Sujet Précédent Sujet Suivant

Problem de virus trojan.win32.BHO.agz

Résolu
ked -  
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour,

J'ai suivi plusieurs discussions avant de créer la mienne, voilà mon ardi est infecté par trojan et du coup il rame à fond et souvent plante, mon antivirus firewall detecte trojan.win32.bho.agz dans C:\windows\system32 dans le fichier eventologv.dll....
QD je suprime ce dossier il me reponde que je n'peux pas car il est soit crypté soit utilisé

Merci d'avance
A voir également:

83 réponses

Précédent
Réponse 21 / 83
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
attends, j'aurais aimé faire une dernière chose

* Fait un scan antivirus en ligne avec Internet Explorer
https://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

tuto en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

ensuite on pourra faire le ménage, je te donnerais les instructions

0
Réponse 22 / 83
ked
 
J'ai lancé l'analyse mais il va falloire que je parte pourrais tu me dire ce qu'il faut que je fasse par la suite pour faire le menage...

En tout cas merci infiniment pour ton aide. sera tu encore en ligne demain?
0
Réponse 23 / 83
ked
 
salut bitdefender a détecte trojan il y'avait 9 fichier infecte et il en a supprimé 7 je n'arrive pas à te mettre le rapport ici
0
Réponse 24 / 83
ked
 
voici le rapport d'analyse bitdefender

BitDefender Online Scanner

Rapport d'analyse généré à: Thu, Dec 27, 2007 - 01:34:09

Voie d'analyse: C:\;D:\;

Statistiques

Temps
00:58:55

Fichiers
217622

Directoires
5555

Secteurs de boot
3

Archives
7291

Paquets programmes
13299

Résultats

Virus identifiés
7

Fichiers infectés
9

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
7

Info sur les moteurs

Définition virus
884350

Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins
14

Archive des plugins
38

Unpack des plugins
7

E-mail plugins
6

Système plugins
1

Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
*;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analysé
Statut

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>kprof
Infecté par: Trojan.Proxy.Wopla.AH

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>kprof
Echec de la désinfection

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>kprof
Supprimé

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip
Mis à jour

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>koos.exe
Infecté par: Trojan.Proxy.Wopla.C

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>koos.exe
Echec de la désinfection

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>koos.exe
Supprimé

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip
Mis à jour

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>poof
Infecté par: Trojan.Proxy.Wopla.C

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>poof
Echec de la désinfection

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>poof
Supprimé

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip
Mis à jour

C:\qoobox\Quarantine\catchme2007-12-26_235231.45.zip=>afwyeunl.dat
Infecté par: Trojan.Rootkit.Agent.NDW

C:\qoobox\Quarantine\catchme2007-12-26_235231.45.zip=>afwyeunl.dat
Echec de la désinfection

C:\qoobox\Quarantine\catchme2007-12-26_235231.45.zip=>afwyeunl.dat
Supprimé

C:\qoobox\Quarantine\catchme2007-12-26_235231.45.zip
Mis à jour

C:\WINDOWS\system32\AppCert\wnl32.dll
Infecté par: Trojan.Fursto.B

C:\WINDOWS\system32\AppCert\wnl32.dll
Echec de la désinfection

C:\WINDOWS\system32\AppCert\wnl32.dll
Echec de la suppression

C:\WINDOWS\system32\AppCert\wsil32.dll
Infecté par: Trojan.Fursto.A

C:\WINDOWS\system32\AppCert\wsil32.dll
Echec de la désinfection

C:\WINDOWS\system32\AppCert\wsil32.dll
Echec de la suppression

C:\WINDOWS\system32\d3dimf.dll.bak
Infecté par: Trojan.Clicker.Delf.IM

C:\WINDOWS\system32\d3dimf.dll.bak
Echec de la désinfection

C:\WINDOWS\system32\d3dimf.dll.bak
Supprimé

C:\WINDOWS\system32\nvriccpb.exe=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0001
Infecté par: Trojan.Hotbar.A

C:\WINDOWS\system32\nvriccpb.exe=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0001
Echec de la désinfection

C:\WINDOWS\system32\nvriccpb.exe=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0001
Supprimé

C:\WINDOWS\system32\nvriccpb.exe=>(NSIS o)=>lzma_nsis0017=>(NSIS o)
Echec de la mise à jour

C:\WINDOWS\system32\nvriccpb.exe=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0006=>(NSIS g)=>zlib_nsis0001
Infecté par: Trojan.Hotbar.A

C:\WINDOWS\system32\nvriccpb.exe=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0006=>(NSIS g)=>zlib_nsis0001
Echec de la désinfection

C:\WINDOWS\system32\nvriccpb.exe=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0006=>(NSIS g)=>zlib_nsis0001
Supprimé

C:\WINDOWS\system32\nvriccpb.exe=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0006=>(NSIS g)
Echec de la mise à jour
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 83
ked
 
voici le rapport d'analyse bitdefender

BitDefender Online Scanner

Rapport d'analyse généré à: Thu, Dec 27, 2007 - 01:34:09

Voie d'analyse: C:\;D:\;

Statistiques

Temps
00:58:55

Fichiers
217622

Directoires
5555

Secteurs de boot
3

Archives
7291

Paquets programmes
13299

Résultats

Virus identifiés
7

Fichiers infectés
9

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
7

Info sur les moteurs

Définition virus
884350

Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins
14

Archive des plugins
38

Unpack des plugins
7

E-mail plugins
6

Système plugins
1

Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
*;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analysé
Statut

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>kprof
Infecté par: Trojan.Proxy.Wopla.AH

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>kprof
Echec de la désinfection

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>kprof
Supprimé

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip
Mis à jour

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>koos.exe
Infecté par: Trojan.Proxy.Wopla.C

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>koos.exe
Echec de la désinfection

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>koos.exe
Supprimé

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip
Mis à jour

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>poof
Infecté par: Trojan.Proxy.Wopla.C

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>poof
Echec de la désinfection

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip=>poof
Supprimé

C:\qoobox\Quarantine\catchme2007-12-26_230110.41.zip
Mis à jour

C:\qoobox\Quarantine\catchme2007-12-26_235231.45.zip=>afwyeunl.dat
Infecté par: Trojan.Rootkit.Agent.NDW

C:\qoobox\Quarantine\catchme2007-12-26_235231.45.zip=>afwyeunl.dat
Echec de la désinfection

C:\qoobox\Quarantine\catchme2007-12-26_235231.45.zip=>afwyeunl.dat
Supprimé

C:\qoobox\Quarantine\catchme2007-12-26_235231.45.zip
Mis à jour

C:\WINDOWS\system32\AppCert\wnl32.dll
Infecté par: Trojan.Fursto.B

C:\WINDOWS\system32\AppCert\wnl32.dll
Echec de la désinfection

C:\WINDOWS\system32\AppCert\wnl32.dll
Echec de la suppression

C:\WINDOWS\system32\AppCert\wsil32.dll
Infecté par: Trojan.Fursto.A

C:\WINDOWS\system32\AppCert\wsil32.dll
Echec de la désinfection

C:\WINDOWS\system32\AppCert\wsil32.dll
Echec de la suppression

C:\WINDOWS\system32\d3dimf.dll.bak
Infecté par: Trojan.Clicker.Delf.IM

C:\WINDOWS\system32\d3dimf.dll.bak
Echec de la désinfection

C:\WINDOWS\system32\d3dimf.dll.bak
Supprimé

C:\WINDOWS\system32\nvriccpb.exe=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0001
Infecté par: Trojan.Hotbar.A

C:\WINDOWS\system32\nvriccpb.exe=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0001
Echec de la désinfection

C:\WINDOWS\system32\nvriccpb.exe=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0001
Supprimé

C:\WINDOWS\system32\nvriccpb.exe=>(NSIS o)=>lzma_nsis0017=>(NSIS o)
Echec de la mise à jour

C:\WINDOWS\system32\nvriccpb.exe=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0006=>(NSIS g)=>zlib_nsis0001
Infecté par: Trojan.Hotbar.A

C:\WINDOWS\system32\nvriccpb.exe=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0006=>(NSIS g)=>zlib_nsis0001
Echec de la désinfection

C:\WINDOWS\system32\nvriccpb.exe=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0006=>(NSIS g)=>zlib_nsis0001
Supprimé

C:\WINDOWS\system32\nvriccpb.exe=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0006=>(NSIS g)
Echec de la mise à jour
0
Réponse 26 / 83
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir,

il reste encore ceci
wnl32.dll
qui n'a pas été supprimé par bitdefender

Sélectionne le texte suivant : 

C:\WINDOWS\system32\AppCert\wnl32.dll


# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

0
Réponse 27 / 83
Pascalita
 
L'ordinateur de mes parents est infecté ! par le meme virus je crois... c'est le Trojan.Win32.BHO.agz situé c:\windows\system32\dgrpsetuo.dll

voici ce que me donne le log que vous dites de copier et coller a un autre internaute. Merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:09, on 2007-12-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\VirusGarde\stmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {513CFE7A-1AB8-4A66-86DE-56B0A2674EAE} - c:\windows\system32\crtdlls.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CF0FD5E9-C700-4405-8FC6-0BC8FFAC59FD} - C:\WINDOWS\system32\dgrpsetuo.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\VirusGarde\stmon.exe" dm=http://virusgarde.com; ad=http://virusgarde.com
O4 - HKLM\..\Run: [rtasks] C:\Program Files\VirusGarde\rtasks.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pascaleco.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: yievxcbw - C:\WINDOWS\SYSTEM32\crtdlls.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
0
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoirr Pascalita,

tu dois te créer ton propre sujet stp, pour ne pas interférer dans celui ci. Merci

0
Réponse 28 / 83
Pascalita
 
ok

j'en ai créer un nouveau... meme virus à cet emplacement c:\windows\system32\dgrpsetuo.dll merci de m'aide tourlou xx
0
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonjour,

alors reste sur ton sujet créé stp, sinon ici on ne s'y retrouvera plus. merci
et bonne année 2008
0
Réponse 29 / 83
ked
 
Salut à toi désolé pour l'absence de cette semaine je n'ai pas eu internet du week-end... Bonne année à toi.
Voici le resultat de combofix.
ComboFix 07-12-31.4 - ked 2008-01-02 13:17:23.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.114 [GMT 1:00]
Running from: C:\Documents and Settings\ked\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
.

2008-01-02 13:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-27 00:34 . 2007-12-27 01:34 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-26 15:22 . 2007-12-26 15:22 <REP> d-------- C:\Program Files\Trend Micro
2007-12-26 14:56 . 2007-12-26 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-26 14:55 . 2007-12-26 14:55 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-26 09:03 . 2007-12-26 09:03 <REP> d-------- C:\Documents and Settings\ked\Application Data\Talkback
2007-12-26 09:03 . 2007-12-26 09:03 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-25 21:47 . 2007-12-26 14:56 <REP> d-------- C:\Program Files\Lavasoft
2007-12-21 20:18 . 2007-12-21 20:18 <REP> d-------- C:\Program Files\Picasa2
2007-12-21 20:17 . 2007-12-26 10:03 <REP> d-------- C:\Program Files\Norton Security Scan
2007-12-21 20:16 . 2007-12-21 20:19 <REP> d-------- C:\Program Files\Google
2007-12-21 20:16 . 2008-01-02 12:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-16 21:53 . 2007-12-16 21:53 164 --a------ C:\install.dat
2007-12-16 21:36 . 2007-12-16 21:36 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-12-16 20:39 . 2007-12-26 13:55 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-16 20:16 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-09 02:27 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-09 02:27 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-09 02:27 . 2007-03-08 06:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-09 02:27 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-09 02:27 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-09 02:27 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-09 02:27 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-09 02:27 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-09 02:27 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-09 02:26 . 2007-12-09 02:27 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-12-09 02:25 . 2007-12-09 02:25 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-09 02:25 . 2007-12-09 02:25 741,632 --a------ C:\WINDOWS\system32\qxyopqwz.dat
2007-12-09 02:25 . 2007-12-09 02:25 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-09 02:25 . 2007-12-09 02:25 119,552 --a------ C:\WINDOWS\system32\ytksevaq.dat
2007-12-09 02:25 . 2007-12-09 02:25 42,240 --a------ C:\WINDOWS\system32\jpvgyiaz.dat
2007-12-09 02:25 . 2007-12-09 02:25 36,096 --a------ C:\WINDOWS\system32\fqwuvtdy.dat
2007-12-09 02:25 . 2007-12-09 02:25 35,072 --a------ C:\WINDOWS\system32\bqiznufi.dat
2007-12-09 02:21 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-09 02:14 . 2008-01-02 12:31 <REP> d-------- C:\WINDOWS\system32\AppCert
2007-12-06 13:00 . 2007-12-06 13:00 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-05 21:53 . 2007-12-12 23:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-05 21:53 . 2007-12-05 21:53 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-05 21:05 . 2007-12-05 21:07 <REP> d-------- C:\Documents and Settings\ked\Shared
2007-12-05 21:05 . 2007-12-05 21:10 <REP> d-------- C:\Documents and Settings\ked\Incomplete
2007-12-05 21:05 . 2007-12-11 07:08 <REP> d-------- C:\Documents and Settings\ked\Application Data\FrostWire
2007-12-05 21:05 . 2007-07-12 02:22 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-05 21:02 . 2007-12-05 21:05 <REP> d-------- C:\Program Files\FrostWire
2007-12-05 20:50 . 2007-12-05 20:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-12-05 20:50 . 2005-11-18 16:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-12-05 20:50 . 2005-11-18 16:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-12-05 20:46 . 2007-12-05 20:46 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2007-12-05 19:48 . 2007-12-05 20:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 20:51 . 2007-12-04 23:45 <REP> d-------- C:\Documents and Settings\ked\Application Data\Azureus
2007-12-04 20:51 . 2007-12-04 20:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 19:24 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-21 18:51 --------- d-----w C:\Program Files\eMule
2007-12-05 20:05 --------- d-----w C:\Program Files\Java
2007-12-05 19:49 --------- d-----w C:\Program Files\AntivirusFirewall
2007-11-18 12:11 --------- d-----w C:\Documents and Settings\ked\Application Data\AVS4YOU
2007-11-18 12:10 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2007-11-18 12:10 --------- d-----w C:\Program Files\AVS4YOU
0
Réponse 30 / 83
ked
 
voici la suite

2007-11-18 12:10 --------- d-----w C:\Program Files\AVS4YOU
2007-11-18 12:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-11-18 12:03 --------- d-----w C:\Documents and Settings\ked\Application Data\Apple Computer
2007-11-18 12:01 --------- d-----w C:\Program Files\QuickTime
2007-11-18 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-18 11:13 --------- d-----w C:\Program Files\Apple Software Update
2007-11-18 11:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-21 20:16 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 23:28 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 23:26 688218]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 02:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 15:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 09:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 13:45 356352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

C:\Documents and Settings\ked\Menu D‚marrer\Programmes\D‚marrage\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe [2007-12-05 20:46:50]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-21 20:16:49]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk
backup=C:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-03-22 20:05 339968 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-08-03 01:05 122939 --a------ C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2003-09-06 01:16 184320 --a------ C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MS32DLL]
C:\WINDOWS\MS32DLL.dll.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
2005-05-31 13:45 356352 --a------ C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
2004-11-17 10:56 1077327 --a------ C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2004-12-21 09:48 118784 --a------ C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-07-27 12:48 1388544 --a------ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2005-01-14 16:45 352256 --a------ C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2003-09-15 16:19 65536 --a------ C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2004-11-12 17:57 73728 --a------ C:\Program Files\Toshiba\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TAPPSRV"=2 (0x2)
"SoundMAX Agent Service (default)"=2 (0x2)
"ose"=3 (0x3)
"FSMA"=2 (0x2)
"FSDFWD"=3 (0x3)
"fsbwsys"=2 (0x2)
"F-Secure Gatekeeper Handler Starter"=2 (0x2)
"CFSvcs"=2 (0x2)
"BackWeb Plug-in - 6588780"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2007-12-05 20:46]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2007-12-05 20:58]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]
S2 hxdvjyzl;USB to IEEE-1284.4 Translation HPZius12Support;C:\WINDOWS\System32\svchost.exe [2004-08-05 12:00]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 23:18]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hxdvjyzl

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40436cb1-5ca9-11dc-a972-00a0d1239b31}]
\Shell\AutoRun\command - F:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-18 14:31:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-21 19:17:41 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2005-10-21 11:51:48 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-02 11:37:03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 13:20:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-02 13:21:59
C:\qoobox\ComboFix2.txt 2007-12-26 22:54:33
C:\qoobox\ComboFix3.txt 2007-12-26 22:03:17
.
2007-12-12 22:46:46 --- E O F ---
0
Réponse 31 / 83
ked
 
Salut j'comprendrais si tu ne veux plus répondre à mes messages sache que je suis désolé de ne pas t'avoir prévenu que je m'absentais, tiens moi au courrent si tu lit ce message ... Merci d'avance
j'te fais suivre le resultat de l'analyse de mon firewal...

