Rapport hitjackis merci

Résolu
celine39 Messages postés 9 Statut Membre -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
je vous demande de l aide pour mon rapport car ce matin quelqu un m a envoye photoshop par msn et mes enfants l ont ouvert!par ailleurs pourriez vous regarde si j ai d autres virus.je scan souvent mon ordi mais la j arrive pas a trouve le virus.merci beaucoup pour votre aide a bientot.
Configuration: Windows XP
Internet Explorer 7.0

18 réponses

  1. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Bienvenue sur le forum d’entraide de CommentCaMarche.net

    Nous connaissons votre situation et nous vous conseillons de ne surtout pas vous inquiéter.
    De plus, au vu du nombre croissant de désinfections effectuées sur le forum, nous vous demandons un peu de patience et surtout de ne pas créer plusieurs postes pour le même problème. A savoir qu’une désinfection prend forcément du temps.
    Comment marche le forum ? Comment va se dérouler la désinfection ? Jettez un coup d’œil ici :
    http://www.commentcamarche.net/faq/sujet 9142 procedure de demande d aide et desinfection nettoyage
    Merci de votre compréhension.

    Télécharge HijackThis ici:
    http://telechargement.zebulon.fr/138-hijackthis-1991.html

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre-le bien dans c : !

    Lance le puis:
    Clique sur "do a system scan and save logfile" (cf démo)
    Faire un copier coller du log entier sur le forum

    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm

    Bon courage

    A+

    Note: Si vous avez un quelconque commentaire/suggestion, n’hésitez pas.

    0
  2. celine39 Messages postés 9 Statut Membre
     
    oups j ai oublie de postLogfile of HijackThis v1.99.1
    Scan saved at 11:48:22, on 12/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Tele2\Common\FSMA32.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Tele2\Common\FSMB32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Tele2\Common\FCH32.EXE
    C:\Program Files\Tele2\Common\FAMEH32.EXE
    C:\Program Files\Tele2\FSPC\fspc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Tele2\FSAUA\program\fsaua.exe
    C:\Program Files\Tele2\FSAUA\program\fsus.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\vsnpstd.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Tele2\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Tele2\FSGUI\fsguidll.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\dllcache\spoolms.exe
    C:\WINDOWS\system32\dllcache\spoolms.exe
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Répertoire temporaire 2 pour DSC01497.zip\img091307-www.photoshop.com
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Mes fichiers reçus\DSC01497\img091307-www.photoshop.com
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Mes fichiers reçus\DSC01497\img091307-www.photoshop.com
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Répertoire temporaire 3 pour DSC01497.zip\img091307-www.photoshop.com
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MSys32] "C:\Program Files\Tetris 3000\data\morfitwebentrance.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tele2\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tele2\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [spoolms] C:\WINDOWS\system32\dllcache\spoolms.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Weflirt] "C:\Program Files\Weflirt\weflirt.exe" -background
    O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Compaq_Propriétaire\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Tele2\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tele2\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)er le rapport lol!
    0
  3. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    ok lol

    Télécharge MSNFix.zip (de !aur3n7) sur ton bureau:
    http://sosvirus.changelog.fr/MSNFix.zip

    Décompresse-le (clic droit >> Extraire ici) et place les fichiers dans C:\MSNFix (très important).

    Double cliquer sur le fichier MSNFix.bat.
    - Exécutez l'option R.
    -- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

    Note :
    Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

    - Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

    A+
    0
  4. celine39 Messages postés 9 Statut Membre
     
    merci j ai tout fait comme vous me l avez dit il l a bien detecte mais il est toujours la!je viens d ouvrir msn et il a ete envoye a mon contact connecte!MSNFix 1.659

    C:\MSNFix
    Fix exécuté le 12/02/2008 - 13:13:49,31 By Compaq_Propri‚taire
    mode normal

    ************************ Recherche les fichiers présents

    ... C:\WINDOWS\system32\dllcache\spoolms.exe
    ... C:\WINDOWS\DSC01497.zip

    ************************ Recherche les dossiers présents

    Aucun dossier trouvé

    ************************ Suppression des fichiers

    .. OK ... C:\WINDOWS\system32\dllcache\spoolms.exe
    .. OK ... C:\WINDOWS\DSC01497.zip

    ************************ Nettoyage du registre

    ************************ Fichiers suspects

    /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

    [C:\eMule0.48a-Installer.exe] D930C6056C47759CBDD749C06B95C866
    [C:\HijackThis.exe] EE86268E59E4B38961E7C40D16BE5BB4
    [C:\setupfre.exe] 5FF2B15546AC2C4AFC615EF56E1E328D

    [color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\COMPAQ~1\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr

    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 12022008_13145854.zip

    Information ...... Information ...... Information ......

