Salut à tous, j'ai un problème au démarrage de windows, la mise à jour de mon antivirus (f-secure 2006) refuse de fonctionner et m'affiche ce message : runner file name (fspex.exe) lack a '-' (the app id separator)
je pense à un bon gros spyware mais après plusieurs analyse rien n'y fait, je vous soumet donc mon log Hijackthis en espérant que vous puissiez me venir en aide...
le voici
Logfile of HijackThis v1.99.1
Scan saved at 06:43:14, on 28/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
D:\Program Files\Styler\Styler.exe
D:\Program Files\Yahoo!\WidgetEngine\WidgetEngine\YahooWidgetEngine.exe
D:\Program Files\Yahoo!\WidgetEngine\WidgetEngine\YahooWidgetEngine.exe
D:\Program Files\Yahoo!\WidgetEngine\WidgetEngine\YahooWidgetEngine.exe
d:\PROGRA~1\F-Secure\backweb\4476822\Program\SERVIC~1.EXE
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
d:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
d:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
d:\Program Files\F-Secure\backweb\4476822\program\fsbwsys.exe
d:\Program Files\F-Secure\Anti-Virus\fssm32.exe
d:\Program Files\F-Secure\Common\FSMA32.EXE
d:\Program Files\Spyware Doctor\sdhelp.exe
d:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
d:\Program Files\F-Secure\Common\FCH32.EXE
d:\Program Files\F-Secure\Anti-Virus\fsqh.exe
d:\Program Files\F-Secure\Common\FAMEH32.EXE
d:\Program Files\F-Secure\Anti-Virus\fsav32.exe
d:\Program Files\F-Secure\FSPC\fspc.exe
d:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
d:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
d:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
d:\Program Files\F-Secure\FSGUI\fsguidll.exe
D:\PROGRA~1\FIREFOX\FIREFOX.EXE
d:\Program Files\F-Secure\backweb\4476822\Program\fspex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Boyer\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Fichiers communs\ReGet Shared\Catcher.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - d:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - d:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [OM_Monitor] D:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [F-Secure Manager] "d:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "d:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "d:\Program Files\F-Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "d:\Program Files\F-Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [SkwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O4 - HKCU\..\Run: [OM_Monitor] D:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - Startup: Styler.lnk = ?
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\WidgetEngine\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: F-Secure 2006.lnk = D:\Program Files\F-Secure\backweb\4476822\Program\fspex.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - d:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tous Télécharger par ReGet Deluxe - C:\Program Files\Fichiers communs\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Télécharger avec &BitSpirit - D:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Télécharger avec Re&Get Deluxe - C:\Program Files\Fichiers communs\ReGet Shared\CC_Link.htm
O9 - Extra button: Filtre Web - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - d:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - d:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Filtre Web - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - d:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - d:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - d:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads [...] nicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9AC9F80-8A98-4265-8934-57C4D38876A2}: NameServer = 86.64.145.151 86.64.145.141
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - d:\PROGRA~1\F-Secure\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - d:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - Unknown owner - d:\Program Files\F-Secure\Common\FNRB32.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - d:\Program Files\F-Secure\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - d:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - d:\Program Files\F-Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - d:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
merci
Message édité par Profil supprimé le 28-02-2006 à 08:09:46