Résultat
Aucun antiprogramme détecté

--------------------------------------------------------------------------------

Statistiques
Analysés :
Fichiers : 41949
Registre système : 4337
Non analysés : 33
Résultat :
Virus : 0
Logiciel espion : 0
Eléments suspects: 0
Actions :
Désinfectés : 0
Renommés : 0
Supprimés : 0
Quarantaine : 0
Echec : 0
Secteurs d'amorçage :
Analysés : 1
Infectés : 0
Eléments suspects: 0
Désinfectés : 0
Fichiers non analysés :
Erreur d'ouverture du fichier C:\hiberfil.sys.
Erreur d'ouverture du fichier C:\pagefile.sys.
Erreur d'ouverture du fichier C:\WINDOWS\system32\config\default.
Erreur d'ouverture du fichier C:\WINDOWS\SoftwareDistribution\EventCache\{4289A3B4-7927-4080-A7F9-25D294948ED7}.bin.
Impossible d'ouvrir le fichier dans l'archive C:\TOOLSCD\DLA\Disk1.CAB\FILE0024.D0FFFB8D_996E_43B1_8C32_FF42F494CE70.
Impossible d'ouvrir le fichier dans l'archive C:\MSOCache\All Users\9000040c-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\REFSPCL.TTF.
Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\ked\Mes documents\Ma musique\big red\Big Red - Big Redemption.rar.
Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\ked\Mes documents\Ma musique\big red\Big Red - Big Redemption.rar\Big Red - Bigredemtion - www.groovemule.fr.st\Big Red - Track01.mp3.
Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\ked\Mes documents\Ma musique\big red\Big Red - Big Redemption.rar\Big Red - Bigredemtion - www.groovemule.fr.st\Big Red - Track02.mp3.
Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\ked\Mes documents\Ma musique\big red\Big Red - Big Redemption.rar\Big Red - Bigredemtion - www.groovemule.fr.st\Big Red - Track03.mp3.
Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\ked\Mes documents\Ma musique\big red\Big Red - Big Redemption.rar\Big Red - Bigredemtion - www.groovemule.fr.st\Big Red - Track04.mp3.
Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\ked\Mes documents\Ma musique\big red\Big Red - Big Redemption.rar\Big Red - Bigredemtion - www.groovemule.fr.st\Big Red - Track05.mp3.
Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\ked\Mes documents\Ma musique\big red\Big Red - Big Redemption.rar\Big Red - Bigredemtion - www.groovemule.fr.st\Big Red - Track06.mp3.
Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\ked\Mes documents\Ma musique\big red\Big Red - Big Redemption.rar\Big Red - Bigredemtion - www.groovemule.fr.st\Big Red - Track07.mp3.
Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\ked\Mes documents\Ma musique\big red\Big Red - Big Redemption.rar\Big Red - Bigredemtion - www.groovemule.fr.st\Big Red - Track08.mp3.
Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\ked\Mes documents\Ma musique\big red\Big Red - Big Redemption.rar\Big Red - Bigredemtion - www.groovemule.fr.st\Big Red - Track09.mp3.
Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\ked\Mes documents\Ma musique\big red\Big Red - Big Redemption.rar\Big Red - Bigredemtion - www.groovemule.fr.st\Big Red - Track10.mp3.
Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\ked\Mes documents\Ma musique\big red\Big Red - Big Redemption.rar\Big Red - Bigredemtion - www.groovemule.fr.st\Big Red - Track11.mp3.
Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\ked\Mes documents\Ma musique\big red\Big Red - Big Redemption.rar\Big Red - Bigredemtion - www.groovemule.fr.st\Big Red - Track12.mp3.
Impossible d'ouvrir le fichier dans l'archive C:\Documents and Settings\ked\Mes documents\Ma musique\big red\Big Red - Big Redemption.rar\Big Red - Bigredemtion - www.groovemule.fr.st\Big Red - Track13.mp3.
Erreur d'ouverture du fichier C:\Documents and Settings\ked\Local Settings\Temp\hsperfdata_ked\1068.
Erreur d'ouverture du fichier C:\Documents and Settings\ked\Application Data\ispnews\ispn.ini.
Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar.zip\sbRecovery.reg est crypté.
Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar1.zip\sbRecovery.reg est crypté.
Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar2.zip\HbTools.log est crypté.
Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar3.zip\sbRecovery.reg est crypté.
Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar4.zip\sbRecovery.reg est crypté.
Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar5.zip\sbRecovery.reg est crypté.
Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar6.zip\sbRecovery.reg est crypté.
Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar7.zip\sbRecovery.reg est crypté.
Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar8.zip\sbRecovery.reg est crypté.
Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango.zip\sbRecovery.reg est crypté.
Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar.zip\sbRecovery.reg est crypté.

--------------------------------------------------------------------------------

Options
Version des définitions :
Virus : 2008-01-02_07
Logiciel espion : 2007-12-03_05
Moteurs d'analyse :
F-Secure AVP: 6.00.169, 2008-01-02
F-Secure Libra: 2.03.11, 2008-01-02
F-Secure Orion: 1.02.37, 2008-01-02
F-Secure Draco: 1.00.35, 2007-11-28
F-Secure BlackLight: 1.00.23
Options d'analyse :
Analyser les fichiers définis : COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Analyser le contenu des archives
Actions :
Virus : Interroger l'utilisateur après l'analyse
Logiciel espion : Interroger l'utilisateur après l'analyse
0
Réponse 32 / 83
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir, 

Salut j'comprendrais si tu ne veux plus répondre à mes messages sache que je suis désolé de ne pas t'avoir prévenu que je m'absentais, tiens moi au courrent si tu lit ce message ... Merci d'avance
j'te fais suivre le resultat de l'analyse de mon firewal...


pas du tout, j'ai raté la notif d'email de combo, je suis désolée. Je regarde je te tiens au courant
0
Réponse 33 / 83
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
il reste encore qq chose à supprimer

va voir manuellement dans ta base de registre
démarrer----------exécuter------------tu tapes regedit-----ok

tu déplies l'arborescence jusqu'à ce qui est en gras qui doit se trouver dans la partie droite est à supprimer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hxdvjyzl

par contre, je vais me coucher maintenant à demain
0
Réponse 34 / 83
ked
 
Salut j'ai fais ce que tu m'as demandé mais je n'ai pas trouvé le hxdvjyzl.
0
Réponse 35 / 83
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir,

essaye comme ceci

Sélectionne le texte suivant : 
registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetSvcs]
"hxdvjyzl "=-


# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 36 / 83
ked
 
vois=ci le compte rendu
ComboFix 07-12-31.4 - ked 2008-01-03 20:21:35.4 - NTFSx86
Running from: C:\Documents and Settings\ked\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
.

