Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

gros problème antivirus

 

10 utilisateurs inconnus
Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

gros problème antivirus

Prévenir les modérateurs en cas d'abus 
nadine angèle
nadine-angele
  1. Posté le 18/02/2008 à 11:15:49  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour à tous,
 mon ordi est protégé par antivirus FIREWALL (orange)
 depuis une quinzaine de jours antivirus XP 2008 viens sans arret s'afficher au démarrage et sur n'importe quelle tache que j'éxécute
 j ai essayer de le supprimer, mais n'y arrive pas étant donné qu'il n'est pas installé dans disque dur
 merci de m'aider (en termes clairs) je ne suis pas une pro
 merci à tous
 pour info je suis sur xp famillial

Th
virus-killer4
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 18/02/2008 à 15:52:33  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour,

 XP Antivirus 2008 n'est pas antivirus mais un programme piégé.

 - Télécharge HiJackThis de Merijn sur ton bureau.
 - Double-clic sur HijackThis
 - Génère un rapport en suivant ces indications :

- Exécute le et clique sur Do a scan and save log file.

- Le rapport s'ouvre sur le Bloc-Note
 - Colle le rapport ici, pour cela :

- Menu Edition / Selectionner Tout

- Menu Edition / copier

- Ici dans un nouveau message : clic droit / coller
 Aide : N'hésite pas à consulter l'aide HiJackThis

(Publicité)
nadine-angele
  1. Posté le 19/02/2008 à 16:29:21  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 

VìRùS KìLLèR a écrit :

Bonjour,

 XP Antivirus 2008 n'est pas antivirus mais un programme piégé.

 - [url=http://www.01net.com/telecharger/windows/Internet/internetLogfile of Trend Micro HijackThis v2.0.2
 Scan saved at 16:19:42, on 19/02/2008
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\spoolsv.ex​e
 c:\program files\fichiers communs\logitech\lvmvfm\LVPrcS​rv.exe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\SOUNDMAN.EXE
 C:\Apps\ActivBoard\MMKeybd.exe
 C:\WINDOWS\system32\RUNDLL32.E​XE
 C:\Program Files\AntivirusFirewall\Common​\FSM32.EXE
 C:\PROGRA~1\Wanadoo\TaskBarIco​n.exe
 C:\Program Files\Fichiers communs\Real\Update_OB\realsch​ed.exe
 C:\WINDOWS\system32\LVCOMSX.EX​E
 C:\Program Files\Logitech\Video\CameraAss​istant.exe
 C:\WINDOWS\system32\ElkCtrl.ex​e
 C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
 C:\apps\ActivSurf\4448364\Prog​ram\backweb-4448364.exe
 C:\Program Files\Java\jre1.5.0_03\bin\jus​ched.exe
 C:\Program Files\TomTom HOME 2\HOMERunner.exe
 C:\Program Files\Messenger\MSMSGS.EXE
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Calendrier\Cld2000.exe
 C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 C:\Program Files\Picasa2\PicasaMediaDetec​tor.exe
 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
 C:\PROGRA~1\Wanadoo\Gestionnai​reInternet.exe
 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
 C:\PROGRA~1\Wanadoo\ComComp.ex​e
 C:\PROGRA~1\Wanadoo\Toaster.ex​e
 C:\PROGRA~1\Wanadoo\Inactivity​.exe
 C:\PROGRA~1\Wanadoo\PollingMod​ule.exe
 C:\WINDOWS\System32\ALERTM~1\A​LERTM~1.EXE
 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
 C:\Apps\ActivBoard\TrayMon.exe
 C:\Apps\ActivBoard\OSD.exe
 C:\Apps\ActivBoard\nhksrv.exe
 C:\PROGRA~1\ANTIVI~1\backweb\6​588780\Program\SERVIC~1.EXE
 C:\Program Files\AntivirusFirewall\Anti-V​irus\fsgk32st.exe
 C:\Program Files\AntivirusFirewall\backwe​b\6588780\program\fsbwsys.exe
 C:\Program Files\AntivirusFirewall\Anti-V​irus\FSGK32.EXE
 C:\Program Files\AntivirusFirewall\Common​\FSMA32.EXE
 C:\WINDOWS\System32\FTRTSVC.ex​e
 C:\Program Files\AntivirusFirewall\Anti-V​irus\fssm32.exe
 C:\Program Files\AntivirusFirewall\Common​\FSMB32.EXE
 C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
 C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
 C:\WINDOWS\System32\nvsvc32.ex​e
 C:\WINDOWS\system32\slserv.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
 C:\Program Files\AntivirusFirewall\Common​\FCH32.EXE
 C:\Program Files\AntivirusFirewall\backwe​b\6588780\Program\fspex.exe
 C:\Program Files\AntivirusFirewall\Common​\FAMEH32.EXE
 C:\Program Files\AntivirusFirewall\Anti-V​irus\fsqh.exe
 C:\Program Files\AntivirusFirewall\Anti-V​irus\fsrw.exe
 C:\Program Files\AntivirusFirewall\FWES\P​rogram\fsdfwd.exe
 C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
 C:\Program Files\AntivirusFirewall\Anti-V​irus\fsav32.exe
 C:\PROGRA~1\ANTIVI~1\ANTI-S~1\​fsaw.exe
 C:\Program Files\AntivirusFirewall\FSGUI\​fsguidll.exe
 C:\PROGRA~1\Wanadoo\Watch.exe
 C:\Program Files\MSN Messenger\usnsvc.exe
 C:\PROGRA~1\Wanadoo\WOOBrowser​\WOOBrowser.exe
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.finderg.com
 R1 - HKCU\Software\Microsoft\Intern​et Connection Wizard,ShellNext = http://mmjb.musicmatch.com/mmj [...] =999994149
 R1 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Window Title = Orange
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A8​9362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.D​LL
 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelpe​r.ocx
 O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EE​AFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.​DLL
 O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449​A05863D} - C:\Program Files\GamesBar\oberontb.dll
 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5​E23E045} - (no file)
 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF105​77473F7} - c:\program files\google\googletoolbar4.dl​l
 O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B​5AD205D} - C:\Program Files\Google\GoogleToolbarNoti​fier\2.0.301.7164\swg.dll
 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6​AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - c:\program files\google\googletoolbar4.dl​l
 O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449​A05863D} - C:\Program Files\GamesBar\oberontb.dll
 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
 O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM​_EXEC.EXE
 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
 O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,​NvStartup
 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.d​ll,NvTaskbarInit
 O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
 O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.ex​e TaskBarIcon.exe
 O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common​\FSM32.EXE" /splash
 O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TN​BUtil.exe" /CHECKALL /WAITFORSW
 O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\​FSSW.EXE" /reboot
 O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\​ispnews.exe"
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.​exe
 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsch​ed.exe"  -osboot
 O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EX​E
 O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAss​istant.exe
 O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHe​lper.exe /inspect
 O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.ex​e /automation
 O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
 O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Prog​ram\backweb-4448364.exe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jus​ched.exe
 O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
 O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\​update.exe /startup
 O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe
 O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetec​tor.exe
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
 O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backwe​b\6588780\Program\fspex.exe
 O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
 O4 - Global Startup: hpoddt01.exe.lnk = ?
 O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-S​pyware\blockpopups.htm
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFF​ICE11\EXCEL.EXE/3000
 O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A​7003239} - C:\Program Files\GamesBar\oberontb.dll
 O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A​7003239} - C:\Program Files\GamesBar\oberontb.dll
 O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44AC​CF73C00} - C:\Program Files\AntivirusFirewall\Anti-S​pyware\ieshield.dll
 O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44AC​CF73C00} - C:\Program Files\AntivirusFirewall\Anti-S​pyware\ieshield.dll
 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C5​71A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\​REFIEBAR.DLL
 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F​0318AFE} - C:\WINDOWS\System32\Shdocvw.dl​l
 O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046​DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284​D0FE16E} - http://www.orange.fr (file missing) (HKCU)
 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05C​B959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w [...] NPUpld.cab
 O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6​588780\Program\SERVIC~1.EXE
 O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-V​irus\fsgk32st.exe
 O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backwe​b\6588780\program\fsbwsys.exe
 O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\P​rogram\fsdfwd.exe
 O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common​\FSMA32.EXE
 O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.ex​e
 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe
 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
 O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcS​rv.exe
 O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.ex​e
 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.e​xe
 O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
 O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

 --
 End of file - 11485 bytes
 _utlitaire/fiches/29061.html]Télécharge HiJackThis de Merijn sur ton bureau.
 - Double-clic sur HijackThis
 - Génère un rapport en suivant ces indications :
  - Exécute le et clique sur Do a scan and save log file.
  - Le rapport s'ouvre sur le Bloc-Note
 - Colle le rapport ici, pour cela :
  - Menu Edition / Selectionner Tout
  - Menu Edition / copierLogfile of Trend Micro HijackThis v2.0.2
 Scan saved at 16:19:42, on 19/02/2008
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\spoolsv.ex​e
 c:\program files\fichiers communs\logitech\lvmvfm\LVPrcS​rv.exe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\SOUNDMAN.EXE
 C:\Apps\ActivBoard\MMKeybd.exe
 C:\WINDOWS\system32\RUNDLL32.E​XE
 C:\Program Files\AntivirusFirewall\Common​\FSM32.EXE
 C:\PROGRA~1\Wanadoo\TaskBarIco​n.exe
 C:\Program Files\Fichiers communs\Real\Update_OB\realsch​ed.exe
 C:\WINDOWS\system32\LVCOMSX.EX​E
 C:\Program Files\Logitech\Video\CameraAss​istant.exe
 C:\WINDOWS\system32\ElkCtrl.ex​e
 C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
 C:\apps\ActivSurf\4448364\Prog​ram\backweb-4448364.exe
 C:\Program Files\Java\jre1.5.0_03\bin\jus​ched.exe
 C:\Program Files\TomTom HOME 2\HOMERunner.exe
 C:\Program Files\Messenger\MSMSGS.EXE
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Calendrier\Cld2000.exe
 C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 C:\Program Files\Picasa2\PicasaMediaDetec​tor.exe
 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
 C:\PROGRA~1\Wanadoo\Gestionnai​reInternet.exe
 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
 C:\PROGRA~1\Wanadoo\ComComp.ex​e
 C:\PROGRA~1\Wanadoo\Toaster.ex​e
 C:\PROGRA~1\Wanadoo\Inactivity​.exe
 C:\PROGRA~1\Wanadoo\PollingMod​ule.exe
 C:\WINDOWS\System32\ALERTM~1\A​LERTM~1.EXE
 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
 C:\Apps\ActivBoard\TrayMon.exe
 C:\Apps\ActivBoard\OSD.exe
 C:\Apps\ActivBoard\nhksrv.exe
 C:\PROGRA~1\ANTIVI~1\backweb\6​588780\Program\SERVIC~1.EXE
 C:\Program Files\AntivirusFirewall\Anti-V​irus\fsgk32st.exe
 C:\Program Files\AntivirusFirewall\backwe​b\6588780\program\fsbwsys.exe
 C:\Program Files\AntivirusFirewall\Anti-V​irus\FSGK32.EXE
 C:\Program Files\AntivirusFirewall\Common​\FSMA32.EXE
 C:\WINDOWS\System32\FTRTSVC.ex​e
 C:\Program Files\AntivirusFirewall\Anti-V​irus\fssm32.exe
 C:\Program Files\AntivirusFirewall\Common​\FSMB32.EXE
 C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
 C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
 C:\WINDOWS\System32\nvsvc32.ex​e
 C:\WINDOWS\system32\slserv.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
 C:\Program Files\AntivirusFirewall\Common​\FCH32.EXE
 C:\Program Files\AntivirusFirewall\backwe​b\6588780\Program\fspex.exe
 C:\Program Files\AntivirusFirewall\Common​\FAMEH32.EXE
 C:\Program Files\AntivirusFirewall\Anti-V​irus\fsqh.exe
 C:\Program Files\AntivirusFirewall\Anti-V​irus\fsrw.exe
 C:\Program Files\AntivirusFirewall\FWES\P​rogram\fsdfwd.exe
 C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
 C:\Program Files\AntivirusFirewall\Anti-V​irus\fsav32.exe
 C:\PROGRA~1\ANTIVI~1\ANTI-S~1\​fsaw.exe
 C:\Program Files\AntivirusFirewall\FSGUI\​fsguidll.exe
 C:\PROGRA~1\Wanadoo\Watch.exe
 C:\Program Files\MSN Messenger\usnsvc.exe
 C:\PROGRA~1\Wanadoo\WOOBrowser​\WOOBrowser.exe
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.finderg.com
 R1 - HKCU\Software\Microsoft\Intern​et Connection Wizard,ShellNext = http://mmjb.musicmatch.com/mmj [...] =999994149
 R1 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Window Title = Orange
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A8​9362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.D​LL
 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelpe​r.ocx
 O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EE​AFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.​DLL
 O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449​A05863D} - C:\Program Files\GamesBar\oberontb.dll
 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5​E23E045} - (no file)
 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF105​77473F7} - c:\program files\google\googletoolbar4.dl​l
 O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B​5AD205D} - C:\Program Files\Google\GoogleToolbarNoti​fier\2.0.301.7164\swg.dll
 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6​AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - c:\program files\google\googletoolbar4.dl​l
 O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449​A05863D} - C:\Program Files\GamesBar\oberontb.dll
 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
 O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM​_EXEC.EXE
 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
 O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,​NvStartup
 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.d​ll,NvTaskbarInit
 O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
 O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.ex​e TaskBarIcon.exe
 O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common​\FSM32.EXE" /splash
 O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TN​BUtil.exe" /CHECKALL /WAITFORSW
 O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\​FSSW.EXE" /reboot
 O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\​ispnews.exe"
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.​exe
 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsch​ed.exe"  -osboot
 O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EX​E
 O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAss​istant.exe
 O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHe​lper.exe /inspect
 O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.ex​e /automation
 O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
 O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Prog​ram\backweb-4448364.exe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jus​ched.exe
 O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
 O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\​update.exe /startup
 O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe
 O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetec​tor.exe
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
 O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backwe​b\6588780\Program\fspex.exe
 O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
 O4 - Global Startup: hpoddt01.exe.lnk = ?
 O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-S​pyware\blockpopups.htm
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFF​ICE11\EXCEL.EXE/3000
 O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A​7003239} - C:\Program Files\GamesBar\oberontb.dll
 O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A​7003239} - C:\Program Files\GamesBar\oberontb.dll
 O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44AC​CF73C00} - C:\Program Files\AntivirusFirewall\Anti-S​pyware\ieshield.dll
 O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44AC​CF73C00} - C:\Program Files\AntivirusFirewall\Anti-S​pyware\ieshield.dll
 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C5​71A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\​REFIEBAR.DLL
 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F​0318AFE} - C:\WINDOWS\System32\Shdocvw.dl​l
 O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046​DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284​D0FE16E} - http://www.orange.fr (file missing) (HKCU)
 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05C​B959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w [...] NPUpld.cab
 O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6​588780\Program\SERVIC~1.EXE
 O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-V​irus\fsgk32st.exe
 O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backwe​b\6588780\program\fsbwsys.exe
 O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\P​rogram\fsdfwd.exe
 O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common​\FSMA32.EXE
 O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.ex​e
 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe
 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
 O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcS​rv.exe
 O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.ex​e
 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.e​xe
 O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
 O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

 --
 End of file - 11485 bytes

  - Ici dans un nouveau message : clic droit / coller
 Aide : N'hésite pas à consulter l'aide HiJackThis

 


[/url]

Th
virus-killer4
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 19/02/2008 à 18:58:54  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
DESACTIVE F-Secure :

 - Télécharge Combofix sUBs : combofix.exe
 et sauvegarde le sur ton bureau et pas ailleurs!

 - Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


 



Files::
 C:\apps\ActivSurf\4448364\Prog​ram\backweb-4448364.exe

 Folder::
 C:\Program Files\GamesBar
 C:\Program Files\XP Antivirus
 C:\Documents and Settings\All Users\Start Menu\Programs\XP antivirus
 C:\Program Files\Calendrier

 Registry::
 [-HKEY_CURRENT_USER\Software\XP antivirus]
 [-HKEY_LOCAL_MACHINE\SYSTEM\Con​trolSet001\Services\XPAntiviru​sFilter]
 [-HKEY_LOCAL_MACHINE\SYSTEM\Cur​rentControlSet\Services\XPAnti​virusFilter]
 [HKEY_CURRENT_USER\Software\Mic​rosoft\Windows\CurrentVersion\​Run]
 "XP Antivirus"=-
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "mmnext06"=-
 "shellbn"=-
 "System"=-
 "Windows Framework"=-
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects]
 "{4e7bd74f-2b8d-469e-dcf7-f96d​a086b434}"=-
 "{6C6B8C69-9285-4D94-8492-9E92​0C8C2B65}"=-
 "{74f25a2c-22b3-4023-8f1a-ca61​6c30a8b5}"=-
 "{9a19966f-ae0e-4699-8cce-9b6f​5f1c352c}"=-
 "{D714A94F-123A-45CC-8F03-040B​CAF82AD6}"=-
 [-HKEY_LOCAL_MACHINE\SOFTWARE\M​icrosoft\Windows\CurrentVersio​n\Uninstall]
 "XP antivirus_is1"=-
 




 Enregistre ce fichier sous le nom CFScript

 

  • Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 http://i261.photobucket.com/al​bums/ii49/Malekal_morte/CFScri​pt.gif

 
  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
 
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

 
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

 Poste un nouveau rapport HijackThis.

celi84
  1. Posté le 23/06/2008 à 20:06:53  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 22:07, on 2008-06-24
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 C:\Program Files\Alwil Software\Avast4\ashServ.exe
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\system32\VTTimer.ex​e
 C:\Program Files\Java\jre1.6.0_05\bin\jus​ched.exe
 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
 C:\Apps\Powercinema\PCMService​.exe
 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
 C:\Program Files\Player Video TF1\tf1.exe
 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.e​xe
 C:\Program Files\iTunes\iTunesHelper.exe
 C:\WINDOWS\SOUNDMAN.EXE
 C:\WINDOWS\wt\updater\wcmdmgr.​exe
 C:\Program Files\USB Disk Win98 Driver\Res.EXE
 C:\WINDOWS\system32\lphcg8lj0e​j3g.exe
 C:\Program Files\rhcl8lj0ej3g\rhcl8lj0ej3​g.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\MSN Messenger\MsnMsgr.Exe
 C:\Program Files\Google\GoogleToolbarNoti​fier\1.0.720.3640\GoogleToolba​rNotifier.exe
 C:\Program Files\Picasa2\PicasaMediaDetec​tor.exe
 C:\WINDOWS\system32\pphcg8lj0e​j3g.exe
 C:\PROGRA~1\FICHIE~1\AOL\ACS\A​OLacsd.exe
 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 C:\WINDOWS\system32\drivers\CD​AC11BA.EXE
 C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
 C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
 c:\APPS\Powercinema\Kernel\TV\​CLCapSvc.exe
 c:\APPS\Powercinema\Kernel\TV\​CLSched.exe
 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServe​r.exe
 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServi​ce.exe
 c:\APPS\HIDSERVICE\HIDSERVICE.​exe
 C:\Program Files\Norton Internet Security\ISSVC.exe
 C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
 C:\WINDOWS\system32\HPZipm12.e​xe
 C:\WINDOWS\system32\slserv.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 C:\Program Files\iPod\bin\iPodService.exe
 C:\WINDOWS\system32\msiexec.ex​e
 C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
 C:\Program Files\Internet Explorer\IEXPLORE.EXE
 C:\Program Files\Messenger\msmsgs.exe
 C:\Documents and Settings\celine\Bureau\HiJackT​his.exe

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.lequipe.fr/
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49​B9F9938} - (no file)
 R3 - URLSearchHook: (no name) -  - (no file)
 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn\yt.dll
 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695E​CA05670} - C:\Program Files\Yahoo!\Companion\Install​s\cpn\yt.dll
 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelpe​r.ocx
 O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723​696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZ​O~1.DLL (file missing)
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF​36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\​stmain.dll
 O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DD​F1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
 O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B​4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msn​tb.dll
 O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6​B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
 O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9​A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
 O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859D​F00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
 O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B​4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msn​tb.dll
 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn\yt.dll
 O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMI​G.EXE" /Spoil /RemAdvDef /Migration32
 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLG​NT\TINTSETP.EXE /SYNC
 O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLG​NT\TINTSETP.EXE /IMEName
 O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
 O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-18860​3799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
 O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
 O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMServic​e.exe"
 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsch​ed.exe"  -osboot
 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
 O4 - HKLM\..\Run: [tf1] C:\Program Files\Player Video TF1\tf1.exe
 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.e​xe"
 O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl​.exe -launch
 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
 O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
 O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
 O4 - HKLM\..\Run: [lphcg8lj0ej3g] C:\WINDOWS\system32\lphcg8lj0e​j3g.exe
 O4 - HKLM\..\Run: [SMrhcl8lj0ej3g] C:\Program Files\rhcl8lj0ej3g\rhcl8lj0ej3​g.exe
 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
 O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNoti​fier\1.0.720.3640\GoogleToolba​rNotifier.exe
 O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
 O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.ex​e" --force_start_minimized
 O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetec​tor.exe
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
 O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
 O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
 O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
 O8 - Extra context menu item: AMV convert tool grab multimedia file - C:\Program Files\MP3 Player Utilities 5.02\AMVConverter\grab.html
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFF​ICE11\EXCEL.EXE/3000
 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
 O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C5​71A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\​REFIEBAR.DLL
 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F​0318AFE} - C:\WINDOWS\system32\Shdocvw.dl​l
 O9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60C​BDF119A} - http://click2.ad4all.net/url2/ [...] l.asp?id=1 (file missing)
 O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60C​BDF119A} - http://click2.ad4all.net/url2/ [...] l.asp?id=1 (file missing)
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O16 - DPF: {87AF076E-D86D-4E87-ADDD-F0580​4E1F150} (VirginMega.DMFacade.Interface​) - https://www.virginmega.fr/Down [...] ownMan.cab
 O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58C​B424243} (Image Uploader Control) - http://copainsdavant.linternau [...] oader5.cab
 O17 - HKLM\System\CCS\Services\Tcpip​\..\{122D6EF3-4963-4C2B-88C0-F​B3DE2F86C04}: NameServer = 85.255.114.13,85.255.112.174
 O17 - HKLM\System\CS1\Services\Tcpip​\Parameters: NameServer = 85.255.114.68 85.255.112.150
 O17 - HKLM\System\CS1\Services\Tcpip​\..\{122D6EF3-4963-4C2B-88C0-F​B3DE2F86C04}: NameServer = 85.255.114.68,85.255.112.150
 O17 - HKLM\System\CS2\Services\Tcpip​\..\{122D6EF3-4963-4C2B-88C0-F​B3DE2F86C04}: NameServer = 85.255.114.13,85.255.112.174
 O17 - HKLM\System\CS3\Services\Tcpip​\..\{122D6EF3-4963-4C2B-88C0-F​B3DE2F86C04}: NameServer = 85.255.114.13,85.255.112.174
 O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F​9CF023E} - D:\Player\__CDS2.dll (file missing)
 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\A​OLacsd.exe
 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
 O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
 O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CD​AC11BA.EXE
 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
 O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
 O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
 O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
 O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\​CLCapSvc.exe
 O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\​CLSched.exe
 O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServe​r.exe
 O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.​exe
 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe
 O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
 O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
 O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.e​xe
 O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE
 O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
 O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
 O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
 O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

 --
 End of file - 14349 bytes

(Publicité)
celi84
  1. Posté le 23/06/2008 à 20:20:25  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
ComboFix 08-06-20.4 - celine 2008-06-24 22:09:32.4 - NTFSx86
 Microsoft Windows XP Édition familiale  5.1.2600.2.1252.1.1036.18.116 [GMT 2:00]
 Endroit: C:\Documents and Settings\celine\Bureau\ComboFi​x.exe
 .

 (((((((((((((((((((((((((((((   Fichiers créés 2008-05-24 to 2008-06-24  ))))))))))))))))))))))))))))))​))))))
 .

 2008-06-24 21:45 . 2008-06-24 21:45 0 --a------ C:\WINDOWS\system32\F.tmp
 2008-06-24 18:28 . 2008-06-24 21:27 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
 2008-06-24 18:28 . 2008-06-24 18:28 <REP> d-------- C:\Documents and Settings\celine\Application Data\Malwarebytes
 2008-06-24 18:28 . 2008-06-24 18:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
 2008-06-24 18:28 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mb​amcatchme.sys
 2008-06-24 18:28 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mb​am.sys
 2008-06-24 16:51 . 2008-06-24 16:51 <REP> d-------- C:\Documents and Settings\celine\Application Data\rhcl8lj0ej3g
 2008-06-24 16:51 . 2008-06-24 21:55 94,208 --a------ C:\WINDOWS\system32\pphcg8lj0e​j3g.exe
 2008-06-24 16:49 . 2008-06-24 21:32 <REP> d-------- C:\Program Files\rhcl8lj0ej3g
 2008-06-24 16:48 . 2008-06-24 16:48 109,056 --a------ C:\WINDOWS\system32\lphcg8lj0e​j3g.exe
 2008-06-24 16:48 . 2008-06-24 21:55 90,838 --a------ C:\WINDOWS\system32\phcg8lj0ej​3g.bmp
 2008-06-24 16:48 . 2008-06-24 21:55 60,928 --a------ C:\WINDOWS\system32\blphcg8lj0​ej3g.scr
 2008-06-17 17:18 . 2008-06-17 17:18 <REP> d-------- C:\Program Files\CCleaner
 2008-06-14 00:03 . 2008-06-14 00:03 78,248 --ah----- C:\WINDOWS\system32\mlfcache.d​at
 2008-06-06 00:03 . 2008-06-06 00:04 <REP> d-------- C:\Jean Jacques Goldman
 2008-05-29 23:09 . 2008-05-29 23:10 14,199,264 --a------ C:\MOV03113.amv
 2008-05-29 22:56 . 2008-05-29 22:57 11,498,476 --a------ C:\MOV03113.avi
 2008-05-29 22:47 . 2008-05-29 22:47 <REP> d-------- C:\Program Files\USB Disk Win98 Driver
 2008-05-29 22:44 . 2008-05-29 22:45 <REP> d-------- C:\Program Files\LRC Editor 4
 2008-05-29 22:07 . 2008-05-29 22:08 <REP> d-------- C:\Documents and Settings\celine\Application Data\Media Player Classic
 2008-05-28 22:03 . 2008-05-28 22:03 <REP> d-------- C:\Program Files\MP3 Player Utilities 5.02
 2008-05-28 22:02 . 2008-05-28 22:02 <REP> d-------- C:\Program Files\MP3 Player Utilities 4.13
 2008-05-28 22:01 . 2008-05-28 22:01 <REP> d-------- C:\Program Files\MP3 Player Utilities 4.00
 2008-05-28 21:58 . 2008-05-28 21:58 <REP> d-------- C:\WINDOWS\system32\Quicktime
 2008-05-28 21:57 . 2008-05-28 21:57 <REP> d-------- C:\Program Files\Ringz Studio
 2008-05-28 21:12 . 2008-05-30 23:02 <REP> d-------- C:\Documents and Settings\celine\Application Data\gtk-2.0
 2008-05-28 21:12 . 2008-05-28 21:12 <REP> d-------- C:\Documents and Settings\celine\.thumbnails
 2008-05-28 20:51 . 2008-05-30 23:06 <REP> d-------- C:\Documents and Settings\celine\.gimp-2.4
 2008-05-28 19:27 . 2008-05-28 19:27 2,359,350 --a------ C:\WINDOWS\Papier-peint-PhotoF​iltre.bmp

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2008-06-24 19:56 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
 2008-06-24 19:27 --------- d-----w C:\Program Files\MSN Messenger
 2008-06-24 16:18 --------- d-----w C:\Program Files\UltimateZip 2007
 2008-05-29 20:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
 2008-05-28 19:58 --------- d-----w C:\Program Files\QuickTime
 2008-05-28 19:58 --------- d-----w C:\Program Files\Fichiers communs\Real
 2008-05-19 17:17 --------- d-----w C:\Program Files\DivX
 2008-05-18 14:57 --------- d-----w C:\Program Files\Sun
 2008-05-18 14:57 --------- d-----w C:\Program Files\Java
 2008-05-18 14:51 --------- d-----w C:\Program Files\MSECache
 2008-05-17 21:20 --------- d-----w C:\Program Files\Picasa2
 2008-04-26 18:54 --------- d-----w C:\Documents and Settings\celine\Application Data\XCPCSync.OEM
 2008-04-26 18:51 --------- d-----w C:\Program Files\Google
 2008-02-08 15:27 15,397 ----a-w C:\Program Files\settings.dat
 2007-01-30 22:26 7,218,088 ----a-w C:\Program Files\psa30se_fr_fr.exe
 2006-10-21 19:28 4,561,728 ----a-w C:\Program Files\avast.exe
 2006-09-22 16:20 8,569,400 ----a-w C:\Program Files\MegaBlocNotes.exe
 2005-07-25 20:38 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
 2005-07-25 20:35 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
 2005-07-25 20:34 7,769,912 ----a-w C:\Program Files\DivXPlay.exe
 .

 ((((((((((((((((((((((((((((((​(((   Point de chargement Reg   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .
 .
 REGEDIT4
 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "CTFMON.EXE"="C:\WINDOWS\syste​m32\ctfmon.exe" [2004-08-05 14:00 15360]
 "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352]
 "Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]
 "swg"="C:\Program Files\Google\GoogleToolbarNoti​fier\1.0.720.3640\GoogleToolba​rNotifier.exe" [2006-09-28 11:46 155896]
 "Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe" [ ]
 "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.ex​e" [ ]
 "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetec​tor.exe" [2008-02-26 03:23 443968]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "IMJPMIG8.1"="C:\WINDOWS\IME\i​mjp8_1\IMJPMIG.EXE" [2004-08-05 14:00 208952]
 "PHIME2002ASync"="C:\WINDOWS\s​ystem32\IME\TINTLGNT\TINTSETP.​EXE" [ ]
 "PHIME2002A"="C:\WINDOWS\syste​m32\IME\TINTLGNT\TINTSETP.EXE" [ ]
 "VTTimer"="VTTimer.exe" [2004-03-26 14:07 49152 C:\WINDOWS\system32\VTTimer.exe]
 "SunJavaUpdateSched"="C:\Progr​am Files\Java\jre1.6.0_05\bin\jus​ched.exe" [2008-02-22 04:25 144784]
 "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-09-07 15:25 58488]
 "IS CfgWiz"="C:\Program Files\Norton Internet Security\cfgwiz.exe" [2004-09-21 11:35 132248]
 "SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-10-07 09:25 218240]
 "PCMService"="c:\Apps\Powercin​ema\PCMService.exe" [2005-01-28 11:10 110740]
 "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsch​ed.exe" [2005-05-04 21:13 180269]
 "EoEngine"="" []
 "EoWeather"="" []
 "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
 "tf1"="C:\Program Files\Player Video TF1\tf1.exe" [2006-08-11 12:00 1015296]
 "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.e​xe" [2005-06-23 21:33 57344]
 "wcmdmgr"="C:\WINDOWS\wt\updat​er\wcmdmgrl.exe" [2003-09-23 19:49 20480]
 "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
 "SoundMan"="SOUNDMAN.EXE" [2004-05-14 15:47 67072 C:\WINDOWS\SOUNDMAN.EXE]
 "StormCodec_Helper"="C:\Progra​m Files\Ringz Studio\Storm Codec\StormSet.exe" [2005-03-24 14:52 94770]
 "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
 "lphcg8lj0ej3g"="C:\WINDOWS\sy​stem32\lphcg8lj0ej3g.exe" [2008-06-24 16:48 109056]
 "SMrhcl8lj0ej3g"="C:\Program Files\rhcl8lj0ej3g\rhcl8lj0ej3​g.exe" [2008-06-21 20:22 1642496]

 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Run]
 "CTFMON.EXE"="C:\WINDOWS\syste​m32\CTFMON.EXE" [2004-08-05 14:00 15360]

 C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
 Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\drivers32]
 "vidc.vp31"= vp31vfw.dll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center]
 "AntiVirusOverride"=dword:0000​0001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring"=dword:0000​0001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecFirewall]
 "DisableMonitoring"=dword:0000​0001

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\AuthorizedApplicati​ons\List]
 "%ProgramFiles%\\AOL 9.0\\aol.exe"=
 "%ProgramFiles%\\UBISOFT\\Spli​nter Cell Pandora Tomorrow\\logo_ubi.exe"=
 "%ProgramFiles%\\UBISOFT\\Spli​nter Cell Pandora Tomorrow\\pandora.exe"=
 "%windir%\\system32\\sessmgr.e​xe"=
 "C:\\APPS\\Inventime\\my.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"​=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
 "C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
 "C:\\Program Files\\Player Video TF1\\tf1.exe"=
 "C:\\WINDOWS\\system32\\dpvset​up.exe"=
 "C:\\Program Files\\Messenger\\msmsgs.exe"=
 "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
 "C:\\Program Files\\MSN Messenger\\livecall.exe"=
 "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
 "C:\\Program Files\\iTunes\\iTunes.exe"=
 "C:\\TetriNET\\TETRINET.EXE"=

 R1 aswSP;avast! Self Protection;C:\WINDOWS\system32​\drivers\aswSP.sys [2008-05-16 01:20]
 R1 sdcplh;sdcplh;C:\WINDOWS\syste​m32\drivers\sdcplh.sys [2005-11-12 01:02]
 R2 aswFsBlk;aswFsBlk;C:\WINDOWS\s​ystem32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
 S3 07f596f0-fa31-462e-ba60-bd817f​72383c;07f596f0-fa31-462e-ba60​-bd817f72383c;D:\Player\cds300​.dll []
 S3 archbus;NEC WMC USB_BJ1 Composite Device driver (WDM);C:\WINDOWS\system32\DRIV​ERS\archbus.sys [2005-08-30 13:17]
 S3 archmdfl;NEC WMC USB_BJ1 Modem Filter;C:\WINDOWS\system32\DRI​VERS\archmdfl.sys [2005-08-30 13:17]
 S3 archmdm;NEC WMC USB_BJ1 Modem Drivers;C:\WINDOWS\system32\DR​IVERS\archmdm.sys [2005-08-30 13:17]
 S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-07-18 16:23]

 .
 Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
 "2008-02-08 06:10:05 C:\WINDOWS\Tasks\AppleSoftware​Update.job"
 - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
 "2005-08-07 21:09:32 C:\WINDOWS\Tasks\Symantec NetDetect.job"
 - C:\Program Files\Symantec\LiveUpdate\NDET​ECT.EXE
 .
 ******************************​******************************​**************

 catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2008-06-24 22:13:44
 Windows 5.1.2600 Service Pack 2 NTFS

 Balayage processus cachés ...

 Balayage caché autostart entries ...

 Balayage des fichiers cachés ...

 Scan terminé avec succès
 Les fichiers cachés: 0

 ******************************​******************************​**************
 .
 Temps d'accomplissement: 2008-06-24 22:18:01
 ComboFix-quarantined-files.txt  2008-06-24 20:17:47

 Pre-Run: 78,198,480,896 octets libres
 Post-Run: 78,195,912,704 octets libres

 164 --- E O F --- 2007-11-18 14:00:50

filigrane2
  1. Posté le 27/06/2008 à 19:44:10  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Moi aussi infectée par ce truc horrible j'attend avec impatience votre aide


 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 21:17:05, on 27/06/2008
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 C:\Program Files\Alwil Software\Avast4\ashServ.exe
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\acer\Acer eConsole\MediaServerService.ex​e
 C:\WINDOWS\system32\cisvc.exe
 C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe
 C:\Program Files\Spyware Doctor\pctsAuxs.exe
 C:\Program Files\Spyware Doctor\pctsSvc.exe
 C:\WINDOWS\Explorer.EXE
 C:\Program Files\Spyware Doctor\pctsTray.exe
 C:\WINDOWS\System32\snmp.exe
 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE​.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 C:\WINDOWS\System32\alg.exe
 C:\Program Files\Acer\eRecovery\Monitor.e​xe
 C:\Program Files\Java\jre1.6.0_05\bin\jus​ched.exe
 C:\Program Files\Acer\Acer eConsole\MediaSync.exe
 C:\PROGRA~1\ALWILS~1\Avast4\as​hDisp.exe
 C:\WINDOWS\system32\LVCOMSX.EX​E
 C:\WINDOWS\SOUNDMAN.EXE
 C:\WINDOWS\AGRSMMSG.exe
 C:\Program Files\Acer\Acer eMode Management\AspireService.exe
 C:\Program Files\Logitech\Video\LogiTray.​exe
 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
 C:\WINDOWS\system32\lphcv1cj0e​r1q.exe
 C:\Program Files\rhcr1cj0er1q\rhcr1cj0er1​q.exe
 C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 C:\Program Files\Logitech\Video\FxSvr2.ex​e
 C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe
 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
 C:\WINDOWS\system32\pphcv1cj0e​r1q.exe
 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe
 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
 C:\WINDOWS\system32\HPZipm12.e​xe
 C:\WINDOWS\system32\wuauclt.ex​e
 C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
 C:\Program Files\Internet Explorer\iexplore.exe
 C:\WINDOWS\system32\msiexec.ex​e
 C:\WINDOWS\system32\cidaemon.e​xe
 C:\Documents and Settings\isabel\Bureau\HiJackT​his.exe
 C:\WINDOWS\system32\wbem\wmipr​vse.exe

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://fr.msn.com/
 R1 - HKCU\Software\Microsoft\Window​s\CurrentVersion\Internet Settings,ProxyOverride = localhost
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 O1 - Hosts: 124.217.252.77 www.bravesentry.com
 O1 - Hosts: 124.217.252.77 bravesentry.com
 O1 - Hosts: 124.217.252.78 secure.isoftpay.com
 O1 - Hosts: 124.217.252.77 www.bravesentry.com
 O1 - Hosts: 124.217.252.77 bravesentry.com
 O1 - Hosts: 124.217.252.78 secure.isoftpay.com
 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7​942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5​E23E045} - (no file)
 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF105​77473F7} - c:\program files\google\googletoolbar1.dl​l
 O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B​5AD205D} - C:\Program Files\Google\GoogleToolbarNoti​fier\2.1.1119.1736\swg.dll
 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - c:\program files\google\googletoolbar1.dl​l
 O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.e​xe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\as​hDisp.exe
 O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EX​E
 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
 O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
 O4 - HKLM\..\Run: [Imjpmig8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMI​G.EXE" /Spoil /RemAdvDef /Migration32
 O4 - HKLM\..\Run: [LaunchApp] Alaunch
 O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.​exe
 O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.e​xe
 O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.​exe
 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
 O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
 O4 - HKLM\..\Run: [lphcv1cj0er1q] C:\WINDOWS\system32\lphcv1cj0e​r1q.exe
 O4 - HKLM\..\Run: [SMrhcr1cj0er1q] C:\Program Files\rhcr1cj0er1q\rhcr1cj0er1​q.exe
 O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestE​ngine.exe" boot
 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
 O4 - Global Startup: WiFi Station pour Livebox.lnk = ?
 O4 - Global Startup: hp psc 1000 series.lnk = ?
 O4 - Global Startup: hpoddt01.exe.lnk = ?
 O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFF​ICE11\EXCEL.EXE/3000
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C5​71A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\​REFIEBAR.DLL
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O16 - DPF: {17492023-C23A-453E-A040-C7C58​0BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
 O16 - DPF: {49232000-16E4-426C-A231-62846​947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqem [...] ysinfo.cab
 O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E​051B6C4} - http://h30155.www3.hp.com/edia [...] csxp2k.cab
 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-22031​3175592} (MSN Games - Installer) - http://messenger.zone.msn.com/ [...] b56649.cab
 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46​475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/ [...] b56907.cab
 O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA9​77D5643} (ZoneChess Object) - http://messenger.zone.msn.com/ [...] b57176.cab
 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9​B80B32B} - (no file)
 O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.ex​e
 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
 O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe
 O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.e​xe
 O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
 O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
 O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE​.exe

 --
 End of file - 9395 bytes

 Page :
1

Aller à :
 

Sujets relatifs
virus (ouverture de fenêtre pour installer des antivirus) Probleme spy (triangle jaune necore une fois) sur vista
gros probleme service.exe Gros problème...besoin d'aide
Gros problèmes de publiciels [Titre modifié] Gros bugs en série + plantage
gros soucis avec win 32 gros pb: PC très lent , plus acces au poste de travail !!!
gros pb besoin d'aide [résolu] SAlut à tous, j'ai un gros pépin
Plus de sujets relatifs à : gros problème antivirus

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
ordinateur est long à ouvrir ses fenêtres 2
trojan vundo [resolu] 20
fenetres publicitaires intempestives 2
[résolu] fenêtres intempestives récurrentes... 48
virus (ouverture de fenêtre pour installer des antivirus) 3