02 20:40 204 --a------ C:\Windows\CDPlayer.ini
2008-03-02 18:50 . 2008-03-02 18:50 <REP> d-------- C:\Users\mariajose\AppData\Roaming\CyberLink
2008-03-01 20:22 . 2008-03-19 17:04 <REP> d-------- C:\Users\mariajose\AppData\Roaming\Apple Computer
2008-03-01 20:22 . 2008-03-03 15:37 <REP> d-------- C:\Program Files\iPod
2008-03-01 20:21 . 2008-03-03 15:38 <REP> d-------- C:\Program Files\iTunes
2008-03-01 20:19 . 2008-03-01 20:21 <REP> d-------- C:\Users\All Users\Apple Computer
2008-03-01 20:19 . 2008-03-01 20:21 <REP> d-------- C:\ProgramData\Apple Computer
2008-03-01 20:19 . 2008-03-01 20:19 <REP> d-------- C:\Program Files\QuickTime
2008-03-01 09:59 . 2008-03-01 09:59 244 --ah----- C:\sqmnoopt01.sqm
2008-03-01 09:59 . 2008-03-01 09:59 232 --ah----- C:\sqmdata01.sqm
2008-02-28 20:47 . 2008-02-28 20:47 <REP> d-------- C:\Users\mariajose\AppData\Roaming\LGSync
2008-02-28 20:44 . 2008-02-28 20:44 <REP> d-------- C:\Program Files\LG Electronics
2008-02-28 20:43 . 2008-02-28 20:44 <REP> d-------- C:\Program Files\LGE GSM PC Sync
2008-02-28 20:43 . 2004-09-16 11:31 1,703,936 --a------ C:\Windows\System32\gdiplus.dll
2008-02-28 20:43 . 2005-09-26 22:55 419,240 --a------ C:\Windows\System32\Vsflex7L.ocx
2008-02-28 20:43 . 2000-05-22 00:00 244,416 --a------ C:\Windows\System32\Msflxgrd.ocx
2008-02-28 20:43 . 2005-10-04 10:39 44,544 --a------ C:\Windows\System32\msxml4a.dll
2008-02-28 20:43 . 2005-06-28 22:12 36,864 --a------ C:\Windows\System32\CSDLGE1LIB.dll
2008-02-24 23:07 . 2008-02-24 23:07 <REP> d-------- C:\Program Files\Common Files\xing shared
2008-02-22 19:58 . 2008-02-22 19:59 <REP> d-------- C:\Users\mariajose\AppData\Roaming\App Launcher Gadget
2008-02-22 19:17 . 2008-02-22 19:17 <REP> d-------- C:\Users\All Users\Emjysoft
2008-02-22 19:17 . 2008-02-22 19:17 <REP> d-------- C:\ProgramData\Emjysoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 08:05 --------- d---a-w C:\ProgramData\TEMP
2008-03-21 22:02 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-21 22:02 --------- d-----w C:\Program Files\Picasa2
2008-03-21 22:02 --------- d-----w C:\Program Files\Microsoft Works
2008-03-21 22:02 --------- d-----w C:\Program Files\Google
2008-03-21 22:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-20 07:31 --------- d-----w C:\Users\mariajose\AppData\Roaming\LimeWire
2008-03-17 21:34 --------- d-----w C:\ProgramData\Symantec
2008-03-17 20:46 --------- d-----w C:\ProgramData\WLInstaller
2008-03-17 15:37 --------- d-----w C:\ProgramData\eMule
2008-03-14 10:30 --------- d-----w C:\Program Files\Java
2008-03-08 10:49 --------- d-----w C:\Program Files\MSBuild
2008-03-03 14:33 --------- d-----w C:\Program Files\worldTVRT
2008-03-03 14:33 --------- d-----w C:\Program Files\RegCleaner
2008-03-03 14:33 --------- d-----w C:\Program Files\Macrogaming
2008-02-28 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-24 22:07 --------- d-----w C:\Program Files\Common Files\Real
2008-02-21 09:41 --------- d-----w C:\Program Files\Piratrax
2008-02-20 19:31 --------- d-----w C:\Program Files\OLYMPUS
2008-02-19 21:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 21:17 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-19 20:38 --------- d-----w C:\Users\mariajose\AppData\Roaming\Download Manager
2008-02-18 15:36 --------- d-----w C:\Users\mariajose\AppData\Roaming\Nokia
2008-02-18 14:22 --------- d-----w C:\Program Files\LimeWire
2008-02-18 10:14 --------- d-----w C:\Program Files\Common Files\Java
2008-02-17 23:40 --------- d-----w C:\Users\mariajose\AppData\Roaming\vlc
2008-02-17 23:40 --------- d-----w C:\Program Files\adslTV
2008-02-17 22:18 --------- d-----w C:\Program Files\Zattoo
2008-02-15 20:43 --------- d-----w C:\Program Files\CCleaner
2008-02-15 19:55 --------- d-----w C:\Program Files\ToniArts
2008-02-15 11:18 --------- d-----w C:\Users\mariajose\AppData\Roaming\Corel Photo Album
2008-02-14 09:32 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 09:32 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 09:22 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 09:22 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 09:22 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 09:22 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 09:22 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 09:11 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 09:11 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 09:11 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 09:11 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 16:28 --------- d-----w C:\Program Files\Corel
2008-02-12 16:19 --------- d-----w C:\Users\mariajose\AppData\Roaming\Corel
2008-02-12 16:18 --------- d-----w C:\Program Files\Common Files\Corel
2008-02-12 15:43 --------- d-----w C:\Users\mariajose\AppData\Roaming\PC Suite
2008-02-12 15:42 --------- d-----w C:\ProgramData\PC Suite
2008-02-12 15:42 --------- d-----w C:\Program Files\DIFX
2008-02-12 15:03 --------- d-----w C:\ProgramData\Downloaded Installations
2008-02-12 14:58 --------- d-----w C:\ProgramData\Installations
2008-02-10 16:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-09 14:47 --------- d-----w C:\Program Files\DreamMail4
2008-02-03 17:46 --------- d-----w C:\ProgramData\IM
2008-02-03 17:45 --------- d-----w C:\Program Files\IncrediMail
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-02-01 10:10 --------- d-----w C:\Program Files\Norton Internet Security
2008-01-23 09:04 --------- d-----w C:\Program Files\Sony Corporation
2008-01-09 21:57 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-04 14:55 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-01-03 17:19 53,248 ----a-r C:\Windows\System32\USBPort.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@={E4000AC4-5E5F-4956-807A-C5854405D64F}

[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2008-03-22 09:02 73728 --a------ C:\Program Files\Sony Corporation\VirtualExpander\VEShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"Acer Tour Reminder"="" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-21 12:59 171448]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 20:43 95800]
"Piratrax"="C:\Program Files\Piratrax\piratrax.exe" [2008-02-21 10:31 3463680]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-02 13:34 1004136]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 02:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 02:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 02:02 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 08:38 4390912 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 04:00 815104]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
"Acer Tour"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 05:33 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 05:30 22696]
"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 18:40 13312]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-08 13:35 614400]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-17 08:01 151552]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 02:48 275800]
"VX3000"="C:\Windows\vVX3000.exe" [2006-12-06 00:38 707360]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-02 17:59 106496]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-24 23:06 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]

C:\Users\mariajose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
VirtualExpander.lnk - C:\Users\mariajose\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe [2008-01-23 10:03:53 474808]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-03-27 12:53:59 528384]
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2008-01-03 18:28:08 1392640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Security Tool"= WinSecure.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{33E4AD5A-0D1E-4552-9E61-1BC120999AE1}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{D52FE3E9-C6D6-4E0D-88E8-646134DC2F54}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{984A92F8-4B63-4795-A094-E07569EF5B2E}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\MagicDirector.exe:CyberLink MagicDirector
"{C332BCF8-C1B2-445A-A7EC-DE306F509BDE}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\PowerDV.exe:CyberLink PowerDV
"{B8CB0604-E1FA-4B1C-8240-42D5A1AD71BC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{93A7CCE9-D57B-4A93-891E-185F3644F87C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{96D8EF61-3BCD-471A-A763-19C40BE217C3}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{F55E5589-4553-4913-BB7C-F2F01ECFF984}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{9192A714-664F-4D2A-AD21-D55E72B572AD}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{54A7BD7E-6832-490E-B3A2-9C721F314FD3}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{B0429827-DA2A-4038-97B9-CDFD525C4B8D}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{268B1339-6633-4F79-A99B-C2E020B72C39}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{E39E8711-051D-48C7-A3EC-22356BA2B0BC}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{2F20B8F5-454D-44BB-91C2-CAD1241E5A92}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{89D8A9A4-7726-4203-8C2C-2561DB78ADDD}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1C19F45A-FF66-43DA-8379-C6FD92F0E4B5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0056D6E8-A822-4FBC-A25C-7887B3619474}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{9160DF3F-1AC2-417F-AA5D-BF8DAA00943A}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{4443CB74-D0EC-4628-BF0C-391D95C245D6}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{3DF6E298-F158-4960-9671-0B04172A5FF9}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{003FB132-DB65-4C3F-A3CE-25A7DDF4DC01}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{26AE01BF-D018-438A-98BA-3FC878EB1422}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{40AE951A-F6A4-4F20-BD3E-BBB2E7F48254}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{BF34B8FC-F3C3-4446-9ED1-6C06517158B4}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{CE137CD6-967A-4AFB-9F3A-462243988503}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{C5165BFA-C8C1-46F2-B3E7-EDC00999D683}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 17:18]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 19:07]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-04-24 19:17]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 23:13]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 08:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 01:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 03:29]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 05:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb684c2d-ad97-11dc-82b0-806e6f6e6963}]
\shell\AutoRun\command - E:\AUTORUN.EXE

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-21 21:17:29 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - mariajose.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2008-03-21 21:04:32 C:\Windows\Tasks\User_Feed_Synchronization-{54F5BB1E-258E-4285-86DE-AE544FA29283}.job"
- C:\Windows\system32\msfeedssync.exe
"2007-12-20 11:55:11 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 09:18:16
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-22 9:18:59
ComboFix-quarantined-files.txt 2008-03-22 08:18:54
.
2008-03-12 21:33:59 --- E O F ---
tayson
 
Messages: 46
Inscription: 22 Jan 2008 20:29

Re: probleme, au demarrage????

Messagepar Falkra » 22 Mar 2008 09:58

:!: Je te conseille de désinstaller Piratrax (par ajout/suppression de programmes), ce programme est douteux, on te trouvera des équivalents (gratuits bien sûr), si besoin.


    Crée un fichier texte nommé CFScript.txt
    Double clique pour l'ouvrir, et copie colle ceci dedans :

File::
C:\Windows\System32\WinSecure.exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Security Tool"=-



:arrow: Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
Image
  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Poste également (juste après) un nouveau rapport HijackThis.
Il faudra réactiver l'UAC, mais chaque chose en son temps.

@ toute
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Problème au démarrage ???

Messagepar tayson » 22 Mar 2008 10:36

ComboFix 08-03-21.2 - mariajose 2008-03-22 10:21:34.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.248 [GMT 1:00]
Endroit: C:\Users\mariajose\Desktop\ComboFix.exe
Command switches used :: C:\Users\mariajose\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Windows\System32\WinSecure.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\WinSecure.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))))))
.