    /!\ /!\ MSNFix n'est pas affilié a livekill CleanMessenger /!\ /!\
    http://secubox.aldria.com/topic-2241.html

    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: https://www.ionos.fr/
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------

    je comprends plus rien!merci
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Ok

    Tu as encore ceci dans tes fichiers recus?
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Mes fichiers reçus\DSC01497?

    C'est possible que tu l'envoies ici?
    http://upload.changelog.fr/

    Merci

    A+
    0
  7. celine39 Messages postés 9 Statut Membre
     
    ca y est je l ai envoye enfin j espere!
    0
  8. celine39 Messages postés 9 Statut Membre
     
    ca y est je l ai envoye enfin j espere!
    0
  9. celine39 Messages postés 9 Statut Membre
     
    ca y est je l ai envoye enfin j espere!
    0
  10. celine39 Messages postés 9 Statut Membre
     
    ca y est je l ai envoye enfin j espere!
    0
  11. celine39 Messages postés 9 Statut Membre
     
    merci de ton aide regis j ai resolu mon probleme j avais avast comme antivirus qui etait mis a jour tous les jours je l ai supprime et mis antivir il me l a detecte tout de suite +plein d autres qu avast n avait pas detecte ouf et merci
    0
  12. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Ok.

    Tu peux remettre un HijackThis pour vérifier que tout est ok?

    A+
    0
  13. celine39 Messages postés 9 Statut Membre
     
    le voilaLogfile of HijackThis v1.99.1
    Scan saved at 17:43:45, on 12/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Tele2\Common\FSMA32.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Tele2\Common\FSMB32.EXE
    C:\Program Files\Tele2\Common\FCH32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Tele2\Common\FAMEH32.EXE
    C:\Program Files\Tele2\FSPC\fspc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Tele2\FSAUA\program\fsaua.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Tele2\FSAUA\program\fsus.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Tele2\Common\FSM32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Tele2\FSGUI\fsguidll.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\PROGRA~1\INCRED~1\bin\IncMail.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MSys32] "C:\Program Files\Tetris 3000\data\morfitwebentrance.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tele2\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tele2\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [spoolms] C:\WINDOWS\system32\dllcache\spoolms.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Weflirt] "C:\Program Files\Weflirt\weflirt.exe" -background
    O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Compaq_Propriétaire\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Tele2\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tele2\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
    0
  14. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    Copie/colle un nouveau rapport HiJackThis avec.
    0
  15. celine39
     
    Logfile of HijackThis v1.99.1
    Scan saved at 22:22:06, on 13/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Tele2\Common\FSMA32.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Tele2\Common\FSMB32.EXE
    C:\Program Files\Tele2\Common\FCH32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Tele2\Common\FAMEH32.EXE
    C:\Program Files\Tele2\FSPC\fspc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Tele2\FSAUA\program\fsaua.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Tele2\FSAUA\program\fsus.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Tele2\Common\FSM32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Tele2\FSGUI\fsguidll.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\kmd.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MSys32] "C:\Program Files\Tetris 3000\data\morfitwebentrance.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tele2\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tele2\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [spoolms] C:\WINDOWS\system32\dllcache\spoolms.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Weflirt] "C:\Program Files\Weflirt\weflirt.exe" -background
    O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Compaq_Propriétaire\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\tele2\fsps\program\fslsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Tele2\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tele2\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
    0
  16. celine39
     
