Sujet Précédent Sujet Suivant

Mon pc est pas bien....

Fermé
lalane - 14 janv. 2008 à 19:25
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 16 janv. 2008 à 22:17
Bonjour,


j'ai un problème avec mon pc. il est sous windows XP pro et j'ai F-secure comme anti-virus. depuis quelques jours je voie des message F-secure qui me disent que j'ai un virus nommée "trojan-dropper.win32.agent.dgo" et qui le renomme ou qui le supprime mais des fois il y arrive pas. j'ai essayer de lancer une analyse anti virus mais ca a pas voulu ce lancer. j'en ai fait une avec l'outil d'analyse en ligne de F-secure mais il a pas reussi a nettoyer mon pc.

je me debrouille un peu en informatique mais la ca me depasse. pouvez vous m'aider?

lalane

ps : je crois que vous avez besoin des logg de hijack, je vous les mets à la suite.

Logfile of HijackThis v1.99.1
Scan saved at 19:22:32, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Lanane\LOCALS~1\Temp\Rar$EX00.110\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8BE8880-A971-4450-B907-5CF68C07C01C}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
A voir également:

16 réponses

Réponse 1 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
14 janv. 2008 à 19:35
salut lalane,

supprime ton hijack this car il est mal placé, et reprends le et place le sur ton bureau et renomme le en scan.exe et repost un rapport stp

@+
0
Réponse 2 / 16
freeworldgreg Messages postés 342 Date d'inscription mercredi 26 décembre 2007 Statut Membre Dernière intervention 5 février 2008 31
14 janv. 2008 à 19:37
salut tu devrai arreter tout les programme ainsi que ceux de la barre des tache et relancer ton analyse sinon faut que tu attende les expert de lanalyse
0
Réponse 3 / 16
lalane
14 janv. 2008 à 20:11
merci pour ta reponse girly

j'ai fais ce que tu m'as dis mais j'ai pas l'impression que ca ai changé grand chose.

j'attends ta réponse et encors merci

Logfile of HijackThis v1.99.1
Scan saved at 20:08:03, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Lanane\Bureau\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94C40398-7C34-4A08-8120-CFF5291AD947} - C:\WINDOWS\system32\jkhfd.dll
O2 - BHO: (no name) - {D4576C73-52BD-4401-B966-5A128C4433D4} - C:\WINDOWS\system32\jkkkjkj.dll (file missing)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8BE8880-A971-4450-B907-5CF68C07C01C}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkkkjkj - jkkkjkj.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

0
Réponse 4 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
14 janv. 2008 à 20:14
cool ;-)

maintenant les lignes o2 et 020 sont visibles et devoile l´infection...

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
lalane
14 janv. 2008 à 20:30
et voila.

merci girly, j'(attend tes news.

@+

ComboFix 08-01-14.4 - Lanane 2008-01-14 20:17:26.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.388 [GMT 1:00]
Running from: C:\Documents and Settings\Lanane\Bureau\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Fichiers communs\Yazzle1281OinUninstaller.exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\gebbbxv.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\pac.txt

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))))))))
.

2008-01-14 20:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 06:50 . 2008-01-14 19:11 337,920 --a------ C:\WINDOWS\system32\JKHFD.0XE
2008-01-13 21:25 . 2008-01-13 21:40 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-13 21:25 . 2008-01-13 21:40 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-13 21:25 . 2008-01-14 13:34 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-13 09:13 . 2008-01-13 09:13 <REP> d-------- C:\WINDOWS\system32\edcA01
2008-01-13 09:13 . 2008-01-13 09:13 <REP> d-------- C:\Temp\Ryuan1
2008-01-13 09:13 . 2008-01-13 09:13 <REP> d-------- C:\Temp
2008-01-11 23:46 . 2008-01-11 23:46 <REP> d-------- C:\Program Files\Bonjour
2008-01-11 23:36 . 2008-01-11 23:36 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-01-11 22:06 . 2008-01-11 22:06 <REP> d-------- C:\Program Files\portalgraphics
2008-01-01 04:47 . 2004-08-04 00:54 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-01-01 04:47 . 2004-08-04 00:54 54,784 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-01-01 04:39 . 2001-07-12 15:19 5,787 -ra------ C:\WINDOWS\system32\drivers\SCTB.VXD
2008-01-01 04:37 . 2004-08-04 00:54 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2008-01-01 04:37 . 2004-08-04 00:54 154,112 --a------ C:\WINDOWS\system32\dllcache\irftp.exe
2008-01-01 04:37 . 2004-08-04 00:54 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-01-01 04:37 . 2004-08-04 00:54 28,160 --a------ C:\WINDOWS\system32\dllcache\irmon.dll
2008-01-01 04:37 . 2004-08-04 00:54 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-01-01 04:37 . 2004-08-04 00:54 8,192 --a------ C:\WINDOWS\system32\dllcache\wshirda.dll
2008-01-01 04:36 . 2004-06-04 14:53 58,808 --a------ C:\WINDOWS\system32\drivers\VComm.sys
2008-01-01 04:36 . 2004-06-09 13:38 28,527 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys
2008-01-01 04:36 . 2004-07-07 09:31 10,580 --a------ C:\WINDOWS\system32\drivers\vbtenum.sys
2008-01-01 01:17 . 2002-01-07 21:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-01 01:17 . 2008-01-01 01:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-01 01:16 . 2008-01-01 01:16 <REP> d-------- C:\Program Files\QuickTime
2008-01-01 01:16 . 2008-01-01 01:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-01 01:15 . 2008-01-01 01:15 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-01 01:15 . 2008-01-01 01:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-31 23:42 . 2007-12-31 23:42 <REP> d-------- C:\Program Files\FileZilla Client
2007-12-31 23:42 . 2007-12-31 23:42 <REP> d-------- C:\Documents and Settings\Lanane\Application Data\FileZilla
2007-12-31 16:26 . 2007-12-31 16:26 <REP> d-------- C:\Documents and Settings\Lanane\Application Data\GrabIt
2007-12-31 16:24 . 2007-12-31 16:24 <REP> d-------- C:\Program Files\GrabIt
2007-12-30 17:37 . 2007-12-30 17:37 <REP> d-------- C:\WINDOWS\Sun
2007-12-28 18:51 . 2007-12-28 18:51 <REP> d-------- C:\Documents and Settings\Lanane\Application Data\Canon
2007-12-28 18:49 . 2007-12-28 18:49 <REP> d-------- C:\Program Files\Canon
2007-12-28 18:32 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-28 18:32 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-28 18:27 . 2007-12-28 18:27 <REP> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-12-28 18:27 . 2007-12-28 18:27 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-12-28 18:27 . 2006-04-30 21:00 161,792 --a------ C:\WINDOWS\system32\CNMLM87.DLL
2007-12-28 18:26 . 2007-12-28 18:26 <REP> d--h----- C:\Program Files\CanonBJ
2007-12-28 18:26 . 2006-04-13 09:23 1,134,592 --a------ C:\WINDOWS\system32\CNCC600.DLL
2007-12-28 18:26 . 2006-05-29 01:39 135,168 --a------ C:\WINDOWS\system32\CNCL600.DLL
2007-12-28 18:26 . 2006-02-17 07:44 106,496 --a------ C:\WINDOWS\system32\cnco600.dll
2007-12-28 18:26 . 2006-04-13 09:23 57,344 --a------ C:\WINDOWS\system32\CNCI600.DLL
2007-12-27 16:22 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-27 16:22 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-26 10:40 . 2007-12-26 10:40 <REP> d-------- C:\Program Files\eMule
2007-12-25 19:51 . 2007-12-25 19:51 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-25 18:13 . 2007-12-25 18:13 <REP> d-------- C:\Documents and Settings\Lanane\Contacts
2007-12-25 12:40 . 2007-12-25 12:40 268 --ah----- C:\sqmdata01.sqm
2007-12-25 12:40 . 2007-12-25 12:40 244 --ah----- C:\sqmnoopt01.sqm
2007-12-25 10:50 . 2007-12-25 10:50 <REP> d-------- C:\Program Files\MSXML 6.0
2007-12-25 10:29 . 2007-12-25 10:29 <REP> d-------- C:\Program Files\CDBurnerXP
2007-12-21 15:51 . 2007-12-21 15:51 268 --ah----- C:\sqmdata00.sqm
2007-12-21 15:51 . 2007-12-21 15:51 244 --ah----- C:\sqmnoopt00.sqm
2007-12-21 15:44 . 2007-12-21 15:44 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-21 15:42 . 2007-12-21 15:43 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-21 15:42 . 2007-12-21 15:42 <REP> d-------- C:\Program Files\Reference Assemblies
2007-12-21 15:41 . 2007-12-21 15:41 <REP> d-------- C:\Documents and Settings\Lanane\Application Data\vlc
2007-12-21 15:40 . 2007-12-21 15:40 <REP> d-------- C:\Program Files\VideoLAN
2007-12-21 15:40 . 2007-12-21 15:40 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-21 15:39 . 2007-12-21 15:39 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-12-21 15:37 . 2007-12-21 15:37 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-21 15:25 . 2007-12-21 15:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-21 15:24 . 2007-12-21 15:24 <REP> d-------- C:\Program Files\SuperCopier2
2007-12-21 15:24 . 2007-12-21 15:24 <REP> d-------- C:\Program Files\MSECache
2007-12-21 15:22 . 2007-12-21 15:22 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-21 15:22 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-20 23:21 . 2007-12-20 23:21 <REP> d-------- C:\Program Files\MagicDisc
2007-12-20 23:21 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2007-12-20 23:16 . 2007-12-20 23:16 <REP> d-------- C:\Program Files\VSO
2007-12-20 23:12 . 2007-12-20 23:12 <REP> d-------- C:\Program Files\MagicISO
2007-12-20 23:11 . 2007-12-20 23:11 <REP> d-------- C:\Program Files\Winamp
2007-12-20 23:11 . 2007-12-20 23:11 <REP> d-------- C:\Documents and Settings\Lanane\Application Data\Winamp
2007-12-20 23:07 . 2007-12-20 23:07 <REP> d-------- C:\Documents and Settings\Lanane\Application Data\F-Secure
2007-12-20 23:05 . 2007-12-20 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-12-20 23:05 . 2007-12-20 23:05 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-7681197L.exe
2007-12-20 23:05 . 2006-10-12 11:19 70,960 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-12-20 23:05 . 2006-10-12 11:19 33,552 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-12-20 23:04 . 2007-12-20 23:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2007-12-20 22:57 . 2007-12-20 22:57 <REP> d-------- C:\Program Files\F-Secure
2007-12-20 22:51 . 2007-12-20 22:51 <REP> d-------- C:\WINDOWS\system32\DRVSTORE
2007-12-20 22:33 . 2007-12-20 22:33 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-12-20 22:31 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-20 22:21 . 2007-12-20 22:21 <REP> d-------- C:\Program Files\MSBuild
2007-12-20 22:21 . 2007-12-20 22:21 <REP> d-------- C:\Program Files\Microsoft Works
2007-12-20 22:20 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-20 22:16 . 2007-12-20 22:16 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-12-20 22:16 . 2007-12-20 22:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-20 22:15 . 2007-12-20 22:15 <REP> dr-h----- C:\MSOCache
2007-12-20 22:04 . 2007-12-20 22:05 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-12-20 22:02 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-12-20 22:02 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-20 22:02 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-20 22:02 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-20 22:02 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-20 22:00 . 2007-12-20 22:01 <REP> d--hs---- C:\Documents and Settings\Lanane\UserData
2007-12-20 21:59 . 2007-12-20 21:59 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 18:11 160,768 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 03:53 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@desktop@.dat
.
[code]<pre>
----a-w 118,784 2008-01-13 20:40:54 C:\WINDOWS\system32\hkcmd .exe
----a-w 155,648 2008-01-13 20:40:52 C:\WINDOWS\system32\igfxtray .exe
----a-w 15,360 2008-01-14 12:34:28 C:\WINDOWS\system32\ctfmon .exe
----a-w 160,768 2008-01-14 18:11:16 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w 1,694,208 2008-01-13 20:25:46 C:\Program Files\Messenger\msmsgs .exe
----a-w 122,929 2008-01-13 20:40:54 C:\Program Files\F-Secure\common\FSM32 .EXE
----a-w 684,032 2008-01-13 20:41:02 C:\Program Files\F-Secure\TNB\TNBUtil .exe
----a-w 1,052,672 2008-01-13 20:41:06 C:\Program Files\SuperCopier2\SuperCopier2 .exe
----a-w 651,776 2008-01-14 05:50:08 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2008-01-14 12:34:24 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-14 12:34:30 C:\Program Files\QuickTime\QTTask .exe
----a-w 5,674,352 2008-01-13 20:41:12 C:\Program Files\MSN Messenger\MsnMsgr .Exe
</pre>[/code]