2008-03-21 09:36 . 2008-03-21 16:14 5,196 --a------ C:\Windows\System32\PerfStringBackup.TMP
2008-03-19 16:47 . 2008-03-22 09:04 37,888 --a------ C:\Windows\System32\rar.exe
2008-03-19 16:07 . 2008-03-19 16:07 <REP> d-------- C:\Program Files\Safari
2008-03-17 16:37 . 2008-03-17 16:37 <REP> d-------- C:\Program Files\eMule
2008-03-16 19:55 . 2008-03-16 19:55 <REP> d-------- C:\Program Files\Micro Application
2008-03-16 19:55 . 2008-03-16 20:00 40 --a------ C:\Windows\NAVIGMA.INI
2008-03-15 11:03 . 2007-12-04 17:10 16,640 --a------ C:\Windows\System32\drivers\PalmUSBD.sys
2008-03-15 11:02 . 2008-03-15 11:02 <REP> d-------- C:\Users\mariajose\AppData\Roaming\Arcsoft
2008-03-15 11:01 . 2008-03-15 11:01 <REP> d-------- C:\Users\mariajose\AppData\Roaming\HotSync
2008-03-15 11:01 . 2008-03-15 11:01 <REP> d-------- C:\Users\All Users\HotSync
2008-03-15 11:01 . 2008-03-15 11:01 <REP> d-------- C:\ProgramData\HotSync
2008-03-15 11:00 . 2008-03-21 23:02 <REP> d-------- C:\Program Files\Palm
2008-03-09 19:07 . 2008-03-09 19:09 28 --a------ C:\Windows\wazpnmp.sys
2008-03-08 12:02 . 2008-03-08 12:02 104,608 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT
2008-03-07 13:40 . 2008-03-07 13:40 13,035 --a------ C:\Windows\System32\drivers\SymRedir.cat
2008-03-07 13:40 . 2008-03-07 13:40 1,358 --a------ C:\Windows\System32\drivers\SymRedir.inf
2008-03-07 13:39 . 2008-03-07 13:39 191,536 --a------ C:\Windows\System32\drivers\symtdi.sys
2008-03-07 13:39 . 2008-03-07 13:39 145,968 --a------ C:\Windows\System32\drivers\symfw.sys
2008-03-07 13:39 . 2008-03-07 13:39 39,984 --a------ C:\Windows\System32\drivers\symids.sys
2008-03-07 13:39 . 2008-03-07 13:39 37,936 --a------ C:\Windows\System32\drivers\symndisv.sys
2008-03-07 13:39 . 2008-03-07 13:39 27,696 --a------ C:\Windows\System32\drivers\symredrv.sys
2008-03-07 13:39 . 2008-03-07 13:39 12,848 --a------ C:\Windows\System32\drivers\symdns.sys
2008-03-03 23:20 . 2003-03-18 21:20 1,060,864 --a------ C:\Windows\System32\MFC71.dll
2008-03-03 23:20 . 1998-06-16 23:00 516,173 --a------ C:\Windows\System32\MSVCP60D.DLL
2008-03-03 23:20 . 1998-06-16 23:00 385,100 --a------ C:\Windows\System32\MSVCRTD.DLL
2008-03-03 23:20 . 2000-11-29 02:07 307,200 --a------ C:\Windows\System32\msvcr70.dll
2008-03-03 23:20 . 2003-08-07 15:01 237,568 --a------ C:\Windows\System32\lame_enc.dll
2008-03-03 15:40 . 2008-03-22 09:02 54,156 --ah----- C:\Windows\QTFont.qfn
2008-03-03 15:40 . 2008-03-07 20:07 1,409 --a------ C:\Windows\QTFont.for
2008-03-02 20:44 . 1998-06-24 00:00 164,144 --a------ C:\Windows\System32\COMCT232.OCX
2008-03-02 20:43 . 2008-03-03 23:20 <REP> d-------- C:\Program Files\Free Audio Pack
2008-03-02 20:25 . 2008-03-03 15:32 <REP> d-------- C:\audiograbber
2008-03-02 19:52 . 2008-03-02 20:40 204 --a------ C:\Windows\CDPlayer.ini
2008-03-02 18:50 . 2008-03-02 18:50 <REP> d-------- C:\Users\mariajose\AppData\Roaming\CyberLink
2008-03-01 20:22 . 2008-03-19 17:04 <REP> d-------- C:\Users\mariajose\AppData\Roaming\Apple Computer
