VIRUS MSN service~.exe lacks a '-' ...
Alin & Faby
-
Alain & Faby -
Alain & Faby -
Bonjour à tous, je découvre votre forum ...
ma voisine a chopé le virus MSN comme beaucoup !!!
J'ai installé Hijackthis , fait qq. supprressions mais j'ai toujours le même problème au démarrage du PC
==> Runner file name (service~.exe) lacks a '-' (the app id separator)
Antivirus F-secure
pouvez-vous m'aider ? ci-dessous le rapport
============================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:01, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Outils\Petit Larousse 2003\bin\HiPL2002popup.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Office Helper - {8B4190F8-4828-387B-4164-2487A188A878} - C:\WINDOWS\system\wfcctd32.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [HyperappelPL2003] C:\Outils\Petit Larousse 2003\bin\HiPL2002popup.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Search - http://kx.bar.need2find.com/KX/menusearch.html?p=KX
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f9c614f857414336a4d39cf0af8b5c47
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f9c614f857414336a4d39cf0af8b5c47
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Outils\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Outils\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
ma voisine a chopé le virus MSN comme beaucoup !!!
J'ai installé Hijackthis , fait qq. supprressions mais j'ai toujours le même problème au démarrage du PC
==> Runner file name (service~.exe) lacks a '-' (the app id separator)
Antivirus F-secure
pouvez-vous m'aider ? ci-dessous le rapport
============================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:01, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Outils\Petit Larousse 2003\bin\HiPL2002popup.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Office Helper - {8B4190F8-4828-387B-4164-2487A188A878} - C:\WINDOWS\system\wfcctd32.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [HyperappelPL2003] C:\Outils\Petit Larousse 2003\bin\HiPL2002popup.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Search - http://kx.bar.need2find.com/KX/menusearch.html?p=KX
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f9c614f857414336a4d39cf0af8b5c47
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f9c614f857414336a4d39cf0af8b5c47
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Outils\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Outils\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
A voir également:
- VIRUS MSN service~.exe lacks a '-' ...
- .Exe - Télécharger - Divers Utilitaires
- Service spouleur - Guide
- Virus mcafee - Accueil - Piratage
- Svchost exe - Guide
- Winrar exe - Télécharger - Compression & Décompression
5 réponses
moi j'ai eu un pb avec un fichier msn qui quand on l'ouvre l'envois a tout les contact , on ma dit de faire ça https://www.malekal.com/supprimer-virus-desinfecter-pc/
apres poste le rapport est attend de voir les instruction de ceux qui si connaissent mieux moi , je crois que j'ai plus de pb
apres poste le rapport est attend de voir les instruction de ceux qui si connaissent mieux moi , je crois que j'ai plus de pb
bonsoir,
effectivement tu peux faire
* Télécharge MSNFix.zip de !aur3n7 sur le bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le (clic droit >> Extraire tout) et double clique sur le fichier MSNFix.bat.
- Choisis l'option R.
- Si l'infection est détectée, exécutes l'option N.
Sauvegarde le rapport puis fais un copier/coller de ce rapport sur le forum, ainsi qu'un nouveau scan HijackThis.
effectivement tu peux faire
* Télécharge MSNFix.zip de !aur3n7 sur le bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le (clic droit >> Extraire tout) et double clique sur le fichier MSNFix.bat.
- Choisis l'option R.
- Si l'infection est détectée, exécutes l'option N.
Sauvegarde le rapport puis fais un copier/coller de ce rapport sur le forum, ainsi qu'un nouveau scan HijackThis.
Rebonjour et merci pour tous ces conseils
1. mfsnfix a corrigé de nombreuses erreurs
2. il reste toujours un message qui apparait en permanence :
Runner error : file name (service~.exe) lacks a '-' (the app id separator)
3. ci-dessous rapport de msnfix
4. et nouveau rapport HijackThis
encore merci et si vous avez des idées pour supprimer ce virus.
==============================================================
MSN_Fix 1.458
C:\Outils\MSNFIX
Fix exécuté le 10/08/2007 - 18:15:36,14 By GUITTIER
mode normal
************************ Recherche les fichiers présents
... C:\PROGRA~1\winpop\uninstall.exe
... C:\Documents and Settings\GUITTIER\new.txt
... C:\WINDOWS\b122.exe
... C:\WINDOWS\system32\intlprinters.exe
... C:\WINDOWS\system32\libcintle2.dll
... C:\WINDOWS\system32\libcintles3.dll
... C:\WINDOWS\album11.zip
... C:\WINDOWS\album17.zip
... C:\WINDOWS\album2.zip
... C:\WINDOWS\album20.zip
... C:\WINDOWS\album23.zip
... C:\WINDOWS\album26.zip
... C:\WINDOWS\album29.zip
... C:\WINDOWS\album32.zip
... C:\WINDOWS\album38.zip
... C:\WINDOWS\album41.zip
... C:\WINDOWS\album53.zip
... C:\WINDOWS\album56.zip
... C:\WINDOWS\album62.zip
... C:\WINDOWS\album77.zip
... C:\WINDOWS\album80.zip
... C:\WINDOWS\album83.zip
... C:\WINDOWS\album92.zip
... C:\WINDOWS\image014.zip
... C:\WINDOWS\image02.zip
... C:\WINDOWS\image023.zip
... C:\WINDOWS\image035.zip
... C:\WINDOWS\image041.zip
... C:\WINDOWS\image05.zip
... C:\WINDOWS\image050.zip
... C:\WINDOWS\image059.zip
... C:\WINDOWS\image062.zip
... C:\WINDOWS\image068.zip
... C:\WINDOWS\image08.zip
... C:\WINDOWS\image089.zip
... C:\WINDOWS\image092.zip
... C:\WINDOWS\image095.zip
... C:\WINDOWS\images12.zip
... C:\WINDOWS\images15.zip
... C:\WINDOWS\images18.zip
... C:\WINDOWS\images21.zip
... C:\WINDOWS\images27.zip
... C:\WINDOWS\images30.zip
... C:\WINDOWS\images33.zip
... C:\WINDOWS\images39.zip
... C:\WINDOWS\images48.zip
... C:\WINDOWS\images51.zip
... C:\WINDOWS\images63.zip
... C:\WINDOWS\images72.zip
... C:\WINDOWS\images87.zip
... C:\WINDOWS\images90.zip
... C:\WINDOWS\images93.zip
... C:\WINDOWS\photo0.zip
... C:\WINDOWS\photo18.zip
... C:\WINDOWS\photo27.zip
... C:\WINDOWS\photo3.zip
... C:\WINDOWS\photo30.zip
... C:\WINDOWS\photo33.zip
... C:\WINDOWS\photo39.zip
... C:\WINDOWS\photo45.zip
... C:\WINDOWS\photo72.zip
... C:\WINDOWS\photo78.zip
... C:\WINDOWS\photo84.zip
... C:\WINDOWS\photo9.zip
... C:\WINDOWS\photo96.zip
... C:\WINDOWS\photos2007_16.zip
... C:\WINDOWS\photos2007_25.zip
... C:\WINDOWS\photos2007_28.zip
... C:\WINDOWS\photos2007_43.zip
... C:\WINDOWS\photos2007_49.zip
... C:\WINDOWS\photos2007_55.zip
... C:\WINDOWS\photos2007_64.zip
... C:\WINDOWS\photos2007_73.zip
... C:\WINDOWS\photos2007_76.zip
... C:\WINDOWS\photos2007_79.zip
... C:\WINDOWS\photos2007_82.zip
... C:\WINDOWS\photos2007_91.zip
... C:\WINDOWS\photos2007_97.zip
... C:\WINDOWS\photo_album1.zip
... C:\WINDOWS\photo_album13.zip
... C:\WINDOWS\photo_album31.zip
... C:\WINDOWS\photo_album34.zip
... C:\WINDOWS\photo_album37.zip
... C:\WINDOWS\photo_album55.zip
... C:\WINDOWS\photo_album73.zip
... C:\WINDOWS\photo_album79.zip
... C:\WINDOWS\photo_album82.zip
... C:\WINDOWS\photo_album85.zip
... C:\WINDOWS\photos2007_16.zip
... C:\WINDOWS\photos2007_25.zip
... C:\WINDOWS\photos2007_28.zip
... C:\WINDOWS\photos2007_43.zip
... C:\WINDOWS\photos2007_49.zip
... C:\WINDOWS\photos2007_55.zip
... C:\WINDOWS\photos2007_64.zip
... C:\WINDOWS\photos2007_73.zip
... C:\WINDOWS\photos2007_76.zip
... C:\WINDOWS\photos2007_79.zip
... C:\WINDOWS\photos2007_82.zip
... C:\WINDOWS\photos2007_91.zip
... C:\WINDOWS\photos2007_97.zip
************************ Recherche les dossiers présents
... C:\PROGRA~1\InetGet2\
... C:\PROGRA~1\WinPop\
************************ Suppression des fichiers
.. OK ... C:\PROGRA~1\winpop\uninstall.exe
.. OK ... C:\Documents and Settings\GUITTIER\new.txt
.. OK ... C:\WINDOWS\b122.exe
.. OK ... C:\WINDOWS\system32\intlprinters.exe
.. OK ... C:\WINDOWS\system32\libcintle2.dll
.. OK ... C:\WINDOWS\system32\libcintles3.dll
.. OK ... C:\WINDOWS\album11.zip
.. OK ... C:\WINDOWS\album17.zip
.. OK ... C:\WINDOWS\album2.zip
.. OK ... C:\WINDOWS\album20.zip
.. OK ... C:\WINDOWS\album23.zip
.. OK ... C:\WINDOWS\album26.zip
.. OK ... C:\WINDOWS\album29.zip
.. OK ... C:\WINDOWS\album32.zip
.. OK ... C:\WINDOWS\album38.zip
.. OK ... C:\WINDOWS\album41.zip
.. OK ... C:\WINDOWS\album53.zip
.. OK ... C:\WINDOWS\album56.zip
.. OK ... C:\WINDOWS\album62.zip
.. OK ... C:\WINDOWS\album77.zip
.. OK ... C:\WINDOWS\album80.zip
.. OK ... C:\WINDOWS\album83.zip
.. OK ... C:\WINDOWS\album92.zip
.. OK ... C:\WINDOWS\image014.zip
.. OK ... C:\WINDOWS\image02.zip
.. OK ... C:\WINDOWS\image023.zip
.. OK ... C:\WINDOWS\image035.zip
.. OK ... C:\WINDOWS\image041.zip
.. OK ... C:\WINDOWS\image05.zip
.. OK ... C:\WINDOWS\image050.zip
.. OK ... C:\WINDOWS\image059.zip
.. OK ... C:\WINDOWS\image062.zip
.. OK ... C:\WINDOWS\image068.zip
.. OK ... C:\WINDOWS\image08.zip
.. OK ... C:\WINDOWS\image089.zip
.. OK ... C:\WINDOWS\image092.zip
.. OK ... C:\WINDOWS\image095.zip
.. OK ... C:\WINDOWS\images12.zip
.. OK ... C:\WINDOWS\images15.zip
.. OK ... C:\WINDOWS\images18.zip
.. OK ... C:\WINDOWS\images21.zip
.. OK ... C:\WINDOWS\images27.zip
.. OK ... C:\WINDOWS\images30.zip
.. OK ... C:\WINDOWS\images33.zip
.. OK ... C:\WINDOWS\images39.zip
.. OK ... C:\WINDOWS\images48.zip
.. OK ... C:\WINDOWS\images51.zip
.. OK ... C:\WINDOWS\images63.zip
.. OK ... C:\WINDOWS\images72.zip
.. OK ... C:\WINDOWS\images87.zip
.. OK ... C:\WINDOWS\images90.zip
.. OK ... C:\WINDOWS\images93.zip
.. OK ... C:\WINDOWS\photo0.zip
.. OK ... C:\WINDOWS\photo18.zip
.. OK ... C:\WINDOWS\photo27.zip
.. OK ... C:\WINDOWS\photo3.zip
.. OK ... C:\WINDOWS\photo30.zip
.. OK ... C:\WINDOWS\photo33.zip
.. OK ... C:\WINDOWS\photo39.zip
.. OK ... C:\WINDOWS\photo45.zip
.. OK ... C:\WINDOWS\photo72.zip
.. OK ... C:\WINDOWS\photo78.zip
.. OK ... C:\WINDOWS\photo84.zip
.. OK ... C:\WINDOWS\photo9.zip
.. OK ... C:\WINDOWS\photo96.zip
.. OK ... C:\WINDOWS\photos2007_16.zip
.. OK ... C:\WINDOWS\photos2007_25.zip
.. OK ... C:\WINDOWS\photos2007_28.zip
.. OK ... C:\WINDOWS\photos2007_43.zip
.. OK ... C:\WINDOWS\photos2007_49.zip
.. OK ... C:\WINDOWS\photos2007_55.zip
.. OK ... C:\WINDOWS\photos2007_64.zip
.. OK ... C:\WINDOWS\photos2007_73.zip
.. OK ... C:\WINDOWS\photos2007_76.zip
.. OK ... C:\WINDOWS\photos2007_79.zip
.. OK ... C:\WINDOWS\photos2007_82.zip
.. OK ... C:\WINDOWS\photos2007_91.zip
.. OK ... C:\WINDOWS\photos2007_97.zip
.. OK ... C:\WINDOWS\photo_album1.zip
.. OK ... C:\WINDOWS\photo_album13.zip
.. OK ... C:\WINDOWS\photo_album31.zip
.. OK ... C:\WINDOWS\photo_album34.zip
.. OK ... C:\WINDOWS\photo_album37.zip
.. OK ... C:\WINDOWS\photo_album55.zip
.. OK ... C:\WINDOWS\photo_album73.zip
.. OK ... C:\WINDOWS\photo_album79.zip
.. OK ... C:\WINDOWS\photo_album82.zip
.. OK ... C:\WINDOWS\photo_album85.zip
.. OK ... C:\WINDOWS\photos2007_16.zip
.. OK ... C:\WINDOWS\photos2007_25.zip
.. OK ... C:\WINDOWS\photos2007_28.zip
.. OK ... C:\WINDOWS\photos2007_43.zip
.. OK ... C:\WINDOWS\photos2007_49.zip
.. OK ... C:\WINDOWS\photos2007_55.zip
.. OK ... C:\WINDOWS\photos2007_64.zip
.. OK ... C:\WINDOWS\photos2007_73.zip
.. OK ... C:\WINDOWS\photos2007_76.zip
.. OK ... C:\WINDOWS\photos2007_79.zip
.. OK ... C:\WINDOWS\photos2007_82.zip
.. OK ... C:\WINDOWS\photos2007_91.zip
.. OK ... C:\WINDOWS\photos2007_97.zip
************************ Suppression des dossiers
.. OK ... C:\PROGRA~1\InetGet2\
.. OK ... C:\PROGRA~1\WinPop\
************************ Nettoyage du registre
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\WINDOWS\1007x.zip] 0BD0CA900D72AE537F6460FB98116F4C
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10082007_18182917.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
=================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:24, on 10/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Outils\Petit Larousse 2003\bin\HiPL2002popup.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\wlancfg.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Office Helper - {8B4190F8-4828-387B-4164-2487A188A878} - C:\WINDOWS\system\wfcctd32.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [HyperappelPL2003] C:\Outils\Petit Larousse 2003\bin\HiPL2002popup.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Search - http://kx.bar.need2find.com/KX/menusearch.html?p=KX
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f9c614f857414336a4d39cf0af8b5c47
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f9c614f857414336a4d39cf0af8b5c47
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Outils\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Outils\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
1. mfsnfix a corrigé de nombreuses erreurs
2. il reste toujours un message qui apparait en permanence :
Runner error : file name (service~.exe) lacks a '-' (the app id separator)
3. ci-dessous rapport de msnfix
4. et nouveau rapport HijackThis
encore merci et si vous avez des idées pour supprimer ce virus.
==============================================================
MSN_Fix 1.458
C:\Outils\MSNFIX
Fix exécuté le 10/08/2007 - 18:15:36,14 By GUITTIER
mode normal
************************ Recherche les fichiers présents
... C:\PROGRA~1\winpop\uninstall.exe
... C:\Documents and Settings\GUITTIER\new.txt
... C:\WINDOWS\b122.exe
... C:\WINDOWS\system32\intlprinters.exe
... C:\WINDOWS\system32\libcintle2.dll
... C:\WINDOWS\system32\libcintles3.dll
... C:\WINDOWS\album11.zip
... C:\WINDOWS\album17.zip
... C:\WINDOWS\album2.zip
... C:\WINDOWS\album20.zip
... C:\WINDOWS\album23.zip
... C:\WINDOWS\album26.zip
... C:\WINDOWS\album29.zip
... C:\WINDOWS\album32.zip
... C:\WINDOWS\album38.zip
... C:\WINDOWS\album41.zip
... C:\WINDOWS\album53.zip
... C:\WINDOWS\album56.zip
... C:\WINDOWS\album62.zip
... C:\WINDOWS\album77.zip
... C:\WINDOWS\album80.zip
... C:\WINDOWS\album83.zip
... C:\WINDOWS\album92.zip
... C:\WINDOWS\image014.zip
... C:\WINDOWS\image02.zip
... C:\WINDOWS\image023.zip
... C:\WINDOWS\image035.zip
... C:\WINDOWS\image041.zip
... C:\WINDOWS\image05.zip
... C:\WINDOWS\image050.zip
... C:\WINDOWS\image059.zip
... C:\WINDOWS\image062.zip
... C:\WINDOWS\image068.zip
... C:\WINDOWS\image08.zip
... C:\WINDOWS\image089.zip
... C:\WINDOWS\image092.zip
... C:\WINDOWS\image095.zip
... C:\WINDOWS\images12.zip
... C:\WINDOWS\images15.zip
... C:\WINDOWS\images18.zip
... C:\WINDOWS\images21.zip
... C:\WINDOWS\images27.zip
... C:\WINDOWS\images30.zip
... C:\WINDOWS\images33.zip
... C:\WINDOWS\images39.zip
... C:\WINDOWS\images48.zip
... C:\WINDOWS\images51.zip
... C:\WINDOWS\images63.zip
... C:\WINDOWS\images72.zip
... C:\WINDOWS\images87.zip
... C:\WINDOWS\images90.zip
... C:\WINDOWS\images93.zip
... C:\WINDOWS\photo0.zip
... C:\WINDOWS\photo18.zip
... C:\WINDOWS\photo27.zip
... C:\WINDOWS\photo3.zip
... C:\WINDOWS\photo30.zip
... C:\WINDOWS\photo33.zip
... C:\WINDOWS\photo39.zip
... C:\WINDOWS\photo45.zip
... C:\WINDOWS\photo72.zip
... C:\WINDOWS\photo78.zip
... C:\WINDOWS\photo84.zip
... C:\WINDOWS\photo9.zip
... C:\WINDOWS\photo96.zip
... C:\WINDOWS\photos2007_16.zip
... C:\WINDOWS\photos2007_25.zip
... C:\WINDOWS\photos2007_28.zip
... C:\WINDOWS\photos2007_43.zip
... C:\WINDOWS\photos2007_49.zip
... C:\WINDOWS\photos2007_55.zip
... C:\WINDOWS\photos2007_64.zip
... C:\WINDOWS\photos2007_73.zip
... C:\WINDOWS\photos2007_76.zip
... C:\WINDOWS\photos2007_79.zip
... C:\WINDOWS\photos2007_82.zip
... C:\WINDOWS\photos2007_91.zip
... C:\WINDOWS\photos2007_97.zip
... C:\WINDOWS\photo_album1.zip
... C:\WINDOWS\photo_album13.zip
... C:\WINDOWS\photo_album31.zip
... C:\WINDOWS\photo_album34.zip
... C:\WINDOWS\photo_album37.zip
... C:\WINDOWS\photo_album55.zip
... C:\WINDOWS\photo_album73.zip
... C:\WINDOWS\photo_album79.zip
... C:\WINDOWS\photo_album82.zip
... C:\WINDOWS\photo_album85.zip
... C:\WINDOWS\photos2007_16.zip
... C:\WINDOWS\photos2007_25.zip
... C:\WINDOWS\photos2007_28.zip
... C:\WINDOWS\photos2007_43.zip
... C:\WINDOWS\photos2007_49.zip
... C:\WINDOWS\photos2007_55.zip
... C:\WINDOWS\photos2007_64.zip
... C:\WINDOWS\photos2007_73.zip
... C:\WINDOWS\photos2007_76.zip
... C:\WINDOWS\photos2007_79.zip
... C:\WINDOWS\photos2007_82.zip
... C:\WINDOWS\photos2007_91.zip
... C:\WINDOWS\photos2007_97.zip
************************ Recherche les dossiers présents
... C:\PROGRA~1\InetGet2\
... C:\PROGRA~1\WinPop\
************************ Suppression des fichiers
.. OK ... C:\PROGRA~1\winpop\uninstall.exe
.. OK ... C:\Documents and Settings\GUITTIER\new.txt
.. OK ... C:\WINDOWS\b122.exe
.. OK ... C:\WINDOWS\system32\intlprinters.exe
.. OK ... C:\WINDOWS\system32\libcintle2.dll
.. OK ... C:\WINDOWS\system32\libcintles3.dll
.. OK ... C:\WINDOWS\album11.zip
.. OK ... C:\WINDOWS\album17.zip
.. OK ... C:\WINDOWS\album2.zip
.. OK ... C:\WINDOWS\album20.zip
.. OK ... C:\WINDOWS\album23.zip
.. OK ... C:\WINDOWS\album26.zip
.. OK ... C:\WINDOWS\album29.zip
.. OK ... C:\WINDOWS\album32.zip
.. OK ... C:\WINDOWS\album38.zip
.. OK ... C:\WINDOWS\album41.zip
.. OK ... C:\WINDOWS\album53.zip
.. OK ... C:\WINDOWS\album56.zip
.. OK ... C:\WINDOWS\album62.zip
.. OK ... C:\WINDOWS\album77.zip
.. OK ... C:\WINDOWS\album80.zip
.. OK ... C:\WINDOWS\album83.zip
.. OK ... C:\WINDOWS\album92.zip
.. OK ... C:\WINDOWS\image014.zip
.. OK ... C:\WINDOWS\image02.zip
.. OK ... C:\WINDOWS\image023.zip
.. OK ... C:\WINDOWS\image035.zip
.. OK ... C:\WINDOWS\image041.zip
.. OK ... C:\WINDOWS\image05.zip
.. OK ... C:\WINDOWS\image050.zip
.. OK ... C:\WINDOWS\image059.zip
.. OK ... C:\WINDOWS\image062.zip
.. OK ... C:\WINDOWS\image068.zip
.. OK ... C:\WINDOWS\image08.zip
.. OK ... C:\WINDOWS\image089.zip
.. OK ... C:\WINDOWS\image092.zip
.. OK ... C:\WINDOWS\image095.zip
.. OK ... C:\WINDOWS\images12.zip
.. OK ... C:\WINDOWS\images15.zip
.. OK ... C:\WINDOWS\images18.zip
.. OK ... C:\WINDOWS\images21.zip
.. OK ... C:\WINDOWS\images27.zip
.. OK ... C:\WINDOWS\images30.zip
.. OK ... C:\WINDOWS\images33.zip
.. OK ... C:\WINDOWS\images39.zip
.. OK ... C:\WINDOWS\images48.zip
.. OK ... C:\WINDOWS\images51.zip
.. OK ... C:\WINDOWS\images63.zip
.. OK ... C:\WINDOWS\images72.zip
.. OK ... C:\WINDOWS\images87.zip
.. OK ... C:\WINDOWS\images90.zip
.. OK ... C:\WINDOWS\images93.zip
.. OK ... C:\WINDOWS\photo0.zip
.. OK ... C:\WINDOWS\photo18.zip
.. OK ... C:\WINDOWS\photo27.zip
.. OK ... C:\WINDOWS\photo3.zip
.. OK ... C:\WINDOWS\photo30.zip
.. OK ... C:\WINDOWS\photo33.zip
.. OK ... C:\WINDOWS\photo39.zip
.. OK ... C:\WINDOWS\photo45.zip
.. OK ... C:\WINDOWS\photo72.zip
.. OK ... C:\WINDOWS\photo78.zip
.. OK ... C:\WINDOWS\photo84.zip
.. OK ... C:\WINDOWS\photo9.zip
.. OK ... C:\WINDOWS\photo96.zip
.. OK ... C:\WINDOWS\photos2007_16.zip
.. OK ... C:\WINDOWS\photos2007_25.zip
.. OK ... C:\WINDOWS\photos2007_28.zip
.. OK ... C:\WINDOWS\photos2007_43.zip
.. OK ... C:\WINDOWS\photos2007_49.zip
.. OK ... C:\WINDOWS\photos2007_55.zip
.. OK ... C:\WINDOWS\photos2007_64.zip
.. OK ... C:\WINDOWS\photos2007_73.zip
.. OK ... C:\WINDOWS\photos2007_76.zip
.. OK ... C:\WINDOWS\photos2007_79.zip
.. OK ... C:\WINDOWS\photos2007_82.zip
.. OK ... C:\WINDOWS\photos2007_91.zip
.. OK ... C:\WINDOWS\photos2007_97.zip
.. OK ... C:\WINDOWS\photo_album1.zip
.. OK ... C:\WINDOWS\photo_album13.zip
.. OK ... C:\WINDOWS\photo_album31.zip
.. OK ... C:\WINDOWS\photo_album34.zip
.. OK ... C:\WINDOWS\photo_album37.zip
.. OK ... C:\WINDOWS\photo_album55.zip
.. OK ... C:\WINDOWS\photo_album73.zip
.. OK ... C:\WINDOWS\photo_album79.zip
.. OK ... C:\WINDOWS\photo_album82.zip
.. OK ... C:\WINDOWS\photo_album85.zip
.. OK ... C:\WINDOWS\photos2007_16.zip
.. OK ... C:\WINDOWS\photos2007_25.zip
.. OK ... C:\WINDOWS\photos2007_28.zip
.. OK ... C:\WINDOWS\photos2007_43.zip
.. OK ... C:\WINDOWS\photos2007_49.zip
.. OK ... C:\WINDOWS\photos2007_55.zip
.. OK ... C:\WINDOWS\photos2007_64.zip
.. OK ... C:\WINDOWS\photos2007_73.zip
.. OK ... C:\WINDOWS\photos2007_76.zip
.. OK ... C:\WINDOWS\photos2007_79.zip
.. OK ... C:\WINDOWS\photos2007_82.zip
.. OK ... C:\WINDOWS\photos2007_91.zip
.. OK ... C:\WINDOWS\photos2007_97.zip
************************ Suppression des dossiers
.. OK ... C:\PROGRA~1\InetGet2\
.. OK ... C:\PROGRA~1\WinPop\
************************ Nettoyage du registre
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\WINDOWS\1007x.zip] 0BD0CA900D72AE537F6460FB98116F4C
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10082007_18182917.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
=================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:24, on 10/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Outils\Petit Larousse 2003\bin\HiPL2002popup.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\wlancfg.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Office Helper - {8B4190F8-4828-387B-4164-2487A188A878} - C:\WINDOWS\system\wfcctd32.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [HyperappelPL2003] C:\Outils\Petit Larousse 2003\bin\HiPL2002popup.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Search - http://kx.bar.need2find.com/KX/menusearch.html?p=KX
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f9c614f857414336a4d39cf0af8b5c47
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f9c614f857414336a4d39cf0af8b5c47
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Outils\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Outils\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
re
* Assure toi d'avoir accès à tous les fichiers
-démarrer
-poste de travail ou autre dossier
-menu outils
-options de dossier
-onglet affichage
puis
- activer la case : Afficher les fichiers et dossiers cachés
- désactiver la case : Masquer les extensions des fichiers dont le type est connu
- désactiver la case : Masquer les fichier protégés du système d'exploitation
Puis - Appliquer
puis
rend toi sur VIRUS TOTAL
http://www.virustotal.com/en/indexf.html
pour faire analyser
- C:\WINDOWS\system\wfcctd32.dll
et
* fais un scan antivirus en ligne Panda et copie colle le résultat ici
* Assure toi d'avoir accès à tous les fichiers
-démarrer
-poste de travail ou autre dossier
-menu outils
-options de dossier
-onglet affichage
puis
- activer la case : Afficher les fichiers et dossiers cachés
- désactiver la case : Masquer les extensions des fichiers dont le type est connu
- désactiver la case : Masquer les fichier protégés du système d'exploitation
Puis - Appliquer
puis
rend toi sur VIRUS TOTAL
http://www.virustotal.com/en/indexf.html
pour faire analyser
- C:\WINDOWS\system\wfcctd32.dll
et
* fais un scan antivirus en ligne Panda et copie colle le résultat ici
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
