Se connecter / S'enregistrer
Votre question
Fermé

Fichier introuvable lors du démarrage de windows

Tags :
  • Demarrage
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Avril 2008 13:44:00

slt à tous,
Alors de puis que j'ai supprimé quelques fichiers sur mon pc car il étaient infectées, maitenant tout fonctionne bien cependant à chaque démarrage de windows le message suivant apparait:

Erreur de chargement de C:\WINDOWS\system32\baxqqask.dll
Le module spécifié est introuvable.

Donc voila, j'attend de vous des solutions si possible pour résoudre ce problème.
Merci de bien vouloir m'aider svp
++ Maskot

Autres pages sur : fichier introuvable demarrage windows

28 Avril 2008 14:40:00

Voila mon scan HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38, on 2008-04-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Propriétaire\Mes documents\Setup logiciels téléchargées\Sécurité\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ec1acd9d] rundll32.exe "C:\WINDOWS\system32\baxqqask.dll",b
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O20 - Winlogon Notify: nnnnOHyw - nnnnOHyw.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10693 bytes
Contenus similaires
a b 8 Sécurité
28 Avril 2008 14:50:06

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    28 Avril 2008 15:32:40

    Voila le rapport de comboFix:

    ComboFix 08-04-27.3 - Propriétaire 2008-04-28 15:22:20.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.484 [GMT 2:00]
    Endroit: C:\Downloads\ComboFix.exe
    * Création d'un nouveau point de restauration
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\aglwpccj.ini
    C:\WINDOWS\system32\ashvqwnm.ini
    C:\WINDOWS\system32\dedcnvwr.dll
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\elpsldap.ini
    C:\WINDOWS\system32\ireuvqpe.dll
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pisawiun.ini
    C:\WINDOWS\system32\pkgjriit.dll
    C:\WINDOWS\system32\wilqotbb.ini
    C:\WINDOWS\system32\wpcap.dll
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\dllcache\spoolsv.exe
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\svehost.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_NPF


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-28 to 2008-04-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-27 18:19 . 2008-04-27 19:03 <REP> d-------- C:\Program Files\Steam
    2008-04-27 16:40 . 2008-04-27 16:40 268 --ah----- C:\sqmdata00.sqm
    2008-04-27 16:40 . 2008-04-27 16:40 244 --ah----- C:\sqmnoopt00.sqm
    2008-04-27 16:00 . 2008-04-27 16:00 <REP> d-------- C:\Program Files\MSBuild
    2008-04-27 16:00 . 2008-04-27 16:00 <REP> d-------- C:\Program Files\Microsoft Works
    2008-04-27 15:59 . 2008-04-27 15:59 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-04-27 15:57 . 2008-04-27 15:57 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-04-27 15:56 . 2008-04-27 16:00 <REP> d-------- C:\WINDOWS\SHELLNEW
    2008-04-27 15:55 . 2008-04-27 15:55 <REP> dr-h----- C:\MSOCache
    2008-04-27 15:55 . 2008-04-28 13:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-04-27 15:48 . 2008-04-27 15:48 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-04-27 15:45 . 2008-04-27 17:23 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-27 13:26 . 2008-04-27 13:26 <REP> d-------- C:\Program Files\VirtualDubMOD
    2008-04-27 13:24 . 2008-04-27 13:24 43,698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
    2008-04-27 13:23 . 2008-04-27 13:24 <REP> d-------- C:\Program Files\AutoGK
    2008-04-27 13:16 . 2008-04-27 13:23 <REP> d-------- C:\Program Files\Gabest
    2008-04-27 13:16 . 2008-04-27 13:24 <REP> d-------- C:\Program Files\AviSynth 2.5
    2008-04-27 13:15 . 2008-04-27 13:15 <REP> d-------- C:\Program Files\DVD Shrink
    2008-04-27 13:15 . 2008-04-27 13:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-04-26 20:08 . 2008-04-26 20:08 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-26 20:08 . 2008-04-26 20:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-26 17:45 . 2008-04-26 17:45 <REP> d-------- C:\Program Files\SurfingEnhancer
    2008-04-26 17:45 . 2008-03-14 16:05 385,024 --a------ C:\WINDOWS\system32\WinNB55.dll
    2008-04-26 13:07 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-04-26 12:59 . 2008-04-26 13:14 <REP> d-------- C:\Program Files\Navilog1
    2008-04-26 12:58 . 2008-04-28 15:20 <REP> d-------- C:\Downloads
    2008-04-26 12:38 . 2008-04-26 12:38 <REP> d-------- C:\WINDOWS\Sun
    2008-04-26 12:04 . 2008-04-26 12:04 3,136 --a------ C:\WINDOWS\system32\tmp.reg
    2008-04-26 12:03 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-04-26 12:03 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-04-26 12:03 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-04-26 12:03 . 2008-04-23 22:14 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-04-26 12:03 . 2008-04-23 22:14 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-04-26 12:03 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-04-26 12:03 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-04-23 07:39 . 2008-04-23 07:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-04-22 18:54 . 2008-04-22 18:54 11,264 --ahs---- C:\WINDOWS\system32\Thumbs.db
    2008-04-21 18:19 . 2008-04-26 19:59 109,810 --a------ C:\WINDOWS\BMef29fe01.xml
    2008-04-20 12:26 . 2008-04-28 14:43 <REP> d-------- C:\Program Files\LimeWire downloads
    2008-04-20 12:26 . 2008-04-28 15:17 <REP> d-------- C:\Program Files\Incomplete
    2008-04-20 12:17 . 2008-04-20 12:17 <REP> d-------- C:\Documents and Settings\Sophie\Application Data\F-Secure
    2008-04-20 12:16 . 2008-04-20 12:16 <REP> d-------- C:\Documents and Settings\Sophie\Application Data\ispnews
    2008-04-20 12:16 . 2008-04-20 12:16 <REP> d-------- C:\Documents and Settings\Sophie\Application Data\ATI
    2008-04-20 12:15 . 2008-04-07 19:39 <REP> d--h----- C:\Documents and Settings\Sophie\Voisinage r‚seau
    2008-04-20 12:15 . 2008-04-07 19:39 <REP> d--h----- C:\Documents and Settings\Sophie\Voisinage d'impression
    2008-04-20 12:15 . 2008-04-07 18:22 <REP> d--h----- C:\Documents and Settings\Sophie\ModŠles
    2008-04-20 12:15 . 2008-04-20 12:20 <REP> dr------- C:\Documents and Settings\Sophie\Mes documents
    2008-04-20 12:15 . 2008-04-07 19:39 <REP> dr------- C:\Documents and Settings\Sophie\Menu D‚marrer
    2008-04-20 12:15 . 2008-04-20 12:16 <REP> dr------- C:\Documents and Settings\Sophie\Favoris
    2008-04-20 12:15 . 2008-04-28 13:35 <REP> d-------- C:\Documents and Settings\Sophie\Bureau
    2008-04-20 12:15 . 2008-04-20 12:24 <REP> d-------- C:\Documents and Settings\Sophie
    2008-04-20 12:15 . 2008-04-28 15:25 1,024 --ah----- C:\Documents and Settings\Sophie\ntuser.dat.LOG
    2008-04-20 12:08 . 2008-04-20 12:09 <REP> d-------- C:\Program Files\VirtualDJ
    2008-04-20 10:48 . 2008-04-20 12:29 <REP> d-------- C:\Program Files\LimeWire
    2008-04-20 10:21 . 2008-04-20 15:26 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
    2008-04-20 01:10 . 2008-04-27 19:16 116 --a------ C:\WINDOWS\NeroDigital.ini
    2008-04-20 00:29 . 2008-04-20 00:29 <REP> d-------- C:\Program Files\Nero
    2008-04-20 00:29 . 2008-04-20 00:30 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-04-19 23:51 . 2008-04-21 19:30 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-19 23:51 . 2008-04-21 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-19 23:42 . 2008-04-19 23:42 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-04-19 23:37 . 2008-04-19 23:37 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2008-04-19 23:36 . 2008-04-19 23:36 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-04-19 23:33 . 2008-04-19 23:33 <REP> d-------- C:\Program Files\VideoLAN
    2008-04-19 22:59 . 2008-04-28 15:20 <REP> d-------- C:\Program Files\FlashGet
    2008-04-19 22:24 . 2008-04-22 22:18 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-04-19 22:12 . 2008-04-22 22:13 <REP> d-------- C:\Program Files\Windows Live
    2008-04-19 22:07 . 2008-04-19 22:08 <REP> d-------- C:\Program Files\Google
    2008-04-19 22:07 . 2008-04-27 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-04-19 21:59 . 2008-04-19 21:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-04-19 21:59 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-04-19 21:59 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-04-19 21:59 . 2008-04-19 21:59 1,024 --ah----- C:\Documents and Settings\Default User\ntuser.dat.LOG
    2008-04-19 21:48 . 2008-04-19 21:48 118,842 -r------- C:\WINDOWS\bwUnin-6.3.3.61-7431218L.exe
    2008-04-19 21:23 . 2008-04-19 21:23 <REP> d-------- C:\WINDOWS\system32\AlertModule
    2008-04-19 21:23 . 2003-08-04 14:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
    2008-04-19 21:23 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
    2008-04-19 21:23 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
    2008-04-19 21:23 . 2004-08-23 14:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
    2008-04-19 21:23 . 2003-08-04 14:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
    2008-04-19 21:22 . 2008-04-28 15:28 <REP> d-------- C:\Program Files\Wanadoo
    2008-04-19 21:19 . 2008-04-19 21:33 <REP> d-------- C:\Program Files\Securitoo
    2008-04-19 20:57 . 2008-04-19 20:57 <REP> d-------- C:\Program Files\Inventel
    2008-04-19 20:52 . 2006-03-02 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-04-19 20:52 . 2008-04-19 23:36 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
    2008-04-19 20:52 . 2008-04-19 23:36 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
    2008-04-19 20:35 . 2008-04-19 20:35 <REP> d-------- C:\Program Files\Realtek AC97
    2008-04-19 20:11 . 2008-04-19 20:11 <REP> d-------- C:\WINDOWS\__SkypeIEToolbar_Cache
    2008-04-19 20:03 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-04-19 20:03 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-04-19 20:02 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-04-19 20:02 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-04-08 12:09 . 2008-04-19 20:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2008-04-08 12:02 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2008-04-08 12:01 . 2008-04-08 12:01 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-04-08 11:53 . 2008-04-08 12:00 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-04-08 11:53 . 2008-04-19 22:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-04-08 11:49 . 2008-04-20 12:23 <REP> d-------- C:\Program Files\Java
    2008-04-08 11:49 . 2008-04-08 11:49 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-04-08 11:49 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-04-08 11:46 . 2008-04-08 11:46 <REP> d-------- C:\Documents and Settings\Propritaire
    2008-04-08 11:46 . 2008-03-19 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2008-04-08 11:46 . 2008-03-19 18:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2008-04-08 11:44 . 2008-04-08 11:44 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-04-08 11:34 . 2008-04-08 11:34 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-04-08 11:33 . 2005-07-26 20:44 27,354 --a------ C:\WINDOWS\system32\oemlogo.bmp
    2008-04-08 11:33 . 2006-06-15 10:33 161 --a------ C:\WINDOWS\system32\oeminfo.ini
    2008-04-08 11:11 . 2008-04-08 11:11 <REP> d-------- C:\hp
    2008-04-08 11:02 . 2008-04-08 11:02 <REP> d-------- C:\WINDOWS\OPTIONS
    2008-04-08 11:02 . 2008-04-08 11:02 <REP> d-------- C:\Program Files\Realtek
    2008-04-08 11:02 . 2008-04-08 11:00 105,088 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
    2008-04-08 10:59 . 2008-04-08 10:59 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-04-08 10:59 . 2008-04-08 10:59 <REP> d-------- C:\Program Files\AMD
    2008-04-08 10:59 . 2006-07-01 22:42 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
    2008-04-08 10:50 . 2008-04-08 10:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
    2008-04-08 10:50 . 2008-04-08 10:50 0 --a------ C:\WINDOWS\ativpsrm.bin
    2008-04-08 10:48 . 2008-03-26 12:59 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
    2008-04-08 10:47 . 2008-04-08 10:49 <REP> d-------- C:\Program Files\ATI Technologies
    2008-04-08 10:46 . 2008-04-08 10:46 <REP> d-------- C:\ATI
    2008-04-08 10:42 . 2006-06-14 11:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
    2008-04-08 10:42 . 2006-06-14 11:00 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
    2008-04-08 10:42 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
    2008-04-08 10:42 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys
    2008-04-08 10:42 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
    2008-04-08 10:42 . 2006-06-14 10:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-07 16:26 --------- d-----w C:\Program Files\microsoft frontpage
    2008-04-07 16:24 --------- d-----w C:\Program Files\Services en ligne
    2008-03-26 18:49 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2008-03-26 17:59 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2008-03-26 17:57 300,032 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2008-03-26 17:50 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2008-03-26 17:48 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
    2008-03-26 17:48 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2008-03-26 17:48 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2008-03-26 17:48 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2008-03-26 17:48 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2008-03-26 17:48 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2008-03-26 17:46 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2008-03-26 17:45 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2008-03-26 17:36 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2008-03-26 17:29 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2008-03-26 17:17 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
    2008-03-26 17:13 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
    2008-03-26 17:13 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2008-03-26 17:11 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    2008-03-26 17:11 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2008-03-26 17:09 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    2008-03-26 17:05 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-01 09:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 17:58 217544]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.exe" [2005-10-26 03:51 122929]
    "F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
    "F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
    "News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 19:11 155648]
    "ec1acd9d"="C:\WINDOWS\system32\baxqqask.dll" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Microsoft Updates"="svehost.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnOHyw]
    nnnnOHyw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\FlashGet\\FlashGet.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
    R2 BackWeb Plug-in - 7431218;Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE [2008-04-19 21:49]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys [2008-04-19 22:03]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe9af0a0-145e-11dd-906c-001109bd6e3b}]
    \Shell\AutoRun\command - J:\SETUP.EXE
    \Shell\configure\command - J:\SETUP.EXE
    \Shell\install\command - J:\SETUP.EXE

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-28 11:29:28 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    - C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe` /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\report.txt $C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1.SYSTEM'Tƒche ajout‚e par F-Secure Anti-Virus.
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-28 15:27:51
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 1

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\WINDOWS\system32\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSRW.exe
    C:\Program Files\Securitoo\av_fw\FWES\program\fsdfwd.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSAV32.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Wanadoo\TaskBarIcon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Securitoo\av_fw\Anti-Spyware\FSAW.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-28 15:30:16 - machine was rebooted [Propri‚taire]
    ComboFix-quarantined-files.txt 2008-04-28 13:30:09

    Pre-Run: 183,360,262,144 octets libres
    Post-Run: 183,954,407,424 octets libres

    288 --- E O F --- 2008-04-27 17:02:17
    a b 8 Sécurité
    28 Avril 2008 16:20:57

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    28 Avril 2008 17:00:13

    okk bon PC tourne bien, aucun éléments nuisibles infectées :

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 686

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 95619
    Temps écoulé: 22 minute(s), 14 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{5C0DD08C-5FD8-44CB-B92C-417BAA0088B4}\RP59\A0008555.dll (Trojan.Vundo) -> No action taken.
    a b 8 Sécurité
    28 Avril 2008 17:09:48

    Citation :
    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{5C0DD08C-5FD8-44CB-B92C-417BAA0088B4}\RP59\A0008555.dll (Trojan.Vundo) -> No action taken.

    Tu as bien supprimé ?
    28 Avril 2008 17:25:55

    oui c'est bon je viens de le supprimer.
    Mais donc après tout sa comment je fais pour résoudre le problème du fichier introuvable?
    Encore merci!!!
    a b 8 Sécurité
    28 Avril 2008 19:09:13

    Reposte un rapport Hijackthis.
    28 Avril 2008 19:51:45

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:57:46, on 28/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Propriétaire\Mes documents\Setup logiciels téléchargées\Sécurité\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ec1acd9d] rundll32.exe "C:\WINDOWS\system32\baxqqask.dll",b
    O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O20 - Winlogon Notify: nnnnOHyw - nnnnOHyw.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 10585 bytes
    a b 8 Sécurité
    28 Avril 2008 20:09:29

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\baxqqask.dll

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ec1acd9d"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Microsoft Updates"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnOHyw]


    Ouvre le Bloc-notes (Démarrer>Exécuter...>notepad) puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :


    Cela va relancer ComboFix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    28 Avril 2008 20:56:56

    ComboFix 08-04-27.3 - Propriétaire 2008-04-28 20:52:28.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.427 [GMT 2:00]
    Endroit: C:\Downloads\ComboFix.exe
    Command switches used :: C:\Downloads\CFScript.txt
    * Création d'un nouveau point de restauration
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\baxqqask.dll
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-28 to 2008-04-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-28 15:30 . 2008-04-28 15:30 <REP> d-------- C:\Documents and Settings\PropriÚtaire
    2008-04-27 18:19 . 2008-04-27 19:03 <REP> d-------- C:\Program Files\Steam
    2008-04-27 16:40 . 2008-04-27 16:40 268 --ah----- C:\sqmdata00.sqm
    2008-04-27 16:40 . 2008-04-27 16:40 244 --ah----- C:\sqmnoopt00.sqm
    2008-04-27 16:00 . 2008-04-27 16:00 <REP> d-------- C:\Program Files\MSBuild
    2008-04-27 16:00 . 2008-04-27 16:00 <REP> d-------- C:\Program Files\Microsoft Works
    2008-04-27 15:59 . 2008-04-27 15:59 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-04-27 15:57 . 2008-04-27 15:57 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-04-27 15:56 . 2008-04-27 16:00 <REP> d-------- C:\WINDOWS\SHELLNEW
    2008-04-27 15:55 . 2008-04-27 15:55 <REP> dr-h----- C:\MSOCache
    2008-04-27 15:55 . 2008-04-28 13:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-04-27 15:48 . 2008-04-27 15:48 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-04-27 15:45 . 2008-04-27 17:23 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-27 13:26 . 2008-04-27 13:26 <REP> d-------- C:\Program Files\VirtualDubMOD
    2008-04-27 13:24 . 2008-04-27 13:24 43,698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
    2008-04-27 13:23 . 2008-04-27 13:24 <REP> d-------- C:\Program Files\AutoGK
    2008-04-27 13:16 . 2008-04-27 13:23 <REP> d-------- C:\Program Files\Gabest
    2008-04-27 13:16 . 2008-04-27 13:24 <REP> d-------- C:\Program Files\AviSynth 2.5
    2008-04-27 13:15 . 2008-04-27 13:15 <REP> d-------- C:\Program Files\DVD Shrink
    2008-04-27 13:15 . 2008-04-27 13:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-04-26 20:08 . 2008-04-26 20:08 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-26 20:08 . 2008-04-26 20:08 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
    2008-04-26 20:08 . 2008-04-26 20:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-26 17:45 . 2008-04-26 17:45 <REP> d-------- C:\Program Files\SurfingEnhancer
    2008-04-26 17:45 . 2008-03-14 16:05 385,024 --a------ C:\WINDOWS\system32\WinNB55.dll
    2008-04-26 13:07 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-04-26 12:59 . 2008-04-26 13:14 <REP> d-------- C:\Program Files\Navilog1
    2008-04-26 12:58 . 2008-04-28 20:52 <REP> d-------- C:\Downloads
    2008-04-26 12:38 . 2008-04-26 12:38 <REP> d-------- C:\WINDOWS\Sun
    2008-04-26 12:04 . 2008-04-26 12:04 3,136 --a------ C:\WINDOWS\system32\tmp.reg
    2008-04-26 12:03 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-04-26 12:03 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-04-26 12:03 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-04-26 12:03 . 2008-04-23 22:14 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-04-26 12:03 . 2008-04-23 22:14 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-04-26 12:03 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-04-26 12:03 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-04-23 07:39 . 2008-04-23 07:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-04-22 18:54 . 2008-04-22 18:54 11,264 --ahs---- C:\WINDOWS\system32\Thumbs.db
    2008-04-21 18:19 . 2008-04-26 19:59 109,810 --a------ C:\WINDOWS\BMef29fe01.xml
    2008-04-20 12:26 . 2008-04-28 15:35 <REP> d-------- C:\Program Files\LimeWire downloads
    2008-04-20 12:26 . 2008-04-28 20:43 <REP> d-------- C:\Program Files\Incomplete
    2008-04-20 12:17 . 2008-04-20 12:17 <REP> d-------- C:\Documents and Settings\Sophie\Application Data\F-Secure
    2008-04-20 12:16 . 2008-04-20 12:16 <REP> d-------- C:\Documents and Settings\Sophie\Application Data\ispnews
    2008-04-20 12:16 . 2008-04-20 12:16 <REP> d-------- C:\Documents and Settings\Sophie\Application Data\ATI
    2008-04-20 12:15 . 2008-04-07 19:39 <REP> d--h----- C:\Documents and Settings\Sophie\Voisinage réseau
    2008-04-20 12:15 . 2008-04-07 19:39 <REP> d--h----- C:\Documents and Settings\Sophie\Voisinage d'impression
    2008-04-20 12:15 . 2008-04-07 18:22 <REP> d--h----- C:\Documents and Settings\Sophie\Modèles
    2008-04-20 12:15 . 2008-04-20 12:20 <REP> dr------- C:\Documents and Settings\Sophie\Mes documents
    2008-04-20 12:15 . 2008-04-07 19:39 <REP> dr------- C:\Documents and Settings\Sophie\Menu Démarrer
    2008-04-20 12:15 . 2008-04-20 12:16 <REP> dr------- C:\Documents and Settings\Sophie\Favoris
    2008-04-20 12:15 . 2008-04-28 13:35 <REP> d-------- C:\Documents and Settings\Sophie\Bureau
    2008-04-20 12:15 . 2008-04-20 12:24 <REP> d-------- C:\Documents and Settings\Sophie
    2008-04-20 12:15 . 2008-04-28 20:52 1,024 --ah----- C:\Documents and Settings\Sophie\ntuser.dat.LOG
    2008-04-20 12:08 . 2008-04-20 12:09 <REP> d-------- C:\Program Files\VirtualDJ
    2008-04-20 10:48 . 2008-04-20 12:29 <REP> d-------- C:\Program Files\LimeWire
    2008-04-20 10:48 . 2008-04-28 19:45 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\LimeWire
    2008-04-20 10:21 . 2008-04-20 15:26 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
    2008-04-20 01:10 . 2008-04-28 17:28 116 --a------ C:\WINDOWS\NeroDigital.ini
    2008-04-20 00:31 . 2008-04-20 00:31 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Ahead
    2008-04-20 00:29 . 2008-04-20 00:29 <REP> d-------- C:\Program Files\Nero
    2008-04-20 00:29 . 2008-04-20 00:30 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-04-19 23:51 . 2008-04-21 19:30 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-19 23:51 . 2008-04-21 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-19 23:42 . 2008-04-19 23:42 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-04-19 23:37 . 2008-04-19 23:37 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2008-04-19 23:36 . 2008-04-19 23:36 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-04-19 23:33 . 2008-04-19 23:33 <REP> d-------- C:\Program Files\VideoLAN
    2008-04-19 23:33 . 2008-04-19 23:33 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\vlc
    2008-04-19 22:59 . 2008-04-28 20:48 <REP> d-------- C:\Program Files\FlashGet
    2008-04-19 22:24 . 2008-04-22 22:18 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-04-19 22:15 . 2008-04-19 22:15 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
    2008-04-19 22:15 . 2008-04-19 22:15 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
    2008-04-19 22:12 . 2008-04-22 22:13 <REP> d-------- C:\Program Files\Windows Live
    2008-04-19 22:07 . 2008-04-19 22:08 <REP> d-------- C:\Program Files\Google
    2008-04-19 22:07 . 2008-04-27 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-04-19 22:03 . 2008-04-19 22:14 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\F-Secure
    2008-04-19 22:01 . 2008-04-19 22:01 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ispnews
    2008-04-19 21:59 . 2008-04-19 21:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-04-19 21:59 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-04-19 21:59 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-04-19 21:59 . 2008-04-19 21:59 1,024 --ah----- C:\Documents and Settings\Default User\ntuser.dat.LOG
    2008-04-19 21:48 . 2008-04-19 21:48 118,842 -r------- C:\WINDOWS\bwUnin-6.3.3.61-7431218L.exe
    2008-04-19 21:23 . 2008-04-19 21:23 <REP> d-------- C:\WINDOWS\system32\AlertModule
    2008-04-19 21:23 . 2003-08-04 14:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
    2008-04-19 21:23 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
    2008-04-19 21:23 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
    2008-04-19 21:23 . 2004-08-23 14:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
    2008-04-19 21:23 . 2003-08-04 14:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
    2008-04-19 21:22 . 2008-04-28 20:51 <REP> d-------- C:\Program Files\Wanadoo
    2008-04-19 21:19 . 2008-04-19 21:33 <REP> d-------- C:\Program Files\Securitoo
    2008-04-19 20:57 . 2008-04-19 20:57 <REP> d-------- C:\Program Files\Inventel
    2008-04-19 20:52 . 2006-03-02 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-04-19 20:52 . 2008-04-19 23:36 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
    2008-04-19 20:52 . 2008-04-19 23:36 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
    2008-04-19 20:35 . 2008-04-19 20:35 <REP> d-------- C:\Program Files\Realtek AC97
    2008-04-19 20:11 . 2008-04-19 20:11 <REP> d-------- C:\WINDOWS\__SkypeIEToolbar_Cache
    2008-04-19 20:03 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-04-19 20:03 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-04-19 20:02 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-04-19 20:02 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-04-08 12:09 . 2008-04-19 20:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2008-04-08 12:02 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2008-04-08 12:01 . 2008-04-08 12:01 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-04-08 11:53 . 2008-04-08 12:00 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-04-08 11:53 . 2008-04-19 22:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-04-08 11:49 . 2008-04-20 12:23 <REP> d-------- C:\Program Files\Java
    2008-04-08 11:49 . 2008-04-08 11:49 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-04-08 11:49 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-04-08 11:46 . 2008-04-08 11:46 <REP> d-------- C:\Documents and Settings\Propritaire
    2008-04-08 11:46 . 2008-03-19 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2008-04-08 11:46 . 2008-03-19 18:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2008-04-08 11:44 . 2008-04-08 11:44 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-04-08 11:34 . 2008-04-08 11:34 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-04-08 11:33 . 2005-07-26 20:44 27,354 --a------ C:\WINDOWS\system32\oemlogo.bmp
    2008-04-08 11:33 . 2006-06-15 10:33 161 --a------ C:\WINDOWS\system32\oeminfo.ini
    2008-04-08 11:11 . 2008-04-08 11:11 <REP> d-------- C:\hp
    2008-04-08 11:02 . 2008-04-08 11:02 <REP> d-------- C:\WINDOWS\OPTIONS
    2008-04-08 11:02 . 2008-04-08 11:02 <REP> d-------- C:\Program Files\Realtek
    2008-04-08 11:02 . 2008-04-08 11:00 105,088 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
    2008-04-08 10:59 . 2008-04-08 10:59 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-04-08 10:59 . 2008-04-08 10:59 <REP> d-------- C:\Program Files\AMD
    2008-04-08 10:59 . 2006-07-01 22:42 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
    2008-04-08 10:58 . 2008-04-08 10:58 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InstallShield
    2008-04-08 10:50 . 2008-04-08 10:50 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ATI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-07 16:26 --------- d-----w C:\Program Files\microsoft frontpage
    2008-04-07 16:24 --------- d-----w C:\Program Files\Services en ligne
    2008-03-26 18:49 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2008-03-26 17:59 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2008-03-26 17:57 300,032 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2008-03-26 17:50 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2008-03-26 17:48 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
    2008-03-26 17:48 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2008-03-26 17:48 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2008-03-26 17:48 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2008-03-26 17:48 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2008-03-26 17:48 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2008-03-26 17:46 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2008-03-26 17:45 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2008-03-26 17:36 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2008-03-26 17:29 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2008-03-26 17:17 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
    2008-03-26 17:13 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
    2008-03-26 17:13 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2008-03-26 17:11 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    2008-03-26 17:11 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2008-03-26 17:09 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    2008-03-26 17:05 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-01 09:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 17:58 217544]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.exe" [2005-10-26 03:51 122929]
    "F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
    "F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
    "News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 19:11 155648]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Antivirus Firewall.lnk - C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe [2008-04-19 21:49:01 32807]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-19 22:07:41 124400]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\FlashGet\\FlashGet.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
    R2 BackWeb Plug-in - 7431218;Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE [2008-04-19 21:49]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys [2008-04-19 22:03]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-28 11:29:28 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    - C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe` /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\report.txt $C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1.SYSTEM'Tâche ajoutée par F-Secure Anti-Virus.
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-28 20:53:48
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 1

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-28 20:54:23
    ComboFix-quarantined-files.txt 2008-04-28 18:54:20

    Pre-Run: 182,713,049,088 octets libres
    Post-Run: 182,837,231,616 octets libres

    231 --- E O F --- 2008-04-27 17:02:17
    28 Avril 2008 20:58:55

    et le rapport HiJackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:57:25, on 28/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
    C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Propriétaire\Mes documents\Setup logiciels téléchargées\Sécurité\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 10395 bytes
    a b 8 Sécurité
    28 Avril 2008 21:03:36

    C'est mieux ?
    28 Avril 2008 21:13:47

    oui j'ai redemarré mon PC et le message ne s'affiche plus.
    Merci beaucoup!!!
    ++
    a b 8 Sécurité
    28 Avril 2008 21:38:14

    T'appelles pas ça du foutage de gueule de créer deux topics et faire bosser deux helpers ?
    Je lock ce sujet, pff.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS