Aller au contenu

crasyo

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    3

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    français, un peu anglais

crasyo's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. crasyo
    Bonjour et encore merci. Il n'y avait ni antivirus ni firewall car l'ordi n'était pas connecté et je voulais voir si c'était ça qui ralentissait puis installer à neuf et à jour ce qu'il fallait avant de reconnecter). (j'utilisais mon propre ordi avec ma clé usb pour transmettre). En regardant tout ça, j'ai remarqué que l'un des disques dur n'apparaissait pas. Alors j'ai tout démonté et.... un connecteur électrique était à moitié défait (vibrations, ventilateur, déménagement....). Depuis, tout va très très bien ! l'ordi devait passer son temps à essayer de se brancher avec le disque dur... Désolée de vous avoir dérangés pour ça. Mais si cela peut aider ! Je n'ai pas cherché comment dire "résolu" sur ce forum, si je ne trouve pas, pourrez vous le faire. Bonne continuation
  2. crasyo
    Bonjour et pardon pour mon impolitesse, je débute mal... C'est un de mes collègues qui m'a dit de le faire mais d'aller ensuite sur votre forum pour demander conseil. J'aurais du inverser les choses... Encore toutes mes excuses, je vais suivre votre conseil. Merci : Voici log.txt : Logfile of random's system information tool 1.07 (written by random/random) Run by Guy de Dreuille at 2010-06-03 12:12:09 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 18 GB (65%) free of 28 GB Total RAM: 2047 MB (76% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:12:24, on 03/06/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxcrcoms.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Linksys\WUSB54GC\WifiSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Linksys\WUSB54GC\WUSB54GC.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Guy de Dreuille\Bureau\RSIT.exe C:\Program Files\trend micro\Guy de Dreuille.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symplisit.com/links/en/buydrvmgc203.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB54GC\WUSB54GC.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Administration IIS (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe O23 - Service: Service SNMP (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Publication World Wide Web (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: WUSB54GC - Unknown owner - C:\Program Files\Linksys\WUSB54GC\WifiSvc.exe -- End of file - 6119 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2002-02-05 46592] "SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-02-18 248040] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe Wireless Network Monitor.lnk - C:\Program Files\Linksys\WUSB54GC\WUSB54GC.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2006-03-02 240128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\WINDOWS\System32\LXCRCOMS.EXE"="C:\WINDOWS\System32\LXCRCOMS.EXE:*:Enabled:Lexmark Communications System" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-06-03 12:12:10 ----D---- C:\Program Files\trend micro 2010-06-03 12:12:09 ----D---- C:\rsit 2010-06-03 11:58:53 ----SHD---- C:\Recycled 2010-06-03 10:47:50 ----SHD---- C:\Config.Msi 2010-06-03 10:23:47 ----A---- C:\ComboFix.txt 2010-06-03 09:41:18 ----A---- C:\Boot.bak 2010-06-03 09:41:15 ----RASHD---- C:\cmdcons 2010-06-03 09:39:31 ----A---- C:\WINDOWS\zip.exe 2010-06-03 09:39:31 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-06-03 09:39:31 ----A---- C:\WINDOWS\SWSC.exe 2010-06-03 09:39:31 ----A---- C:\WINDOWS\SWREG.exe 2010-06-03 09:39:31 ----A---- C:\WINDOWS\sed.exe 2010-06-03 09:39:31 ----A---- C:\WINDOWS\PEV.exe 2010-06-03 09:39:31 ----A---- C:\WINDOWS\NIRCMD.exe 2010-06-03 09:39:31 ----A---- C:\WINDOWS\MBR.exe 2010-06-03 09:39:31 ----A---- C:\WINDOWS\grep.exe 2010-06-03 09:28:36 ----D---- C:\WINDOWS\ERDNT 2010-06-03 09:27:09 ----D---- C:\Qoobox 2010-05-09 18:32:49 ----D---- C:\Documents and Settings\All Users\Application Data\Sun 2010-05-09 18:29:08 ----A---- C:\WINDOWS\system32\javaws.exe 2010-05-09 18:29:08 ----A---- C:\WINDOWS\system32\javaw.exe 2010-05-09 18:29:08 ----A---- C:\WINDOWS\system32\java.exe 2010-05-09 18:29:08 ----A---- C:\WINDOWS\system32\deployJava1.dll ======List of files/folders modified in the last 1 months====== 2010-06-03 11:15:04 ----A---- C:\WINDOWS\RTacDbg.txt 2010-06-03 11:13:30 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-06-03 10:22:18 ----A---- C:\WINDOWS\system.ini 2010-06-03 09:41:20 ----RASH---- C:\boot.ini 2010-05-06 09:56:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-05-05 15:07:00 ----A---- C:\WINDOWS\avrack.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2006-03-02 41600] R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2006-03-02 223616] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-03-11 21035] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244] R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144] R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-02-04 278908] R3 AN983;Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X; C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 36224] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-02 9600] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] R3 RTL8187B;Linksys WUSB54GC Compact Wireless-G USB Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2008-06-26 335104] R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2006-03-02 12416] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-03-02 31616] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-02 20480] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848] S3 AgereSoftModem;Olitec Speed'Com USB V92 Ready; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-03-07 2410076] S3 catchme;catchme; \??\C:\DOCUME~1\GUYDED~1\LOCALS~1\Temp\catchme.sys [] S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS [] S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] S3 viafilter;VIA USB Filter; C:\WINDOWS\System32\Drivers\viausb1.sys [2001-09-19 9728] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336] R2 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2006-03-02 15872] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376] R2 lxcr_device;lxcr_device; C:\WINDOWS\system32\lxcrcoms.exe [2006-12-11 537520] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 SimpTcp;Services TCP/IP simplifiés; C:\WINDOWS\system32\tcpsvcs.exe [2006-03-02 19456] R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2006-03-02 15872] R2 SNMP;Service SNMP; C:\WINDOWS\System32\snmp.exe [2006-03-02 32768] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] R2 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2006-03-02 15872] R2 WUSB54GC;WUSB54GC; C:\Program Files\Linksys\WUSB54GC\WifiSvc.exe [2008-10-13 266240] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-21 68096] S3 Ntiosxxmpbia;Ntiosxxmpbia; C:\WINDOWS\system32\drivers\sffdisk.sys [2006-03-02 11136] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 p2pgasvc;Authentification de groupe réseau homologue; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336] S3 p2pimsvc;Gestionnaire d'identité réseau homologue; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336] S3 p2psvc;Réseau homologue; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336] S3 PNRPSvc;Protocole de résolution de noms d'homologues; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336] S3 SNMPTRAP;Service d'interruption SNMP; C:\WINDOWS\System32\snmptrap.exe [2006-03-02 8704] -----------------EOF----------------- puis info.txt : info.txt logfile of random's system information tool 1.06 2010-06-03 12:12:26 ======Uninstall list====== -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.57-->MsiExec.exe /I{23170F69-40C1-2701-0457-000001000000} Acrobat.com-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07} Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Avance AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Driver Genius Professional Edition-->"C:\Program Files\Driver-Soft\DriverGenius\unins000.exe" Easy Thumbnails (Remove only)-->"C:\Program Files\Easy Thumbnails\unins000.exe" Helix YUV Codecs (remove only)-->"C:\WINDOWS\system32\uninstHelixYUV.exe" Java 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Lexmark 2400 Series-->C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe Maple 12-->"C:\Program Files\Maple 12\Uninstall_Maple 12\Uninstall Maple 12.exe" MatroskaProp (remove only)-->C:\Program Files\MatroskaProp\MatroskaProp-uninstall.exe Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MRT Codecs Pack-->C:\Program Files\MRT Codecs Pack\Uninstall.exe Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID="" Olitec Speed'Com USB V92 Ready-->agrsmdel OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33} Safari-->MsiExec.exe /I{0A9C92A5-D27F-4BD9-9DB9-0EFD8C681E29} TomTom HOME 2.7.3.1894-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe VP6 VFW Codec-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A23866A0-738B-4091-9924-0B0DE3988A15}\Setup.exe" -l0x9 WUSB54GC-->C:\Program Files\InstallShield Installation Information\{085142A7-B777-4024-AE9C-AB97C81D6AB1}\setup.exe -runfromtemp -l0x040c -removeonly XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe" ======System event log====== Computer Name: GUY Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI. Record Number: 10092 Source Name: Service Control Manager Time Written: 20100520133415.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: GUY Event Code: 7036 Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté. Record Number: 10091 Source Name: Service Control Manager Time Written: 20100520133406.000000+120 Event Type: Informations User: Computer Name: GUY Event Code: 7036 Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution. Record Number: 10090 Source Name: Service Control Manager Time Written: 20100520133356.000000+120 Event Type: Informations User: Computer Name: GUY Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI. Record Number: 10089 Source Name: Service Control Manager Time Written: 20100520133356.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: GUY Event Code: 7036 Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté. Record Number: 10088 Source Name: Service Control Manager Time Written: 20100520133354.000000+120 Event Type: Informations User: =====Application event log===== Computer Name: GUY Event Code: 4137 Message: CI a démarré pour le catalogue c:\system volume information\catalog.wci. Record Number: 6790 Source Name: Ci Time Written: 20100516072417.000000+120 Event Type: Informations User: Computer Name: GUY Event Code: 102 Message: wuaueng.dll (2504) SUS20ClientDataStore: Le moteur de base de données a démarré une nouvelle instance (0). Record Number: 6789 Source Name: ESENT Time Written: 20100516071945.000000+120 Event Type: Informations User: Computer Name: GUY Event Code: 100 Message: wuauclt (2504) Le moteur de base de données 5.01.2600.2180 est démarré. Record Number: 6788 Source Name: ESENT Time Written: 20100516071945.000000+120 Event Type: Informations User: Computer Name: GUY Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 6787 Source Name: SecurityCenter Time Written: 20100516071858.000000+120 Event Type: Informations User: Computer Name: GUY Event Code: 1015 Message: Le paramètre TraceLevel ne se trouve pas dans le Registre. La niveau de suivi utilisé par défaut est 32. Record Number: 6786 Source Name: EvntAgnt Time Written: 20100516071855.000000+120 Event Type: Avertissement User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\watcom-1.3\binnt;C:\watcom-1.3\binw "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=0602 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "KMP_DUPLICATE_LIB_OK"=TRUE "WATCOM"=C:\watcom-1.3 -----------------EOF----------------- Encore toutes mes excuses !