    ComboFix 08-02-13.1 - Compaq_Propriétaire 2008-02-12 22:17:22.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.151 [GMT 1:00]
    Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\amandine\Application Data\HbTools
    C:\Documents and Settings\amandine\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.txt
    C:\Documents and Settings\amandine\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
    C:\Documents and Settings\amandine\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.cdf
    C:\Documents and Settings\amandine\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
    C:\Documents and Settings\amandine\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
    C:\Documents and Settings\amandine\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
    C:\Documents and Settings\seb\Application Data\HbTools
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\2896152.sdf
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\2899639.sdf
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\805478.sdf
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\18721
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20517
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20570
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34237
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\398397
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45833
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\56815
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\66836
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\67226
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79432
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\82292
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\86379
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\87385
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\97499
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\32e7.dat
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\btntrans.idx
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar10.res
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar11.res
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar12.res
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar13.res
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar14.res
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar2.res
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar3.res
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar4.res
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar5.res
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar6.res
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar7.res
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar8.res
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar9.res
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_x.res
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar10.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar11.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar12.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar13.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar14.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar2.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar3.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar4.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar5.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar6.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar7.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar8.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar9.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_x.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
    C:\Documents and Settings\seb\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-12 14:38 . 2008-02-12 14:38 <REP> d-------- C:\Program Files\Avira
    2008-02-12 14:38 . 2008-02-12 14:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-02-12 13:17 . 2008-02-12 13:17 <REP> d--h----- C:\WINDOWS\PIF
    2008-02-12 12:59 . 2008-02-12 14:59 <REP> d-------- C:\MSNFix
    2008-02-09 20:26 . 2008-02-09 23:46 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\uTorrent
    2008-02-09 00:10 . 2008-02-09 00:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
    2008-02-09 00:09 . 2008-02-09 00:17 <REP> d-------- C:\Program Files\Prima Games
    2008-02-08 23:31 . 2008-02-09 00:14 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\BitTorrent
    2008-02-08 23:30 . 2008-02-08 23:30 <REP> d-------- C:\Program Files\DNA
    2008-02-08 23:30 . 2008-02-13 22:17 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\DNA
    2008-02-01 12:23 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-02-01 12:23 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-01-31 13:15 . 2008-01-31 13:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-31 13:14 . 2008-01-31 13:14 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-29 11:02 . 2008-01-29 11:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-01-29 11:01 . 2008-01-29 11:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\fssg
    2008-01-28 11:00 . 2008-01-28 11:16 <REP> d-------- C:\Program Files\PhotoFiltre
    2008-01-23 08:35 . 2008-01-23 08:39 <REP> d-------- C:\Program Files\Windows Live
    2008-01-23 08:35 . 2008-01-23 08:36 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-01-23 08:35 . 2008-01-23 08:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-22 22:27 . 2008-01-22 22:27 279,402 --a------ C:\LALALALA.mp3
    2008-01-22 22:18 . 2008-01-22 22:18 419,179 --a------ C:\lifting.mp3
    2008-01-21 22:29 . 2008-01-21 23:01 <REP> d--h----- C:\LGFolder
    2008-01-21 21:59 . 2008-01-21 21:59 <REP> d-------- C:\Program Files\LG Electronics
    2008-01-21 21:59 . 2005-06-24 18:36 39,036 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
    2008-01-21 21:59 . 2005-05-26 11:01 38,144 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
    2008-01-21 21:59 . 2005-05-26 11:01 21,344 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
    2008-01-21 21:22 . 2008-01-21 21:22 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\LG Electronics
    2008-01-21 21:21 . 2008-01-21 22:27 <REP> d-------- C:\Program Files\LG PC Suite
    2008-01-18 17:54 . 2008-02-06 18:42 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
    2008-01-18 17:54 . 2008-02-06 18:42 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
    2008-01-18 15:27 . 2008-01-18 15:28 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-12 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-02-12 10:48 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-02-09 06:04 --------- d-----w C:\Program Files\eMule
    2008-01-31 12:15 --------- d-----w C:\Program Files\Lavasoft
    2008-01-31 12:13 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lavasoft
    2008-01-29 10:05 --------- d-----w C:\Program Files\Tele2
    2008-01-23 07:39 --------- d-----w C:\Program Files\MSN Messenger
    2008-01-21 21:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-22 17:36 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\AdobeUM
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-08 17:27 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2006-11-27 13:25 92,064 ----a-w C:\Documents and Settings\Compaq_Propriétaire\mqdmmdm.sys
    2006-11-27 13:25 92,064 ----a-w C:\Documents and Settings\Compaq_Propriétaire\mqdmmdm.sys
    2006-11-27 13:25 9,232 ----a-w C:\Documents and Settings\Compaq_Propriétaire\mqdmmdfl.sys
    2006-11-27 13:25 9,232 ----a-w C:\Documents and Settings\Compaq_Propriétaire\mqdmmdfl.sys
    2006-11-27 13:25 79,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\mqdmserd.sys
    2006-11-27 13:25 79,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\mqdmserd.sys
    2006-11-27 13:25 66,656 ----a-w C:\Documents and Settings\Compaq_Propriétaire\mqdmbus.sys
    2006-11-27 13:25 66,656 ----a-w C:\Documents and Settings\Compaq_Propriétaire\mqdmbus.sys
    2006-11-27 13:25 6,208 ----a-w C:\Documents and Settings\Compaq_Propriétaire\mqdmcmnt.sys
    2006-11-27 13:25 6,208 ----a-w C:\Documents and Settings\Compaq_Propriétaire\mqdmcmnt.sys
    2006-11-27 13:25 5,936 ----a-w C:\Documents and Settings\Compaq_Propriétaire\mqdmwhnt.sys
    2006-11-27 13:25 5,936 ----a-w C:\Documents and Settings\Compaq_Propriétaire\mqdmwhnt.sys
    2006-11-27 13:25 4,048 ----a-w C:\Documents and Settings\Compaq_Propriétaire\mqdmcr.sys
    2006-11-27 13:25 4,048 ----a-w C:\Documents and Settings\Compaq_Propriétaire\mqdmcr.sys
    2006-11-27 13:25 25,600 ----a-w C:\Documents and Settings\Compaq_Propriétaire\usbsermptxp.sys
    2006-11-27 13:25 25,600 ----a-w C:\Documents and Settings\Compaq_Propriétaire\usbsermptxp.sys
    2006-11-27 13:25 22,768 ----a-w C:\Documents and Settings\Compaq_Propriétaire\usbsermpt.sys
    2006-11-27 13:25 22,768 ----a-w C:\Documents and Settings\Compaq_Propriétaire\usbsermpt.sys
    2006-10-26 13:45 860 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
    2006-10-08 09:16 286 ----a-w C:\Documents and Settings\amandine.ALEX\Application Data\wklnhst.dat
    2005-07-11 20:26 0 -c--a-w C:\Documents and Settings\seb\Application Data\wklnhst.dat
    2005-07-10 17:36 0 -c--a-w C:\Documents and Settings\amandine\Application Data\wklnhst.dat
    2005-07-09 21:10 418 ----a-w C:\Documents and Settings\celia\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-20 09:18 68856]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-08-21 10:44 208946]
    "Weflirt"="C:\Program Files\Weflirt\weflirt.exe" [ ]
    "AnumanLive"="C:\Documents and Settings\Compaq_Propriétaire\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 19:00 15360]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-02-12 14:33 287040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-07-06 15:01 77824]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 23:04 278528]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-04 04:10 344064]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952]
    "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 01:23 663552]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49 49152]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-01 07:40 98304]
    "MSys32"="C:\Program Files\Tetris 3000\data\morfitwebentrance.exe" [ ]
    "F-Secure Manager"="C:\Program Files\Tele2\Common\FSM32.exe" [2007-04-26 18:12 183208]
    "F-Secure TNB"="C:\Program Files\Tele2\FSGUI\TNBUtil.exe" [2007-04-26 18:10 740208]
    "spoolms"="C:\WINDOWS\system32\dllcache\spoolms.exe" [ ]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 14:43 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52 53248]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24 258048]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-05-20 09:18:34 124912]

    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

    *Newly Created Service* - SSMDRV
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-12 14:08:26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{324A628D-0F38-4787-B6B1-FF61D4630EF8}.job"
    - C:\WINDOWS\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-13 22:20:14
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-13 22:21:07
    ComboFix-quarantined-files.txt 2008-02-13 21:20:47
    .
    2008-01-19 02:01:08 --- E O F ---
    0
  17. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    ok

    Ou en sont tes soucis?
    0
  18. celine39
     
    je n ai plus rien merci de ton aide c est sympa,heureusement qu il y a des gens comme vous merci encore
    0
  19. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    De rien :)

    A+
    0