((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:54 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkjkj]
jkkkjkj.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AlarmS4.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AlarmS4.lnk
backup=C:\WINDOWS\pss\AlarmS4.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lanane^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]
path=C:\Documents and Settings\Lanane\Menu Démarrer\Programmes\Démarrage\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--------- 2004-08-04 00:55 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:54 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\F-Secure\TNB\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\jkhfd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPS]
--a------ 2003-12-04 18:39 360448 C:\ACER\PSM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-14 13:34 286720 C:\Program Files\QuickTime\QTTask .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-08-15 15:34 57344 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2006-10-12 11:19]
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2007-12-20 23:05]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2005-08-19 14:37]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2006-10-23 07:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2005-08-19 14:37]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-05-04 09:27]
S2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys []
S3 PortRW;PortRW;C:\WINDOWS\system32\Drivers\PortRW.sys [2003-08-15 14:57]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-14 18:12:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 20:22:30
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 20:23:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-14 19:23:40
.
2008-01-12 14:20:32 --- E O F ---
0
Réponse 6 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
14 janv. 2008 à 21:05
re,

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\jkhfd.exe


Folder::


Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkjkj]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,


Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
Réponse 7 / 16
lalane
14 janv. 2008 à 22:09
coucou

je vien de finir ce que tu m'a demandé d'effectué. pour info il n'y a pas u de reboot après combofix.

merci pour ton assistance. je vais aller me coucher donc je répondrai que demain soir a partir de 17h.

bonne nuit

raopport combofix :

ComboFix 08-01-14.4 - Lanane 2008-01-14 22:01:55.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.395 [GMT 1:00]
Running from: C:\Documents and Settings\Lanane\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lanane\Bureau\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE
C:\WINDOWS\system32\jkhfd.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))))))))
.

