> Tous les forums > Forum Sécurité
 Ouverture intempestive de Firefox
Ajouter un message à la discussion
Page : [1] 
Page 1 sur 1
ArashinoMelu
  Posté le 07/09/2010 @ 10:42 
Aller en bas de la page 
Nouvelle astucienne

Bonjour,

Depuis Vendredi Dernier j'ai firefox qui s'ouvre tout seul sur ce site http://scache.regiedepub.com. Avant de venir vous voir, J'ai fait un antivirus, spybot et ils n'ont rien trouvé, j'avoue ne pas savoir quoi faire. Pour information, j'ai telechargé GMIP le jeudi matin.

Mon rapport RTIS est le suivant :

Logfile of random's system information tool 1.08 (written by random/random)
Run by maknin at 2010-09-06 18:48:53
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (57%) free of 50 GB
Total RAM: 1015 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:49:23, on 06/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINNT\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\WINNT\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Tuto4pc\tuto4pc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\maknin\Desktop\RSIT.exe
C:\Program Files\trend micro\maknin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imperial.ac.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Imperial College
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: T4PCBHO - {AB720781-0670-4e46-B82E-376AEF228F25} - C:\Program Files\Tuto4pc\Tuto4pcBHO.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O3 - Toolbar: Copernic Desktop Search - Home - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search - Home\DesktopSearchBand300000074.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Tuto4pc] "C:\Program Files\Tuto4pc\tuto4pc.exe"
O4 - HKLM\..\Run: [UpdateTuto4PCHP] C:\Documents and Settings\maknin\Application Data\PCtuto\SoftwareUpdate\UpdateTuto4PCHP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
O4 - Startup: Microsoft Office Outlook 2007.lnk = ?
O4 - Global Startup: iTunes (2).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.imperial.ac.uk/
O16 - DPF: {64A6114F-2976-4634-BE36-134BF84D369C} (eWebEditProLibCtl4.eWebEditPro) - https://www3.imperial.ac.uk/eWebEditPro/ewebeditpro4.cab
O16 - DPF: {CAFECAFE-0013-0001-0023-ABCDEFABCDEF} (JInitiator 1.3.1.23) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ic.ac.uk
O17 - HKLM\Software\..\Telephony: DomainName = ic.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ic.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ic.ac.uk
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 11242 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
C:\WINNT\tasks\Nightly maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB720781-0670-4e46-B82E-376AEF228F25}]
T4PCBHO Class - C:\Program Files\Tuto4pc\Tuto4pcBHO.dll [2010-08-04 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll [2010-01-08 1109504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]
{968631B6-4729-440D-9BF4-251F5593EC9A} - Copernic Desktop Search - Home - C:\Program Files\Copernic Desktop Search - Home\DesktopSearchBand300000074.dll [2008-08-28 995328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINNT\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"PHIME2002ASync"=C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"IgfxTray"=C:\WINNT\system32\igfxtray.exe [2007-06-13 142104]
"HotKeysCmds"=C:\WINNT\system32\hkcmd.exe [2007-06-13 162584]
"Persistence"=C:\WINNT\system32\igfxpers.exe [2007-06-13 138008]
"RTHDCPL"=C:\WINNT\RTHDCPL.EXE [2009-07-02 18665472]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-07-12 180224]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2009-07-03 115560]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2010-01-08 974848]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Tuto4pc"=C:\Program Files\Tuto4pc\tuto4pc.exe [2010-07-16 966656]
"UpdateTuto4PCHP"=C:\Documents and Settings\maknin\Application Data\PCtuto\SoftwareUpdate\UpdateTuto4PCHP.exe []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-09-01 421160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Copernic Desktop Search - Home"=C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe [2008-08-28 1520640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
iTunes (2).lnk - C:\WINNT\Installer\{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}\iTunesIco.exe

C:\Documents and Settings\maknin\Start Menu\Programs\Startup
Microsoft Office Outlook 2007.lnk - C:\WINNT\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxdev.dll [2007-06-05 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLogonScripts"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceStartMenuLogOff"=1
"NoSMConfigurePrograms"=1
"ForceRunOnStartMenu"=1
"RestrictWelcomeCenter"=1
"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWelcomeScreen"=1
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=181

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

======File associations======

.scr - open - "C:\Program Files\Internet Explorer\Iexplore.exe" %1

======List of files/folders created in the last 3 months======
Publicité
ArashinoMelu
 Posté le 07/09/2010 à 10:43 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvelle astucienne