2008-03-01 20:22 . 2008-03-03 15:37 <REP> d-------- C:\Program Files\iPod
2008-03-01 20:21 . 2008-03-03 15:38 <REP> d-------- C:\Program Files\iTunes
2008-03-01 20:19 . 2008-03-01 20:21 <REP> d-------- C:\Users\All Users\Apple Computer
2008-03-01 20:19 . 2008-03-01 20:21 <REP> d-------- C:\ProgramData\Apple Computer
2008-03-01 20:19 . 2008-03-01 20:19 <REP> d-------- C:\Program Files\QuickTime
2008-03-01 09:59 . 2008-03-01 09:59 244 --ah----- C:\sqmnoopt01.sqm
2008-03-01 09:59 . 2008-03-01 09:59 232 --ah----- C:\sqmdata01.sqm
2008-02-28 20:47 . 2008-02-28 20:47 <REP> d-------- C:\Users\mariajose\AppData\Roaming\LGSync
2008-02-28 20:44 . 2008-02-28 20:44 <REP> d-------- C:\Program Files\LG Electronics
2008-02-28 20:43 . 2008-02-28 20:44 <REP> d-------- C:\Program Files\LGE GSM PC Sync
2008-02-28 20:43 . 2004-09-16 11:31 1,703,936 --a------ C:\Windows\System32\gdiplus.dll
2008-02-28 20:43 . 2005-09-26 22:55 419,240 --a------ C:\Windows\System32\Vsflex7L.ocx
2008-02-28 20:43 . 2000-05-22 00:00 244,416 --a------ C:\Windows\System32\Msflxgrd.ocx
2008-02-28 20:43 . 2005-10-04 10:39 44,544 --a------ C:\Windows\System32\msxml4a.dll
2008-02-28 20:43 . 2005-06-28 22:12 36,864 --a------ C:\Windows\System32\CSDLGE1LIB.dll
2008-02-24 23:07 . 2008-02-24 23:07 <REP> d-------- C:\Program Files\Common Files\xing shared
2008-02-22 19:58 . 2008-02-22 19:59 <REP> d-------- C:\Users\mariajose\AppData\Roaming\App Launcher Gadget
2008-02-22 19:17 . 2008-02-22 19:17 <REP> d-------- C:\Users\All Users\Emjysoft
2008-02-22 19:17 . 2008-02-22 19:17 <REP> d-------- C:\ProgramData\Emjysoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 09:11 --------- d-----w C:\Program Files\Piratrax
2008-03-22 08:05 --------- d---a-w C:\ProgramData\TEMP
2008-03-21 22:02 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-21 22:02 --------- d-----w C:\Program Files\Picasa2
2008-03-21 22:02 --------- d-----w C:\Program Files\Microsoft Works
2008-03-21 22:02 --------- d-----w C:\Program Files\Google
2008-03-21 22:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-20 07:31 --------- d-----w C:\Users\mariajose\AppData\Roaming\LimeWire
2008-03-17 21:34 --------- d-----w C:\ProgramData\Symantec
2008-03-17 20:46 --------- d-----w C:\ProgramData\WLInstaller
2008-03-17 15:37 --------- d-----w C:\ProgramData\eMule
2008-03-14 10:30 --------- d-----w C:\Program Files\Java
2008-03-08 10:49 --------- d-----w C:\Program Files\MSBuild
2008-03-03 14:33 --------- d-----w C:\Program Files\worldTVRT
2008-03-03 14:33 --------- d-----w C:\Program Files\RegCleaner
2008-03-03 14:33 --------- d-----w C:\Program Files\Macrogaming
2008-02-28 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-24 22:07 --------- d-----w C:\Program Files\Common Files\Real
2008-02-20 19:31 --------- d-----w C:\Program Files\OLYMPUS
2008-02-19 21:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 21:17 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-19 20:38 --------- d-----w C:\Users\mariajose\AppData\Roaming\Download Manager
2008-02-18 15:36 --------- d-----w C:\Users\mariajose\AppData\Roaming\Nokia
2008-02-18 14:22 --------- d-----w C:\Program Files\LimeWire
2008-02-18 10:14 --------- d-----w C:\Program Files\Common Files\Java
2008-02-17 23:40 --------- d-----w C:\Users\mariajose\AppData\Roaming\vlc
2008-02-17 23:40 --------- d-----w C:\Program Files\adslTV
2008-02-17 22:18 --------- d-----w C:\Program Files\Zattoo
2008-02-15 20:43 --------- d-----w C:\Program Files\CCleaner
2008-02-15 19:55 --------- d-----w C:\Program Files\ToniArts
2008-02-15 11:18 --------- d-----w C:\Users\mariajose\AppData\Roaming\Corel Photo Album
2008-02-14 09:32 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 09:32 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 09:22 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 09:22 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 09:22 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 09:22 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 09:22 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 09:11 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 09:11 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 09:11 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 09:11 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 16:28 --------- d-----w C:\Program Files\Corel
2008-02-12 16:19 --------- d-----w C:\Users\mariajose\AppData\Roaming\Corel
2008-02-12 16:18 --------- d-----w C:\Program Files\Common Files\Corel
2008-02-12 15:43 --------- d-----w C:\Users\mariajose\AppData\Roaming\PC Suite
2008-02-12 15:42 --------- d-----w C:\ProgramData\PC Suite
2008-02-12 15:42 --------- d-----w C:\Program Files\DIFX
2008-02-12 15:03 --------- d-----w C:\ProgramData\Downloaded Installations
2008-02-12 14:58 --------- d-----w C:\ProgramData\Installations
2008-02-10 16:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-09 14:47 --------- d-----w C:\Program Files\DreamMail4
2008-02-03 17:46 --------- d-----w C:\ProgramData\IM
2008-02-03 17:45 --------- d-----w C:\Program Files\IncrediMail
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-02-01 10:10 --------- d-----w C:\Program Files\Norton Internet Security
2008-01-23 09:04 --------- d-----w C:\Program Files\Sony Corporation
2008-01-09 21:57 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-04 14:55 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-01-03 17:19 53,248 ----a-r C:\Windows\System32\USBPort.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-03-22_ 9.18.36.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-22 08:00:49 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-22 09:11:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-22 08:00:49 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-22 09:11:58 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-22 08:00:49 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-22 09:11:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@={E4000AC4-5E5F-4956-807A-C5854405D64F}

