Mon ordi rame enormément!!!
franky08
Messages postés
12
Date d'inscription
Statut
Membre
Dernière intervention
-
g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention -
g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour,
voila j'ai mon ordinateur (un portable compaq presario R4000) qui rame depuis 3,4 jours surtout quand je suis sur internet je n'est pas vu de virus mais bon j'ai fais un scan avec avg anti-spyware voici le rapport:
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 09:44:22 21/02/2008
+ Résultat de l'analyse:
C:\WINDOWS\oqxfhfka.exe -> Adware.SurfAccuracy : Aucune action entreprise.
C:\Program Files\webHancer -> Adware.Webhancer : Aucune action entreprise.
C:\Program Files\webHancer\Programs -> Adware.Webhancer : Aucune action entreprise.
C:\Program Files\webHancer\Programs\webhdll.dll.bak.bak -> Adware.Webhancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055988.dll -> Adware.WebHancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066759.dll -> Adware.WebHancer : Aucune action entreprise.
C:\WINSOS_SPY\Programs\SPY_WINSOS_DETECTED.TXT -> Adware.WebHancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP244\A0063752.dll -> Not-A-Virus.Adware.Agent : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP237\A0056343.dll -> Not-A-Virus.Adware.NewWeb : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP234\snapshot\MFEX-4.DAT -> Not-A-Virus.Adware.WebHancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP234\snapshot\MFEX-5.DAT -> Not-A-Virus.Adware.WebHancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055989.exe -> Not-A-Virus.Adware.WebHancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\snapshot\MFEX-4.DAT -> Not-A-Virus.Adware.WebHancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\snapshot\MFEX-5.DAT -> Not-A-Virus.Adware.WebHancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066754.dll -> Not-A-Virus.Adware.WebHancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066760.exe -> Not-A-Virus.Adware.WebHancer : Aucune action entreprise.
C:\Documents and Settings\franck\Cookies\franck@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Aucune action entreprise.
le rapport de bitdefender:
BitDefender Online Scanner
Scan report generated at: Thu, Feb 21, 2008 - 02:27:06
Scan path: C:\;D:\;
Statistics
Time
04:02:28
Files
251471
Folders
5794
Boot Sectors
2
Archives
8919
Packed Files
11467
Results
Identified Viruses
12
Infected Files
40
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
39
Engines Info
Virus Definitions
982518
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\franck\Local Settings\Temp\aupd.exe=>(NSIS o)=>lzma_solid_nsis0005
Detected with: Adware.Fotomoto.Gen
C:\Documents and Settings\franck\Local Settings\Temp\aupd.exe=>(NSIS o)=>lzma_solid_nsis0005
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\aupd.exe=>(NSIS o)=>lzma_solid_nsis0005
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\aupd.exe=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\aupd.exe=>(NSIS o)=>lzma_solid_nsis0006
Detected with: Adware.Fotomoto.Gen
C:\Documents and Settings\franck\Local Settings\Temp\aupd.exe=>(NSIS o)=>lzma_solid_nsis0006
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\aupd.exe=>(NSIS o)=>lzma_solid_nsis0006
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\aupd.exe=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\adw.exe=>(NSIS o)=>lzma_solid_nsis0005
Detected with: Adware.Fotomoto.Gen
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\adw.exe=>(NSIS o)=>lzma_solid_nsis0005
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\adw.exe=>(NSIS o)=>lzma_solid_nsis0005
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\adw.exe=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\adw.exe=>(NSIS o)=>lzma_solid_nsis0006
Detected with: Adware.Fotomoto.Gen
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\adw.exe=>(NSIS o)=>lzma_solid_nsis0006
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\adw.exe=>(NSIS o)=>lzma_solid_nsis0006
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\adw.exe=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\bann.exe=>(NSIS o)=>lzma_solid_nsis0004
Detected with: Adware.AdRotator.Gen
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\bann.exe=>(NSIS o)=>lzma_solid_nsis0004
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\bann.exe=>(NSIS o)=>lzma_solid_nsis0004
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\bann.exe=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0008=>(NSIS o)=>lzma_solid_nsis0004
Detected with: Adware.AdRotator.Gen
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0008=>(NSIS o)=>lzma_solid_nsis0004
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0008=>(NSIS o)=>lzma_solid_nsis0004
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0008=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0005
Detected with: Adware.Fotomoto.Gen
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0005
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0005
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0006
Detected with: Adware.Fotomoto.Gen
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0006
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0006
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0008=>(NSIS o)=>lzma_solid_nsis0004
Detected with: Adware.AdRotator.Gen
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0008=>(NSIS o)=>lzma_solid_nsis0004
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0008=>(NSIS o)=>lzma_solid_nsis0004
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0008=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0005
Detected with: Adware.Fotomoto.Gen
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0005
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0005
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0006
Detected with: Adware.Fotomoto.Gen
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0006
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0006
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)
Update failed
C:\Program Files\HPQ\Default Settings\CpqsetVer.exe
Infected with: Backdoor.Agent.AHJ
C:\Program Files\HPQ\Default Settings\CpqsetVer.exe
Deleted
C:\Program Files\webHancer\Programs\webhdll.dll.bak.bak
Detected with: Adware.Webhancer.BI
C:\Program Files\webHancer\Programs\webhdll.dll.bak.bak
Disinfection failed
C:\Program Files\webHancer\Programs\webhdll.dll.bak.bak
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP234\snapshot\MFEX-4.DAT
Detected with: Dialer.Generic.10254
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP234\snapshot\MFEX-4.DAT
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP234\snapshot\MFEX-4.DAT
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP234\snapshot\MFEX-5.DAT
Detected with: Adware.Webhancer.BI
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP234\snapshot\MFEX-5.DAT
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP234\snapshot\MFEX-5.DAT
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055987.exe
Detected with: Spyware.Webhancer.AE
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055987.exe
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055987.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055988.dll
Detected with: Adware.Webhancer.Y
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055988.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055988.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055989.exe
Detected with: Adware.Webhancer.BI
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055989.exe
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055989.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\snapshot\MFEX-4.DAT
Detected with: Dialer.Generic.10254
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\snapshot\MFEX-4.DAT
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\snapshot\MFEX-4.DAT
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\snapshot\MFEX-5.DAT
Detected with: Adware.Webhancer.BI
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\snapshot\MFEX-5.DAT
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\snapshot\MFEX-5.DAT
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP236\A0056174.exe
Detected with: Adware.Backweb.N
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP236\A0056174.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP236\A0056179.exe
Detected with: Adware.Backweb.N
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP236\A0056179.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP236\A0056195.exe
Detected with: Adware.Backweb.N
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP236\A0056195.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP237\A0056343.dll
Detected with: Adware.Fotomoto.L
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP237\A0056343.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP243\A0060728.dll
Detected with: Adware.AdRotator.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP243\A0060728.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP243\A0060728.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP243\A0060729.exe=>(NSIS o)
Detected with: Adware.AdRotator.G
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP243\A0060729.exe=>(NSIS o)
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP243\A0060729.exe
Update failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP244\A0063752.dll
Detected with: Adware.Fotomoto.J
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP244\A0063752.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP244\A0063752.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP246\A0064681.dll
Detected with: Adware.Fotomoto.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP246\A0064681.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP246\A0064681.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0065734.dll
Detected with: Adware.Fotomoto.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0065734.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0065734.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0065735.exe=>(NSIS o)
Detected with: Adware.AdRotator.G
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0065735.exe=>(NSIS o)
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0065735.exe
Update failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0066638.dll
Detected with: Adware.AdRotator.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0066638.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0066638.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066754.dll
Detected with: Adware.Webhancer.BI
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066754.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066754.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066756.exe
Detected with: Spyware.Webhancer.AE
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066756.exe
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066756.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066759.dll
Detected with: Adware.Webhancer.Y
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066759.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066759.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066760.exe
Detected with: Adware.Webhancer.BI
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066760.exe
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066760.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP250\A0067661.dll
Detected with: Adware.AdRotator.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP250\A0067661.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP250\A0067661.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP251\A0069668.exe
Infected with: Backdoor.Agent.AHJ
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP251\A0069668.exe
Deleted
C:\WINDOWS\oqxfhfka.exe
Detected with: Adware.Surfaccuracy.G
C:\WINDOWS\oqxfhfka.exe
Deleted
C:\WINDOWS\system32\nsn925.dll
Detected with: Adware.Fotomoto.Gen
C:\WINDOWS\system32\nsn925.dll
Disinfection failed
C:\WINDOWS\system32\nsn925.dll
Delete failed
C:\WINSOS_SPY\Programs\SPY_WINSOS_DETECTED.TXT
Detected with: Adware.Webhancer.Y
C:\WINSOS_SPY\Programs\SPY_WINSOS_DETECTED.TXT
Disinfection failed
C:\WINSOS_SPY\Programs\SPY_WINSOS_DETECTED.TXT
Deleted
et enfin le rapport de HijackThis V2.02:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:20, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsn925.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O4 - Global Startup: Ulead Acquire Fast.lnk = C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/NET/Import/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://photo.nrj.fr/Components/Upload/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
voila j'ai mon ordinateur (un portable compaq presario R4000) qui rame depuis 3,4 jours surtout quand je suis sur internet je n'est pas vu de virus mais bon j'ai fais un scan avec avg anti-spyware voici le rapport:
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 09:44:22 21/02/2008
+ Résultat de l'analyse:
C:\WINDOWS\oqxfhfka.exe -> Adware.SurfAccuracy : Aucune action entreprise.
C:\Program Files\webHancer -> Adware.Webhancer : Aucune action entreprise.
C:\Program Files\webHancer\Programs -> Adware.Webhancer : Aucune action entreprise.
C:\Program Files\webHancer\Programs\webhdll.dll.bak.bak -> Adware.Webhancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055988.dll -> Adware.WebHancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066759.dll -> Adware.WebHancer : Aucune action entreprise.
C:\WINSOS_SPY\Programs\SPY_WINSOS_DETECTED.TXT -> Adware.WebHancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP244\A0063752.dll -> Not-A-Virus.Adware.Agent : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP237\A0056343.dll -> Not-A-Virus.Adware.NewWeb : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP234\snapshot\MFEX-4.DAT -> Not-A-Virus.Adware.WebHancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP234\snapshot\MFEX-5.DAT -> Not-A-Virus.Adware.WebHancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055989.exe -> Not-A-Virus.Adware.WebHancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\snapshot\MFEX-4.DAT -> Not-A-Virus.Adware.WebHancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\snapshot\MFEX-5.DAT -> Not-A-Virus.Adware.WebHancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066754.dll -> Not-A-Virus.Adware.WebHancer : Aucune action entreprise.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066760.exe -> Not-A-Virus.Adware.WebHancer : Aucune action entreprise.
C:\Documents and Settings\franck\Cookies\franck@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Aucune action entreprise.
le rapport de bitdefender:
BitDefender Online Scanner
Scan report generated at: Thu, Feb 21, 2008 - 02:27:06
Scan path: C:\;D:\;
Statistics
Time
04:02:28
Files
251471
Folders
5794
Boot Sectors
2
Archives
8919
Packed Files
11467
Results
Identified Viruses
12
Infected Files
40
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
39
Engines Info
Virus Definitions
982518
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\franck\Local Settings\Temp\aupd.exe=>(NSIS o)=>lzma_solid_nsis0005
Detected with: Adware.Fotomoto.Gen
C:\Documents and Settings\franck\Local Settings\Temp\aupd.exe=>(NSIS o)=>lzma_solid_nsis0005
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\aupd.exe=>(NSIS o)=>lzma_solid_nsis0005
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\aupd.exe=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\aupd.exe=>(NSIS o)=>lzma_solid_nsis0006
Detected with: Adware.Fotomoto.Gen
C:\Documents and Settings\franck\Local Settings\Temp\aupd.exe=>(NSIS o)=>lzma_solid_nsis0006
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\aupd.exe=>(NSIS o)=>lzma_solid_nsis0006
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\aupd.exe=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\adw.exe=>(NSIS o)=>lzma_solid_nsis0005
Detected with: Adware.Fotomoto.Gen
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\adw.exe=>(NSIS o)=>lzma_solid_nsis0005
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\adw.exe=>(NSIS o)=>lzma_solid_nsis0005
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\adw.exe=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\adw.exe=>(NSIS o)=>lzma_solid_nsis0006
Detected with: Adware.Fotomoto.Gen
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\adw.exe=>(NSIS o)=>lzma_solid_nsis0006
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\adw.exe=>(NSIS o)=>lzma_solid_nsis0006
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\adw.exe=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\bann.exe=>(NSIS o)=>lzma_solid_nsis0004
Detected with: Adware.AdRotator.Gen
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\bann.exe=>(NSIS o)=>lzma_solid_nsis0004
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\bann.exe=>(NSIS o)=>lzma_solid_nsis0004
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\nsh8FC.tmp\bann.exe=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0008=>(NSIS o)=>lzma_solid_nsis0004
Detected with: Adware.AdRotator.Gen
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0008=>(NSIS o)=>lzma_solid_nsis0004
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0008=>(NSIS o)=>lzma_solid_nsis0004
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0008=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0005
Detected with: Adware.Fotomoto.Gen
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0005
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0005
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0006
Detected with: Adware.Fotomoto.Gen
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0006
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0006
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX03.281\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0008=>(NSIS o)=>lzma_solid_nsis0004
Detected with: Adware.AdRotator.Gen
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0008=>(NSIS o)=>lzma_solid_nsis0004
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0008=>(NSIS o)=>lzma_solid_nsis0004
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0008=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0005
Detected with: Adware.Fotomoto.Gen
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0005
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0005
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)
Update failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0006
Detected with: Adware.Fotomoto.Gen
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0006
Disinfection failed
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)=>lzma_solid_nsis0006
Deleted
C:\Documents and Settings\franck\Local Settings\Temp\Rar$EX09.593\setup.exe=>(NSIS o)=>bzip2_nsis0009=>(NSIS o)
Update failed
C:\Program Files\HPQ\Default Settings\CpqsetVer.exe
Infected with: Backdoor.Agent.AHJ
C:\Program Files\HPQ\Default Settings\CpqsetVer.exe
Deleted
C:\Program Files\webHancer\Programs\webhdll.dll.bak.bak
Detected with: Adware.Webhancer.BI
C:\Program Files\webHancer\Programs\webhdll.dll.bak.bak
Disinfection failed
C:\Program Files\webHancer\Programs\webhdll.dll.bak.bak
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP234\snapshot\MFEX-4.DAT
Detected with: Dialer.Generic.10254