2008-01-03 16:27 . 2008-01-03 16:27 <REP> d-------- C:\Program Files\AskSBar
2008-01-02 19:48 . 2008-01-02 19:48 0 ---hs---- C:\WINDOWS\S4A54851A.tmp
2008-01-02 13:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-27 00:34 . 2007-12-27 01:34 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-26 15:22 . 2007-12-26 15:22 <REP> d-------- C:\Program Files\Trend Micro
2007-12-26 14:56 . 2007-12-26 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-26 14:55 . 2007-12-26 14:55 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-26 09:03 . 2007-12-26 09:03 <REP> d-------- C:\Documents and Settings\ked\Application Data\Talkback
2007-12-26 09:03 . 2007-12-26 09:03 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-25 21:47 . 2007-12-26 14:56 <REP> d-------- C:\Program Files\Lavasoft
2007-12-21 20:18 . 2007-12-21 20:18 <REP> d-------- C:\Program Files\Picasa2
2007-12-21 20:17 . 2007-12-26 10:03 <REP> d-------- C:\Program Files\Norton Security Scan
2007-12-21 20:16 . 2007-12-21 20:19 <REP> d-------- C:\Program Files\Google
2007-12-21 20:16 . 2008-01-03 16:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-16 21:53 . 2007-12-16 21:53 164 --a------ C:\install.dat
2007-12-16 21:36 . 2007-12-16 21:36 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-12-16 20:39 . 2007-12-26 13:55 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-16 20:16 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-09 02:27 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-09 02:27 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-09 02:27 . 2007-03-08 06:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-09 02:27 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-09 02:27 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-09 02:27 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-09 02:27 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-09 02:27 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-09 02:27 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-09 02:26 . 2007-12-09 02:27 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-12-09 02:25 . 2007-12-09 02:25 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-09 02:25 . 2007-12-09 02:25 741,632 --a------ C:\WINDOWS\system32\qxyopqwz.dat
2007-12-09 02:25 . 2007-12-09 02:25 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-09 02:25 . 2007-12-09 02:25 119,552 --a------ C:\WINDOWS\system32\ytksevaq.dat
2007-12-09 02:25 . 2007-12-09 02:25 42,240 --a------ C:\WINDOWS\system32\jpvgyiaz.dat
2007-12-09 02:25 . 2007-12-09 02:25 36,096 --a------ C:\WINDOWS\system32\fqwuvtdy.dat
2007-12-09 02:25 . 2007-12-09 02:25 35,072 --a------ C:\WINDOWS\system32\bqiznufi.dat
2007-12-09 02:21 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-09 02:14 . 2008-01-03 16:23 <REP> d-------- C:\WINDOWS\system32\AppCert
2007-12-06 13:00 . 2007-12-06 13:00 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-05 21:53 . 2007-12-12 23:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-05 21:53 . 2007-12-05 21:53 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-05 21:05 . 2007-12-05 21:07 <REP> d-------- C:\Documents and Settings\ked\Shared
2007-12-05 21:05 . 2007-12-05 21:10 <REP> d-------- C:\Documents and Settings\ked\Incomplete
2007-12-05 21:05 . 2007-12-11 07:08 <REP> d-------- C:\Documents and Settings\ked\Application Data\FrostWire
2007-12-05 21:05 . 2007-07-12 02:22 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-05 21:02 . 2008-01-03 16:28 <REP> d-------- C:\Program Files\FrostWire
2007-12-05 20:50 . 2007-12-05 20:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-12-05 20:50 . 2005-11-18 16:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-12-05 20:50 . 2005-11-18 16:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-12-05 20:46 . 2007-12-05 20:46 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2007-12-05 19:48 . 2007-12-05 20:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 20:51 . 2007-12-04 23:45 <REP> d-------- C:\Documents and Settings\ked\Application Data\Azureus
2007-12-04 20:51 . 2007-12-04 20:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 19:24 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-21 18:51 --------- d-----w C:\Program Files\eMule
2007-12-05 20:05 --------- d-----w C:\Program Files\Java
2007-12-05 19:49 --------- d-----w C:\Program Files\AntivirusFirewall
2007-11-18 12:11 --------- d-----w C:\Documents and Settings\ked\Application Data\AVS4YOU
2007-11-18 12:10 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2007-11-18 12:10 --------- d-----w C:\Program Files\AVS4YOU
2007-11-18 12:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-11-18 12:03 --------- d-----w C:\Documents and Settings\ked\Application Data\Apple Computer
2007-11-18 12:01 --------- d-----w C:\Program Files\QuickTime
2007-11-18 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-18 11:13 --------- d-----w C:\Program Files\Apple Software Update
2007-11-18 11:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-02_13.21.28,35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 11:02:28 163,328 ----a-w C:\WINDOWS\erdnt\AutoBackup\[u]0[/u]3-01-2008\ERDNT.EXE
+ 2008-01-03 15:21:54 6,230,016 ----a-w C:\WINDOWS\erdnt\AutoBackup\[u]0[/u]3-01-2008\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-03 15:21:56 143,360 ----a-w C:\WINDOWS\erdnt\AutoBackup\[u]0[/u]3-01-2008\Users\[u]0[/u]0000002\UsrClass.dat
- 2007-12-21 19:25:03 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A81000000003}\SC_Reader.exe
+ 2008-01-02 18:46:53 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A81000000003}\SC_Reader.exe
- 2005-10-21 11:46:13 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-02 19:33:40 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2005-10-21 11:46:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-02 19:33:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2005-10-21 11:46:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-02 19:33:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-15 14:13:39 34,760 ----a-w C:\WINDOWS\system32\drivers\ElbyCDFL.sys
+ 2007-02-16 00:57:04 34,760 ----a-w C:\WINDOWS\system32\drivers\ElbyCDFL.sys
- 2006-12-15 14:13:37 15,440 ----a-w C:\WINDOWS\system32\drivers\ElbyCDIO.sys
+ 2007-08-07 19:48:33 25,160 ----a-w C:\WINDOWS\system32\drivers\ElbyCDIO.sys
- 2006-12-13 20:24:42 89,296 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
+ 2007-08-10 19:56:53 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-01-03 16:27 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-01-03 16:27 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-01-03 16:27 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-21 20:16 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 23:28 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 23:26 688218]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 02:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 15:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 09:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 13:45 356352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

C:\Documents and Settings\ked\Menu D‚marrer\Programmes\D‚marrage\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe [2007-12-05 20:46:50]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-21 20:16:49]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk
backup=C:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-03-22 20:05 339968 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-08-03 01:05 122939 --a------ C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2003-09-06 01:16 184320 --a------ C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MS32DLL]
C:\WINDOWS\MS32DLL.dll.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
2005-05-31 13:45 356352 --a------ C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
2004-11-17 10:56 1077327 --a------ C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2004-12-21 09:48 118784 --a------ C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-07-27 12:48 1388544 --a------ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2005-01-14 16:45 352256 --a------ C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2003-09-15 16:19 65536 --a------ C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2004-11-12 17:57 73728 --a------ C:\Program Files\Toshiba\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TAPPSRV"=2 (0x2)
"SoundMAX Agent Service (default)"=2 (0x2)
"ose"=3 (0x3)
"FSMA"=2 (0x2)
"FSDFWD"=3 (0x3)
"fsbwsys"=2 (0x2)
"F-Secure Gatekeeper Handler Starter"=2 (0x2)
"CFSvcs"=2 (0x2)
"BackWeb Plug-in - 6588780"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2007-12-05 20:46]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2007-12-05 20:58]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]
S2 hxdvjyzl;USB to IEEE-1284.4 Translation HPZius12Support;C:\WINDOWS\System32\svchost.exe [2004-08-05 12:00]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 23:18]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hxdvjyzl

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40436cb1-5ca9-11dc-a972-00a0d1239b31}]
\Shell\AutoRun\command - F:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-18 14:31:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-21 19:17:41 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2005-10-21 11:51:48 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-03 18:37:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 20:26:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-03 20:28:49
C:\qoobox\ComboFix2.txt 2008-01-02 12:22:00
C:\qoobox\ComboFix3.txt 2007-12-26 22:54:33
C:\qoobox\ComboFix4.txt 2007-12-26 22:03:17
.
2007-12-12 22:46:46 --- E O F ---
0
Réponse 37 / 83
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
re

ca ne colle pas de toutes façons j'ai fait une erreur de syntaxe en laissant un espace, et j'aurais besoin également de ceci :

Télécharge System Repair Engineer - SREng (par Smallfrogs) de ce lien:
http://www.kztechs.com/eng/download.html

Extrais tout son contenu sur ton Bureau
(clic droit sur le fichier .zip >> "Extraire tout...")
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double-clique sur SREngPS.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]. L'analyse durera quelques instants.

Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plaît.
0
Réponse 38 / 83
ked
 
[CODE]

2008-01-03,22:04:07

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<CTFMON.EXE><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
<swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SynTPLpr><"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SynTPEnh><"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<F-Secure Manager><"C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash> [F-Secure Corporation]
<F-Secure TNB><"C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW> [F-Secure Corporation]
<F-Secure Startup Wizard><"C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot> [F-Secure Corporation]
<News Service><"C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"> [F-Secure Corporation]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<CloneCDTray><"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s> [SlySoft, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<AGRSMMSG><; AGRSMMSG.exe> [Agere Systems]
<ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<CFSServ.exe><; CFSServ.exe -NoClient> [N/A]
<CloneCDTray><; "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s> [SlySoft, Inc.]
<dla><; C:\WINDOWS\system32\dla\tfswctrl.exe> [Sonic Solutions]
<HP Software Update><; C:\Program Files\HP\HP Software Update\HPWuSchd2.exe> [Hewlett-Packard Development Company, L.P.]
<LtMoh><; C:\Program Files\ltmoh\Ltmoh.exe> [Agere Systems]
<MS32DLL><; C:\WINDOWS\MS32DLL.dll.vbs> [N/A]
<NDSTray.exe><; NDSTray.exe> [N/A]
<News Service><; "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"> [F-Secure Corporation]
<PadTouch><; C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe> [TOSHIBA]
<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<SmoothView><; C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe> [TOSHIBA Corporation]
<SoundMAX><; C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray> [Analog Devices, Inc.]
<SoundMAXPnP><; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.]
<TFncKy><; TFncKy.exe> [N/A]
<THotkey><; C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe> [TOSHIBA]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<TOSCDSPD><; C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe> [TOSHIBA]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<TPSMain><; TPSMain.exe> [TOSHIBA Corporation]
<Tvs><; C:\Program Files\Toshiba\Tvs\TvsTray.exe> [TOSHIBA Corporation]
<VirtualCloneDrive><; "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s> [Elaborate Bytes AG]

==================================
Startup Folders
[Antivirus Firewall]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Antivirus Firewall.lnk --> C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\fspex.exe [Securitoo Portal]><N>
[Outil de mise à jour Google]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk --> C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [Google]><N>
[ERUNT AutoBackup]
<C:\Documents and Settings\ked\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk --> C:\PROGRA~1\ERUNT\AUTOBACK.EXE [N/A]><N>

==================================
Services
[Ad-Aware 2007 Service / aawservice][Running/Auto Start]
<"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"><Lavasoft AB>
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Antivirus Firewall / BackWeb Plug-in - 6588780][Running/Auto Start]
<C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE><Securitoo Portal>
[ConfigFree Service / CFSvcs][Stopped/Disabled]
<C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe><TOSHIBA CORPORATION>
[FSGKHS / F-Secure Gatekeeper Handler Starter][Running/Auto Start]
<"C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe"><F-Secure Corporation>
[fsbwsys / fsbwsys][Running/Auto Start]
<"C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe"><F-Secure Corp.>
[F-Secure Anti-Virus Firewall Daemon / FSDFWD][Running/Manual Start]
<"C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe"><F-Secure Corporation>
[F-Secure Management Agent / FSMA][Running/Auto Start]
<"C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE"><F-Secure Corporation>
[Google Updater Service / gusvc][Running/Auto Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[USB to IEEE-1284.4 Translation HPZius12Support / hxdvjyzl][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\d3dimf.dll><N/A>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Auto Start]
<C:\WINDOWS\system32\HPZipm12.exe><HP>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Stopped/Disabled]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[TOSHIBA Application Service / TAPPSRV][Stopped/Disabled]
<"C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe"><TOSHIBA Corp.>

==================================
Drivers
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[TOSHIBA V92 Software Modem / AgereSoftModem][Running/Manual Start]
<system32\DRIVERS\AGRSM.sys><Agere Systems>
[Atheros Wireless Network Adapter Service / AR5211][Stopped/Manual Start]
<system32\DRIVERS\ar5211.sys><Atheros Communications, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[catchme / catchme][Stopped/Manual Start]
<\??\C:\DOCUME~1\ked\LOCALS~1\Temp\catchme.sys><N/A>
[drvmcdb / drvmcdb][Running/Boot Start]
<\SystemRoot\system32\drivers\drvmcdb.sys><Sonic Solutions>
[drvnddm / drvnddm][Running/Auto Start]
<system32\drivers\drvnddm.sys><Sonic Solutions>
[ElbyCDFL / ElbyCDFL][Running/Manual Start]
<System32\Drivers\ElbyCDFL.sys><SlySoft, Inc.>
[ElbyCDIO Driver / ElbyCDIO][Running/System Start]
<System32\Drivers\ElbyCDIO.sys><Elaborate Bytes AG>
[ElbyDelay / ElbyDelay][Running/Manual Start]
<System32\Drivers\ElbyDelay.sys><Elaborate Bytes AG>
[F-Secure File System Filter / F-Secure Filter][Running/Auto Start]
<\??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys><>
[F-Secure Gatekeeper / F-Secure Gatekeeper][Running/Auto Start]
<\??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys><>
[F-Secure File System Recognizer / F-Secure Recognizer][Running/Auto Start]
<\??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys><>
[F-Secure Firewall Driver / FSFW][Running/Boot Start]
<\SystemRoot\System32\drivers\fsdfw.sys><F-Secure Corporation>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
<system32\DRIVERS\HPZius12.sys><HP>
[TOSHIBA Network Device Usermode I/O Protocol / Netdevio][Running/Auto Start]
<system32\DRIVERS\netdevio.sys><TOSHIBA Corporation.>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SMSC IrCC Miniport Device Driver / SMCIRDA][Stopped/Manual Start]
<system32\DRIVERS\smcirda.sys><SMSC>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[sscdbhk5 / sscdbhk5][Running/System Start]
<system32\drivers\sscdbhk5.sys><Sonic Solutions>
[SAMSUNG Mobile USB Device II 1.0 driver (WDM) / ssm_bus][Stopped/Manual Start]
<system32\DRIVERS\ssm_bus.sys><MCCI>
[SAMSUNG Mobile USB Modem II 1.0 Filter / ssm_mdfl][Stopped/Manual Start]
<system32\DRIVERS\ssm_mdfl.sys><MCCI>
[SAMSUNG Mobile USB Modem II 1.0 Drivers / ssm_mdm][Stopped/Manual Start]
<system32\DRIVERS\ssm_mdm.sys><MCCI>
[ssrtln / ssrtln][Running/System Start]
<system32\drivers\ssrtln.sys><Sonic Solutions>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[tfsnboio / tfsnboio][Running/Auto Start]
<system32\dla\tfsnboio.sys><Sonic Solutions>
[tfsncofs / tfsncofs][Running/Auto Start]
<system32\dla\tfsncofs.sys><Sonic Solutions>
[tfsndrct / tfsndrct][Running/Auto Start]
<system32\dla\tfsndrct.sys><Sonic Solutions>
[tfsndres / tfsndres][Running/Auto Start]
<system32\dla\tfsndres.sys><Sonic Solutions>
[tfsnifs / tfsnifs][Running/Auto Start]
<system32\dla\tfsnifs.sys><Sonic Solutions>
[tfsnopio / tfsnopio][Running/Auto Start]
<system32\dla\tfsnopio.sys><Sonic Solutions>
[tfsnpool / tfsnpool][Running/Auto Start]
<system32\dla\tfsnpool.sys><Sonic Solutions>
[tfsnudf / tfsnudf][Running/Auto Start]
<system32\dla\tfsnudf.sys><Sonic Solutions>
[tfsnudfa / tfsnudfa][Running/Auto Start]
<system32\dla\tfsnudfa.sys><Sonic Solutions>
[tifm21 / tifm21][Running/Manual Start]
<system32\drivers\tifm21.sys><Texas Instruments>
[Bluetooth ACPI from TOSHIBA / tosrfec][Stopped/Manual Start]
<system32\DRIVERS\tosrfec.sys><TOSHIBA Corporation>
[Toshiba Mobile PC Service / TVALD][Running/Manual Start]
<system32\DRIVERS\NBSMI.sys><Toshiba Corporation>
[Toshiba Virtual Sound with SRS technologies / Tvs][Running/Manual Start]
<system32\DRIVERS\Tvs.sys><TOSHIBA Corporation>
[Pilote de carte de connexion réseau Intel(R) PRO/Wireless 2200BG pour Windows XP / w29n51][Running/Manual Start]
<system32\DRIVERS\w29n51.sys><Intel® Corporation>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
<system32\DRIVERS\yk51x86.sys><Marvell>