[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2008-03-22 09:02 73728 --a------ C:\Program Files\Sony Corporation\VirtualExpander\VEShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"Acer Tour Reminder"="" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-21 12:59 171448]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 20:43 95800]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-02 13:34 1004136]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 02:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 02:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 02:02 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 08:38 4390912 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 04:00 815104]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
"Acer Tour"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 05:33 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 05:30 22696]
"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 18:40 13312]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-08 13:35 614400]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-17 08:01 151552]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 02:48 275800]
"VX3000"="C:\Windows\vVX3000.exe" [2006-12-06 00:38 707360]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-02 17:59 106496]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-24 23:06 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]

C:\Users\mariajose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
VirtualExpander.lnk - C:\Users\mariajose\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe [2008-01-23 10:03:53 474808]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-03-27 12:53:59 528384]
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2008-01-03 18:28:08 1392640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{33E4AD5A-0D1E-4552-9E61-1BC120999AE1}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{D52FE3E9-C6D6-4E0D-88E8-646134DC2F54}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{984A92F8-4B63-4795-A094-E07569EF5B2E}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\MagicDirector.exe:CyberLink MagicDirector
"{C332BCF8-C1B2-445A-A7EC-DE306F509BDE}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\PowerDV.exe:CyberLink PowerDV
"{B8CB0604-E1FA-4B1C-8240-42D5A1AD71BC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{93A7CCE9-D57B-4A93-891E-185F3644F87C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{96D8EF61-3BCD-471A-A763-19C40BE217C3}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{F55E5589-4553-4913-BB7C-F2F01ECFF984}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{9192A714-664F-4D2A-AD21-D55E72B572AD}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{54A7BD7E-6832-490E-B3A2-9C721F314FD3}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{B0429827-DA2A-4038-97B9-CDFD525C4B8D}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{268B1339-6633-4F79-A99B-C2E020B72C39}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{E39E8711-051D-48C7-A3EC-22356BA2B0BC}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{2F20B8F5-454D-44BB-91C2-CAD1241E5A92}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{89D8A9A4-7726-4203-8C2C-2561DB78ADDD}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1C19F45A-FF66-43DA-8379-C6FD92F0E4B5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0056D6E8-A822-4FBC-A25C-7887B3619474}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{9160DF3F-1AC2-417F-AA5D-BF8DAA00943A}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{4443CB74-D0EC-4628-BF0C-391D95C245D6}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{3DF6E298-F158-4960-9671-0B04172A5FF9}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{003FB132-DB65-4C3F-A3CE-25A7DDF4DC01}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{26AE01BF-D018-438A-98BA-3FC878EB1422}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{40AE951A-F6A4-4F20-BD3E-BBB2E7F48254}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{BF34B8FC-F3C3-4446-9ED1-6C06517158B4}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{CE137CD6-967A-4AFB-9F3A-462243988503}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{C5165BFA-C8C1-46F2-B3E7-EDC00999D683}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 17:18]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 19:07]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-04-24 19:17]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 23:13]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 08:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 01:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 03:29]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 05:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb684c2d-ad97-11dc-82b0-806e6f6e6963}]
\shell\AutoRun\command - E:\AUTORUN.EXE

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-21 21:17:29 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - mariajose.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2008-03-21 21:04:32 C:\Windows\Tasks\User_Feed_Synchronization-{54F5BB1E-258E-4285-86DE-AE544FA29283}.job"
- C:\Windows\system32\msfeedssync.exe
"2007-12-20 11:55:11 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 10:24:10
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-22 10:24:50
ComboFix-quarantined-files.txt 2008-03-22 09:24:46
ComboFix2.txt 2008-03-22 08:18:59
.
2008-03-12 21:33:59 --- E O F ---
tayson
 
Messages: 46
Inscription: 22 Jan 2008 20:29

Re: Problème au démarrage ???

Messagepar tayson » 22 Mar 2008 10:37

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:03, on 22.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\EDSMSNFIX.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\vVX3000.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Palm\Hotsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Sony Corporation\VirtualExpander\VirtualExpander.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\mariajose\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: VirtualExpander.lnk = C:\Users\mariajose\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8355408-E9C6-47BF-BAC6-0EE3A73BAE41}: NameServer = 195.186.1.111,195.186.4.111
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12324 bytes
tayson
 
Messages: 46
Inscription: 22 Jan 2008 20:29

Re: Problème au démarrage ???

Messagepar Falkra » 22 Mar 2008 13:59

Bien bien, le système est propre.

Si tu as encore des symptômes après un redémarrage, n'hésite pas à poster.

Il faut réactiver l'UAC :
* Démarrer > Panneau de Configuration
* Double clique sur l'icône Comptes d'utilisateurs
* Clique ensuite sur activer et valide.

Tes deux infections s'attrapent par de faux programmes de sécurité et des toolbars. Méfie toi de ce que tu télécharges ou installes.
Voiic un récapitulatif de conseils pour éviter les infections :
http://www.libellules.ch/phpBB2/prevention-comment-eviter-bien-des-infections-t24540.html
Concernant spécifiquement les toolbars, parfois installées par des programmes :
http://www.libellules.ch/opt_out.php

N'hésite pas à poser des questions.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Problème au démarrage ???

Messagepar tayson » 22 Mar 2008 18:09

merci, pour toute ton aide!!!
j'ai demarre l'ordinateur et Tout fonctionne bien.
Merci encore :supers: :merci
tayson
 
Messages: 46
Inscription: 22 Jan 2008 20:29

Re: Problème au démarrage ???

Messagepar Falkra » 22 Mar 2008 18:13

Super. :-D

Peux-tu marquer [résolu] ? (pour ça édite le premier post, tu pourras changer le titre, en haut de page).

Je transfererai le sujet vers la section sécurité du forum après ça.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1


Retourner vers Windows 8

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 1 invité
cron