F- Secure bloqué, virus ?
Forum Sécurité - Virus : F- Secure bloqué, virus ?
Bonjour,
Depuis quelque temps lorsque mon ordinateur démarre, lorsque j'ouvre mon pack sécurité ( F-Secure) je ne pas du tout modifier le statut de mon antivirus, je pense donc qu'il s'agit d'un virus qui le bloque.
Voici le log d'hitjack this :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:52, on 22/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C
rogram FilesIntelWirelessBinEvtEng.exe
Crogram FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
Crogram FilesBonjourmDNSResponder.exe
Crogram FilesBelkinLogiciel Bluetoothbinbtwdins.exe
Crogram FilesTOSHIBAConfigFreeCFSvcs.exe
C:WINDOWSsystem32DVDRAMSV.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
Crogram FilesDartyboxPack SecuriteAnti-Virusfsgk32st.exe
Crogram FilesDartyboxPack SecuriteCommonFSMA32.EXE
Crogram FilesDartyboxPack SecuriteAnti-VirusFSGK32.EXE
Crogram FilesJavajre6binjqs.exe
Crogram FilesDartyboxPack SecuriteCommonFSMB32.EXE
Crogram FilesFichiers communsMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32HPZipm12.exe
Crogram FilesIntelWirelessBinRegSrvc.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesDartyboxPack SecuriteCommonFCH32.EXE
C:WINDOWSsystem32SearchIndexer.exe
CROGRA~1COMMON~1X10Commonx10nets.exe
Crogram FilesDartyboxPack SecuriteAnti-Virusfsqh.exe
Crogram FilesDartyboxPack SecuriteCommonFAMEH32.EXE
Crogram FilesDartyboxPack SecuriteFSPCfspc.exe
Crogram FilesDartyboxPack SecuriteAnti-Virusfssm32.exe
C:WINDOWSsystem32dllhost.exe
Crogram FilesDartyboxPack SecuriteFSAUAprogramfsaua.exe
Crogram FilesDartyboxPack SecuriteFWESProgramfsdfwd.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
Crogram FilesDartyboxPack SecuriteFSAUAprogramfsus.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesDartyboxPack SecuriteAnti-Virusfsav32.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSSystem32DLADLACTRLW.EXE
Crogram FilesDartyboxPack SecuriteCommonFSM32.EXE
Crogram FilesHPHP Software UpdateHPWuSchd2.exe
Crogram FilesTOSHIBATOSCDSPDtoscdspd.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesDartyboxPack SecuriteFSGUIfsguidll.exe
C:WINDOWSsystem32RAMASST.exe
Crogram FilesWindows Desktop SearchWindowsSearch.exe
C:WINDOWSsystem32igfxsrvc.exe
Crogram FilesDartyboxPack SecuriteFSGUIscanwizard.exe
Crogram FilesMozilla Firefoxfirefox.exe
Crogram FilesFichiers communsAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSsystem32SearchProtocolHost.exe
C
ocuments and SettingsHenrykBureauHiJackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.dartybox.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
O1 - Hosts: HP584252 HP001871584252
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesFichiers communsAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSSystem32DLADLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesFichiers communsMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM..Run: [DLA] C:WINDOWSSystem32DLADLACTRLW.EXE
O4 - HKLM..Run: [F-Secure Manager] "C:Program FilesDartyboxPack SecuriteCommonFSM32.EXE" /splash
O4 - HKLM..Run: [F-Secure TNB] "C:Program FilesDartyboxPack SecuriteFSGUITNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKCU..Run: [TOSCDSPD] C:Program FilesTOSHIBATOSCDSPDtoscdspd.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:WINDOWSsystem32RAMASST.exe
O4 - Global Startup: Windows Search.lnk = C:Program FilesWindows Desktop SearchWindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:Program FilesBelkinLogiciel Bluetoothbtsendto_ie_ctx.htm
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:Program FilesDartyboxPack SecuriteFSPCfspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:Program FilesDartyboxPack SecuriteFSPCfspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:Program FilesDartyboxPack SecuriteFSPCfspcmsie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesBelkinLogiciel Bluetoothbtsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesBelkinLogiciel Bluetoothbtsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O20 - Winlogon Notify: GoToAssist - C:Program FilesCitrixGoToAssist508G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesFichiers communsAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:Program FilesBelkinLogiciel Bluetoothbinbtwdins.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:WINDOWSsystem32DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:Program FilesDartyboxPack SecuriteAnti-Virusfsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:Program FilesDartyboxPack SecuriteFSAUAprogramfsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:Program FilesDartyboxPack SecuriteFWESProgramfsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:Program FilesDartyboxPack SecuriteCommonFSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:Program FilesDartyboxPack SecuriteORSP Clientfsorsp.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:Program FilesCitrixGoToAssist508g2aservice.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:WINDOWSsystem32spooldriversw32x863HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:WINDOWSsystem32spooldriversw32x863HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesFichiers communsInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:PROGRA~1COMMON~1X10Commonx10nets.exe
--
End of file - 10273 bytes
Et voici une capture de mes processus :
http://img17.imageshack.us/my.php?image=processus.jpg
Merci de votre aide 
Configuration: Windows XP
Firefox 3.0.7
Et sinon au niveau des processeurs je trouve qu'il y en a pas mal au démarrage.
Est ce que je peux en désactiver certain et si oui, lesquels et comment ?
Thanks
