Mon ordi rame

Résolu/Fermé

fabou - 21 avril 2008 à 13:38
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 - 22 avril 2008 à 00:17

Bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:44, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\fabrice chambe\local settings\application data\rskdqxpkd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\FSPC\fspc.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6C65156C-BD92-41F7-BA26-0CA21B846D2A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {A16D89EA-B695-4DDA-B31D-7FA01A57F1BD} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [rskdqxpkd] c:\documents and settings\fabrice chambe\local settings\application data\rskdqxpkd.exe rskdqxpkd
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?5cf13ed795014580ab231e254a34243
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?5cf13ed795014580ab231e254a34243
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1207930240156
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/gameshell/online/fr/luxor_amun_rising/mjolauncher.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://fabou69france.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Media Bar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/fabrice%20chambe/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7ED6E60F-342B-4B34-9D16-DDF718816B9E}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{891E530A-47E7-4D77-9829-9853C22903AD}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC657D75-98AD-402D-B30C-FAF3C3FBF32C}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

A voir également:

Mon ordi rame
Mon ordi rame que faire - Guide
Comment reinitialiser un ordi - Guide
Mon mac rame comment le nettoyer - Guide
Ordi scrabble - Télécharger - Jeux vidéo
Ordi ecran noir - Guide

34 réponses

Réponse 21 / 34

fabou
21 avril 2008 à 21:58

ile/Folder C:\Documents and Settings\chambe\application Data\DownladManager not found.
C:\Program Files\DownloadManager moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04212008_215324
rapport hijackhis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:11, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\fabrice chambe\local settings\application data\rskdqxpkd.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\FSPC\fspc.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsus.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [rskdqxpkd] c:\documents and settings\fabrice chambe\local settings\application data\rskdqxpkd.exe rskdqxpkd
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?5cf13ed795014580ab231e254a34243
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?5cf13ed795014580ab231e254a34243
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

Réponse 22 / 34

cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
21 avril 2008 à 22:05

supprime ces lignes :

C:\documents and settings\fabrice chambe\local settings\application data\rskdqxpkd.exe

O4 - HKCU\..\Run: [rskdqxpkd] c:\documents and settings\fabrice chambe\local settings\application data\rskdqxpkd.exe rskdqxpkd

pour les supprimer tu les coches ensuite tu clic sur fix checked

apres :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Réponse 23 / 34

fabou
21 avril 2008 à 22:45

ComboFix 08-04-20.5 - fabrice chambe 2008-04-21 22:33:34.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.199 [GMT 2:00]
Endroit: C:\Documents and Settings\fabrice chambe\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\chambe\Application Data\HbTools
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\1383356.sdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\1394940.sdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\1396993.sdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\1397883.sdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\1398044.sdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\1412159.sdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\1415067.sdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\2373025.sdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\2884480.sdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\2893940.sdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\2896152.sdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\3756119.sdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\393040.sdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000003674
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024476
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025311
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025781
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026075
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026367
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026693
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026952
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027306
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028063
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028911
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\10110
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1058
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1424
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14633
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\182864
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\223385
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32418
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\3338
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34174
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\371239
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4442
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44730
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\478995
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\494328
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49587
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51166
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52253
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53667
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\598804
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\611476
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61207
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\624438
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\641647
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64429
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\66274
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\67226
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\673474
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\68040
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\680938
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\69201
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\69626
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\703600
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\704963
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\704974
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\704975
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705022
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705124
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705129
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705133
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705156
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705431
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705438
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\70650
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\706805
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\706853
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\707408
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\708974
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\709606
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\70981
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\710723
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\710726
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\711372
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\711393
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\711772
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\7142
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\742066
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\75436
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79977
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79986
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79989
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\80670
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\8282
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\86379
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\93910
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\99961
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\33c2.dat
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\ads.cdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\btntrans.idx
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\btntrans1.dat
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\business_promo.htm
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\buttondir.txt
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\components.cdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\country.exe
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_other.res
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_weather.res
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\default.cdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_511745-514279.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz1.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz10.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz11.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz12.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz13.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz14.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz15.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz16.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz17.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz18.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz19.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz2.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz20.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz3.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz4.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz5.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz6.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz7.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz8.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz9.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_categorize.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_comparison.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-people.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_favorites.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_Games.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hide.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hotmail.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_hsskin.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemster.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemsterie.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_jobsearch.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_Mails.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_new.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_premium.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_reun.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_ringtones.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchfor.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchgo.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_weather.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Default_yellowpages.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\email-t1-bg.res
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-premium.cdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\hotbar_promo.htm
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\icons2.res
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\keywords.idx
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\keywords1.dat
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\layout.cdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\linkpathlegal.txt
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\progress.res
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\s_icons_buttons.res
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\sales_buttons.res
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\t2_bg.res
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\theweb.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\top7.cdf
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\Top7_theweb.mnu
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\2\tsd_bg.res
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\country.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
C:\Documents and Settings\chambe\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\chambe\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\chambe\Local Settings\Temporary Internet Files\hpothb07.dat
C:\Documents and Settings\chambe\Local Settings\Temporary Internet Files\hpothb07.tif
C:\Documents and Settings\fabrice chambe\err.log
C:\Documents and Settings\fabrice chambe\Local Settings\Application Data\rskdqxpkd.dat
C:\Documents and Settings\fabrice chambe\Local Settings\Application Data\rskdqxpkd.exe
C:\Documents and Settings\fabrice chambe\Local Settings\Application Data\rskdqxpkd_nav.dat
C:\Documents and Settings\fabrice chambe\Local Settings\Application Data\rskdqxpkd_navps.dat
C:\WINDOWS\dat.txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_VSPF
-------\Legacy_VSPF_HK

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))))))))
.

2008-04-21 21:53 . 2008-04-21 21:53 <REP> d-------- C:\_OTMoveIt
2008-04-21 20:51 . 2008-04-21 20:52 <REP> d-------- C:\Program Files\Lopxp
2008-04-21 19:57 . 2008-04-21 19:59 <REP> d-------- C:\Program Files\7-Zip
2008-04-21 18:35 . 2008-04-21 18:38 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-21 18:14 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-21 14:33 . 2008-04-21 14:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 14:33 . 2008-04-21 14:33 <REP> d-------- C:\Documents and Settings\fabrice chambe\Application Data\Malwarebytes
2008-04-21 14:33 . 2008-04-21 14:33 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-04-21 14:18 . 2008-04-21 14:18 <REP> d-------- C:\Program Files\Sun
2008-04-19 14:10 . 2008-04-19 14:10 268 --ah----- C:\sqmdata14.sqm
2008-04-19 14:10 . 2008-04-19 14:10 244 --ah----- C:\sqmnoopt14.sqm
2008-04-19 12:46 . 2008-04-19 12:46 244 --ah----- C:\sqmnoopt13.sqm
2008-04-19 12:46 . 2008-04-19 12:46 0 --ah----- C:\sqmdata13.sqm
2008-04-18 15:20 . 2008-04-18 15:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\fssg
2008-04-16 13:58 . 2008-04-18 15:13 <REP> d-------- C:\Program Files\Neuf
2008-04-04 13:46 . 2008-04-04 13:46 268 --ah----- C:\sqmdata12.sqm
2008-04-04 13:46 . 2008-04-04 13:46 244 --ah----- C:\sqmnoopt12.sqm
2008-04-04 13:13 . 2008-04-04 13:13 268 --ah----- C:\sqmdata11.sqm
2008-04-04 13:13 . 2008-04-04 13:13 244 --ah----- C:\sqmnoopt11.sqm
2008-03-23 19:06 . 2008-03-23 19:06 386 --a------ C:\WINDOWS\3DBELOTE2.INI
2008-03-23 18:45 . 2008-03-23 18:46 <REP> d-------- C:\Program Files\3DBELOTE

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 12:17 --------- d-----w C:\Program Files\Java
2008-04-18 13:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
2008-04-16 12:41 --------- d-----w C:\Program Files\Wanadoo
2008-04-11 14:23 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-03-21 14:36 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-03-20 19:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NannyMania
2008-03-20 19:29 --------- d-----w C:\Program Files\BELOTE2000
2008-03-05 16:23 --------- d-----w C:\Program Files\MSN Messenger
2008-03-05 16:22 --------- d-----w C:\Program Files\Windows Live
2008-03-05 16:20 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-05 16:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-03-04 17:43 --------- d-----w C:\Program Files\eMule
2008-02-19 17:49 1,847,837 ----a-w C:\Program Files\WinRAR.zip
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2000-11-07 07:22 65,536 ----a-w C:\Program Files\readadm.doc
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 20:00 299008]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-11-26 14:42 1349120]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PD0620 STISvc"="P0620Pin.dll" []
"F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.exe" [2007-04-26 19:12 183208]
"F-Secure TNB"="C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208]
"News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"RegistryMechanic"="" []

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-04-26 19:09]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Securitoo\av_fw\HIPS\fshs.sys [2007-04-26 19:11]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]
S3 huadio;huadio;c:\huadio.tmp [2006-04-15 13:32]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-08-16 12:31:56 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-21 11:13:26 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exeW /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\report.txt $C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1.SYSTEM'Tƒche ajout‚e par F-Secure Anti-Virus.
"2008-04-21 15:32:14 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B0168734-30DB-474C-A268-17DEE6822767}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 22:38:32
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 156

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\huadio]
"ImagePath"="\??\c:\huadio.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\FSPC\fspc.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Securitoo\av_fw\FWES\program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsus.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\licmgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-21 22:42:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-21 20:41:57

Pre-Run: 85,665,607,680 octets libres
Post-Run: 88,583,614,464 octets libres

370 --- E O F --- 2008-04-21 16:38:27

Réponse 24 / 34

cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
21 avril 2008 à 22:48

combofix a fait du bon boulot

poste moi un rapport hijackthis stp

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 34

fabou
21 avril 2008 à 22:50

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:36, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\FSPC\fspc.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?5cf13ed795014580ab231e254a34243
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?5cf13ed795014580ab231e254a34243
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

Réponse 26 / 34

cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
21 avril 2008 à 22:56

ok ton rapport est propre

y a plus d infections dans ton pc

suis cette procédure ensuite on va optimiser un peut ton pc

Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé.
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas.
De plus ils sont mis régulièrement à jours.

? Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

? Double clique sur ToolsCleaner2.exe >
? Clique sur .Recherche
? puis sur Suppression quand la liste est trouvée.
? Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : https://www.commentcamarche.net/list 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )

Réponse 27 / 34

fabou
21 avril 2008 à 23:01

-->- Recherche:

C:\FixWareOut: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\chambe\Mes documents\chambe.fabrice\FixWareout.exe: trouvé !
C:\Documents and Settings\chambe\Mes documents\chambe.fabrice\Navilog1.exe: trouvé !
C:\Documents and Settings\fabrice chambe\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\fabrice chambe\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\fabrice chambe\Mes documents\Clean.zip: trouvé !
C:\Documents and Settings\fabrice chambe\Mes documents\BtFix.zip: trouvé !
C:\Documents and Settings\fabrice chambe\Mes documents\Btfix: trouvé !
C:\Documents and Settings\fabrice chambe\Mes documents\BTFix\Btfix: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\chambe\Mes documents\chambe.fabrice\FixWareout.exe: supprimé !
C:\Documents and Settings\chambe\Mes documents\chambe.fabrice\Navilog1.exe: supprimé !
C:\Documents and Settings\fabrice chambe\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\fabrice chambe\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\fabrice chambe\Mes documents\Clean.zip: supprimé !
C:\Documents and Settings\fabrice chambe\Mes documents\BtFix.zip: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\FixWareOut: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\fabrice chambe\Mes documents\Btfix: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Réponse 28 / 34

cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
21 avril 2008 à 23:05

ok parfait

si tu as un icone toolcleaner sur le bureau supprime le

comment va le pc maintenant ??

Réponse 29 / 34

fabou
21 avril 2008 à 23:08

ca va mieu merci

Réponse 30 / 34

cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
21 avril 2008 à 23:12

OK on va faire deux derniere chose

va dans poste de travail
fais un clic droit sur le disque C
chosi propriete
va sur outil
chosi defragmenter maintenant

ensuite

ouvre le commande executer (touche windows+R)
tape msconfig
va sur demarrage
fais moi la liste des programmes qui s y trouvent
je te dirais quoi faire

Réponse 31 / 34

fabou
21 avril 2008 à 23:53

NeroCheck
InCD
hpgs2wnd
RunDll 32 cmicnfg
jusched
RunDll32
FSM32
TNBUtil
ispnews
qttask
avgas
Shell
msnmsgr
CamTray
ctfmon
Adobe Reader Spe
Microsoft Office
Windows Desktop
Outil de detection

Réponse 32 / 34

cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
21 avril 2008 à 23:55

a la fin de la defrag

decoche ça

NeroCheck
InCD
jusched
CamTray
Adobe Reader Spe
Microsoft Office

clic sur appliquer et redémarre le pc

au redémarrage tu aura un message te disant que démarrage a été modifié
c est normal il disparaitra au demarrage suivant

Si tu es satisfait de mon intervention

et que tu n as plus de probleme

change le statut du sujet en résolu stp

pour cela va en haut sur ta premiere question et la tu as le choix

Réponse 33 / 34

fabou
22 avril 2008 à 00:11

ok merci pour tous

Réponse 34 / 34

cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
22 avril 2008 à 00:17

de rien bon surf

Discussions similaires

Mon pc s'allume et s'éteint en boucle

Discussions similaires

Newsletters