======List of files/folders modified in the last 3 months======

2010-07-27 07:30:35 ----A---- C:\WINNT\system32\shell32.dll
2010-07-13 17:12:52 ----A---- C:\WINNT\system.ini
2010-07-12 19:20:04 ----A---- C:\WINNT\win.ini
2010-07-12 18:27:00 ----ASH---- C:\WINNT\fonts\desktop.ini
2010-07-12 18:21:06 ----ASH---- C:\boot.ini
2010-06-30 13:31:35 ----A---- C:\WINNT\system32\schannel.dll
2010-06-24 17:51:58 ----A---- C:\WINNT\system32\ieframe.dll
2010-06-24 13:22:03 ----A---- C:\WINNT\system32\wininet.dll
2010-06-24 13:22:02 ----A---- C:\WINNT\system32\urlmon.dll
2010-06-24 13:22:01 ----N---- C:\WINNT\system32\occache.dll
2010-06-24 13:22:01 ----N---- C:\WINNT\system32\mstime.dll
2010-06-24 13:22:01 ----A---- C:\WINNT\system32\mshtml.dll
2010-06-24 13:21:59 ----A---- C:\WINNT\system32\msfeedsbs.dll
2010-06-24 13:21:59 ----A---- C:\WINNT\system32\msfeeds.dll
2010-06-24 13:21:59 ----A---- C:\WINNT\system32\jsproxy.dll
2010-06-24 13:21:58 ----A---- C:\WINNT\system32\iertutil.dll
2010-06-24 13:21:58 ----A---- C:\WINNT\system32\iepeers.dll
2010-06-24 13:21:55 ----N---- C:\WINNT\system32\iedkcs32.dll
2010-06-23 13:08:09 ----N---- C:\WINNT\system32\ie4uinit.exe
2010-06-17 15:03:00 ----A---- C:\WINNT\system32\iccvid.dll
2010-06-14 08:41:45 ----A---- C:\WINNT\system32\msxml3.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINNT\system32\giveio.sys [1996-04-03 5248]
R0 iaStor;iaStor; C:\WINNT\system32\drivers\iaStor.sys [2005-10-12 874240]
R0 PxHelp20;PxHelp20; C:\WINNT\System32\Drivers\PxHelp20.sys [2005-03-22 20640]
R0 speedfan;speedfan; C:\WINNT\system32\speedfan.sys [2006-09-24 5248]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINNT\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Cinemsup;Cinemsup; C:\WINNT\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINNT\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINNT\System32\Drivers\SRTSPX.SYS [2009-07-03 43824]
R1 SYMTDI;SYMTDI; C:\WINNT\System32\Drivers\SYMTDI.SYS [2009-07-03 191536]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINNT\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINNT\system32\DRIVERS\b57xp32.sys [2007-09-17 161792]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINNT\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINNT\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINNT\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINNT\system32\DRIVERS\igxpmp32.sys [2007-06-05 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINNT\system32\drivers\RtkHDAud.sys [2009-07-02 5788160]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINNT\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINNT\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100906.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100906.003\NAVEX15.SYS []
R3 prepdrvr;SMS Process Event Driver; \??\C:\WINNT\system32\CCM\prepdrv.sys []
R3 smsmdd;smsmdd; C:\WINNT\system32\DRIVERS\smsmdm.sys [2008-10-20 12448]
R3 SRTSP;SRTSP; C:\WINNT\System32\Drivers\SRTSP.SYS [2009-07-03 280112]
R3 SymEvent;SymEvent; \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINNT\System32\Drivers\SYMREDRV.SYS [2009-07-03 27696]
R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINNT\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 COH_Mon;COH_Mon; \??\C:\WINNT\system32\Drivers\COH_Mon.sys []
S3 SRTSPL;SRTSPL; C:\WINNT\System32\Drivers\SRTSPL.SYS [2009-07-03 319792]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINNT\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINNT\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-07-03 108392]
R2 CcmExec;SMS Agent Host; C:\WINNT\system32\CCM\CcmExec.exe [2009-09-18 764768]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-07-03 108392]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINNT\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\System32\svchost.exe [2008-04-14 14336]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2010-07-12 196608]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2009-07-03 1799496]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-07-03 2440120]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 820008]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-21 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-12-10 3093880]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 smstsmgr;SMS Task Sequence Agent; C:\WINNT\system32\CCM\TSManager.exe [2009-09-18 246624]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2009-07-03 320840]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

Anonyme
 Posté le 07/09/2010 à 23:23 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

Bonsoir,

ton Pc est surinfecté.

Fais la manip' d' Ad-Remover (merci C_XX) et poste le rapport : Ici

A+

Page : [1] 
Page 1 sur 1

Vous devez être connecté pour participer à la discussion.
Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !
Recevoir PC Astuces par e-mail


La Lettre quotidienne +226 000 inscrits
Avec l'actu, des logiciels, des applis, des astuces, des bons plans, ...

Les bonnes affaires
Une fois par semaine, un récap des meilleurs offres.

Les fonds d'écran
De jolies photos pour personnaliser votre bureau. Une fois par semaine.

Les nouveaux Bons Plans
Des notifications pour ne pas rater les bons plans publiés sur le site.

Les bons plans du moment PC Astuces

Tous les Bons Plans
Mini PC NiPoGi H1 (Ryzen 7 6800HU, 16 Go RAM, SSD 512 Go, Radeon 680M, Windows 11 Pro)
333,48 € 429 € -22%
@Amazon
PC portable 16 pouces Lenovo Ideapad Slim 3 (WUXGA, AMD Ryzen 5 7430U, 16 Go RAM, SSD 512 Go, sans OS)
449,99 € 549 € -18%
@Cdiscount
Casque sans fil à réduction de bruit Sony WH-1000XM4 (Hi-Res Audio, Bluetooth/NFC)
206,99 € 250 € -17%
@Boulanger
Kit 5.1 Logitech Speaker System Z906
246,99 € 350 € -29%
@Amazon
Rasoir Gillette Fusion5 (5 lames) + 11 recharges de lames à 24,99 €
24,99 € 41,45 € -40%
@Amazon
SSD Orico S500-Pro 2 To SATA
84,49 € 129,99 € -35%
@Amazon

Sujets relatifs
Ouverture intempestive d'un onglet Avast dans Firefox
Ouverture intempestive de page web avec firefox
FIREFOX: Ouverture page intempestive
Lenteur à l'ouverture de Firefox
Ouverture intempestive d'un site cheloo
Fenêtre non désirée à l'ouverture de Firefox.
Publicité intempestive sur firefox
Avast et ouverture de Firefox
Ouverture intempestive de "http://www.lpcloudsvr302.com/ "
page intempestive sur firefox
Plus de sujets relatifs à Ouverture intempestive de Firefox
 > Tous les forums > Forum Sécurité