  3. crasyo
    Voilà mon rapport, j'en fais quoi ? Merci ComboFix 10-06-02.03 - Guy de Dreuille 03/06/2010 10:18:20.2.1 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2047.1723 [GMT 2:00] Lancé depuis: c:\documents and settings\Guy de Dreuille\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-03 au 2010-06-03 )))))))))))))))))))))))))))))))))))) . 2010-05-23 15:56 . 2010-05-23 15:56 503808 ----a-w- c:\documents and settings\Guy de Dreuille\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31bca62b-n\msvcp71.dll 2010-05-23 15:56 . 2010-05-23 15:56 499712 ----a-w- c:\documents and settings\Guy de Dreuille\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31bca62b-n\jmc.dll 2010-05-23 15:56 . 2010-05-23 15:56 348160 ----a-w- c:\documents and settings\Guy de Dreuille\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31bca62b-n\msvcr71.dll 2010-05-23 15:56 . 2010-05-23 15:56 61440 ----a-w- c:\documents and settings\Guy de Dreuille\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-25ba8ce0-n\decora-sse.dll 2010-05-23 15:56 . 2010-05-23 15:56 12800 ----a-w- c:\documents and settings\Guy de Dreuille\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-25ba8ce0-n\decora-d3d.dll 2010-05-09 16:29 . 2010-05-09 16:30 503808 ----a-w- c:\documents and settings\Guy de Dreuille\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-68da1376-n\msvcp71.dll 2010-05-09 16:29 . 2010-05-09 16:30 499712 ----a-w- c:\documents and settings\Guy de Dreuille\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-68da1376-n\jmc.dll 2010-05-09 16:29 . 2010-05-09 16:30 348160 ----a-w- c:\documents and settings\Guy de Dreuille\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-68da1376-n\msvcr71.dll 2010-05-09 16:29 . 2010-05-09 16:29 61440 ----a-w- c:\documents and settings\Guy de Dreuille\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-32b2ad52-n\decora-sse.dll 2010-05-09 16:29 . 2010-05-09 16:29 12800 ----a-w- c:\documents and settings\Guy de Dreuille\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-32b2ad52-n\decora-d3d.dll 2010-05-09 16:29 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-02 19:53 . 2009-03-25 16:42 1 ----a-w- c:\documents and settings\Guy de Dreuille\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-05-06 07:56 . 2006-03-02 10:00 70262 ----a-w- c:\windows\system32\perfc00C.dat 2010-05-06 07:56 . 2006-03-02 10:00 424888 ----a-w- c:\windows\system32\perfh00C.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SoundMan"="SOUNDMAN.EXE" [2002-02-05 46592] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360] c:\documents and settings\All Users\Menu Dmarrer\Programmes\Dmarrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-9-21 113664] Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB54GC\WUSB54GC.exe [2009-3-11 8257536] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\System32\\LXCRCOMS.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Groupement homologue Windows "3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol) "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [11/03/2009 16:29 38144] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008] R2 WUSB54GC;WUSB54GC;c:\program files\Linksys\WUSB54GC\WifiSvc.exe [11/03/2009 16:29 266240] R3 RTL8187B;Linksys WUSB54GC Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [11/03/2009 16:29 335104] S3 Ntiosxxmpbia;Ntiosxxmpbia;c:\windows\system32\drivers\sffdisk.sys [02/03/2006 12:00 11136] S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [05/10/2008 11:50 9728] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . . ------- Examen supplémentaire ------- . uStart Page = hxxp://gmail.com/ uInternet Connection Wizard,ShellNext = hxxp://www.symplisit.com/links/en/buydrvmgc203.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Guy de Dreuille\Application Data\Mozilla\Firefox\Profiles\73l6bbao.default\ FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/ FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-03 10:22 Windows 5.1.2600 Service Pack 2 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2010-06-03 10:23:46 ComboFix-quarantined-files.txt 2010-06-03 08:23 ComboFix2.txt 2010-06-03 07:48 Avant-CF: 18 672 631 808 octets libres Après-CF: 18 640 093 184 octets libres - - End Of File - - 7B61A31D2A459DFFCC0E11D53D6A83C8 J'ai oublié de préciser que j'ai fait cela car mon ordinateur est devenu extrêmement LENT. Merci.
×
×
  • Créer...