g!rly Résolu

Question

voila je t'attends

cynthia92 · Answer

Search Navipromo version 3.5.0 commencé le 2008-03-20 à 13:12:16.03

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13 
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Dimitri\applic~1" *** 



*** Recherche dossiers dans "C:\Documents and Settings\Dimitri\locals~1\applic~1" *** 



*** Recherche dossiers dans "C:\Documents and Settings\Dimitri\housec~1.6\menudm~1" *** 


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Dimitri\locals~1\applic~1" * 



*** Recherche fichiers *** 




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\Dimitri\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\xbeeg.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 2008-03-20 à 13:17:42.35 ***

g!rly · Answer

ok cynthia92,

passe ceci :

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

et repost un log hijackthis , 

Télécharge HijackThis ici : 

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif 

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...

@+

cynthia92 · Answer

Le scan est terminé mais par contre je ne vois pas ou il faut cliquer sur remove vundo!!??

g!rly · Answer

normalement le bouton est sur la console du logiciel...
post le rapport C:\vundofix.txt
puis post un hijack this egalement
@+

cynthia92 · Answer

franchement je vois rien il me met 5 noms de fichiers se terminant tous par .dll ; .ini et .ini2

cynthia92 · Answer

il me met Done Scanning ; Scan for Vundo et Fix Vundo et le nom des fichiers mais rien d'autre...

cynthia92 · Answer

VundoFix V7.0.3

Scan started at 13:34:12 2008-03-20

Listing files found while scanning....

C:\windows\system32\geebx.dll
C:\WINDOWS\system32\pegaocuu.dll
C:\WINDOWS\system32\uucoagep.ini
C:\windows\system32\xbeeg.ini
C:\windows\system32\xbeeg.ini2

cynthia92 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17, on 2008-03-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\PROGRA~1\ANTIVI~1\ANTI-S~2\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Documents and Settings\Dimitri\Bureau\VundoFix.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [WOOTASKBARICON] "C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [0422ea34] rundll32.exe "C:\WINDOWS\system32\pegaocuu.dll",b
O4 - HKLM\..\Run: [BM0711d9a8] Rundll32.exe "C:\WINDOWS\system32\xcmvpliu.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - 
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - 
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - 
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - 
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - 
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) - 
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - 
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

g!rly · Answer

ok 

passe ceci :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe     

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau rapport hijack this.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+

ps : je m´absente un moment je reviendrais...

cynthia92 · Answer

je laisse VundoFix V7.0.3 ouvert ou je le ferme??? parce que jusqu'a maintenant rien de ce que tu as dit ne c'est passé.... :(

g!rly · Answer

ferme le

passe combofix

cynthia92 · Answer

Voilàààà! prochaine étape????

cynthia92 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:24, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~2\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14FC5586-AB0F-4CE4-A9F9-437550DE3D9E} - (no file)
O2 - BHO: (no name) - {2992a5d1-4707-403f-804e-c17d3cfa0a0d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6AA3809C-6261-456F-8FCA-43FE39ADC5E9} - (no file)
O2 - BHO: (no name) - {6D885BBC-C8E1-4989-BB9A-3A67D3B2556C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {ACFAD8F3-7F4C-4EA0-B397-7D5B188302E2} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [WOOTASKBARICON] "C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - 
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - 
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - 
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - 
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - 
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) - 
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - 
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: hggeffc - hggeffc.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

jlpjlp · Answer

slt g!rly etant actuellement non dispo je vais avancer a sa demande ton post

____________


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {14FC5586-AB0F-4CE4-A9F9-437550DE3D9E} - (no file)
O2 - BHO: (no name) - {2992a5d1-4707-403f-804e-c17d3cfa0a0d} - (no file)

O2 - BHO: (no name) - {6AA3809C-6261-456F-8FCA-43FE39ADC5E9} - (no file)
O2 - BHO: (no name) - {6D885BBC-C8E1-4989-BB9A-3A67D3B2556C} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {ACFAD8F3-7F4C-4EA0-B397-7D5B188302E2} - (no file)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

O20 - Winlogon Notify: hggeffc - hggeffc.dll (file missing) 
_____________

mets a jour java : DEMARRER puis PANNEAU DE CONFIGURATION puis JAVA puis MISE A JOUR
______________

peux tu me coller le rapport combofix qui t'a été demandé
ainsi qu'un nouveau hijakchits
_________

cynthia92 · Answer

Ok merci je vais le faire mais comme je l'ai dis a g!rly dès que j'éssaye de poster le rapport de combofix ça me met que je l'ai bien posté et quand je regarde il n'y est pas! Est-ce parce qu'il est trop long???

jlpjlp · Answer

refais un rapport et colle le nouveau rapport, il devrait être moins long et contenir dans un post

cynthia92 · Answer

refaire un nouveau rapport veut dire tout refaire non?

cynthia92 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:40:32, on 21/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~2\fsaw.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [WOOTASKBARICON] "C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - 
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - 
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - 
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

cynthia92 · Answer

ComboFix 08-03-18.1 - Dimitri 2008-03-20 14:35:26.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.208 [GMT 1:00]
Endroit: C:\Documents and Settings\Dimitri\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM0711d9a8.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\fcviygsr.dll
C:\WINDOWS\system32\fdxemoxa.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\pegaocuu.dll
C:\WINDOWS\system32\quvegcsx.dll
C:\WINDOWS\system32\tcxkvovu.dll
C:\WINDOWS\system32\uucoagep.ini
C:\WINDOWS\system32\vunulrvl.dll
C:\WINDOWS\system32\xbeeg.ini
C:\WINDOWS\system32\xbeeg.ini2
C:\WINDOWS\system32\xcmvpliu.dll
C:\WINDOWS\system32\xjoeordy.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))))))))
.