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP234\snapshot\MFEX-4.DAT
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP234\snapshot\MFEX-4.DAT
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP234\snapshot\MFEX-5.DAT
Detected with: Adware.Webhancer.BI
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP234\snapshot\MFEX-5.DAT
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP234\snapshot\MFEX-5.DAT
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055987.exe
Detected with: Spyware.Webhancer.AE
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055987.exe
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055987.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055988.dll
Detected with: Adware.Webhancer.Y
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055988.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055988.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055989.exe
Detected with: Adware.Webhancer.BI
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055989.exe
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\A0055989.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\snapshot\MFEX-4.DAT
Detected with: Dialer.Generic.10254
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\snapshot\MFEX-4.DAT
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\snapshot\MFEX-4.DAT
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\snapshot\MFEX-5.DAT
Detected with: Adware.Webhancer.BI
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\snapshot\MFEX-5.DAT
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP235\snapshot\MFEX-5.DAT
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP236\A0056174.exe
Detected with: Adware.Backweb.N
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP236\A0056174.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP236\A0056179.exe
Detected with: Adware.Backweb.N
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP236\A0056179.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP236\A0056195.exe
Detected with: Adware.Backweb.N
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP236\A0056195.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP237\A0056343.dll
Detected with: Adware.Fotomoto.L
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP237\A0056343.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP243\A0060728.dll
Detected with: Adware.AdRotator.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP243\A0060728.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP243\A0060728.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP243\A0060729.exe=>(NSIS o)
Detected with: Adware.AdRotator.G
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP243\A0060729.exe=>(NSIS o)
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP243\A0060729.exe
Update failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP244\A0063752.dll
Detected with: Adware.Fotomoto.J
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP244\A0063752.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP244\A0063752.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP246\A0064681.dll
Detected with: Adware.Fotomoto.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP246\A0064681.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP246\A0064681.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0065734.dll
Detected with: Adware.Fotomoto.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0065734.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0065734.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0065735.exe=>(NSIS o)
Detected with: Adware.AdRotator.G
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0065735.exe=>(NSIS o)
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0065735.exe
Update failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0066638.dll
Detected with: Adware.AdRotator.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0066638.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP248\A0066638.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066754.dll
Detected with: Adware.Webhancer.BI
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066754.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066754.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066756.exe
Detected with: Spyware.Webhancer.AE
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066756.exe
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066756.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066759.dll
Detected with: Adware.Webhancer.Y
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066759.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066759.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066760.exe
Detected with: Adware.Webhancer.BI
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066760.exe
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP249\A0066760.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP250\A0067661.dll
Detected with: Adware.AdRotator.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP250\A0067661.dll
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP250\A0067661.dll
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP251\A0069668.exe
Infected with: Backdoor.Agent.AHJ
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP251\A0069668.exe
Deleted
C:\WINDOWS\oqxfhfka.exe
Detected with: Adware.Surfaccuracy.G
C:\WINDOWS\oqxfhfka.exe
Deleted
C:\WINDOWS\system32\nsn925.dll
Detected with: Adware.Fotomoto.Gen
C:\WINDOWS\system32\nsn925.dll
Disinfection failed
C:\WINDOWS\system32\nsn925.dll
Delete failed
C:\WINSOS_SPY\Programs\SPY_WINSOS_DETECTED.TXT
Detected with: Adware.Webhancer.Y
C:\WINSOS_SPY\Programs\SPY_WINSOS_DETECTED.TXT
Disinfection failed
C:\WINSOS_SPY\Programs\SPY_WINSOS_DETECTED.TXT
Deleted
et enfin le rapport de HijackThis V2.02:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:20, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsn925.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O4 - Global Startup: Ulead Acquire Fast.lnk = C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/NET/Import/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://photo.nrj.fr/Components/Upload/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
A voir également:
- Mon ordi rame enormément!!!
- Ordi qui rame - Guide
- Comment reinitialiser un ordi - Guide
- Mon ordi ne reconnait pas ma clé usb - Guide
- Ordi scrabble - Télécharger - Jeux vidéo
- Plus de son sur mon ordi - Guide
13 réponses
Bonjour,
Je te conseil de sauvegarder tes donnée et de réinstaller ton système d'exploitation.
simon
Je te conseil de sauvegarder tes donnée et de réinstaller ton système d'exploitation.
simon
Bonjour,
Y a mieux a faire que de tout reinstaller !
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau hijack this.
@+
Y a mieux a faire que de tout reinstaller !
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau hijack this.
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Alors voici le rapport de combofix:
ComboFix 08-02-21 - franck 2008-02-21 10:17:57.1 - NTFSx86
Endroit: C:\Documents and Settings\franck\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\nsn925.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))))))))
.
2008-02-20 22:31 . 2008-02-20 22:31 <REP> d-------- C:\Program Files\Trend Micro
2008-02-20 22:21 . 2008-02-21 10:04 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-02-20 22:20 . 2008-02-20 22:20 <REP> d-------- C:\WINDOWS\LastGood
2008-02-20 22:08 . 2008-02-20 22:08 <REP> d-------- C:\Documents and Settings\franck\Application Data\Grisoft
2008-02-20 22:07 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-20 22:06 . 2008-02-20 22:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-19 19:05 . 2008-02-19 19:08 <REP> d-------- C:\Program Files\DivX
2008-02-18 23:45 . 2008-02-19 12:30 <REP> d-------- C:\Program Files\StarOffice7
2008-02-18 23:40 . 2008-02-18 23:40 69,632 --a------ C:\WINDOWS\uinst001.exe
2008-02-18 23:29 . 1998-03-13 11:06 389,120 --a------ C:\WINDOWS\system32\Atx32.ocx
2008-02-18 23:29 . 2005-08-23 14:54 388,608 --a------ C:\WINDOWS\system32\3DABM8U.OCX
2008-02-18 23:29 . 1997-03-21 10:51 346,112 --a------ C:\WINDOWS\system32\PPRO100.DLL
2008-02-18 23:29 . 1997-10-24 16:19 78,336 --a------ C:\WINDOWS\system32\ATX32PIC.DLL
2008-02-18 23:29 . 1997-11-11 16:10 28,160 --a------ C:\WINDOWS\system32\ATX32OLE.DLL
2008-02-18 23:27 . 2008-02-18 23:29 <REP> d-------- C:\WebSite X1
2008-02-18 23:27 . 1997-07-19 17:00 604,432 --a------ C:\WINDOWS\system32\COMCTL32.OCX
2008-02-18 23:27 . 1997-03-21 15:05 154,528 --a------ C:\WINDOWS\system32\PPRO100.OCX
2008-02-18 23:26 . 1998-03-04 21:32 237,568 --a------ C:\WINDOWS\system32\CompPl32.dll
2008-02-18 23:26 . 2006-04-04 09:39 124,416 --a------ C:\WINDOWS\system32\ix1Setup.exe
2008-02-18 23:26 . 1997-11-05 20:03 90,624 --a------ C:\WINDOWS\system32\CPWCTL32.OCX
2008-02-18 23:26 . 1997-01-16 00:00 29,696 --a------ C:\WINDOWS\system32\VB5STKIT.DLL
2008-02-18 23:26 . 1997-01-16 13:42 6,114 --a------ C:\WINDOWS\system32\SHELLLNK.TLB
2008-02-18 23:19 . 2008-02-18 23:23 <REP> d-------- C:\Program Files\A4Desk
2008-02-18 23:04 . 2008-02-18 23:04 <REP> d-------- C:\WINDOWS\system32\PC Booster 5
2008-02-15 23:36 . 2008-02-15 23:46 <REP> d-------- C:\Documents and Settings\franck\Application Data\Dev-Cpp
2008-02-15 23:29 . 2008-02-15 23:45 <REP> d-------- C:\Dev-Cpp
2008-02-15 23:02 . 2008-02-15 23:04 <REP> d-------- C:\Program Files\Notepad++
2008-02-15 23:02 . 2008-02-15 23:06 <REP> d-------- C:\Documents and Settings\franck\Application Data\Notepad++
2008-01-23 23:50 . 2008-01-23 23:50 <REP> d-------- C:\Documents and Settings\franck\Application Data\PEX
2008-01-23 23:50 . 2008-01-29 14:30 <REP> d-------- C:\Documents and Settings\franck\Application Data\F-Secure
2008-01-23 23:35 . 2008-01-23 23:35 <REP> d-------- C:\Documents and Settings\franck\Application Data\ispnews
2008-01-23 22:25 . 2008-01-23 22:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-23 22:25 . 2005-11-18 16:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-23 22:25 . 2005-11-18 16:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-23 21:57 . 2008-01-23 21:57 118,842 -r------- C:\WINDOWS\bwUnin-6.3.3.61-7431218L.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 19:55 2,098 ----a-w C:\Documents and Settings\franck\Application Data\wklnhst.dat
2008-02-18 23:52 80,088 ----a-w C:\WINDOWS\system32\adssite-remove.exe
2008-02-18 23:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 20:14 --------- d-----w C:\Program Files\Java
2008-02-06 16:32 --------- d-----w C:\Program Files\Live Billiards
2008-01-28 15:23 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-28 15:23 --------- d-----w C:\Program Files\Windows Live
2008-01-23 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-20 23:05 --------- d-----w C:\Program Files\Google
2008-01-17 12:20 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-15 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-15 15:51 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-11 00:20 233,472 ----a-w C:\WINDOWS\system32\ILDA32.dll
2008-01-10 23:54 --------- d-----w C:\Documents and Settings\franck\Application Data\AchrafCherti
2008-01-10 23:52 --------- d-----w C:\Program Files\Jargon Informatique
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-07 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-12-27 18:22 --------- d-----w C:\Program Files\MSECache
2007-12-21 14:39 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-05-09 14:42 81,920 ----a-w C:\Documents and Settings\franck\Application Data\ezpinst.exe
2007-05-09 14:42 47,360 ----a-w C:\Documents and Settings\franck\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 11:06 196608]
"RocketDock"="C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 21:47 344064]
"Gadwin PrintScreen 3.1"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2005-09-27 01:18 1073152]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 14:10 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-21 21:05 344064]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 19:40 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 19:38 688218]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-11-05 13:52 233534]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 17:23 790528]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 11:31 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 11:24 217088]
"F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.exe" [2005-10-26 02:51 122929]
"F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-07-18 15:51 700416]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.exe" [2005-10-18 09:29 372736]
"News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" [2005-05-31 13:45 356352]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 09:00 15360]
C:\Documents and Settings\franck\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 21:47:48 344064]
wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-11 19:54:26 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Ulead Acquire Fast.lnk - C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE [2005-08-18 11:57:21 16896]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Scanner Detector.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Scanner Detector.lnk
backup=C:\WINDOWS\pss\Scanner Detector.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 3.1]
--a------ 2005-09-27 01:18 1073152 C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-09-07 11:55 1871872 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-16 14:10 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys [2008-02-15 22:39]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-06-10 15:59]
S0 SMPLSCSI;SMPLSCSI;C:\WINDOWS\system32\drivers\SMPLSCSI.SYS []
S2 BackWeb Plug-in - 7431218;Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE [2008-01-23 21:58]
S2 ONSIO;ONSIO;C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS []
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-21 00:03:48 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 10:25:43
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????8?6?3?7??????? ?,?B?????????????hLC? ??????
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-21 10:28:41
ComboFix-quarantined-files.txt 2008-02-21 09:28:28
.
2008-02-20 19:04:15 --- E O F ---
Et voici celui de hijackthis aprés le scan de combofix:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:47, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O4 - Global Startup: Ulead Acquire Fast.lnk = C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/NET/Import/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://photo.nrj.fr/Components/Upload/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
ComboFix 08-02-21 - franck 2008-02-21 10:17:57.1 - NTFSx86
Endroit: C:\Documents and Settings\franck\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\nsn925.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))))))))
.
2008-02-20 22:31 . 2008-02-20 22:31 <REP> d-------- C:\Program Files\Trend Micro
2008-02-20 22:21 . 2008-02-21 10:04 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-02-20 22:20 . 2008-02-20 22:20 <REP> d-------- C:\WINDOWS\LastGood
2008-02-20 22:08 . 2008-02-20 22:08 <REP> d-------- C:\Documents and Settings\franck\Application Data\Grisoft
2008-02-20 22:07 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-20 22:06 . 2008-02-20 22:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-19 19:05 . 2008-02-19 19:08 <REP> d-------- C:\Program Files\DivX
2008-02-18 23:45 . 2008-02-19 12:30 <REP> d-------- C:\Program Files\StarOffice7
2008-02-18 23:40 . 2008-02-18 23:40 69,632 --a------ C:\WINDOWS\uinst001.exe
2008-02-18 23:29 . 1998-03-13 11:06 389,120 --a------ C:\WINDOWS\system32\Atx32.ocx
2008-02-18 23:29 . 2005-08-23 14:54 388,608 --a------ C:\WINDOWS\system32\3DABM8U.OCX
2008-02-18 23:29 . 1997-03-21 10:51 346,112 --a------ C:\WINDOWS\system32\PPRO100.DLL
2008-02-18 23:29 . 1997-10-24 16:19 78,336 --a------ C:\WINDOWS\system32\ATX32PIC.DLL
2008-02-18 23:29 . 1997-11-11 16:10 28,160 --a------ C:\WINDOWS\system32\ATX32OLE.DLL
2008-02-18 23:27 . 2008-02-18 23:29 <REP> d-------- C:\WebSite X1
2008-02-18 23:27 . 1997-07-19 17:00 604,432 --a------ C:\WINDOWS\system32\COMCTL32.OCX
2008-02-18 23:27 . 1997-03-21 15:05 154,528 --a------ C:\WINDOWS\system32\PPRO100.OCX
2008-02-18 23:26 . 1998-03-04 21:32 237,568 --a------ C:\WINDOWS\system32\CompPl32.dll
2008-02-18 23:26 . 2006-04-04 09:39 124,416 --a------ C:\WINDOWS\system32\ix1Setup.exe
2008-02-18 23:26 . 1997-11-05 20:03 90,624 --a------ C:\WINDOWS\system32\CPWCTL32.OCX
2008-02-18 23:26 . 1997-01-16 00:00 29,696 --a------ C:\WINDOWS\system32\VB5STKIT.DLL
2008-02-18 23:26 . 1997-01-16 13:42 6,114 --a------ C:\WINDOWS\system32\SHELLLNK.TLB
2008-02-18 23:19 . 2008-02-18 23:23 <REP> d-------- C:\Program Files\A4Desk
2008-02-18 23:04 . 2008-02-18 23:04 <REP> d-------- C:\WINDOWS\system32\PC Booster 5
2008-02-15 23:36 . 2008-02-15 23:46 <REP> d-------- C:\Documents and Settings\franck\Application Data\Dev-Cpp
2008-02-15 23:29 . 2008-02-15 23:45 <REP> d-------- C:\Dev-Cpp
2008-02-15 23:02 . 2008-02-15 23:04 <REP> d-------- C:\Program Files\Notepad++
2008-02-15 23:02 . 2008-02-15 23:06 <REP> d-------- C:\Documents and Settings\franck\Application Data\Notepad++
2008-01-23 23:50 . 2008-01-23 23:50 <REP> d-------- C:\Documents and Settings\franck\Application Data\PEX
2008-01-23 23:50 . 2008-01-29 14:30 <REP> d-------- C:\Documents and Settings\franck\Application Data\F-Secure
2008-01-23 23:35 . 2008-01-23 23:35 <REP> d-------- C:\Documents and Settings\franck\Application Data\ispnews
2008-01-23 22:25 . 2008-01-23 22:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-23 22:25 . 2005-11-18 16:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-23 22:25 . 2005-11-18 16:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-23 21:57 . 2008-01-23 21:57 118,842 -r------- C:\WINDOWS\bwUnin-6.3.3.61-7431218L.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 19:55 2,098 ----a-w C:\Documents and Settings\franck\Application Data\wklnhst.dat
2008-02-18 23:52 80,088 ----a-w C:\WINDOWS\system32\adssite-remove.exe
2008-02-18 23:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 20:14 --------- d-----w C:\Program Files\Java
2008-02-06 16:32 --------- d-----w C:\Program Files\Live Billiards
2008-01-28 15:23 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-28 15:23 --------- d-----w C:\Program Files\Windows Live
2008-01-23 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-20 23:05 --------- d-----w C:\Program Files\Google
2008-01-17 12:20 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-15 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-15 15:51 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-11 00:20 233,472 ----a-w C:\WINDOWS\system32\ILDA32.dll
2008-01-10 23:54 --------- d-----w C:\Documents and Settings\franck\Application Data\AchrafCherti
2008-01-10 23:52 --------- d-----w C:\Program Files\Jargon Informatique
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-07 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-12-27 18:22 --------- d-----w C:\Program Files\MSECache
2007-12-21 14:39 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-05-09 14:42 81,920 ----a-w C:\Documents and Settings\franck\Application Data\ezpinst.exe
2007-05-09 14:42 47,360 ----a-w C:\Documents and Settings\franck\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 11:06 196608]
"RocketDock"="C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 21:47 344064]
"Gadwin PrintScreen 3.1"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2005-09-27 01:18 1073152]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 14:10 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-21 21:05 344064]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 19:40 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 19:38 688218]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-11-05 13:52 233534]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 17:23 790528]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 11:31 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 11:24 217088]
"F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.exe" [2005-10-26 02:51 122929]
"F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-07-18 15:51 700416]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.exe" [2005-10-18 09:29 372736]
"News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" [2005-05-31 13:45 356352]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 09:00 15360]
C:\Documents and Settings\franck\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 21:47:48 344064]
wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-11 19:54:26 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Ulead Acquire Fast.lnk - C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE [2005-08-18 11:57:21 16896]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Scanner Detector.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Scanner Detector.lnk
backup=C:\WINDOWS\pss\Scanner Detector.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 3.1]
--a------ 2005-09-27 01:18 1073152 C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-09-07 11:55 1871872 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-16 14:10 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys [2008-02-15 22:39]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-06-10 15:59]
S0 SMPLSCSI;SMPLSCSI;C:\WINDOWS\system32\drivers\SMPLSCSI.SYS []
S2 BackWeb Plug-in - 7431218;Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE [2008-01-23 21:58]
S2 ONSIO;ONSIO;C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS []
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-21 00:03:48 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 10:25:43
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????8?6?3?7??????? ?,?B?????????????hLC? ??????
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-21 10:28:41
ComboFix-quarantined-files.txt 2008-02-21 09:28:28
.
2008-02-20 19:04:15 --- E O F ---
Et voici celui de hijackthis aprés le scan de combofix:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:47, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O4 - Global Startup: Ulead Acquire Fast.lnk = C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/NET/Import/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://photo.nrj.fr/Components/Upload/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
re,
Vide tes fichiers temporaires avec ceci:
->Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
->aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
click sur option et décoche la case devant : delete prefect files
vide le manuellement :
:: Le contenu du dossier prefetch ::
* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini
* Ne pas oublier de vider la corbeille !
Ne redemarre pas le pc meme si il t´y invite
Copie le texte ci-dessous :
File::
C:\WINDOWS\system32\WhoisCL.exe
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS
Driver::
ONSIO
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, redemarre quand même et post les rapports demandés
tu utilises ? :
C:\Program Files\Notepad++
C:\Documents and Settings\franck\Application Data\PEX
@+
Vide tes fichiers temporaires avec ceci:
->Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
->aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
click sur option et décoche la case devant : delete prefect files
vide le manuellement :
:: Le contenu du dossier prefetch ::
* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini
* Ne pas oublier de vider la corbeille !
Ne redemarre pas le pc meme si il t´y invite
Copie le texte ci-dessous :
File::
C:\WINDOWS\system32\WhoisCL.exe
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS
Driver::
ONSIO
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, redemarre quand même et post les rapports demandés
tu utilises ? :
C:\Program Files\Notepad++
C:\Documents and Settings\franck\Application Data\PEX
@+
Alors après passage de cleanup, un message apparait comme quoi le systeme va etre perturbé suite a des composants manquants. et combo impossible de le lancer avec le dossier creer.
Mais pourtant aprés avoir tout redemarrer mon ordi fonctionne correctement :s
Mais pourtant aprés avoir tout redemarrer mon ordi fonctionne correctement :s
Salut,
tu n´arrives toujours pas a faire ceci ?
Copie le texte ci-dessous :
File::
C:\WINDOWS\system32\WhoisCL.exe
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS
Driver::
ONSIO
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, redemarre quand même et post les rapports demandés
@+
tu n´arrives toujours pas a faire ceci ?
Copie le texte ci-dessous :
File::
C:\WINDOWS\system32\WhoisCL.exe
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS
Driver::
ONSIO
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, redemarre quand même et post les rapports demandés
@+