2008-01-14 20:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 06:50 . 2008-01-14 19:11 337,920 --a------ C:\WINDOWS\system32\JKHFD.0XE
2008-01-13 21:25 . 2008-01-13 21:40 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-13 21:25 . 2008-01-13 21:40 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-13 21:25 . 2008-01-14 13:34 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-13 09:13 . 2008-01-13 09:13 <REP> d-------- C:\WINDOWS\system32\edcA01
2008-01-13 09:13 . 2008-01-13 09:13 <REP> d-------- C:\Temp\Ryuan1
2008-01-13 09:13 . 2008-01-13 09:13 <REP> d-------- C:\Temp
2008-01-11 23:46 . 2008-01-11 23:46 <REP> d-------- C:\Program Files\Bonjour
2008-01-11 23:36 . 2008-01-11 23:36 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-01-11 22:06 . 2008-01-11 22:06 <REP> d-------- C:\Program Files\portalgraphics
2008-01-01 04:47 . 2004-08-04 00:54 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-01-01 04:47 . 2004-08-04 00:54 54,784 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-01-01 04:39 . 2001-07-12 15:19 5,787 -ra------ C:\WINDOWS\system32\drivers\SCTB.VXD
2008-01-01 04:37 . 2004-08-04 00:54 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2008-01-01 04:37 . 2004-08-04 00:54 154,112 --a------ C:\WINDOWS\system32\dllcache\irftp.exe
2008-01-01 04:37 . 2004-08-04 00:54 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-01-01 04:37 . 2004-08-04 00:54 28,160 --a------ C:\WINDOWS\system32\dllcache\irmon.dll
2008-01-01 04:37 . 2004-08-04 00:54 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-01-01 04:37 . 2004-08-04 00:54 8,192 --a------ C:\WINDOWS\system32\dllcache\wshirda.dll
2008-01-01 04:36 . 2004-06-04 14:53 58,808 --a------ C:\WINDOWS\system32\drivers\VComm.sys
2008-01-01 04:36 . 2004-06-09 13:38 28,527 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys
2008-01-01 04:36 . 2004-07-07 09:31 10,580 --a------ C:\WINDOWS\system32\drivers\vbtenum.sys
2008-01-01 01:17 . 2002-01-07 21:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-01 01:17 . 2008-01-01 01:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-01 01:16 . 2008-01-01 01:16 <REP> d-------- C:\Program Files\QuickTime
2008-01-01 01:16 . 2008-01-01 01:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-01 01:15 . 2008-01-01 01:15 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-01 01:15 . 2008-01-01 01:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-31 23:42 . 2007-12-31 23:42 <REP> d-------- C:\Program Files\FileZilla Client
2007-12-31 23:42 . 2007-12-31 23:42 <REP> d-------- C:\Documents and Settings\Lanane\Application Data\FileZilla
2007-12-31 16:26 . 2007-12-31 16:26 <REP> d-------- C:\Documents and Settings\Lanane\Application Data\GrabIt
2007-12-31 16:24 . 2007-12-31 16:24 <REP> d-------- C:\Program Files\GrabIt
2007-12-30 17:37 . 2007-12-30 17:37 <REP> d-------- C:\WINDOWS\Sun
2007-12-28 18:51 . 2007-12-28 18:51 <REP> d-------- C:\Documents and Settings\Lanane\Application Data\Canon
2007-12-28 18:49 . 2007-12-28 18:49 <REP> d-------- C:\Program Files\Canon
2007-12-28 18:32 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-28 18:32 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-28 18:27 . 2007-12-28 18:27 <REP> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-12-28 18:27 . 2007-12-28 18:27 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-12-28 18:27 . 2006-04-30 21:00 161,792 --a------ C:\WINDOWS\system32\CNMLM87.DLL
2007-12-28 18:26 . 2007-12-28 18:26 <REP> d--h----- C:\Program Files\CanonBJ
2007-12-28 18:26 . 2006-04-13 09:23 1,134,592 --a------ C:\WINDOWS\system32\CNCC600.DLL
2007-12-28 18:26 . 2006-05-29 01:39 135,168 --a------ C:\WINDOWS\system32\CNCL600.DLL
2007-12-28 18:26 . 2006-02-17 07:44 106,496 --a------ C:\WINDOWS\system32\cnco600.dll
2007-12-28 18:26 . 2006-04-13 09:23 57,344 --a------ C:\WINDOWS\system32\CNCI600.DLL
2007-12-27 16:22 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-27 16:22 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-26 10:40 . 2007-12-26 10:40 <REP> d-------- C:\Program Files\eMule
2007-12-25 19:51 . 2007-12-25 19:51 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-25 18:13 . 2007-12-25 18:13 <REP> d-------- C:\Documents and Settings\Lanane\Contacts
2007-12-25 12:40 . 2007-12-25 12:40 268 --ah----- C:\sqmdata01.sqm
2007-12-25 12:40 . 2007-12-25 12:40 244 --ah----- C:\sqmnoopt01.sqm
2007-12-25 10:50 . 2007-12-25 10:50 <REP> d-------- C:\Program Files\MSXML 6.0
2007-12-25 10:29 . 2007-12-25 10:29 <REP> d-------- C:\Program Files\CDBurnerXP
2007-12-21 15:51 . 2007-12-21 15:51 268 --ah----- C:\sqmdata00.sqm
2007-12-21 15:51 . 2007-12-21 15:51 244 --ah----- C:\sqmnoopt00.sqm
2007-12-21 15:44 . 2007-12-21 15:44 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-21 15:42 . 2007-12-21 15:43 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-21 15:42 . 2007-12-21 15:42 <REP> d-------- C:\Program Files\Reference Assemblies
2007-12-21 15:41 . 2007-12-21 15:41 <REP> d-------- C:\Documents and Settings\Lanane\Application Data\vlc
2007-12-21 15:40 . 2007-12-21 15:40 <REP> d-------- C:\Program Files\VideoLAN
2007-12-21 15:40 . 2007-12-21 15:40 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-21 15:39 . 2007-12-21 15:39 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-12-21 15:37 . 2007-12-21 15:37 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-21 15:25 . 2007-12-21 15:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-21 15:24 . 2007-12-21 15:24 <REP> d-------- C:\Program Files\SuperCopier2
2007-12-21 15:24 . 2007-12-21 15:24 <REP> d-------- C:\Program Files\MSECache
2007-12-21 15:22 . 2007-12-21 15:22 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-21 15:22 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-20 23:21 . 2007-12-20 23:21 <REP> d-------- C:\Program Files\MagicDisc
2007-12-20 23:21 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2007-12-20 23:16 . 2007-12-20 23:16 <REP> d-------- C:\Program Files\VSO
2007-12-20 23:12 . 2007-12-20 23:12 <REP> d-------- C:\Program Files\MagicISO
2007-12-20 23:11 . 2007-12-20 23:11 <REP> d-------- C:\Program Files\Winamp
2007-12-20 23:11 . 2007-12-20 23:11 <REP> d-------- C:\Documents and Settings\Lanane\Application Data\Winamp
2007-12-20 23:07 . 2007-12-20 23:07 <REP> d-------- C:\Documents and Settings\Lanane\Application Data\F-Secure
2007-12-20 23:05 . 2007-12-20 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-12-20 23:05 . 2007-12-20 23:05 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-7681197L.exe
2007-12-20 23:05 . 2006-10-12 11:19 70,960 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-12-20 23:05 . 2006-10-12 11:19 33,552 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-12-20 23:04 . 2007-12-20 23:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2007-12-20 22:57 . 2007-12-20 22:57 <REP> d-------- C:\Program Files\F-Secure
2007-12-20 22:51 . 2007-12-20 22:51 <REP> d-------- C:\WINDOWS\system32\DRVSTORE
2007-12-20 22:33 . 2007-12-20 22:33 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-12-20 22:31 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-20 22:21 . 2007-12-20 22:21 <REP> d-------- C:\Program Files\MSBuild
2007-12-20 22:21 . 2007-12-20 22:21 <REP> d-------- C:\Program Files\Microsoft Works
2007-12-20 22:20 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-20 22:16 . 2007-12-20 22:16 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-12-20 22:16 . 2007-12-20 22:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-20 22:15 . 2007-12-20 22:15 <REP> dr-h----- C:\MSOCache
2007-12-20 22:04 . 2007-12-20 22:05 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-12-20 22:02 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-12-20 22:02 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-20 22:02 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-20 22:02 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-20 22:02 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-20 22:00 . 2007-12-20 22:01 <REP> d--hs---- C:\Documents and Settings\Lanane\UserData
2007-12-20 21:59 . 2007-12-20 21:59 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 18:11 160,768 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 03:53 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@desktop@.dat
.
[code]<pre>
----a-w 118,784 2008-01-13 20:40:54 C:\WINDOWS\system32\hkcmd .exe
----a-w 155,648 2008-01-13 20:40:52 C:\WINDOWS\system32\igfxtray .exe
----a-w 15,360 2008-01-14 12:34:28 C:\WINDOWS\system32\ctfmon .exe
----a-w 160,768 2008-01-14 18:11:16 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w 1,694,208 2008-01-13 20:25:46 C:\Program Files\Messenger\msmsgs .exe
----a-w 122,929 2008-01-13 20:40:54 C:\Program Files\F-Secure\common\FSM32 .EXE
----a-w 684,032 2008-01-13 20:41:02 C:\Program Files\F-Secure\TNB\TNBUtil .exe
----a-w 1,052,672 2008-01-13 20:41:06 C:\Program Files\SuperCopier2\SuperCopier2 .exe
----a-w 651,776 2008-01-14 05:50:08 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2008-01-14 12:34:24 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-14 12:34:30 C:\Program Files\QuickTime\QTTask .exe
----a-w 5,674,352 2008-01-13 20:41:12 C:\Program Files\MSN Messenger\MsnMsgr .Exe
</pre>[/code]


((((((((((((((((((((((((((((( snapshot@2008-01-14_20.23.22.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-14 19:16:40 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-14 21:01:50 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-14 19:16:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-14 21:01:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-14 19:16:40 2,375,680 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-14 21:01:50 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-14 19:16:40 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-14 21:01:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-14 19:16:40 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-14 21:01:50 2,375,680 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-14 19:16:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-14 21:01:50 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:54 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
F-Secure Automatic Update.lnk - C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2007-12-20 23:05:32]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AlarmS4.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AlarmS4.lnk
backup=C:\WINDOWS\pss\AlarmS4.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lanane^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]
path=C:\Documents and Settings\Lanane\Menu Démarrer\Programmes\Démarrage\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--------- 2004-08-04 00:55 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:54 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\F-Secure\TNB\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\jkhfd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPS]
--a------ 2003-12-04 18:39 360448 C:\ACER\PSM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-14 13:34 286720 C:\Program Files\QuickTime\QTTask .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-08-15 15:34 57344 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2006-10-12 11:19]
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2007-12-20 23:05]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2005-08-19 14:37]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2006-10-23 07:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2005-08-19 14:37]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-05-04 09:27]
S2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys []
S3 PortRW;PortRW;C:\WINDOWS\system32\Drivers\PortRW.sys [2003-08-15 14:57]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-14 18:12:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 22:03:23
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 22:04:00
ComboFix-quarantined-files.txt 2008-01-14 21:03:58
ComboFix2.txt 2008-01-14 19:23:44
.
2008-01-12 14:20:32 --- E O F ---

rapport hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 22:06:46, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Lanane\Bureau\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8BE8880-A971-4450-B907-5CF68C07C01C}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
0
Réponse 8 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
15 janv. 2008 à 16:57
salut lalane,

que dis la météo?

j´aimerais que tu ailles dans le registre et supprime une valeure :

click sur demarrer > execute > dans la boite de dialogue tape > regedit et valid par ok

puis navigue jusqu´a la hierarchie suivante :

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

et supprime cette valeure/donnée :

C:\WINDOWS\system32\jkhfd.exe

dis moi quoi

@+
0
Réponse 9 / 16
lalane
15 janv. 2008 à 19:41
salut girly
et bin y fait plutot doux dans les pays de la loire aujourdh'ui ^^.

je vien de supprimer la clé que tu m'a specifié.

je reboot et te donne un scan hijack

a toute et merkiiiiiiiiiiiiiiiiiiiiiiiiii
0
Réponse 10 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
15 janv. 2008 à 19:44
le doux pays de la loire ;-)
@+
0
Réponse 11 / 16
lalane
15 janv. 2008 à 19:54
je sais po si les pays de la loire sont doux mais y faisait pas froid ^^

voila le scan

Logfile of HijackThis v1.99.1
Scan saved at 19:47:12, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Lanane\Bureau\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8BE8880-A971-4450-B907-5CF68C07C01C}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
0
Réponse 12 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
15 janv. 2008 à 20:01
re,

surement plus doux qu´helsinki, d´ou je t´ecris... (+ doux)

passe ceci :

Télécharge Clean:

-> http://www.malekal.com/download/clean.zip

-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.

Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914

et

A.V.G :

-> Télécharger AVG Anti-Spyware (ewido)

http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

-> L´installer.

-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...

p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

choisir d´abord l'onglet "paramètres".

sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

-> Lancer le scan, (c´est long...).

-> A la fin du scan copier Et coller le rapport ici.

-> Une aide en image au cas ou :

Tutoriel d´installation et de parametrages :

http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

et post les rapports ici stp

le hijack this semble propre a mes yeux...

@+
0
Réponse 13 / 16
lalane
15 janv. 2008 à 20:57
coucou

alors j'ai lancer le clean.cmd et y m'a demander de d'uploader des fichier sur un serveur pour analyse. j'ai essayer mais sa a po marcher. si tu a besoin de l'archive di s le moi et je te la ferais parvenir. sinon voila le rapport

15/01/2008 a 20:03:21,54

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !

et voila pour AVG :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 20:53:01 15/01/2008

+ Résultat de l'analyse:



C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir -> Dropper.Agent.dgo : Nettoyé.
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSCONFIG.0XE -> Dropper.Agent.dgo : Nettoyé.
C:\WINDOWS\system32\CTFMON.0XE -> Dropper.Agent.dgo : Nettoyé.
C:\WINDOWS\system32\JKHFD.0XE -> Dropper.Agent.dgo : Nettoyé.
C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Yazzle1281OinUninstaller.exe.vir -> Not-A-Virus.Adware.PurityScan : Nettoyé.
C:\System Volume Information\_restore{AC775E9E-76C2-46CA-B98E-01630FB5EE21}\RP2\A0000006.exe -> Not-A-Virus.Adware.PurityScan : Nettoyé.
:mozilla.552:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.553:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.289:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.290:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.291:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.506:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.519:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.329:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.330:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.411:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.412:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.413:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.414:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.415:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.122:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.15:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.22:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.23:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.24:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.136:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.25:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.27:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.170:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.173:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.174:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.175:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.176:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.177:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.178:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.197:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.198:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.199:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.26:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.73:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.567:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.402:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.403:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.404:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.556:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.657:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.696:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.698:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.642:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.643:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.538:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyé.
:mozilla.391:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.392:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.472:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.474:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.537:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.192:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.193:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.263:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.351:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.352:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.353:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.355:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.356:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.357:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.360:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.331:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.32:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.34:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.35:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.36:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.110:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.112:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.113:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.114:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.116:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.592:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.593:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.595:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.153:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.154:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.155:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.156:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.137:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.138:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.139:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.214:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\Lanane\Cookies\lanane@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.273:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.276:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé.
:mozilla.145:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.146:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.147:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.148:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.149:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.150:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.151:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.152:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.333:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.334:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.335:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.336:C:\Documents and Settings\Lanane\Application Data\Mozilla\Firefox\Profiles\yhqpcrm5.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.


Fin du rapport



je reboot et poste un scan hijackthis

@++
0
Réponse 14 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
15 janv. 2008 à 21:17
ok

fais ceci aussi :

Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique.

@+
0
Réponse 15 / 16
lalane
15 janv. 2008 à 21:22
coucou

c'est sur que helsinki est moin chaud, surtout a cette periode ^^

je vien de desactiver la restauration systeme et ai réinstaller mon anti virus qui ne voulais plus ce lancer tous seul (je crois qu'il manquai quelque fichiers ^^)

je te reposte un scan hijackthis si ca peu te servir

merci 1000 fois pour ton aide, me demande ce que je serai devenue sans toi. bonne poru réinstaller windows :(

Logfile of HijackThis v1.99.1
Scan saved at 21:20:38, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lanane\Bureau\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8BE8880-A971-4450-B907-5CF68C07C01C}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

0
Réponse 16 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
16 janv. 2008 à 22:17
bonsoir,

excuse pour le delay...

comment se porte ton pc maintenant?

@+
0

Discussions similaires

cette phrase est elle correcte
Jo -
Raymond PENTIER -

10 réponses