2008-03-20 13:34 . 2008-03-20 13:59 <REP> d-------- C:\VundoFix Backups
2008-03-19 17:14 . 2008-03-19 17:14 <REP> d-------- C:\Program Files\Red Kawa
2008-03-19 17:14 . 2008-03-19 17:14 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-03-19 15:35 . 2008-03-20 13:18 <REP> d-------- C:\Program Files\Navilog1
2008-03-19 11:57 . 2008-03-20 12:31 <REP> d-------- C:\Program Files\Panda Security
2008-03-18 16:42 . 2008-03-20 12:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-18 16:42 . 2008-03-18 16:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-18 15:44 . 2008-03-18 15:44 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-18 15:06 . 2008-03-18 15:10 <REP> d-------- C:\MSNFix
2008-03-18 14:15 . 2008-03-19 10:53 654 ---hs---- C:\WINDOWS\system32\htjxyioy.ini
2008-03-17 21:37 . 2008-03-17 21:37 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-03-17 21:37 . 2008-03-17 21:37 3,120 --a------ C:\WINDOWS\118294.78
2008-03-17 21:36 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-03-17 21:36 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-03-17 21:36 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-03-17 21:34 . 2008-03-17 21:34 17,657,512 --a------ C:\Program Files\Defenza.exe
2008-03-17 21:25 . 2006-11-22 11:35 42,496 --a------ C:\WINDOWS\system32\AdvUninstCPL.cpl
2008-03-17 15:22 . 2008-03-17 15:22 <REP> d-------- C:\Documents and Settings\Dimitri\Application Data\Grisoft
2008-03-17 15:16 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-17 14:18 . 2008-03-17 14:25 894 ---hs---- C:\WINDOWS\system32\gqjbctso.ini
2008-03-17 13:22 . 2008-03-17 13:22 <REP> d-------- C:\Program Files\Lavasoft
2008-03-17 12:31 . 2008-03-17 12:25 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-17 12:31 . 2008-03-17 12:31 2,550 --a------ C:\WINDOWS\unins000.dat
2008-03-16 16:06 . 2008-03-16 16:06 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-15 23:26 . 2008-03-17 13:59 834 ---hs---- C:\WINDOWS\system32\mfjhaxxx.ini
2008-03-15 23:24 . 2008-03-15 23:24 63 --a------ C:\WINDOWS\system32\[u]0[/u]422f8ba
2008-03-15 23:18 . 2007-11-19 14:25 3,829,382 --a------ C:\WINDOWS\winavi_ipod_video_converter.exe
2008-03-15 22:13 . 2008-03-15 22:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2008-03-15 21:00 . 2008-03-15 21:00 <REP> d-------- C:\Program Files\iTunes
2008-03-15 21:00 . 2008-03-15 21:00 <REP> d-------- C:\Program Files\iPod
2008-03-15 20:56 . 2008-03-15 20:59 <REP> d-------- C:\Program Files\QuickTime
2008-03-15 20:56 . 2008-03-15 21:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-15 19:39 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-03-15 19:26 . 2008-03-15 19:26 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-15 19:26 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-15 19:09 . 2008-03-15 19:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-15 19:08 . 2008-03-15 19:08 <REP> d-------- C:\Program Files\Security Task Manager
2008-03-15 19:08 . 2008-03-15 22:12 <REP> d-------- C:\Program Files\Innovative Solutions
2008-03-15 13:39 . 2008-03-15 13:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-11 20:57 . 2008-03-11 20:57 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-03-02 20:20 . 2008-03-20 12:33 <REP> d-------- C:\Program Files\Tweak-XP Pro 4
2008-03-02 20:19 . 2008-03-02 20:20 6,376,978 --a------ C:\Program Files\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe
2008-03-01 18:51 . 2008-03-01 18:51 2,733,520 --a------ C:\Program Files\ccsetup205.exe
2008-03-01 18:50 . 2008-03-01 18:50 1,523,040 --a------ C:\Program Files\install_flash_player_active_x.exe
2008-03-01 18:34 . 2008-03-01 18:36 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2008-02-24 20:20 . 2008-02-24 20:21 21,364,592 --a------ C:\Program Files\Lavasoft_Adaware2007_fr.exe
2008-02-24 19:56 . 2008-03-17 12:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-24 19:36 . 2008-02-24 19:45 7,467,056 --a------ C:\Program Files\spybotsd15.exe
2008-02-23 21:06 . 2008-02-23 22:48 42,609,040 --a------ C:\Program Files\zaZA_Setup_fr.exe
2008-02-23 20:53 . 2008-02-23 20:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-02-23 20:53 . 2005-11-18 16:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-02-23 20:53 . 2005-11-18 16:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-02-23 20:50 . 2008-02-23 20:50 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-02-23 20:43 . 2008-02-23 20:46 <REP> d-------- C:\Program Files\VirtualDJ
2008-02-23 13:24 . 2008-02-23 13:24 <REP> d-------- C:\Program Files\VideoLAN
2008-02-23 13:24 . 2008-03-18 13:41 <REP> d-------- C:\Program Files\Trend Micro
2008-02-23 13:24 . 2008-02-23 13:24 <REP> d-------- C:\Program Files\MSXML 4.0
2008-02-23 13:24 . 2008-02-23 13:24 <REP> d-------- C:\Documents and Settings\Dimitri\Application Data\TransRender
2008-02-23 13:06 . 2008-02-23 13:06 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-02-22 20:15 . 2008-02-23 13:24 <REP> d-------- C:\Program Files\Xfire
2008-02-21 18:21 . 2008-02-23 13:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure(2)
2008-02-20 21:34 . 2008-03-15 21:15 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-20 17:25 . 2008-02-20 17:26 336,752 --a------ C:\Program Files\BootVis-Tool.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 11:45 --------- d-----w C:\Program Files\Wanadoo
2008-03-20 11:36 --------- d-----w C:\Program Files\a-squared Free
2008-03-20 11:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 12:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-17 11:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-15 20:00 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\Apple Computer
2008-03-15 19:44 59,163,944 -c--a-w C:\Program Files\iTunesSetup.exe
2008-03-15 18:26 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-15 18:08 --------- d-----w C:\Program Files\DivX
2008-03-15 18:02 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-12 17:44 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\Temporary
2008-03-05 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-02-28 20:12 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-02-28 20:11 81,984 -c--a-w C:\WINDOWS\system32\bdod.bin
2008-02-24 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-24 19:12 --------- d-----w C:\Program Files\Google
2008-02-23 19:53 --------- d-----w C:\Program Files\AntivirusFirewall
2008-02-23 18:05 --------- d-----w C:\Program Files\Blaero Start Orb
2008-02-23 12:25 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-23 12:25 --------- d-----w C:\Program Files\Windows Desktop Search
2008-02-23 12:25 --------- d-----w C:\Program Files\Update
2008-02-23 12:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-23 12:24 --------- d-----w C:\Program Files\MAIET
2008-02-23 12:24 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\Screenshot Sender
2008-02-23 12:24 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\OfficeUpdate12
2008-02-23 12:24 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\F-Secure
2008-02-23 12:24 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\DivX
2008-02-22 17:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-22 17:35 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-20 17:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-20 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-02-17 15:35 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\TuneUp Software
2008-02-17 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-14 18:58 1,719 ----a-w C:\Program Files\sg_backup_2008-02-14-1958.spg
2008-02-14 18:52 610,304 ----a-w C:\Program Files\TCPOptimizer.exe
2008-02-12 12:23 22,654,883 ----a-w C:\Program Files\VistaMizer_2.2.1.0.exe
2008-02-12 12:10 6,956,145 ----a-w C:\Program Files\vista-icons.rar
2008-02-12 11:31 14,771,744 ----a-w C:\Program Files\IE7-WindowsXP-x86-fra.exe
2008-02-11 16:43 3,178,874 ----a-w C:\Program Files\VISTA-Ultimate-0.2.0(www.MsnTrucAstuce.fr).zip
2008-01-22 19:35 --------- d-----w C:\Program Files\Bonjour
2008-01-14 12:05 2,402,832 -c--a-w C:\Program Files\WLinstaller.exe
2008-01-14 12:03 262,544 -c--a-w C:\Program Files\emoticones.exe
2008-01-09 11:18 524,288 -c--a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-09 11:18 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 11:18 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-09 11:18 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-01-09 11:16 823,296 -c--a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-09 11:16 823,296 -c--a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-09 11:16 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll
2008-01-09 11:16 802,816 -c--a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-09 11:16 682,496 -c--a-w C:\WINDOWS\system32\DivX.dll
2008-01-09 11:16 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-01-08 19:23 2,323,086 -c--a-w C:\Program Files\iPod2PC_Setup.exe
2007-12-09 11:45 6,532,272 -c--a-w C:\Program Files\Firefox Setup 3.0 Beta 1.exe
2007-12-06 16:45 12,413,440 -c--a-w C:\Program Files\avgas-setup-7.5.1.43.exe
2007-12-02 19:28 920,378 -c--a-w C:\Program Files\General-CleanTool.zip
2007-12-02 13:18 6,626,032 -c--a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe
2007-12-02 11:46 5,843,256 -c--a-w C:\Program Files\Firefox Setup 2.0.0.11.exe
2007-12-02 10:21 6,575,800 -c--a-w C:\Program Files\Sunbelt-Personal-Firewall.exe
2007-12-01 18:48 17,521,856 -c--a-w C:\Program Files\setupfre.exe
2007-12-01 18:28 16,309,944 -c--a-w C:\Program Files\setupeng.exe
2007-12-01 18:21 2,724,328 ----a-w C:\Program Files\ccsetup203.exe
2007-12-01 18:12 210,416 -c--a-w C:\Program Files\zaSetup_fr.exe
2007-12-01 18:10 1,144,839 -c--a-w C:\Program Files\stng260.exe
2007-11-29 18:37 1,579,360 -c--a-w C:\Program Files\taskmanager17.exe
2007-11-06 18:56 19,135,776 -c--a-w C:\Program Files\a2FreeSetup.exe
2007-11-03 21:11 17,769,608 -c--a-w C:\Program Files\setupfrepro.exe
2007-10-27 14:29 11,753,013 -c--a-w C:\Program Files\OODefrag_FRA.exe
2007-10-24 08:36 3,199,998 ----a-w C:\Program Files\trialsetup.exe
2007-09-28 09:07 22,103,392 -c--a-w C:\Program Files\bitdefender_free_v10.exe
2007-09-20 14:08 2,977,522 -c--a-w C:\Program Files\FA-124_FR.exe
2007-09-14 13:00 3,378,248 -c--a-w C:\Program Files\LimeWireWin.exe
2007-09-13 17:57 13,410,816 -c--a-w C:\Program Files\Google_Earth_BZXD.exe
2007-09-13 15:53 690,272 -c--a-w C:\Program Files\Dacty5SU.exe
2007-09-07 17:41 2,693,578 -c--a-w C:\Program Files\BitComet_0.67_setup.exe
2007-08-30 14:02 4,670,227 -c--a-w C:\Program Files\PC Booster_fr.exe
2007-08-03 09:49 9,483,616 -c--a-w C:\Program Files\winzip111.exe
2007-05-29 14:22 1,510,059 -c--a-w C:\Program Files\diskdefrag_install.exe
2007-05-23 19:46 830,223 -c--a-w C:\Program Files\msnreaper-1.3.exe
2007-05-22 13:51 1,104,734 -c--a-w C:\Program Files\dvdshrink_3.2.0.16_fr.zip
2007-05-22 13:47 6,705,152 -c--a-w C:\Program Files\winzip111fr.msi
2007-03-09 10:47 5,205,504 -c--a-w C:\Program Files\WindowsDefender.msi
2007-02-26 23:14 408 -c--a-w C:\Documents and Settings\Dimitri\Application Data\wklnhst.dat
2007-02-20 15:43 17,929,072 -c--a-w C:\Program Files\Install_Messenger.exe
2007-02-15 10:36 57,273,968 -c--a-w C:\Program Files\20070112093709031_Samsung_PC_Studio.exe
2007-01-20 19:28 4,688,168 ----a-w C:\Program Files\WindowsDesktopSearch-KB917013-XP-x86-fra.exe
2007-01-12 11:40 346,666,032 -c--a-w C:\Program Files\X12-30105.exe
2007-01-11 14:07 58,032,562 -c--a-w C:\Program Files\Samsung_PC_Studio_311_FKB.exe
2007-01-04 21:32 22,845,992 -c--a-w C:\Program Files\AdbeRdr80_fr_FR.exe
2007-01-04 21:25 867,424 -c--a-w C:\Program Files\GoogleToolbarInstaller_ADBx_fr_401019_signed.exe
2007-01-04 21:00 62,482,427 -c--a-w C:\Program Files\install_avfw412_or.exe
2007-01-04 20:45 7,020,185 -c--a-w C:\Program Files\Gestionnaire_internetLB.exe
2007-01-03 12:25 16,179,264 -c--a-w C:\Program Files\DivXPlay.exe

cynthia92 · Answer

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Advanced Uninstaller PRO Installation Monitor"="C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe" [2007-10-31 12:13 1239952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-08 11:05 729178]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 02:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 15:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 09:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 13:45 356352]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\hggeffc]
hggeffc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2007-03-01 14:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a--c--- 2004-08-23 14:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--a--c--- 2004-08-23 14:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"C:\Program Files\Windows Live\Messenger\livecall.exe"=
"C:\Program Files\Bonjour\mDNSResponder.exe"=
"C:\Program Files\LimeWire\LimeWire.exe"=
"C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"=
"C:\Program Files\iTunes\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16087:TCP"= 16087:TCP:BitComet 16087 TCP
"16087:UDP"= 16087:UDP:BitComet 16087 UDP

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-02-23 20:51]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-03-20 13:21]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-09-21 11:24]
S2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 13:00]
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 21:50]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-15 19:26]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-17 15:35:45 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-03-15 14:41:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-20 08:47:34 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1eport.txt 
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 14:41:57
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès 
Les fichiers cachés: 0 

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-20 14:45:16 - machine was rebooted [Dimitri]
ComboFix-quarantined-files.txt  2008-03-20 13:45:10
.
2008-03-16 15:07:32	--- E O F ---

jlpjlp · Answer

analyse sur virus total ces fichiers et dis moi si inféctés:         https://www.virustotal.com/gui/

C:\WINDOWS\system32\htjxyioy.ini
C:\WINDOWS\system32\gqjbctso.ini
C:\WINDOWS\system32\mfjhaxxx.ini
C:\WINDOWS\system32\d3d9caps.dat

________________



puis refais un nouveau combofix car la tu m'as collé un d'hier et il est incomplet

jlpjlp · Answer

up

cynthia92 · Answer

donc je recommence le processus de combofix? si oui avant ou après avoir analyser sur virustotal.fr??

jlpjlp · Answer

fais d'abords virus total

cynthia92 · Answer

ok j'ai compris.

cynthia92 · Answer

Résultat: C:\WINDOWS\system32\htjxyioy.ini     0/32(0%)


            C:\WINDOWS\system32\gqjbctso.ini     0/32(0%)


           C:\WINDOWS\system32\mfjhaxxx.ini      0/32(0%)


           C:\WINDOWS\system32\d3d9caps.dat    0/32(0%)

jlpjlp · Answer

ok recolle un combofix et dis si encore des soucis

cynthia92 · Answer

Voila, je vais commencer combo donc je me déconnecte et je pense que je serai de retour dans 15min. environ!

jlpjlp · Answer

ok

cynthia92 · Answer

Pour l'instant depuis le combofix d'hier rien a signaler, mon pc a l'air normal.
Je recommence un combofix ou non?

jlpjlp · Answer

oui pour être sûr

cynthia92 · Answer

ComboFix 08-03-18.1 - Dimitri 2008-03-21 10:24:17.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.189 [GMT 1:00] Endroit: C:\Documents and Settings\Dimitri\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))))))) . 2008-03-20 13:34 . 2008-03-20 13:59 d-------- C:\VundoFix Backups 2008-03-19 17:14 . 2008-03-19 17:14 d-------- C:\Program Files\Red Kawa 2008-03-19 17:14 . 2008-03-19 17:14 d-------- C:\Program Files\AviSynth 2.5 2008-03-19 15:35 . 2008-03-20 13:18 d-------- C:\Program Files\Navilog1 2008-03-19 11:57 . 2008-03-20 12:31 d-------- C:\Program Files\Panda Security 2008-03-18 16:42 . 2008-03-21 09:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-18 16:42 . 2008-03-18 16:42 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-18 15:44 . 2008-03-18 15:44 d-------- C:\WINDOWS\ERUNT 2008-03-18 15:06 . 2008-03-18 15:10 d-------- C:\MSNFix 2008-03-18 14:15 . 2008-03-19 10:53 654 ---hs---- C:\WINDOWS\system32\htjxyioy.ini 2008-03-17 21:37 . 2008-03-17 21:37 3,120 --a------ C:\WINDOWS\system32\118290.54 2008-03-17 21:37 . 2008-03-17 21:37 3,120 --a------ C:\WINDOWS\118294.78 2008-03-17 21:36 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe 2008-03-17 21:36 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys 2008-03-17 21:36 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys 2008-03-17 21:34 . 2008-03-17 21:34 17,657,512 --a------ C:\Program Files\Defenza.exe 2008-03-17 21:25 . 2006-11-22 11:35 42,496 --a------ C:\WINDOWS\system32\AdvUninstCPL.cpl 2008-03-17 15:22 . 2008-03-17 15:22 d-------- C:\Documents and Settings\Dimitri\Application Data\Grisoft 2008-03-17 15:16 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-17 14:18 . 2008-03-17 14:25 894 ---hs---- C:\WINDOWS\system32\gqjbctso.ini 2008-03-17 13:22 . 2008-03-17 13:22 d-------- C:\Program Files\Lavasoft 2008-03-17 12:31 . 2008-03-17 12:25 691,545 --a------ C:\WINDOWS\unins000.exe 2008-03-17 12:31 . 2008-03-17 12:31 2,550 --a------ C:\WINDOWS\unins000.dat 2008-03-16 16:06 . 2008-03-16 16:06 127 --a------ C:\WINDOWS\system32\MRT.INI 2008-03-15 23:26 . 2008-03-17 13:59 834 ---hs---- C:\WINDOWS\system32\mfjhaxxx.ini 2008-03-15 23:24 . 2008-03-15 23:24 63 --a------ C:\WINDOWS\system32\[u]0[/u]422f8ba 2008-03-15 23:18 . 2007-11-19 14:25 3,829,382 --a------ C:\WINDOWS\winavi_ipod_video_converter.exe 2008-03-15 22:13 . 2008-03-15 22:13 d-------- C:\Documents and Settings\All Users\Application Data\Innovative Solutions 2008-03-15 21:00 . 2008-03-15 21:00 d-------- C:\Program Files\iTunes 2008-03-15 21:00 . 2008-03-15 21:00 d-------- C:\Program Files\iPod 2008-03-15 20:56 . 2008-03-15 20:59 d-------- C:\Program Files\QuickTime 2008-03-15 20:56 . 2008-03-15 21:00 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-15 19:39 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys 2008-03-15 19:26 . 2008-03-15 19:26 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-03-15 19:26 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-03-15 19:09 . 2008-03-15 19:09 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-03-15 19:08 . 2008-03-15 19:08 d-------- C:\Program Files\Security Task Manager 2008-03-15 19:08 . 2008-03-15 22:12 d-------- C:\Program Files\Innovative Solutions 2008-03-15 13:39 . 2008-03-15 13:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-03-11 20:57 . 2008-03-11 20:57 d-------- C:\Program Files\Fichiers communs\Apple 2008-03-02 20:20 . 2008-03-20 12:33 d-------- C:\Program Files\Tweak-XP Pro 4 2008-03-02 20:19 . 2008-03-02 20:20 6,376,978 --a------ C:\Program Files\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe 2008-03-01 18:51 . 2008-03-01 18:51 2,733,520 --a------ C:\Program Files\ccsetup205.exe 2008-03-01 18:50 . 2008-03-01 18:50 1,523,040 --a------ C:\Program Files\install_flash_player_active_x.exe 2008-03-01 18:34 . 2008-03-01 18:36 d-------- C:\Program Files\PhotoFiltre Studio 2008-02-24 20:20 . 2008-02-24 20:21 21,364,592 --a------ C:\Program Files\Lavasoft_Adaware2007_fr.exe 2008-02-24 19:56 . 2008-03-17 12:38 d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-24 19:36 . 2008-02-24 19:45 7,467,056 --a------ C:\Program Files\spybotsd15.exe 2008-02-23 21:06 . 2008-02-23 22:48 42,609,040 --a------ C:\Program Files\zaZA_Setup_fr.exe 2008-02-23 20:53 . 2008-02-23 20:53 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-02-23 20:53 . 2005-11-18 16:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2008-02-23 20:53 . 2005-11-18 16:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys 2008-02-23 20:50 . 2008-02-23 20:50 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe 2008-02-23 20:43 . 2008-02-23 20:46 d-------- C:\Program Files\VirtualDJ 2008-02-23 13:24 . 2008-02-23 13:24 d-------- C:\Program Files\VideoLAN 2008-02-23 13:24 . 2008-03-18 13:41 d-------- C:\Program Files\Trend Micro 2008-02-23 13:24 . 2008-02-23 13:24 d-------- C:\Program Files\MSXML 4.0 2008-02-23 13:24 . 2008-02-23 13:24 d-------- C:\Documents and Settings\Dimitri\Application Data\TransRender 2008-02-23 13:06 . 2008-02-23 13:06 dr------- C:\Documents and Settings\Administrateur\Favoris 2008-02-22 20:15 . 2008-02-23 13:24 d-------- C:\Program Files\Xfire 2008-02-21 18:21 . 2008-02-23 13:26 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure(2) . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-21 09:23 --------- d-----w C:\Program Files\Wanadoo 2008-03-21 08:37 --------- d-----w C:\Program Files\Java 2008-03-20 11:36 --------- d-----w C:\Program Files\a-squared Free 2008-03-20 11:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-17 12:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-03-17 11:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-15 20:15 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-03-15 20:00 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\Apple Computer 2008-03-15 19:44 59,163,944 -c--a-w C:\Program Files\iTunesSetup.exe 2008-03-15 18:26 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-03-15 18:08 --------- d-----w C:\Program Files\DivX 2008-03-15 18:02 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-03-12 17:44 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\Temporary 2008-03-05 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-02-28 20:12 --------- d-----w C:\Program Files\Fichiers communs\Softwin 2008-02-28 20:11 81,984 -c--a-w C:\WINDOWS\system32\bdod.bin 2008-02-24 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-24 19:12 --------- d-----w C:\Program Files\Google 2008-02-23 19:53 --------- d-----w C:\Program Files\AntivirusFirewall 2008-02-23 18:05 --------- d-----w C:\Program Files\Blaero Start Orb 2008-02-23 12:25 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-02-23 12:25 --------- d-----w C:\Program Files\Windows Desktop Search 2008-02-23 12:25 --------- d-----w C:\Program Files\Update 2008-02-23 12:25 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-02-23 12:24 --------- d-----w C:\Program Files\MAIET 2008-02-23 12:24 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\Screenshot Sender 2008-02-23 12:24 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\OfficeUpdate12 2008-02-23 12:24 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\F-Secure 2008-02-23 12:24 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\DivX 2008-02-22 17:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-22 17:35 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-02-20 17:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-20 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2008-02-20 16:26 336,752 ----a-w C:\Program Files\BootVis-Tool.exe 2008-02-17 15:35 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\TuneUp Software 2008-02-17 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-02-14 18:58 1,719 ----a-w C:\Program Files\sg_backup_2008-02-14-1958.spg 2008-02-14 18:52 610,304 ----a-w C:\Program Files\TCPOptimizer.exe 2008-02-12 12:23 22,654,883 ----a-w C:\Program Files\VistaMizer_2.2.1.0.exe 2008-02-12 12:10 6,956,145 ----a-w C:\Program Files\vista-icons.rar 2008-02-12 11:31 14,771,744 ----a-w C:\Program Files\IE7-WindowsXP-x86-fra.exe 2008-02-11 16:43 3,178,874 ----a-w C:\Program Files\VISTA-Ultimate-0.2.0(www.MsnTrucAstuce.fr).zip 2008-01-22 19:35 --------- d-----w C:\Program Files\Bonjour 2008-01-14 12:05 2,402,832 -c--a-w C:\Program Files\WLinstaller.exe 2008-01-14 12:03 262,544 -c--a-w C:\Program Files\emoticones.exe 2008-01-09 11:18 524,288 -c--a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-09 11:18 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-09 11:18 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-09 11:18 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll 2008-01-09 11:16 823,296 -c--a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-09 11:16 823,296 -c--a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-09 11:16 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll 2008-01-09 11:16 802,816 -c--a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-09 11:16 682,496 -c--a-w C:\WINDOWS\system32\DivX.dll 2008-01-09 11:16 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll 2008-01-08 19:23 2,323,086 -c--a-w C:\Program Files\iPod2PC_Setup.exe 2007-12-09 11:45 6,532,272 -c--a-w C:\Program Files\Firefox Setup 3.0 Beta 1.exe 2007-12-06 16:45 12,413,440 -c--a-w C:\Program Files\avgas-setup-7.5.1.43.exe 2007-12-02 19:28 920,378 -c--a-w C:\Program Files\General-CleanTool.zip 2007-12-02 13:18 6,626,032 -c--a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe 2007-12-02 11:46 5,843,256 -c--a-w C:\Program Files\Firefox Setup 2.0.0.11.exe 2007-12-02 10:21 6,575,800 -c--a-w C:\Program Files\Sunbelt-Personal-Firewall.exe 2007-12-01 18:48 17,521,856 -c--a-w C:\Program Files\setupfre.exe 2007-12-01 18:28 16,309,944 -c--a-w C:\Program Files\setupeng.exe 2007-12-01 18:21 2,724,328 ----a-w C:\Program Files\ccsetup203.exe 2007-12-01 18:12 210,416 -c--a-w C:\Program Files\zaSetup_fr.exe 2007-12-01 18:10 1,144,839 -c--a-w C:\Program Files\stng260.exe 2007-11-29 18:37 1,579,360 -c--a-w C:\Program Files\taskmanager17.exe 2007-11-06 18:56 19,135,776 -c--a-w C:\Program Files\a2FreeSetup.exe 2007-11-03 21:11 17,769,608 -c--a-w C:\Program Files\setupfrepro.exe 2007-10-27 14:29 11,753,013 -c--a-w C:\Program Files\OODefrag_FRA.exe 2007-10-24 08:36 3,199,998 ----a-w C:\Program Files\trialsetup.exe 2007-09-28 09:07 22,103,392 -c--a-w C:\Program Files\bitdefender_free_v10.exe 2007-09-20 14:08 2,977,522 -c--a-w C:\Program Files\FA-124_FR.exe 2007-09-14 13:00 3,378,248 -c--a-w C:\Program Files\LimeWireWin.exe 2007-09-13 17:57 13,410,816 -c--a-w C:\Program Files\Google_Earth_BZXD.exe 2007-09-13 15:53 690,272 -c--a-w C:\Program Files\Dacty5SU.exe 2007-09-07 17:41 2,693,578 -c--a-w C:\Program Files\BitComet_0.67_setup.exe 2007-08-30 14:02 4,670,227 -c--a-w C:\Program Files\PC Booster_fr.exe 2007-08-03 09:49 9,483,616 -c--a-w C:\Program Files\winzip111.exe 2007-05-29 14:22 1,510,059 -c--a-w C:\Program Files\diskdefrag_install.exe 2007-05-23 19:46 830,223 -c--a-w C:\Program Files\msnreaper-1.3.exe 2007-05-22 13:51 1,104,734 -c--a-w C:\Program Files\dvdshrink_3.2.0.16_fr.zip 2007-05-22 13:47 6,705,152 -c--a-w C:\Program Files\winzip111fr.msi 2007-03-09 10:47 5,205,504 -c--a-w C:\Program Files\WindowsDefender.msi 2007-02-26 23:14 408 -c--a-w C:\Documents and Settings\Dimitri\Application Data\wklnhst.dat 2007-02-20 15:43 17,929,072 -c--a-w C:\Program Files\Install_Messenger.exe 2007-02-15 10:36 57,273,968 -c--a-w C:\Program Files\20070112093709031_Samsung_PC_Studio.exe 2007-01-20 19:28 4,688,168 ----a-w C:\Program Files\WindowsDesktopSearch-KB917013-XP-x86-fra.exe 2007-01-12 11:40 346,666,032 -c--a-w C:\Program Files\X12-30105.exe 2007-01-11 14:07 58,032,562 -c--a-w C:\Program Files\Samsung_PC_Studio_311_FKB.exe 2007-01-04 21:32 22,845,992 -c--a-w C:\Program Files\AdbeRdr80_fr_FR.exe 2007-01-04 21:25 867,424 -c--a-w C:\Program Files\GoogleToolbarInstaller_ADBx_fr_401019_signed.exe 2007-01-04 21:00 62,482,427 -c--a-w C:\Program Files\install_avfw412_or.exe 2007-01-04 20:45 7,020,185 -c--a-w C:\Program Files\Gestionnaire_internetLB.exe 2007-01-03 12:25 16,179,264 -c--a-w C:\Program Files\DivXPlay.exe . ((((((((((((((((((((((((((((( snapshot@2008-03-20_14.44.53.35 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-15 20:01:00 102,400 ----a-r C:\WINDOWS\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\iTunesIco.exe + 2008-03-20 14:40:42 102,400 ----a-r C:\WINDOWS\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\iTunesIco.exe - 2007-09-24 21:30:28 135,168 -c--a-w C:\WINDOWS\system32\java.exe + 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2007-09-24 21:30:30 135,168 -c--a-w C:\WINDOWS\system32\javaw.exe + 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2007-09-24 22:31:42 139,264 -c--a-w C:\WINDOWS\system32\javaws.exe + 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "Advanced Uninstaller PRO Installation Monitor"="C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe" [2007-10-31 12:13 1239952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-08 11:05 729178] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328] "F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 02:51 122929] "F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 15:51 700416] "F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 09:29 372736] "News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 13:45 356352] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a--c--- 2007-03-01 14:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] --a--c--- 2004-08-23 14:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --a--c--- 2004-08-23 14:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\LimeWire\LimeWire.exe"= "C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"= "C:\Program Files\iTunes\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16087:TCP"= 16087:TCP:BitComet 16087 TCP "16087:UDP"= 16087:UDP:BitComet 16087 UDP R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-03-20 13:21] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 13:00] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-09-21 11:24] S2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-02-23 20:51] S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 21:50] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-15 19:26] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-02-17 15:35:45 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe "2008-03-15 14:41:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-21 08:10:41 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-21 10:26:42 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-21 10:27:32 ComboFix-quarantined-files.txt 2008-03-21 09:27:15 ComboFix2.txt 2008-03-20 13:45:17 . 2008-03-16 15:07:32 --- E O F ---

cynthia92 · Answer

Que fare maintenant stp???

jlpjlp · Answer

colle le rapport d'un scan en ligne 
avec un des suivants: (désactiver ton antivirus si besoin)


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

cynthia92 · Answer

BitDefender Online Scanner - Rapport d'analyse

BitDefender Online Scanner

Rapport d'analyse généré à: Fri, Mar 21, 2008 - 14:07:23

Voie d'analyse: C:\;D:\;

Statistiques
Temps	00:20:27
Fichiers	62711
Directoires	6383
Secteurs de boot	2
Archives	1216
Paquets programmes	5110

Résultats
Virus identifiés	6
Fichiers infectés	7
Fichiers suspects	0
Avertissements	0
Désinfectés	0
Fichiers effacés	7

Info sur les moteurs
Définition virus	1021171
Version des moteurs	AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins	16
Archive des plugins	41
Unpack des plugins	7
E-mail plugins	6
Système plugins	5

Paramètres d'analyse
Première action	Désinfecté
Seconde Action	Supprimé
Heuristique	Oui
Acceptez les avertissements	Oui
Extensions analysées	exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails	Oui
Analyse des Archives	Oui
Analyser paquets programmes	Oui
Analyse des fichiers	Oui
Analyse de boot	Oui

Fichier analysé	Statut
C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146707.dll	Infecté par: Trojan.Vundo.GH
C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146707.dll	Supprimé
C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146708.dll	Infecté par: Trojan.Vundo.EDU
C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146708.dll	Supprimé
C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146709.dll	Infecté par: Trojan.Vundo.EDV
C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146709.dll	Supprimé
C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146710.dll	Infecté par: Trojan.Vundo.EEB
C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146710.dll	Supprimé
C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146711.dll	Infecté par: Trojan.Vundo.EDT
C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146711.dll	Supprimé
C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146713.dll	Infecté par: Trojan.Vundo.GH
C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146713.dll	Supprimé
C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146714.dll	Infecté par: Trojan.Vundo.EDM
C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146714.dll	Supprimé

cynthia92 · Answer

Voilà !!!

jlpjlp · Answer

il me faut le rapport qui donne le nom des virus et les fichiers inféctés

(il y avait des infections?

cynthia92 · Answer

c'est ce que j'ai exporté comme rapport...
En fait il a supprimé un trojan!

jlpjlp · Answer

non malheureusement, regarde dans ce post ce que cela donne:

http://www.commentcamarche.net/forum/affich 5440379 infecte par trojan vundo gen 2?page=2#22

cynthia92 · Answer

Que faire???

jlpjlp · Answer

refais un rapport pour voir si encore des infections et colle le rapport avec le nom des ficheirs infectés

cynthia92 · Answer

rapport bit defender?

cynthia92 · Answer

Je ne sais pas pourquoi  chaque fois que je fais une analyse sur BitDefender le rapport est toujours sous la même forme que le 1er!?
Pour cette analyse là rien de particulier à signaler! 0infections

cynthia92 · Answer

Que faire maintenant???

jlpjlp · Answer

ok parfait

installe spywareblaster pour immuniser ton ordi en partie contre les infections que tu avais

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html


il suffit de le mttre a jour tous les mois manuellement car la version gratuite ne le fait pas , et tu fais enable all protection pour immuniser ton systeme apres chaque mise a jour

_______________

tu peux virer navilog, combofix de ton ordi

_______________

encore des problèmes?

cynthia92 · Answer

Ok merci, si j'ai bien tout compris mon PC est Ok???

cynthia92 · Answer

?????

jlpjlp · Answer

oui ca devrait etre bon

recolle un hijakchits pour finir

cynthia92 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:48, on 21/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~2\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [WOOTASKBARICON] "C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - 
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - 
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

jlpjlp · Answer

ok c'est bon
____________


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"


_________________


installe spywareblaster pour immuniser ton ordi en partie contre les infections vundo que tu avais

il suffit de mettre a jour le logiciel manuellement tous les mois puis d'immuniser ton systeme en cliquant sur "enable all protection"


https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html



bonne continuation

cynthia92 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:19, on 21/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~2\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [WOOTASKBARICON] "C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - 
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - 
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

jlpjlp · Answer

ok c'est bon!

cynthia92 · Answer

Très GRAND MERCI a TOI et a G!RLY!!!!!!!!!!!!!!!!!
Kiss...!!!!!!

g!rly · Answer

Merci de rien ;-)
Bonne fetes de pâcques ;-)

cynthia92 · Answer

Bonne Fête de Paques!!!!  XD

g!rly · Answer

Pas trop de chocolat ! meme si c´est bon LOL

jlpjlp · Answer

oui bonnes faites à vous

g!rly · Answer

;-)

G!rly

58 réponses

Votre réponse

Discussions similaires

Newsletters