==================================
Browser Add-ons
[Ask Search Assistant BHO]
{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} <C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL, Ask.com>
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll, Google Inc.>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Ask Toolbar BHO]
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} <C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL, Ask.com>
[Java Plug-in 1.5.0]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[F-Secure IE Shield COM button]
{300DB664-75B5-47c0-8B45-A44ACCF73C00} <C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll, F-Secure Corporation>
[]
{85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[Java Plug-in 1.6.0_02]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0]
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll, Sun Microsystems, Inc.>
[Microsoft Office Spreadsheet 11.0]
{0002E559-0000-0000-C000-000000000046} <C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL, Microsoft Corporation>
[Contrôle des Informations générales]
{01949E45-A9F8-4655-8708-282F3D23485B} <C:\PROGRA~1\TOSHIBA\PCDiag\BASICI~1.OCX, Toshiba Corporation>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[Ask Search Assistant BHO]
{0579B4B1-0293-4D73-B02D-5EBB0BA0F0A2} <C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL, Ask.com>
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Windows Media Services DRM Storage object]
{760C4B83-E211-11D2-BF3E-00805FBE84A6} <C:\WINDOWS\system32\drmstor.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_02]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll, Google Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__AVI Moniker Class]
{CD3AFA88-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__MPEG Moniker Class]
{CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Google Updater Class]
{D6A5A215-FBF3-45E5-ABF8-22FF50916184} <C:\Program Files\Google\Google Updater\2.2.1070.1219\ci.dll, Google>
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[]
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[Ask Toolbar BHO]
{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} <C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL, Ask.com>
[Ask Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} <C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL, Ask.com>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[&Bloquer cette fenêtre publicitaire]
<C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm, N/A>
[&Windows Live Search]
<res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 772 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 884 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4114]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 932 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 944 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1120 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[C:\WINDOWS\system32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1200 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1356 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[C:\WINDOWS\system32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1520 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1608 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1952 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[C:\WINDOWS\system32\HpTcpMon.dll] [Hewlett Packard, 6.01.00.009]
[C:\WINDOWS\system32\hpzjrd01.dll] [Hewlett Packard, 2.01.00.005]
[C:\WINDOWS\system32\HPTcpMUI.dll] [Microsoft Corporation, 6.01.00.009]
[C:\WINDOWS\system32\hptcpmib.dll] [Hewlett Packard, 6.01.00.009]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\system32\hpz3l054.dll] [Hewlett-Packard Company, 60.054.45.00]
[C:\WINDOWS\system32\tbtmon.dll] [Toshiba America Business Solutions, Inc., 1.14]
[C:\WINDOWS\system32\TosBtHcrpAPI.dll] [N/A, ]
[C:\WINDOWS\system32\TosBtAPI.dll] [TOSHIBA CORPORATION., 3.03.4y10.0]
[C:\WINDOWS\system32\TosBdAPI.dll] [TOSHIBA CORPORATION., 3, 03, 0, 0]
[C:\WINDOWS\system32\tbtmon98Language.dll] [Toshiba, 1, 0, 0, 1]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp054.dll] [Hewlett-Packard Corporation, 60.054.45.00]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[PID: 228 / SYSTEM][C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe] [Lavasoft AB, 7, 0, 1, 5]
[C:\Program Files\Lavasoft\Ad-Aware 2007\CEAPI.dll] [Lavasoft AB, 7, 0, 1, 5]
[C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive84cb.dll] [PKWARE, Inc., 8.4.219.0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 220 / SYSTEM][C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE] [Securitoo Portal, Version 6.3.2 (Build 123R)]
[C:\Program Files\AntivirusFirewall\backweb\6588780\6.3.2.123-6588780L\Program\ServiceWrapper.dll] [, Version 6.3.2 (Build 123R)]
[C:\Program Files\AntivirusFirewall\backweb\6588780\6.3.2.123-6588780L\Program\clntutil.dll] [N/A, ]
[C:\WINDOWS\system32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 296 / SYSTEM][C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe] [F-Secure Corporation, 1.00.11280]
[C:\WINDOWS\system32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 316 / SYSTEM][C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe] [F-Secure Corp., 6.90.871]
[C:\Program Files\AntivirusFirewall\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwupst.dll] [F-Secure Corporation, 6.90.870]
[c:\program files\antivirusfirewall\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\tnb\fstnb.dll] [F-Secure Corporation, 1.0.126 ]
[PID: 328 / SYSTEM][C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE] [F-Secure Corp., 6.10.12200]
[c:\program files\antivirusfirewall\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\common\fsma32s.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Anti-Virus\FSGKIAPI.dll] [F-Secure Corp., 6.00.11230]
[C:\WINDOWS\system32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 412 / SYSTEM][C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\FSPMAPI.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\FSMA32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\WINDOWS\system32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 464 / SYSTEM][C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe] [F-Secure Corp., 6.10.12200]
[C:\Program Files\AntivirusFirewall\Anti-Virus\FM4AV.dll] [, ]
[C:\Program Files\AntivirusFirewall\Anti-Virus\avpproxy.dll] [F-Secure Corporation, 1.2.11430]
[C:\Program Files\AntivirusFirewall\Anti-Virus\avpfpi0.dll] [Kaspersky Labs, 6.0.169.7050]
[C:\Program Files\AntivirusFirewall\Anti-Virus\avp_iont.dll] [Kaspersky Labs, 5.0.0.0]
[C:\Program Files\AntivirusFirewall\Anti-Spyware\LSSE.DLL] [Lavasoft, 1.0.35.0]
[C:\Program Files\AntivirusFirewall\Anti-Virus\fslfpi.dll] [F-Secure Corporation, 2.03.11]
[C:\Program Files\AntivirusFirewall\Anti-Virus\dffpi.dll] [F-Secure Corporation, 1.02.37]
[C:\Program Files\AntivirusFirewall\Spam Control\fsas.dll] [, ]
[c:\program files\antivirusfirewall\daas\fsclm.dll] [F-Secure Corporation, 2.2.5 ]
[C:\Program Files\AntivirusFirewall\Spam Control\fspl58.dll] [, ]
[C:\Program Files\AntivirusFirewall\Spam Control\lib\auto\Socket\Socket.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\Spam Control\lib\auto\Time\HiRes\HiRes.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\Spam Control\lib\auto\Sys\Hostname\Hostname.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\Spam Control\lib\auto\Fcntl\Fcntl.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\Spam Control\lib\auto\POSIX\POSIX.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\Spam Control\lib\auto\MIME\Base64\Base64.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\Spam Control\lib\auto\IO\IO.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\Spam Control\lib\auto\Win32\WinError\WinError.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\Spam Control\lib\auto\Win32\Registry\Registry.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\Spam Control\lib\auto\Digest\SHA1\SHA1.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\Spam Control\lib\auto\SDBM_File\SDBM_File.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\Spam Control\lib\auto\HTML\Parser\Parser.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\Spam Control\lib\auto\Cwd\Cwd.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\Anti-Virus\avpfpi1.dll] [Kaspersky Labs, 6.0.169.7050]
[PID: 476 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] [Google, 2.2.824.5515.beta]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[C:\WINDOWS\system32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 488 / SYSTEM][C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[PID: 616 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 632 / SERVICE LOCAL][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1092 / SYSTEM][C:\Program Files\AntivirusFirewall\Common\FCH32.EXE] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\FSPMAPI.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\FSMA32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\FSPMENG.DLL] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\daas\fsclm.dll] [F-Secure Corporation, 2.2.5 ]
[PID: 1388 / SYSTEM][C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\FSPMAPI.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\FSLD32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\FSMA32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\AMEHEVN.DLL] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\AMEHLOG.DLL] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\AMEHSMT.DLL] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\AMEHTVL.DLL] [F-Secure Corporation, 6.05.8452 ]
[PID: 1392 / SYSTEM][C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe] [F-Secure Corporation, 6.00.11240 ]
[c:\program files\antivirusfirewall\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Anti-Virus\Qrt.dll] [F-Secure Corporation, 1.01.11104]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1472 / SYSTEM][C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe] [F-Secure Corporation, 1.1.222 ]
[C:\Program Files\AntivirusFirewall\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\tnb\fstnb.dll] [F-Secure Corporation, 1.0.126 ]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1848 / SYSTEM][C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe] [F-Secure Corporation, 5.91.210]
[C:\Program Files\AntivirusFirewall\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\tnb\fstnb.dll] [F-Secure Corporation, 1.0.126 ]
[c:\program files\antivirusfirewall\common\fsld32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\common\fswscs.dll] [F-Secure Corporation, 1.00.170]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsmirror.dll] [F-Secure Corporation, 2.0.134.0]
[c:\program files\antivirusfirewall\anti-virus\fsgkiapi.dll] [F-Secure Corp., 6.00.11230]
[C:\PROGRA~1\ANTIVI~1\Common\fsdfwres.FRA] [F-Secure Corporation, 5.91.210]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 2164 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 2532 / SYSTEM][C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe] [F-Secure Corporation, 6.10.11370]
[C:\Program Files\AntivirusFirewall\Anti-Virus\fsched.dll] [F-Secure Corporation, 5.50.9110]
[C:\Program Files\AntivirusFirewall\Anti-Virus\FSTSM.DLL] [F-Secure Corporation, 5.40.8160]
[c:\program files\antivirusfirewall\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\fswscs.dll] [F-Secure Corporation, 1.00.170]
[C:\Program Files\AntivirusFirewall\TNB\fstnb.dll] [F-Secure Corporation, 1.0.126 ]
[c:\program files\antivirusfirewall\common\fsld32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Anti-Virus\FSAVHRES.FRA] [N/A, ]
[c:\program files\antivirusfirewall\daas\fsclm.dll] [F-Secure Corporation, 2.2.5 ]
[C:\WINDOWS\system32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3096 / ked][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] [Synaptics, Inc., 7.12.4 14Oct04]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[PID: 3184 / ked][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 7.12.4 14Oct04]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[C:\WINDOWS\system32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\AntivirusFirewall\Spam Control\fsscoehk.dll] [F-Secure Corporation, 0, 1, 0, 10]
[PID: 3216 / ked][C:\Program Files\AntivirusFirewall\Common\FSM32.EXE] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\FSPMAPI.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\FSMA32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\FSLD32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\FSGUI\about.dll] [, 6, 0, 0, 140]
[C:\Program Files\AntivirusFirewall\Common\fsmres.FRA] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\fsmres.ENG] [F-Secure Corporation, 6.05.8452 ]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[C:\Program Files\AntivirusFirewall\Anti-Spyware\fsawfsm.dll] [F-Secure Corporation, 1.1.160 ]
[C:\WINDOWS\system32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwpi.dll] [F-Secure Corporation, 5.91.210]
[C:\Program Files\AntivirusFirewall\Anti-Virus\fsmuiav.dll] [F-Secure Corporation, 6.10.11510]
[C:\Program Files\AntivirusFirewall\Anti-Virus\FSAVURES.ENG] [N/A, ]
[C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwui.dll] [F-Secure Corporation, 6.90.6]
[C:\Program Files\AntivirusFirewall\Common\FSMA32S.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\TNB\fstnb.dll] [F-Secure Corporation, 1.0.126 ]
[C:\Program Files\AntivirusFirewall\FSGUI\guilaunc.dll] [F-Secure Corporation, 6, 20, 350, 0]
[C:\Program Files\AntivirusFirewall\Anti-Virus\FSAVURES.FRA] [N/A, ]
[C:\Program Files\AntivirusFirewall\FSGUI\gres.dll] [F-Secure Corporation, 6, 20, 350, 0]
[C:\Program Files\AntivirusFirewall\Common\fsdfwpi.FRA] [F-Secure Corporation, 5.91.210]
[C:\Program Files\AntivirusFirewall\Common\fsmaui32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\fsdfwpi2.eng] [F-Secure Corporation, 5.91.210]
[C:\Program Files\AntivirusFirewall\Common\fsmaures.FRA] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Anti-Virus\fsuipx.dll] [F-Secure Corporation, 1.1.176 ]
[c:\program files\antivirusfirewall\fsgui\flycomm.dll] [F-Secure Corporation, 6, 20, 350, 0]
[C:\Program Files\AntivirusFirewall\Spam Control\fsscoepl.dll] [F-Secure Corporation, 0, 1, 0, 7]
[C:\Program Files\AntivirusFirewall\Spam Control\fsscoehk.dll] [F-Secure Corporation, 0, 1, 0, 10]
[C:\Program Files\AntivirusFirewall\FSGUI\avabtres.eng] [, 5.70.0001]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 3396 / ked][C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe] [F-Secure Corporation, 1, 0, 0, 14]
[C:\Program Files\AntivirusFirewall\FSGUI\XalanTransformer.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\FSGUI\xerces-c_1_4.dll] [Apache Software Foundation, 1, 4, 0]
[C:\Program Files\AntivirusFirewall\FSGUI\PlatformSupport.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\FSGUI\XalanDOM.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\FSGUI\XalanSourceTree.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\FSGUI\XercesParserLiaison.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\FSGUI\XMLSupport.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\FSGUI\DOMSupport.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\FSGUI\XPath.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\FSGUI\XSLT.dll] [N/A, ]
[c:\program files\antivirusfirewall\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[c:\program files\antivirusfirewall\common\fsld32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\FSGUI\ispnews.FRA] [, ]
[PID: 3468 / ked][C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe] [F-Secure Corporation, 1.1.197 ]
[C:\Program Files\AntivirusFirewall\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\tnb\fstnb.dll] [F-Secure Corporation, 1.0.126 ]
[C:\PROGRA~1\ANTIVI~1\ANTI-S~1\FSAWLIST.dll] [F-Secure Corporation, 1.1.133 ]
[c:\program files\antivirusfirewall\fsgui\flycomm.dll] [F-Secure Corporation, 6, 20, 350, 0]
[C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.dll] [Lavasoft, 1.0.17.0]
[PID: 3488 / ked][C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.20.6]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[PID: 3588 / ked][C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe] [SlySoft, Inc., 5, 3, 0, 0]
[C:\WINDOWS\system32\ElbyCDIO.dll] [Elaborate Bytes AG, 6, 0, 6, 5]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[PID: 3684 / ked][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[C:\Program Files\AntivirusFirewall\Spam Control\fsscoehk.dll] [F-Secure Corporation, 0, 1, 0, 10]
[PID: 3708 / ked][C:\Program Files\MSN Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\AntivirusFirewall\Spam Control\fsscoehk.dll] [F-Secure Corporation, 0, 1, 0, 10]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\MSN Messenger\lmcdata.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\MSN Messenger\dfsr.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\abssm.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\usnsvcps.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\MSN Messenger\contact.dll] [Microsoft Corporation, 8.1.0178.00]
[PID: 3728 / ked][C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe] [F-Secure Corporation, 6, 20, 350, 0]
[C:\Program Files\AntivirusFirewall\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\common\fsld32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\FSGUI\guiplugn.dll] [F-Secure Corporation, 6, 20, 350, 0]
[C:\Program Files\AntivirusFirewall\FSGUI\gres.dll] [F-Secure Corporation, 6, 20, 350, 0]
[C:\Program Files\AntivirusFirewall\FSGUI\flyer.dll] [F-Secure Corporation, 6, 20, 350, 0]
[c:\program files\antivirusfirewall\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\FSGUI\fsavesui.dll] [F-Secure Corporation, 6, 20, 350, 0]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[c:\program files\antivirusfirewall\tnb\fstnb.dll] [F-Secure Corporation, 1.0.126 ]
[C:\Program Files\AntivirusFirewall\FSGUI\fsesres.FRA] [, ]
[C:\Program Files\AntivirusFirewall\FSGUI\fsesres.dll] [N/A, ]
[C:\Program Files\AntivirusFirewall\Spam Control\fsscoehk.dll] [F-Secure Corporation, 0, 1, 0, 10]
[C:\Program Files\AntivirusFirewall\FSGUI\guilares.FRA] [, ]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\AntivirusFirewall\FSGUI\flyerres.FRA] [N/A, ]
[PID: 3924 / ked][C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe] [Securitoo Portal, Version 6.3.2 (Build 123R)]
[C:\Program Files\AntivirusFirewall\backweb\6588780\6.3.2.123-6588780L\Program\backWeb.dll] [BackWeb Technologies Inc., Version 6.3.2 (Build 123R)]
[C:\Program Files\AntivirusFirewall\backweb\6588780\6.3.2.123-6588780L\Program\bwsec.dll] [BackWeb, Version 6.3.2 (Build 123R)]
[C:\Program Files\AntivirusFirewall\backweb\6588780\6.3.2.123-6588780L\Program\clntutil.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\PROGRA~1\ANTIVI~1\backweb\6588780\632~1.123\program\FR\ClientRC.dll] [BackWeb Technologies Inc., Version 6.3.2 (Build 123R)]
[C:\Program Files\AntivirusFirewall\Spam Control\fsscoehk.dll] [F-Secure Corporation, 0, 1, 0, 10]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[C:\Program Files\AntivirusFirewall\backweb\6588780\Program\BWfiles-6588780.dll] [Securitoo Portal, Version 6.3.2 (Build 123R)]
[C:\Program Files\AntivirusFirewall\backweb\6588780\6.3.2.123-6588780L\Program\BWfiles.dll] [, Version 6.3.2 (Build 123R)]
[C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwce.dll] [F-Secure Corporation, 6.90.875]
[C:\Program Files\AntivirusFirewall\backweb\6588780\program\FSLD32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\AntivirusFirewall\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\tnb\fstnb.dll] [F-Secure Corporation, 1.0.126 ]
[C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwres.FRA] [F-Secure Corporation, 6.90.871]
[C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwres.dll] [F-Secure Corporation, 6.70.707]
[C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwres.eng] [F-Secure Corporation, 6.90.871]
[c:\program files\antivirusfirewall\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\antivirusfirewall\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3932 / ked][C:\Program Files\Google\Google Updater\GoogleUpdater.exe] [Google, 2.2.1070.1219.beta]
[C:\Program Files\AntivirusFirewall\Spam Control\fsscoehk.dll] [F-Secure Corporation, 0, 1, 0, 10]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[C:\Program Files\Google\Google Updater\2.2.1070.1219\ci.dll] [Google, 2.2.1070.1219.beta]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll] [Google Inc., 2, 1, 1119, 1736]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 3628 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1532 / SYSTEM][C:\Program Files\MSN Messenger\usnsvc.exe] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\usnsvcps.dll] [Microsoft Corporation, 8.1.0178.00]
[PID: 2248 / ked][C:\Program Files\FrostWire\FrostWire.exe] [FrostWire Group, 1.0.0.2]
[C:\Program Files\Java\jre1.6.0_02\bin\client\jvm.dll] [Sun Microsystems, Inc., 6.0.20.6]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Java\jre1.6.0_02\bin\hpi.dll] [Sun Microsystems, Inc., 6.0.20.6]
[C:\Program Files\Java\jre1.6.0_02\bin\verify.dll] [Sun Microsystems, Inc., 6.0.20.6]
[C:\Program Files\Java\jre1.6.0_02\bin\java.dll] [Sun Microsystems, Inc., 6.0.20.6]
[C:\Program Files\Java\jre1.6.0_02\bin\zip.dll] [Sun Microsystems, Inc., 6.0.20.6]
[C:\Program Files\Java\jre1.6.0_02\bin\awt.dll] [Sun Microsystems, Inc., 6.0.20.6]
[C:\Program Files\AntivirusFirewall\Spam Control\fsscoehk.dll] [F-Secure Corporation, 0, 1, 0, 10]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[C:\Program Files\Java\jre1.6.0_02\bin\fontmanager.dll] [Sun Microsystems, Inc., 6.0.20.6]
[C:\Program Files\FrostWire\SystemUtilities.dll] [N/A, ]
[C:\Program Files\Java\jre1.6.0_02\bin\net.dll] [Sun Microsystems, Inc., 6.0.20.6]
[C:\Program Files\Java\jre1.6.0_02\bin\nio.dll] [Sun Microsystems, Inc., 6.0.20.6]
[C:\Program Files\FrostWire\tray.dll] [JDesktop Integration Components (JDIC) Project, 0.9.1.0]
[C:\Program Files\FrostWire\jdic.dll] [JDesktop Integration Components (JDIC) Project, 0.9.1.0]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.3790.3646 built by: DNSRV(bld4act)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\Program Files\Java\jre1.6.0_02\bin\jawt.dll] [Sun Microsystems, Inc., 6.0.20.6]
[C:\Program Files\Java\jre1.6.0_02\bin\dcpr.dll] [Sun Microsystems, Inc., 6.0.20.6]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[PID: 1804 / ked][C:\Program Files\internet explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\AntivirusFirewall\Spam Control\fsscoehk.dll] [F-Secure Corporation, 0, 1, 0, 10]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
[C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
[C:\Program Files\Windows Live Toolbar\msntb.dll] [Microsoft Corporation, 03.01.0000.0068]
[C:\Program Files\Windows Live Toolbar\fr-fr\mtbres.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\mtbres.dll] [Microsoft Corporation, 03.01.0000.0068]
[C:\Program Files\Windows Live Toolbar\Tem.dll] [Microsoft Corporation, 03.01.0000.0068]
[C:\Program Files\Windows Live Toolbar\fr-fr\searchboxRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\searchboxRes.dll] [Microsoft Corporation, 03.01.0000.0068]
[C:\Program Files\Windows Live Toolbar\fr-fr\CMRes.dll.mui] [Microsoft Corporation, 03.00.0001.2032]
[C:\Program Files\Windows Live Toolbar\CMRes.dll] [Microsoft Corporation, 03.01.0000.0068]
[C:\Program Files\Windows Live Toolbar\fr-fr\msn_slrs.DLL.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\msn_slrs.DLL] [Microsoft Corporation, 03.01.0000.0068]
[C:\Program Files\Windows Live Toolbar\fr-fr\CBRes.dll.mui] [Microsoft Corporation, 03.01.0000.0032]
[C:\Program Files\Windows Live Toolbar\CBRes.dll] [Microsoft Corporation, 03.01.0000.0068]
[c:\program files\google\googletoolbar1.dll] [Google Inc., 4, 0, 1601, 4978]
[C:\Program Files\AntivirusFirewall\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL] [Ask.com, 2, 3, 0, 11]
[C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL] [Ask.com, 1, 1, 0, 1]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\WINDOWS\system32\dla\tfswshx.dll] [Sonic Solutions, 1.04.08a]
[C:\WINDOWS\system32\tfswapi.dll] [Sonic Solutions, 1.04.08a]
[C:\WINDOWS\system32\dla\tfswcres.dll] [Sonic Solutions, 1.04.08a]
[C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.20.6]
[C:\Program Files\Java\jre1.6.0_02\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll] [Google Inc., 2, 1, 1119, 1736]
[C:\Program Files\Windows Live Toolbar\searchbox.dll] [Microsoft Corporation, 03.01.0000.0068]
[C:\Program Files\Windows Live Toolbar\stmain.dll] [Microsoft Corporation, 03.01.0000.0068]
[C:\Program Files\Windows Live Toolbar\cm.dll] [Microsoft Corporation, 03.01.0000.0068]
[C:\Program Files\Windows Live Toolbar\msn_slps.dll] [Microsoft Corporation, 03.01.0000.0068]
[C:\Program Files\Windows Live Toolbar\CB.dll] [Microsoft Corporation, 03.01.0000.0068]
[C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461]
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll] [Microsoft Corporation, 1.1.4322.2407]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll] [Microsoft Corporation, 1.1.4322.2407]
[C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL] [Microsoft Corporation, 8.1.0178.00]
[PID: 3248 / ked][C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\AntivirusFirewall\Spam Control\fsscoehk.dll] [F-Secure Corporation, 0, 1, 0, 10]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.4 14Oct04]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 2096 / ked][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\sys
0
Réponse 39 / 83
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
me revoilà

on y va

Sélectionne le texte suivant : 

Driver::
hxdvjyzl

File::
C:\WINDOWS\system32\d3dimf.dll


# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 40 / 83
ked
 
desole je vois que mon message n'est pas passer je t'envoie un compte rendu tout de suite...
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses