Sujet Précédent Sujet Suivant

Ouverture de pages trop lente

Résolu
liberte7613 Messages postés 21 Date d'inscription   Statut Membre Dernière intervention   -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,
Pourriez vous analyser ,mon rapport de hijack this,mes pages sont tres lente a s'ouvrir
Et mon pc ce deconnecte régulierement
Je vous remercie de votre réponse par avance.......
Cordialement................Liberte

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:50, on 10/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\program files\a-squared free\a2service.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Documents and Settings\liberte\Mes documents\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
A voir également:

45 réponses

Précédent
Réponse 21 / 45
liberte7613 Messages postés 21 Date d'inscription   Statut Membre Dernière intervention  
 
Geoffreyre
Voilà re mon analyse hitjack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:44, on 2008-09-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\a-squared free\a2service.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack SecuArite\Anti-Virus\fsqh.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\liberte\Mes documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 22 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

le rapport de combofix se trouve là : C:\Combofix.txt

est ce que tu as encore des problemes ??
0
Réponse 23 / 45
liberte7613 Messages postés 21 Date d'inscription   Statut Membre Dernière intervention  
 
Bjr Geoffrey,
Celà est tjrs pareil
Voilà le rapport de combofix:

ComboFix 08-09-05.14 - liberte 2008-09-10 22:17:27.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.146 [GMT 2:00]
Endroit: D:\Documents and Settings\liberte\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\NTDETECT.PIF
C:\WA6P
D:\Documents and Settings\elodie.LIBERTE\Cookies\elodie@edt02[1].txt
D:\Documents and Settings\elodie.LIBERTE\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
D:\Documents and Settings\elodie\Application Data\MessengerSkinner
D:\Documents and Settings\elodie\Application Data\MessengerSkinner\Userdata\languages.xml
D:\Documents and Settings\elodie\err.log
D:\Documents and Settings\elodie\Menu Démarrer\Programmes\MessengerSkinner
D:\Documents and Settings\liberte.LIBERTE.000\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
D:\Documents and Settings\liberte.LIBERTE.001\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
D:\Documents and Settings\liberte.LIBERTE\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
D:\Documents and Settings\liberte\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
D:\Documents and Settings\princess_moi\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
D:\Documents and Settings\Invité\err.log . . . . Echec de suppression
D:\Documents and Settings\Invité\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML . . . . Echec de suppression

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-10 to 2008-09-10 ))))))))))))))))))))))))))))))))))))
.

2008-09-10 21:28 . 2008-09-10 21:28 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-10 21:27 . 2008-09-10 21:27 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-10 21:25 . 2008-09-10 21:51 <REP> d-------- C:\Program Files\Navilog1
2008-09-10 20:48 . 2008-09-10 20:48 <REP> d-------- D:\Documents and Settings\All Users\Application Data\NOS
2008-09-10 20:47 . 2008-09-10 20:47 <REP> d-------- C:\Program Files\NOS
2008-09-10 14:30 . 2008-09-10 14:30 <REP> d-------- D:\Documents and Settings\liberte\Application Data\Malwarebytes
2008-09-10 14:30 . 2008-09-10 14:30 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 14:30 . 2008-09-10 14:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 14:30 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 14:30 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-10 00:24 . 2008-09-10 00:24 <REP> d-------- D:\Documents and Settings\LocalService.AUTORITE NT.003\Bureau
2008-09-09 17:57 . 2008-09-09 19:49 <REP> d-------- C:\WINDOWS\system32\CatRoot
2008-09-08 23:17 . 2008-09-09 00:48 <REP> d-------- C:\Program Files\YouTube Video Downloader
2008-09-08 19:23 . 2008-09-08 19:23 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-09-08 18:11 . 2008-09-08 18:11 <REP> d--hs---- D:\Documents and Settings\NetworkService.AUTORITE NT.003
2008-09-08 18:11 . 2008-09-10 00:24 <REP> d--hs---- D:\Documents and Settings\LocalService.AUTORITE NT.003
2008-09-08 08:53 . 2008-09-08 08:53 <REP> d-------- D:\Documents and Settings\liberte\Application Data\PC Tools
2008-09-08 08:53 . 2008-09-08 15:03 <REP> d-------- C:\Program Files\Spyware Doctor
2008-09-08 08:53 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-08 08:53 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-08 08:53 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-08 08:53 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-08 04:50 . 2008-09-08 04:50 <REP> d-------- C:\Program Files\MSXML 4.0
2008-09-04 10:30 . 2008-09-04 10:30 <REP> d-------- C:\WINDOWS\system32\FxsTmp
2008-09-04 10:30 . 2008-09-04 10:30 <REP> d-------- C:\WINDOWS\addins
2008-09-04 10:24 . 2008-09-04 10:24 <REP> d-------- D:\Documents and Settings\liberte.LIBERTE.001\Application Data\skypePM
2008-09-04 10:22 . 2008-09-04 10:30 <REP> d-------- D:\Documents and Settings\liberte.LIBERTE.001\Application Data\Skype
2008-09-04 10:20 . 2008-09-04 10:30 <REP> d-------- D:\Documents and Settings\liberte.LIBERTE.001\ModŠles
2008-09-04 10:20 . 2008-09-04 10:30 <REP> d-------- D:\Documents and Settings\liberte.LIBERTE.001\Mes documents
2008-09-04 10:20 . 2008-09-04 10:30 <REP> d-------- D:\Documents and Settings\liberte.LIBERTE.001\Favoris
2008-09-04 10:20 . 2008-09-06 18:08 <REP> d---s---- D:\Documents and Settings\liberte.LIBERTE.001
2008-09-04 10:16 . 2008-09-04 10:30 <REP> d---s---- D:\Documents and Settings\LocalService.AUTORITE NT.002
2008-09-04 10:15 . 2008-09-04 10:30 <REP> d---s---- D:\Documents and Settings\NetworkService.AUTORITE NT.002
2008-09-04 10:01 . 2004-08-05 14:00 141,312 --a------ C:\WINDOWS\system32\fxsclntR.dll
2008-09-04 10:01 . 2004-08-05 14:00 113,664 --a------ C:\WINDOWS\system32\fxscfgwz.dll
2008-09-04 10:01 . 2004-08-05 14:00 31,744 --a------ C:\WINDOWS\system32\fxsroute.dll
2008-09-04 10:01 . 2004-08-05 14:00 11,776 --a------ C:\WINDOWS\system32\fxssend.exe
2008-09-04 10:01 . 2004-08-05 14:00 3,712 --a------ C:\WINDOWS\system32\fxsperf.ini
2008-09-04 10:01 . 2004-08-05 14:00 1,361 --a------ C:\WINDOWS\system32\fxscount.h
2008-09-04 10:01 . 2008-09-04 10:01 620 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-09-03 22:00 . 2002-11-29 14:18 4,608 -ra------ C:\WINDOWS\system32\w95inf32.dll
2008-09-03 22:00 . 2002-11-29 14:18 2,272 -ra------ C:\WINDOWS\system32\w95inf16.dll
2008-09-03 21:17 . 2008-09-03 21:18 3,431 --a------ C:\WINDOWS\mozver.dat
2008-09-03 20:45 . 2008-09-10 22:28 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-09-01 20:09 . 2008-09-01 20:09 <REP> d-------- C:\Program Files\Imikimi
2008-08-31 11:51 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-31 11:50 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-31 11:49 . 2008-09-01 12:01 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-08-31 11:49 . 2008-04-11 21:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-31 11:37 . 2008-08-31 11:37 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-31 11:37 . 2008-08-31 11:37 <REP> d-------- C:\WINDOWS\system32\bits
2008-08-31 11:37 . 2008-08-31 11:37 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-31 11:31 . 2008-08-31 11:38 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-31 11:24 . 2008-08-31 11:24 <REP> d-------- C:\WINDOWS\EHome
2008-08-31 07:55 . 2008-08-31 07:55 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-29 15:14 . 2008-08-31 13:11 <REP> d-------- D:\Documents and Settings\LocalService\Bureau
2008-08-29 10:08 . 2008-08-29 10:08 <REP> d--h----- C:\WINDOWS\PIF
2008-08-28 11:34 . 2004-08-03 22:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-08-28 11:34 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-08-28 11:34 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-08-28 11:34 . 2004-08-03 22:29 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2008-08-28 11:34 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-08-28 11:34 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-08-28 11:34 . 2004-08-03 22:41 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2008-08-28 11:34 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-08-28 11:34 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-08-28 11:30 . 2004-08-03 22:29 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2008-08-28 11:30 . 2004-08-03 22:29 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2008-08-28 11:30 . 2004-08-03 22:29 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2008-08-28 11:30 . 2004-08-03 22:29 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2008-08-25 19:41 . 2008-08-25 19:42 <REP> d-------- D:\Documents and Settings\All Users\Application Data\SweetIM
2008-08-25 19:41 . 2008-08-25 19:42 <REP> d-------- C:\Program Files\SweetIM
2008-08-25 04:12 . 2008-09-10 12:30 <REP> d-------- C:\Program Files\WordBiz
2008-08-23 15:18 . 2008-08-23 15:23 <REP> d-------- D:\Documents and Settings\liberte.LIBERTE.000\Application Data\Skype
2008-08-23 15:02 . 2008-08-23 15:23 <REP> d-------- D:\Documents and Settings\liberte.LIBERTE.000\ModŠles
2008-08-23 15:02 . 2008-08-23 15:23 <REP> d-------- D:\Documents and Settings\liberte.LIBERTE.000\Favoris
2008-08-23 15:02 . 2008-09-06 18:08 <REP> d---s---- D:\Documents and Settings\liberte.LIBERTE.000
2008-08-23 15:01 . 2008-08-23 15:23 <REP> d---s---- D:\Documents and Settings\NetworkService.AUTORITE NT.001
2008-08-23 15:01 . 2008-08-23 15:23 <REP> d---s---- D:\Documents and Settings\LocalService.AUTORITE NT.001
2008-08-14 07:54 . 2008-05-01 16:36 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-11 22:04 . 2008-08-11 22:04 <REP> d-------- D:\Documents and Settings\liberte\Application Data\Gaijin Ent
2008-08-10 19:34 . 2008-08-10 19:34 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Arovax
2008-08-10 19:34 . 2008-09-10 13:17 <REP> d-------- C:\Program Files\Arovax AntiSpyware

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-10 18:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-10 17:44 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-09 23:57 --------- d-----w D:\Documents and Settings\liberte\Application Data\Skype
2008-09-09 19:47 --------- d-----w D:\Documents and Settings\liberte\Application Data\skypePM
2008-09-09 06:50 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-09-08 08:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-06 05:50 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-04 07:44 --------- d-----w C:\Program Files\Google
2008-08-31 11:14 --------- d-----w C:\Program Files\MSN Messenger
2008-08-30 13:01 304,182 ----a-w C:\StiImg.dat
2008-08-25 15:39 --------- d-----w D:\Documents and Settings\liberte\Application Data\Screenshot Sender
2008-08-23 13:23 --------- d-----w C:\Program Files\WebEye
2008-08-13 15:01 --------- d-----w C:\Program Files\Pack Securite
2008-08-13 14:46 --------- d-----w D:\Documents and Settings\All Users\Application Data\fssg
2008-08-08 02:16 --------- d-----w D:\Documents and Settings\liberte\Application Data\Viewpoint
2008-08-07 20:05 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-08-07 11:50 --------- d-----w D:\Documents and Settings\All Users\Application Data\F-Secure
2008-08-05 05:43 --------- d-----w C:\Program Files\Maxis
2008-08-04 21:45 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype
2008-08-04 21:45 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-08-01 06:30 --------- d-----w C:\Program Files\Picasa2
2008-08-01 06:21 --------- d-----w C:\Program Files\Java
2008-08-01 06:07 --------- d-----w C:\Program Files\Neuf
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:44 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:47 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2006-12-01 18:06 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

------- Sigcheck -------

2004-08-05 14:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\system32\svchost.exe

2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\system32\user32.dll

2004-08-05 14:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\system32\ws2_32.dll

2006-11-07 22:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 10:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-02-27 15:26 822784 75de73e328e300caed5965faea2f5d3f C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 09:40 822784 2c138ab59e2ffa06e8952ae656e443c5 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 06:16 826368 02d6aabd5f5a32c61478b5cdfe50e4a8 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-04-14 04:33 670208 4a6e04ea20f48d750d9bfed8600d516b C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\system32\wininet.dll
2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\system32\dllcache\wininet.dll

2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-05 14:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\system32\winlogon.exe

2004-08-05 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\system32\drivers\ndis.sys

2004-08-05 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\system32\drivers\ip6fw.sys

2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-14 04:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 04:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f C:\WINDOWS\system32\ntkrnlpa.exe

2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-14 04:08 2191104 099d639da1ef6968d4e41795bb507e6b C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 04:08 2191104 099d639da1ef6968d4e41795bb507e6b C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\explorer.exe
2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2004-08-05 14:00 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\system32\services.exe

2004-08-05 14:00 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\system32\lsass.exe

2004-08-05 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\system32\ctfmon.exe

2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\system32\spoolsv.exe

2004-08-05 14:00 25088 d6d65ea32b190401b57edb6706f29669 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 147456]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.EXE" [2007-04-26 183208]
"F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 740208]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-03 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arovax AntiSpyware]
--a------ 2007-09-21 14:56 1966080 C:\Program Files\Arovax AntiSpyware\ArovaxAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp]
--a------ 2005-10-20 06:15 102400 C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-15 09:30 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-08-11 17:46 21741864 C:\APPS\skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-20 09:44 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-01-19 13:49 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\WebEye\\WebEye.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\lxczcoms.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\APPS\\skype\\Phone\\Skype.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-04-26 58128]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Pack Securite\HIPS\fshs.sys [2007-04-26 48176]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2007-04-26 59760]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2007-04-26 25456]
S4 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-01-29 537520]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ATIPTA - C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Spyware-Secure - C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
MSConfigStartUp-Vaderetro Outlook - C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\liberte\Application Data\Mozilla\Firefox\Profiles\jzcybgd8.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.fr/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-10 22:32:34
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsgk32.exe
C:\APPS\Softex\OmniPass\OmniServ.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FWES\program\fsdfwd.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-10 22:37:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-10 20:36:59

Pre-Run: 19,141,332,992 octets libres
Post-Run: 19,127,226,368 octets libres

358 --- E O F --- 2008-09-10 07:08:48
0
Réponse 24 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Copie le texte ci-dessous :

File::
c:\program files\spyware-secure\spyware-secure_trial.exe

Folder::

Registry::

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

ensuite refais un nouveau rapport hijackthis stp
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 45
liberte7613 Messages postés 21 Date d'inscription   Statut Membre Dernière intervention  
 
Geoffrey,

J'ai fait comme tu me dis mais il ne ce passe rien,la fenetre bleue ne s'ouvre pas!!!........sniff!!!
0
Réponse 26 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
C est que le fichier CFScript a été mal crée
0
Réponse 27 / 45
liberte7613 Messages postés 21 Date d'inscription   Statut Membre Dernière intervention  
 
ah ok!! et Comment dois je le créer...?????..help.!!!
0
Réponse 28 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
tout est expliqué au message 24..

tu fais un copier/coller de ce qui est en gras dans le bloc note...tu l enregistres sur le bureau en le nommant CFScript.txt et ensuite tu le fais glisser sur l icone de combofix comme expliqué en cliquant sur le lien
0
Réponse 29 / 45
liberte7613 Messages postés 21 Date d'inscription   Statut Membre Dernière intervention  
 
Geoffrey voilà lerapport /de combofix

ComboFix 08-09-10.04 - liberte 2008-09-11 17:47:52.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.79 [GMT 2:00]
Endroit: D:\Documents and Settings\liberte\Mes documents\ComboFix.exe
Command switches used :: D:\Documents and Settings\liberte\Bureau\CFScript.txt.txt
* Création d'un nouveau point de restauration
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\Invité\err.log . . . . Echec de suppression
D:\Documents and Settings\Invité\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML . . . . Echec de suppression

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
.

2008-09-11 17:56 . 2008-09-11 17:56 <REP> d-------- C:\WINDOWS\system32\CatRoot
2008-09-11 04:25 . 2008-09-11 04:25 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-09-11 04:25 . 2008-09-11 04:25 <REP> d-------- C:\Program Files\Avira
2008-09-10 22:37 . 2008-09-10 22:37 <REP> d-------- D:\Documents and Settings\Invité
2008-09-10 21:28 . 2008-09-10 21:28 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-10 21:27 . 2008-09-10 21:27 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-10 21:25 . 2008-09-10 21:51 <REP> d-------- C:\Program Files\Navilog1
2008-09-10 20:48 . 2008-09-10 20:48 <REP> d-------- D:\Documents and Settings\All Users\Application Data\NOS
2008-09-10 20:47 . 2008-09-10 20:47 <REP> d-------- C:\Program Files\NOS
2008-09-10 14:30 . 2008-09-10 14:30 <REP> d-------- D:\Documents and Settings\liberte\Application Data\Malwarebytes
2008-09-10 14:30 . 2008-09-10 14:30 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 14:30 . 2008-09-10 14:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 14:30 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 14:30 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-10 00:24 . 2008-09-10 00:24 <REP> d-------- D:\Documents and Settings\LocalService.AUTORITE NT.003\Bureau
2008-09-08 23:17 . 2008-09-09 00:48 <REP> d-------- C:\Program Files\YouTube Video Downloader
2008-09-08 19:23 . 2008-09-08 19:23 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-09-08 18:11 . 2008-09-08 18:11 <REP> d--hs---- D:\Documents and Settings\NetworkService.AUTORITE NT.003
2008-09-08 18:11 . 2008-09-10 00:24 <REP> d--hs---- D:\Documents and Settings\LocalService.AUTORITE NT.003
2008-09-08 08:53 . 2008-09-08 08:53 <REP> d-------- D:\Documents and Settings\liberte\Application Data\PC Tools
2008-09-08 08:53 . 2008-09-08 15:03 <REP> d-------- C:\Program Files\Spyware Doctor
2008-09-08 08:53 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-08 08:53 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-08 08:53 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-08 08:53 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-08 04:50 . 2008-09-08 04:50 <REP> d-------- C:\Program Files\MSXML 4.0
2008-09-04 10:30 . 2008-09-04 10:30 <REP> d-------- C:\WINDOWS\system32\FxsTmp
2008-09-04 10:30 . 2008-09-04 10:30 <REP> d-------- C:\WINDOWS\addins
2008-09-04 10:24 . 2008-09-04 10:24 <REP> d-------- D:\Documents and Settings\liberte.LIBERTE.001\Application Data\skypePM
2008-09-04 10:22 . 2008-09-04 10:30 <REP> d-------- D:\Documents and Settings\liberte.LIBERTE.001\Application Data\Skype
2008-09-04 10:20 . 2008-09-04 10:30 <REP> d-------- D:\Documents and Settings\liberte.LIBERTE.001\ModŠles
2008-09-04 10:20 . 2008-09-04 10:30 <REP> d-------- D:\Documents and Settings\liberte.LIBERTE.001\Mes documents
2008-09-04 10:20 . 2008-09-04 10:30 <REP> d-------- D:\Documents and Settings\liberte.LIBERTE.001\Favoris
2008-09-04 10:20 . 2008-09-06 18:08 <REP> d---s---- D:\Documents and Settings\liberte.LIBERTE.001
2008-09-04 10:16 . 2008-09-04 10:30 <REP> d---s---- D:\Documents and Settings\LocalService.AUTORITE NT.002
2008-09-04 10:15 . 2008-09-04 10:30 <REP> d---s---- D:\Documents and Settings\NetworkService.AUTORITE NT.002
2008-09-04 10:01 . 2004-08-05 14:00 141,312 --a------ C:\WINDOWS\system32\fxsclntR.dll
2008-09-04 10:01 . 2004-08-05 14:00 113,664 --a------ C:\WINDOWS\system32\fxscfgwz.dll
2008-09-04 10:01 . 2004-08-05 14:00 31,744 --a------ C:\WINDOWS\system32\fxsroute.dll
2008-09-04 10:01 . 2004-08-05 14:00 11,776 --a------ C:\WINDOWS\system32\fxssend.exe
2008-09-04 10:01 . 2004-08-05 14:00 3,712 --a------ C:\WINDOWS\system32\fxsperf.ini
2008-09-04 10:01 . 2004-08-05 14:00 1,361 --a------ C:\WINDOWS\system32\fxscount.h
2008-09-04 10:01 . 2008-09-04 10:01 620 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-09-03 22:00 . 2002-11-29 14:18 4,608 -ra------ C:\WINDOWS\system32\w95inf32.dll
2008-09-03 22:00 . 2002-11-29 14:18 2,272 -ra------ C:\WINDOWS\system32\w95inf16.dll
2008-09-03 21:17 . 2008-09-03 21:18 3,431 --a------ C:\WINDOWS\mozver.dat
2008-09-03 20:45 . 2008-09-11 17:56 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-09-01 20:09 . 2008-09-01 20:09 <REP> d-------- C:\Program Files\Imikimi
2008-08-31 11:51 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-31 11:50 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-31 11:49 . 2008-09-01 12:01 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-08-31 11:49 . 2008-04-11 21:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-31 11:37 . 2008-08-31 11:37 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-31 11:37 . 2008-08-31 11:37 <REP> d-------- C:\WINDOWS\system32\bits
2008-08-31 11:37 . 2008-08-31 11:37 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-31 11:31 . 2008-08-31 11:38 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-31 11:24 . 2008-08-31 11:24 <REP> d-------- C:\WINDOWS\EHome
2008-08-31 07:55 . 2008-08-31 07:55 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-29 15:14 . 2008-08-31 13:11 <REP> d-------- D:\Documents and Settings\LocalService\Bureau
2008-08-29 10:08 . 2008-08-29 10:08 <REP> d--h----- C:\WINDOWS\PIF
2008-08-28 11:34 . 2004-08-03 22:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-08-28 11:34 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-08-28 11:34 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-08-28 11:34 . 2004-08-03 22:29 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2008-08-28 11:34 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-08-28 11:34 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-08-28 11:34 . 2004-08-03 22:41 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2008-08-28 11:34 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-08-28 11:34 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-08-28 11:30 . 2004-08-03 22:29 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2008-08-28 11:30 . 2004-08-03 22:29 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2008-08-28 11:30 . 2004-08-03 22:29 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2008-08-28 11:30 . 2004-08-03 22:29 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2008-08-25 19:41 . 2008-08-25 19:42 <REP> d-------- D:\Documents and Settings\All Users\Application Data\SweetIM
2008-08-25 19:41 . 2008-08-25 19:42 <REP> d-------- C:\Program Files\SweetIM
2008-08-25 04:12 . 2008-09-10 12:30 <REP> d-------- C:\Program Files\WordBiz
2008-08-23 15:18 . 2008-08-23 15:23 <REP> d-------- D:\Documents and Settings\liberte.LIBERTE.000\Application Data\Skype
2008-08-23 15:02 . 2008-08-23 15:23 <REP> d-------- D:\Documents and Settings\liberte.LIBERTE.000\ModŠles
2008-08-23 15:02 . 2008-08-23 15:23 <REP> d-------- D:\Documents and Settings\liberte.LIBERTE.000\Favoris
2008-08-23 15:02 . 2008-09-06 18:08 <REP> d---s---- D:\Documents and Settings\liberte.LIBERTE.000
2008-08-23 15:01 . 2008-08-23 15:23 <REP> d---s---- D:\Documents and Settings\NetworkService.AUTORITE NT.001
2008-08-23 15:01 . 2008-08-23 15:23 <REP> d---s---- D:\Documents and Settings\LocalService.AUTORITE NT.001
2008-08-14 07:54 . 2008-05-01 16:36 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-11 22:04 . 2008-08-11 22:04 <REP> d-------- D:\Documents and Settings\liberte\Application Data\Gaijin Ent

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 15:13 --------- d-----w D:\Documents and Settings\liberte\Application Data\Skype
2008-09-11 06:03 --------- d-----w D:\Documents and Settings\liberte\Application Data\skypePM
2008-09-11 01:42 --------- d-----w C:\Program Files\Arovax AntiSpyware
2008-09-10 18:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-10 17:44 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-09 06:50 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-09-08 08:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-06 05:50 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-04 07:44 --------- d-----w C:\Program Files\Google
2008-08-31 11:14 --------- d-----w C:\Program Files\MSN Messenger
2008-08-30 13:01 304,182 ----a-w C:\StiImg.dat
2008-08-25 15:39 --------- d-----w D:\Documents and Settings\liberte\Application Data\Screenshot Sender
2008-08-23 13:23 --------- d-----w C:\Program Files\WebEye
2008-08-13 15:01 --------- d-----w C:\Program Files\Pack Securite
2008-08-13 14:46 --------- d-----w D:\Documents and Settings\All Users\Application Data\fssg
2008-08-10 17:34 --------- d-----w D:\Documents and Settings\All Users\Application Data\Arovax
2008-08-08 02:16 --------- d-----w D:\Documents and Settings\liberte\Application Data\Viewpoint
2008-08-07 20:05 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-08-07 11:50 --------- d-----w D:\Documents and Settings\All Users\Application Data\F-Secure
2008-08-05 05:43 --------- d-----w C:\Program Files\Maxis
2008-08-04 21:45 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype
2008-08-04 21:45 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-08-01 06:30 --------- d-----w C:\Program Files\Picasa2
2008-08-01 06:21 --------- d-----w C:\Program Files\Java
2008-08-01 06:07 --------- d-----w C:\Program Files\Neuf
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:44 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:47 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2006-12-01 18:06 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

------- Sigcheck -------

2004-08-05 14:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\system32\svchost.exe

2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\system32\user32.dll

2004-08-05 14:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\system32\ws2_32.dll

2006-11-07 22:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 10:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-02-27 15:26 822784 75de73e328e300caed5965faea2f5d3f C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 09:40 822784 2c138ab59e2ffa06e8952ae656e443c5 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 06:16 826368 02d6aabd5f5a32c61478b5cdfe50e4a8 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-04-14 04:33 670208 4a6e04ea20f48d750d9bfed8600d516b C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\system32\wininet.dll
2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\system32\dllcache\wininet.dll

2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-05 14:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\system32\winlogon.exe

2004-08-05 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\system32\drivers\ndis.sys

2004-08-05 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\system32\drivers\ip6fw.sys

2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-14 04:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 04:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f C:\WINDOWS\system32\ntkrnlpa.exe

2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-14 04:08 2191104 099d639da1ef6968d4e41795bb507e6b C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 04:08 2191104 099d639da1ef6968d4e41795bb507e6b C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\explorer.exe
2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2004-08-05 14:00 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\system32\services.exe

2004-08-05 14:00 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\system32\lsass.exe

2004-08-05 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\system32\ctfmon.exe

2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\system32\spoolsv.exe

2004-08-05 14:00 25088 d6d65ea32b190401b57edb6706f29669 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-10_22.36.24.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-08 12:43:54 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-11 06:45:12 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-08 12:43:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-09-11 06:45:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 147456]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.EXE" [2007-04-26 183208]
"F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 740208]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-03 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-15 98304]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arovax AntiSpyware]
--a------ 2007-09-21 14:56 1966080 C:\Program Files\Arovax AntiSpyware\ArovaxAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp]
--a------ 2005-10-20 06:15 102400 C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-15 09:30 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-08-11 17:46 21741864 C:\APPS\skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-20 09:44 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-01-19 13:49 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\WebEye\\WebEye.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\lxczcoms.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\APPS\\skype\\Phone\\Skype.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-04-26 58128]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Pack Securite\HIPS\fshs.sys [2007-04-26 48176]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2007-04-26 59760]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2007-04-26 25456]
S4 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-01-29 537520]

*Newly Created Service* - SSMDRV
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Ÿ - (no file)
HKCU-Run-Ÿ - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 18:00:02
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsgk32.exe
C:\APPS\Softex\OmniPass\OmniServ.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\program\fsdfwd.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\PACKSE~1\ANTI-V~1\fsav32.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-11 18:06:50 - machine was rebooted [liberte]
ComboFix-quarantined-files.txt 2008-09-11 16:06:30
ComboFix2.txt 2008-09-10 20:37:35

Pre-Run: 18,978,607,104 octets libres
Post-Run: 19,011,362,816 octets libres

351 --- E O F --- 2008-09-10 07:08:48
0
Réponse 30 / 45
liberte7613 Messages postés 21 Date d'inscription   Statut Membre Dernière intervention  
 
Geoffrey voilà hitjack this ( rapport )

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54, on 2008-09-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\CoAmmon\FSMB32.EXE
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exeA
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Documents and Settings\liberte\Mes documents\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 31 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
je vois 2 antivirus sur ton pc...Lequel utilises tu ??
0
Réponse 32 / 45
liberte7613 Messages postés 21 Date d'inscription   Statut Membre Dernière intervention  
 
J utlilise '' avira antivir ' ..........hier j'ai fait annuler l'antivirus du 9.........
0
Réponse 33 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
je vois que tu aussi F-secure :s

vas le désinstaller dans ajout/suppression de programmes..

fais aussi une recherche de ton pc en tapant F-secure et supprimes tout ce qu il trouve..

vas vider ta corbeille, redémarre ton pc et refais un nouveau rapport hijackthis stp
0
Réponse 34 / 45
liberte7613 Messages postés 21 Date d'inscription   Statut Membre Dernière intervention  
 
Geoffrey voilà le nouveau rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:13, on 2008-09-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Documents and Settings\liberte\Mes documents\HiJackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 35 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
tu n as pas désinstallé F-secure ^^
0
Réponse 36 / 45
liberte7613
 
je n'ai pas trouvée F-secure dans le ajout/suppression...
mais en fesant rechercher F-secure une liste est sortie et j'ai tout supprimée comme tu m'as dis de faire....
Par contre j'ai retirée le Pack securité du 9,mais celà m'a desinstalée mon pare feu...
0
Réponse 37 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Si tu veux un pare feu, y en a plusieurs téléchargeables sur mon site web :

https://www.androidworld.fr/

est ce que tu as encore des problemes ??
0
Réponse 38 / 45
liberte7613 Messages postés 21 Date d'inscription   Statut Membre Dernière intervention  
 
Mes pages s'ouvrent beaucoup plus facilement............

J'ai pris ''comodo ' comme Pare feu est 'il bon??

Et Goffrey je te remercie de ta disponibilité ,c'est vraiment tres sympa de ta pars,de m'avoir aidé pendant ces 2 jours

,je crois que enfin!mon pb est résolu!!!!!!!!

Je te souhaite une tres bonne nuit ...........et encore un tres grand MERCI

Cordialement ................Liberte........
0
Réponse 39 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Mais de rien, c est avec plaisir que je t ai aidé ;-)

oui comodo est un bon ainsi que kerio...

si tu n as plus de problemes tu peux faire ceci pour terminer stp :

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

Télécharge toolscleaner sur ton Bureau :

(c est le numéro 15 en bas de la page) : https://www.androidworld.fr/

* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

Désactive et réactive la Restauration du système :

1 Dans la barre des tâches de Windows, clique sur Démarrer.

2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.

3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

4 Clique sur Appliquer.

5 Ensuite décoche "Désactiver la restauration du systeme"

6 clique sur appliquer puis ok

7 vas créer un point de restauration en cliquant sur démarrer => tous les programmes => accessoires =>

outils systeme => restauration du systeme => créer un point de restauration => tu mets un nom

(exemple : après désinfection sur CCM) puis tu valides.

Tu peux mettre ton problème résolu !!
0
Réponse 40 / 45
liberte7613 Messages postés 21 Date d'inscription   Statut Membre Dernière intervention  
 
Geoffrey bonjour,

Encore moi.....

J 'ai telecharger Toolscleaner 2,tout c'est bien passé,mais je ne trouve pas le rapport.....

Qu'appel tu a la racine du disque dur ????? ( un peu novice en informatique )

J 'attend ta réponse pour pouvoir ensuite desactivé/reactivé le systeme

Merci................Liberte.....
-1

Discussions similaires

Ouverture de session yahoo mail
Guendouz -
Gaston -

1 réponse
Samsung S22 Allumage écran à l ouverture clapet ?
broccoli -
Pierr10 -

3 réponses
Impossible de créer ou gérer une page Facebook
Cathou18 -
Cathou18 -

4 réponses
ouvrir ma session yahoo.fr
doudou -
HelpiOS -

1 réponse
Problème 4g : ma Free mobile a un débit très lent
Problmedbit -
brupala -

12 réponses