Aller au contenu

hstiti

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    30

  • Inscription

  • Dernière visite

À propos de hstiti

  • Date de naissance 23/12/1967

Profile Information

  • Sexe
    Male
  • Localisation
    VILLARDONNEL

Autres informations

  • Mes langues
    Français

Visiteurs récents du profil

1 554 visualisations du profil

hstiti's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. hstiti
    Bonjour à tous, Voici les symptomes du PC : - il démarre en mode 640x480 et 4 couleurs, impossible de modifier ces paramètres - au bout d'un certain temps, il redémarre tout seul, on voit juste apparaître une fenêtre qui met en cause le process lsass.exe et un décompte. Merci par avance une fois de plus pour vote aide et vos conseils avertis, et bonnes fêtes à tous. Voici le rapport que j'ai obtenu. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:32:01, on 30/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Symantec AntiVirus\DoScan.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\HiJackThis 2.0.2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.incredimail.com/page.asp?page=r...don=IncrediMail R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing) O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\Stoppub\StopPub.exe O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\Stoppub\StopPub.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cab O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{64AE9DF4-0161-4A10-88F0-9361BD3D2105}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{64AE9DF4-0161-4A10-88F0-9361BD3D2105}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CS2\Services\Tcpip\..\{64AE9DF4-0161-4A10-88F0-9361BD3D2105}: NameServer = 80.10.246.2,80.10.246.129 O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 7376 bytes
  2. hstiti
    Oui, c'est le cas, exactement la même version. Cependant, en regardant dans le répertoire C:\Windows, j'ai plein de fichiers du type DUMP0001.TMP et SET3.TMP, mais assez anciens (mai/juin 2008). Est-ce que je peux les supprimer sans risque?
  3. hstiti
    Voici le rapport de MBAM : Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1333 Windows 5.1.2600 Service Pack 3 28/10/2008 18:18:36 mbam-log-2008-10-28 (18-18-36).txt Type de recherche: Examen rapide Eléments examinés: 47911 Temps écoulé: 3 minute(s), 51 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  4. hstiti
    Voici le rapport obtenu avec Virus Total (petite remarque, E:\ est ma clé donc je pense qu'il est normal que explorer.exe soit sain -enfin je ne fais que supporser- puisqu'il vient d'un autre PC) Fichier explorer.exe reçu le 2008.10.28 17:53:58 (CET)Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.10.28.3 2008.10.28 - AntiVir 7.9.0.10 2008.10.28 - Authentium 5.1.0.4 2008.10.28 - Avast 4.8.1248.0 2008.10.28 - AVG 8.0.0.161 2008.10.28 - BitDefender 7.2 2008.10.28 - CAT-QuickHeal 9.50 2008.10.28 - ClamAV 0.93.1 2008.10.28 - DrWeb 4.44.0.09170 2008.10.28 - eSafe 7.0.17.0 2008.10.28 - eTrust-Vet 31.6.6177 2008.10.28 - Ewido 4.0 2008.10.28 - F-Prot 4.4.4.56 2008.10.28 - F-Secure 8.0.14332.0 2008.10.28 - Fortinet 3.117.0.0 2008.10.28 - GData 19 2008.10.28 - Ikarus T3.1.1.44.0 2008.10.28 - K7AntiVirus 7.10.510 2008.10.28 - Kaspersky 7.0.0.125 2008.10.28 - McAfee 5416 2008.10.28 - Microsoft 1.4005 2008.10.28 - NOD32 3563 2008.10.28 - Norman 5.80.02 2008.10.28 - Panda 9.0.0.4 2008.10.28 - PCTools 4.4.2.0 2008.10.28 - Prevx1 V2 2008.10.28 - Rising 21.01.12.00 2008.10.28 - SecureWeb-Gateway 6.7.6 2008.10.28 - Sophos 4.35.0 2008.10.28 - Sunbelt 3.1.1760.1 2008.10.27 - Symantec 10 2008.10.28 - TheHacker 6.3.1.1.132 2008.10.28 - TrendMicro 8.700.0.1004 2008.10.28 - VBA32 3.12.8.8 2008.10.28 - ViRobot 2008.10.28.1441 2008.10.28 - VirusBuster 4.5.11.0 2008.10.28 - Information additionnelle File size: 1037824 bytes MD5...: f2317622d29f9ff0f88aeecd5f60f0dd SHA1..: d54b0b83de6ee5922dd90db1446872bf32062b25 SHA256: 1ab74a4ae472156a5d2c6714e2e1a60e3b32ceb4996f923887a12b6a27315d13 SHA512: 42040ea59a37091103cde10f8c31535d53ae8ed1a480de8052b7ed6b2faa2807<BR>1e19b4daf747e0b63f6e6d0cc9db0330d1f8ea2da4b27a81a0202ba80ab737ce PEiD..: - TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x101a55f<BR>timedatestamp.....: 0x48025c30 (Sun Apr 13 19:17:04 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x44c09 0x44e00 6.38 013207a9f70ec52b78392db51f333ff0<BR>.data 0x46000 0x1db4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359<BR>.rsrc 0x48000 0xb3280 0xb3400 6.63 e73694f42fb4ef5e9b8ea017fcf60103<BR>.reloc 0xfc000 0x374c 0x3800 6.78 ec335057489badbf6d8142b57175fd91<BR><BR>( 13 imports ) <BR>> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW<BR>> BROWSEUI.dll: -, -, -, -<BR>> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode<BR>> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject<BR>> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf<BR>> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess<BR>> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop<BR>> OLEAUT32.dll: -, -<BR>> SHDOCVW.dll: -, -, -<BR>> SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -<BR>> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -<BR>> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW<BR>> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed<BR><BR>( 0 exports ) <BR> ThreatExpert info: http://www.threatexpert.com/report.aspx?md...88aeecd5f60f0dd Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.10.28.3 2008.10.28 - AntiVir 7.9.0.10 2008.10.28 - Authentium 5.1.0.4 2008.10.28 - Avast 4.8.1248.0 2008.10.28 - AVG 8.0.0.161 2008.10.28 - BitDefender 7.2 2008.10.28 - CAT-QuickHeal 9.50 2008.10.28 - ClamAV 0.93.1 2008.10.28 - DrWeb 4.44.0.09170 2008.10.28 - eSafe 7.0.17.0 2008.10.28 - eTrust-Vet 31.6.6177 2008.10.28 - Ewido 4.0 2008.10.28 - F-Prot 4.4.4.56 2008.10.28 - F-Secure 8.0.14332.0 2008.10.28 - Fortinet 3.117.0.0 2008.10.28 - GData 19 2008.10.28 - Ikarus T3.1.1.44.0 2008.10.28 - K7AntiVirus 7.10.510 2008.10.28 - Kaspersky 7.0.0.125 2008.10.28 - McAfee 5416 2008.10.28 - Microsoft 1.4005 2008.10.28 - NOD32 3563 2008.10.28 - Norman 5.80.02 2008.10.28 - Panda 9.0.0.4 2008.10.28 - PCTools 4.4.2.0 2008.10.28 - Prevx1 V2 2008.10.28 - Rising 21.01.12.00 2008.10.28 - SecureWeb-Gateway 6.7.6 2008.10.28 - Sophos 4.35.0 2008.10.28 - Sunbelt 3.1.1760.1 2008.10.27 - Symantec 10 2008.10.28 - TheHacker 6.3.1.1.132 2008.10.28 - TrendMicro 8.700.0.1004 2008.10.28 - VBA32 3.12.8.8 2008.10.28 - ViRobot 2008.10.28.1441 2008.10.28 - VirusBuster 4.5.11.0 2008.10.28 - Information additionnelle File size: 1037824 bytes MD5...: f2317622d29f9ff0f88aeecd5f60f0dd SHA1..: d54b0b83de6ee5922dd90db1446872bf32062b25 SHA256: 1ab74a4ae472156a5d2c6714e2e1a60e3b32ceb4996f923887a12b6a27315d13 SHA512: 42040ea59a37091103cde10f8c31535d53ae8ed1a480de8052b7ed6b2faa2807<BR>1e19b4daf747e0b63f6e6d0cc9db0330d1f8ea2da4b27a81a0202ba80ab737ce PEiD..: - TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x101a55f<BR>timedatestamp.....: 0x48025c30 (Sun Apr 13 19:17:04 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x44c09 0x44e00 6.38 013207a9f70ec52b78392db51f333ff0<BR>.data 0x46000 0x1db4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359<BR>.rsrc 0x48000 0xb3280 0xb3400 6.63 e73694f42fb4ef5e9b8ea017fcf60103<BR>.reloc 0xfc000 0x374c 0x3800 6.78 ec335057489badbf6d8142b57175fd91<BR><BR>( 13 imports ) <BR>> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW<BR>> BROWSEUI.dll: -, -, -, -<BR>> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode<BR>> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject<BR>> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf<BR>> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess<BR>> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop<BR>> OLEAUT32.dll: -, -<BR>> SHDOCVW.dll: -, -, -<BR>> SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -<BR>> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -<BR>> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW<BR>> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed<BR><BR>( 0 exports ) <BR> ThreatExpert info: http://www.threatexpert.com/report.aspx?md...88aeecd5f60f0dd
  5. hstiti
    Bonjour à tous, Tout d'abord, une petite présentation du problème. Le PC qui reste allumé en permanence a redémarré hier soir et depuis, plus de bureau (ni en mode sans échec). J'ai donc fait Ctrl+Alt+Del pour exécuter explorer.exe afin de retrouver mon bureau. Surprise, pas d'explorer.exe dans mon répertoire Windows. J'ai donc copié explorer.exe à partir d'un autre PC sur une clé, et je retrouvé mon bureau en l'exécutant. Je suis allé voir dans l'observateur d'évènement et il semblerait que Endpoint (mon antivirus réseau) ait détecté trojan.adclicker sur explorer.exe, donc il l'a mis en quarantaine. Merci d'avance pour votre aide toujours aussi précieuse. Voici le rapport généré : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:32:42, on 28/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\har\sys\xmu.exe E:\explorer.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\har\sys\xmu0.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\svchost.exe C:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing) O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Startup: xmu.lnk = C:\har\sys\xmu0.exe O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214895254199 O23 - Service: Service hôte Symantec pcAnywhere (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: Service XMU Harmony Version 4.2c (xmu) - Unknown owner - c:\har\sys\xmu.exe -- End of file - 6734 bytes
  6. hstiti
    Salut, Je pense avoir terminé les diverses manips, maj... Le PC ne présente plus d'anomalies particulière si ce n'est qu'il rame un peu au démarrage. J'ai du rendre le PC à son proprio mais avant, j'ai fait un dernier rapport hijack this que voici (je peux prendre la main dessus s'il y a encore des manips à faire) : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:51:37, on 11/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\wuauclt.exe C:\HiJackThis 2.0.2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1221047803500 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe (file missing) O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- End of file - 5024 bytes Encore merci pour ton aide ainsi qu'à tous ceux qui comme toi nous aident à "dératiser" nos PC et les rendre plus sûrs.
  7. hstiti
    Voici le rapport Kaspersky ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Tuesday, September 09, 2008 6:08:06 PM Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.84.2 Dernière mise à jour de la base antivirus Kaspersky : 9/09/2008 Enregistrements dans la base antivirus Kaspersky : 1074691 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: A:\ C:\ D:\ Statistiques de l'analyse: Total d'objets analysés: 52256 Nombre de virus trouvés: 8 Nombre d'objets infectés: 21 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 00:50:47 Nom de l'objet infecté / Nom du virus / Dernière action C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_7f8.dat L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\CSC\00000001 L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C000001\4CBD5547.VBN Infecté : Trojan-Downloader.Win32.Delf.ndp ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SavSubEng\submissions.idx L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\32322D1D.TMP L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\8758DE67.TMP L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Bureau2\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Bureau2\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Bureau2\Local Settings\Temp\hpodvd09.log L'objet est verrouillé ignoré C:\Documents and Settings\Bureau2\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Bureau2\Local Settings\Historique\History.IE5\MSHist012008090920080910\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Bureau2\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Bureau2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Bureau2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Bureau2\Cookies\index.dat L'objet est verrouillé ignoré C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EPERSIST.DAT L'objet est verrouillé ignoré C:\Program Files\Symantec\Symantec Endpoint Protection\syslog.log L'objet est verrouillé ignoré C:\Program Files\Symantec\Symantec Endpoint Protection\seclog.log L'objet est verrouillé ignoré C:\Program Files\Symantec\Symantec Endpoint Protection\tralog.log L'objet est verrouillé ignoré C:\Program Files\Symantec\Symantec Endpoint Protection\rawlog.log L'objet est verrouillé ignoré C:\Program Files\Symantec\Symantec Endpoint Protection\processlog.log L'objet est verrouillé ignoré C:\Program Files\Symantec\Symantec Endpoint Protection\GUProxy.log L'objet est verrouillé ignoré C:\Program Files\Symantec\Symantec Endpoint Protection\LUMan.log L'objet est verrouillé ignoré C:\Program Files\Symantec\Symantec Endpoint Protection\AVMan.log L'objet est verrouillé ignoré C:\Program Files\Symantec\Symantec Endpoint Protection\NacMan.log L'objet est verrouillé ignoré C:\System Volume Information\_restore{0B15FD88-359D-405C-A338-D5D4236C1560}\RP1036\A0033154.dll Infecté : Trojan-Downloader.Win32.Zlob.wys ignoré C:\System Volume Information\_restore{0B15FD88-359D-405C-A338-D5D4236C1560}\RP1037\A0033195.dll Infecté : Trojan-Downloader.Win32.Zlob.wys ignoré C:\System Volume Information\_restore{0B15FD88-359D-405C-A338-D5D4236C1560}\RP1037\A0033622.dll Infecté : Trojan-Downloader.Win32.Zlob.wys ignoré C:\System Volume Information\_restore{0B15FD88-359D-405C-A338-D5D4236C1560}\RP1038\A0033663.dll Infecté : Trojan-Downloader.Win32.Zlob.wys ignoré C:\System Volume Information\_restore{0B15FD88-359D-405C-A338-D5D4236C1560}\RP1038\A0033706.dll Infecté : Trojan-Downloader.Win32.Zlob.wys ignoré C:\System Volume Information\_restore{0B15FD88-359D-405C-A338-D5D4236C1560}\RP1038\A0033716.dll Infecté : Trojan-Downloader.Win32.Zlob.wys ignoré C:\System Volume Information\_restore{0B15FD88-359D-405C-A338-D5D4236C1560}\RP1039\A0033765.dll Infecté : Trojan-Downloader.Win32.Zlob.wys ignoré C:\System Volume Information\_restore{0B15FD88-359D-405C-A338-D5D4236C1560}\RP1040\A0033814.dll Infecté : Trojan-Downloader.Win32.Zlob.wys ignoré C:\System Volume Information\_restore{0B15FD88-359D-405C-A338-D5D4236C1560}\RP1040\A0033815.exe Infecté : Trojan-Downloader.Win32.Zlob.wzh ignoré C:\System Volume Information\_restore{0B15FD88-359D-405C-A338-D5D4236C1560}\RP1041\A0034841.dll Infecté : Hoax.Win32.Agent.fb ignoré C:\System Volume Information\_restore{0B15FD88-359D-405C-A338-D5D4236C1560}\RP1041\A0034860.exe Infecté : Trojan-Banker.Win32.Banker.vyo ignoré C:\System Volume Information\_restore{0B15FD88-359D-405C-A338-D5D4236C1560}\RP1041\A0034867.dll Infecté : Trojan.Win32.FraudPack.gen ignoré C:\System Volume Information\_restore{0B15FD88-359D-405C-A338-D5D4236C1560}\RP1043\A0034926.exe Infecté : Trojan-Banker.Win32.Banker.vyo ignoré C:\System Volume Information\_restore{0B15FD88-359D-405C-A338-D5D4236C1560}\RP1043\A0034933.dll Infecté : Trojan.Win32.FraudPack.gen ignoré C:\System Volume Information\_restore{0B15FD88-359D-405C-A338-D5D4236C1560}\RP1045\A0035034.DLL Infecté : Trojan.Win32.Monder.mdl ignoré C:\System Volume Information\_restore{0B15FD88-359D-405C-A338-D5D4236C1560}\RP1046\change.log L'objet est verrouillé ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\uamoctkh.dll.vir Infecté : Trojan.Win32.Monder.mdl ignoré C:\QooBox\Quarantine\C\SDFix\backups\backups.zip.vir/backups/as2008xp.exe Infecté : Trojan-Banker.Win32.Banker.vyo ignoré C:\QooBox\Quarantine\C\SDFix\backups\backups.zip.vir/backups/services.dll Infecté : Trojan.Win32.FraudPack.gen ignoré C:\QooBox\Quarantine\C\SDFix\backups\backups.zip.vir/backups/def.htm Infecté : not-virus:Hoax.HTML.Secureinvites.c ignoré C:\QooBox\Quarantine\C\SDFix\backups\backups.zip.vir ZIP: infecté - 3 ignoré Analyse terminée.
  8. hstiti
    Le scan Kaspersky est en cours. En ce qui concerne le comportement du PC, certains icones inconnus qui étaient présents dans les notifications ont disparus. Les dizaines et dizaines de fenêtres qui s'ouvraient restent closes. Il y a seulement une fenête "yourjob.com" qui s'est ouverte lorsque j'ai cliqué sur "poste de travail" pour lancer l'analyse kaspersky (y a t-il un lien???). Je te poste le rapport dès que possible. Encore merci et .
  9. hstiti
    Avec ta manip, tout est effectivement revenu. Voici les rapports ComboFix et HijackThis ComboFix 08-09-05.10 - Bureau2 2008-09-09 14:27:19.2 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.36 [GMT 2:00] Endroit: C:\Documents and Settings\Bureau2\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Bureau2\Bureau\CFScript.txt * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\SDFix C:\SDFix\apps\assosfix.reg C:\SDFix\apps\Cghtme.exe C:\SDFix\apps\cliptext.exe C:\SDFix\apps\Csweg.exe C:\SDFix\apps\download.exe C:\SDFix\apps\dummy.sys C:\SDFix\apps\Enable_Command_Prompt.reg C:\SDFix\apps\ERDNT.E_E C:\SDFix\apps\ERDNTDOS.LOC C:\SDFix\apps\ERDNTWIN.LOC C:\SDFix\apps\ERUNT.EXE C:\SDFix\apps\ERUNT.LOC C:\SDFix\apps\fix.reg C:\SDFix\apps\FixBeep.reg C:\SDFix\apps\FixBH.reg C:\SDFix\apps\FixComponents.reg C:\SDFix\apps\FIXCU.reg C:\SDFix\apps\FIXLM.reg C:\SDFix\apps\FixPath.exe C:\SDFix\apps\FixRedir.reg C:\SDFix\apps\FixSchedule.reg C:\SDFix\apps\FixWebCheck.reg C:\SDFix\apps\fixXP.reg C:\SDFix\apps\FixXPsp2.reg C:\SDFix\apps\grep.exe C:\SDFix\apps\HaxdFix.reg C:\SDFix\apps\HPFix.reg C:\SDFix\apps\HPFix2.reg C:\SDFix\apps\HPFix3.reg C:\SDFix\apps\HPFix4.reg C:\SDFix\apps\HPFix5.reg C:\SDFix\apps\HPFix6.reg C:\SDFix\apps\HPFix7.reg C:\SDFix\apps\HPFix8.reg C:\SDFix\apps\HPFix9.reg C:\SDFix\apps\isadmin.exe C:\SDFix\apps\leg2.txt C:\SDFix\apps\legacy.txt C:\SDFix\apps\legacybk.txt C:\SDFix\apps\locate.com C:\SDFix\apps\LS.exe C:\SDFix\apps\MD5File.exe C:\SDFix\apps\moveex.exe C:\SDFix\apps\MyGcpvFix.reg C:\SDFix\apps\MyGkFix2.reg C:\SDFix\apps\Process.exe C:\SDFix\apps\procs.exe C:\SDFix\apps\psservice.exe C:\SDFix\apps\Rem.txt C:\SDFix\apps\Rem2.txt C:\SDFix\apps\Replace\regedit.exe C:\SDFix\apps\Replace\w2k\AUTOEXEC.NT C:\SDFix\apps\Replace\w2k\beep.sys C:\SDFix\apps\Replace\w2k\command.com C:\SDFix\apps\Replace\w2k\command.PIF C:\SDFix\apps\Replace\w2k\CONFIG.NT C:\SDFix\apps\Replace\w2k\null.sys C:\SDFix\apps\Replace\xp\AUTOEXEC.NT C:\SDFix\apps\Replace\xp\beep.sys C:\SDFix\apps\Replace\xp\command.com C:\SDFix\apps\Replace\xp\command.PIF C:\SDFix\apps\Replace\xp\CONFIG.NT C:\SDFix\apps\Replace\xp\null.sys C:\SDFix\apps\Reset_AppInit_DLLs.reg C:\SDFix\apps\RestartIt!.exe C:\SDFix\apps\Restore_SafeBoot_Windows2000.reg C:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP2.reg C:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP3.reg C:\SDFix\apps\Restore_SecurityCenter.reg C:\SDFix\apps\Restore_SharedAccess.reg C:\SDFix\apps\sc.exe C:\SDFix\apps\sed.exe C:\SDFix\apps\SF.exe C:\SDFix\apps\shutdown.exe C:\SDFix\apps\srv2.txt C:\SDFix\apps\srv2bk.txt C:\SDFix\apps\svc.txt C:\SDFix\apps\svcbk.txt C:\SDFix\apps\swsc.exe C:\SDFix\apps\unzip.exe C:\SDFix\apps\vfind.exe C:\SDFix\apps\WINMSG.EXE C:\SDFix\apps\winsec.reg C:\SDFix\apps\zip.exe C:\SDFix\backups\backupreg.zip C:\SDFix\backups\backups.zip C:\SDFix\backups\catchme.log C:\SDFix\backups\HOSTS C:\SDFix\catchme.exe C:\SDFix\DBFix.bat C:\SDFix\dummy.sys C:\SDFix\Enable_Command_Prompt.inf C:\SDFix\Report.txt C:\SDFix\RunThis.bat C:\SDFix\SDFIX_ReadMe_Online.url C:\SDFix\W2K_VirusAlert_Repair.inf C:\SDFix\XP_VirusAlert_Repair.inf C:\VundoFix Backups C:\VundoFix.exe C:\WINDOWS\system32\tmp.reg . ((((((((((((((((((((((((((((( Fichiers créés 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))))))) . 2008-09-09 10:25 . 2008-09-09 10:18 2,846,957 --a------ C:\ComboFix.exe 2008-09-05 17:06 . 2008-09-05 17:06 <REP> d-------- C:\WINDOWS\ERUNT 2008-09-05 09:41 . 2008-09-05 09:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-09-02 14:14 . 2008-09-02 14:14 401,720 --a------ C:\HiJackThis 2.0.2.exe 2008-09-02 14:12 . 2008-09-02 14:13 2,928,600 --a------ C:\ccsetup211.exe 2008-09-02 09:47 . 2008-09-02 09:47 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-28 08:52 . 2008-08-28 08:52 <REP> d-------- C:\Program Files\CCleaner 2008-08-13 06:20 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-17 13:14 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-07-17 13:14 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-07-17 13:14 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-07-17 13:14 10,563 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-23 15:39 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2008-06-23 15:39 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2008-06-23 09:49 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2005-08-09 09:13 405,616 ----a-w C:\Program Files\msgr7fr.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-05 3092480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-01 180269] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-07-17 115560] "SoundMan"="SOUNDMAN.EXE" [2003-08-15 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=iikxld.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"= "C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe"= R2 vcdc;optiPoint 500-600 virtual serial interface;C:\WINDOWS\system32\DRIVERS\vcdc.sys [2004-11-11 66290] S3 PentaxUsb;PENTAX Optio 60 on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [ ] S3 Smcinst;Symantec Auto-upgrade Agent;C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [ ] S3 usbcomm;optiPoint 500-600 USB interface;C:\WINDOWS\system32\DRIVERS\usbcomm.sys [2003-08-05 96757] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 vi2000;CallBridge for Data (Eval);C:\WINDOWS\system32\DRIVERS\usbeval.sys [2003-09-29 49461] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-09 14:29:08 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-09-09 14:29:59 ComboFix-quarantined-files.txt 2008-09-09 12:29:58 ComboFix2.txt 2008-09-09 09:07:08 Pre-Run: 27,954,806,784 octets libres Post-Run: 27,939,733,504 octets libres 221 --- E O F --- 2008-08-18 06:42:51 ======================================= Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:36:05, on 09/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\HiJackThis 2.0.2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.ceget...FAutoConfig.ocx O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O20 - AppInit_DLLs: iikxld.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe (file missing) O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- End of file - 5786 bytes
  10. hstiti
    je n'ai plus rien du tout, ni icone, ni menu démarrer, seul le curseur de la souris est visible et actif. tout l'écran est bleu. et il n'y a aucune activité au niveau de la led du disque
  11. hstiti
    Je rencontre un petit souci. Le dernier scan de ComboFix est terminé, j'ai eu le rapport à l'écran, mais une fois le rapport fermé, j'ai toujours un fond bleu à la place du bureau. Que dois-je faire, attendre attendre un certain temps? (cela fait maintenant plus de 5 minutes que le scan est terminé)
  12. hstiti
    Tout d'abord, 2 messages qui sont apparus pendant l'exécution (mais j'ai attendu la fin pour les copier) : Voici le rapport de ComboFix : ComboFix 08-09-05.10 - Bureau2 2008-09-09 10:53:17.1 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.46 [GMT 2:00] Endroit: C:\Documents and Settings\Bureau2\Bureau\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Bureau2\Menu Démarrer\AntiSpyCheck 2.1.lnk C:\Documents and Settings\Bureau2\Menu Démarrer\Programmes\AntiSpyCheck 2.1 C:\Documents and Settings\Bureau2\Menu Démarrer\Programmes\AntiSpyCheck 2.1\AntiSpyCheck 2.1.lnk C:\WINDOWS\BM0b6025ef.txt C:\WINDOWS\BM0b6025ef.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\bddgmqun.ini C:\WINDOWS\system32\eyniccgs.ini C:\WINDOWS\system32\fikebsrw.dll C:\WINDOWS\system32\fjtgtmxq.ini C:\WINDOWS\system32\fprjjukv.dll C:\WINDOWS\system32\fuwhxtcn.ini C:\WINDOWS\system32\hktcomau.ini C:\WINDOWS\system32\hQXbefii.ini C:\WINDOWS\system32\hQXbefii.ini2 C:\WINDOWS\system32\iifebXQh.dll C:\WINDOWS\system32\iikxld.dll C:\WINDOWS\system32\ilnUDJjl.ini C:\WINDOWS\system32\ilnUDJjl.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\qoMGwutT.dll C:\WINDOWS\system32\smp C:\WINDOWS\system32\smp\msrc.exe C:\WINDOWS\system32\uamoctkh.dll C:\WINDOWS\system32\vjithepc.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))))))) . 2008-09-09 10:25 . 2008-09-09 10:18 2,846,957 --a------ C:\ComboFix.exe 2008-09-09 08:18 . 2008-09-09 08:18 <REP> d-------- C:\VundoFix Backups 2008-09-09 08:18 . 2008-09-09 08:16 119,808 --a------ C:\VundoFix.exe 2008-09-05 17:06 . 2008-09-05 17:06 <REP> d-------- C:\WINDOWS\ERUNT 2008-09-05 17:05 . 2008-09-03 05:41 <REP> d-------- C:\SDFix 2008-09-05 15:14 . 2008-09-05 15:45 2,192 --a------ C:\WINDOWS\system32\tmp.reg 2008-09-05 09:41 . 2008-09-05 09:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-09-02 14:14 . 2008-09-02 14:14 401,720 --a------ C:\HiJackThis 2.0.2.exe 2008-09-02 14:12 . 2008-09-02 14:13 2,928,600 --a------ C:\ccsetup211.exe 2008-09-02 09:47 . 2008-09-02 09:47 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-28 08:52 . 2008-08-28 08:52 <REP> d-------- C:\Program Files\CCleaner 2008-08-13 06:20 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-17 13:14 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-07-17 13:14 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-07-17 13:14 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-07-17 13:14 10,563 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-23 15:39 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2008-06-23 15:39 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2008-06-23 09:49 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2005-08-09 09:13 405,616 ----a-w C:\Program Files\msgr7fr.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-05 3092480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-01 180269] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-07-17 115560] "SoundMan"="SOUNDMAN.EXE" [2003-08-15 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=iikxld.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"= "C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe"= R2 vcdc;optiPoint 500-600 virtual serial interface;C:\WINDOWS\system32\DRIVERS\vcdc.sys [2004-11-11 66290] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 PentaxUsb;PENTAX Optio 60 on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [ ] S3 Smcinst;Symantec Auto-upgrade Agent;C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [ ] S3 usbcomm;optiPoint 500-600 USB interface;C:\WINDOWS\system32\DRIVERS\usbcomm.sys [2003-08-05 96757] S3 vi2000;CallBridge for Data (Eval);C:\WINDOWS\system32\DRIVERS\usbeval.sys [2003-09-29 49461] . - - - - ORPHANS REMOVED - - - - BHO-{0462D6BD-4724-45EE-9354-F967D0AEB44C} - C:\WINDOWS\system32\iifebXQh.dll BHO-{210812d3-b7e1-4db0-a7a4-b35dce82f193} - C:\WINDOWS\system32\iikxld.dll BHO-{E9942195-8F1A-4D79-8E8B-D07804198C79} - (no file) HKLM-Run-08531673 - C:\WINDOWS\system32\uamoctkh.dll HKLM-Run-BM0b6025ef - C:\WINDOWS\system32\fikebsrw.dll Notify-vtUkifcd - vtUkifcd.dll Notify-WgaLogon - (no file) . ------- Supplementary Scan ------- . R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore O16 -: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} - hxxps://ssl-tb.sitadelle.com/selfcare.cegetel.net/templates/static/ocx/AFAutoConfig.ocx C:\WINDOWS\Downloaded Program Files\AFAutoConfig.ocx . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-09 11:04:02 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SMC.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCSVCHST.EXE C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\RTVSCAN.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe . ************************************************************************** . Temps d'accomplissement: 2008-09-09 11:07:04 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-09 09:06:52 Pre-Run: 27,713,601,536 octets libres Post-Run: 27,983,216,640 octets libres 175 --- E O F --- 2008-08-18 06:42:51
  13. hstiti
    VundoFix n'a rien trouvé. VundoFix V7.0.6 Scan started at 08:18:35 09/09/2008 Listing files found while scanning.... No infected files were found. ========================= Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:43:45, on 09/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\HiJackThis 2.0.2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: (no name) - {0462D6BD-4724-45EE-9354-F967D0AEB44C} - C:\WINDOWS\system32\iifebXQh.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: {391f28ec-d53b-4a7a-0bd4-1e7b3d218012} - {210812d3-b7e1-4db0-a7a4-b35dce82f193} - C:\WINDOWS\system32\iikxld.dll O2 - BHO: (no name) - {5BFC1E05-8287-420E-8526-F6D76E1FEBB8} - (no file) O2 - BHO: (no name) - {CE86878F-D099-4FFC-A4DC-E51D192063B1} - (no file) O2 - BHO: (no name) - {E9942195-8F1A-4D79-8E8B-D07804198C79} - (no file) O3 - Toolbar: (no name) - {C3169036-557E-45E1-840F-C845DC406C55} - (no file) O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [08531673] rundll32.exe "C:\WINDOWS\system32\uamoctkh.dll",b O4 - HKLM\..\Run: [bM0b6025ef] Rundll32.exe "C:\WINDOWS\system32\fikebsrw.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.ceget...FAutoConfig.ocx O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0127bc53cef5da...RdxIE601_fr.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O20 - AppInit_DLLs: iikxld.dll O20 - Winlogon Notify: vtUkifcd - vtUkifcd.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe (file missing) O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- End of file - 6324 bytes d'autre part, il ne m'a jamais demandé de redémarrer (peut-être normal puisqu'il n'a rien trouvé?).
  14. hstiti
    Salut, le week-end a été bon? Voici le rapport SDFix et un nouveau log HJT SDFix: Version 1.221 Run by Bureau2 on 05/09/2008 at 17:11 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\nnnkKCsq.dll - Deleted C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe - Deleted C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080826192318487.log - Deleted C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080827091907953.log - Deleted C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080828074735000.log - Deleted C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080828091403155.log - Deleted C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080829074835953.log - Deleted C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080901072650171.log - Deleted C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080902093500031.log - Deleted C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080902165939156.log - Deleted C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080905093553359.log - Deleted C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080905151100875.log - Deleted C:\Documents and Settings\All Users\Menu D‚marrer\Antivirus Scan.url - Deleted C:\Documents and Settings\All Users\Menu D‚marrer\Online Spyware Test.url - Deleted C:\Documents and Settings\Bureau2\Mes documents\My Documents.url - Deleted C:\Documents and Settings\Bureau2\Mes documents\Ma musique\My Music.url - Deleted C:\Documents and Settings\Bureau2\Mes documents\Mes images\My Pictures.url - Deleted C:\Documents and Settings\Bureau2\Mes documents\Mes vid‚os\My Video.url - Deleted C:\WINDOWS\mslagent\2_mslagent.dll - Deleted C:\WINDOWS\mslagent\mslagent.exe - Deleted C:\WINDOWS\mslagent\uninstall.exe - Deleted C:\Program Files\Inet Delivery\inetdl.exe - Deleted C:\Program Files\Inet Delivery\intdel.exe - Deleted C:\WINDOWS\a.bat - Deleted C:\WINDOWS\zip1.tmp - Deleted C:\WINDOWS\zip2.tmp - Deleted C:\WINDOWS\zip3.tmp - Deleted C:\WINDOWS\zipped.tmp - Deleted C:\Documents and Settings\All Users\Application Data\services\services.dll - Deleted C:\WINDOWS\a.bat - Deleted C:\WINDOWS\base64.tmp - Deleted C:\WINDOWS\bdn.com - Deleted C:\WINDOWS\FVProtect.exe - Deleted C:\WINDOWS\iTunesMusic.exe - Deleted C:\WINDOWS\mssecu.exe - Deleted C:\WINDOWS\system32\akttzn.exe - Deleted C:\WINDOWS\system32\anticipator.dll - Deleted C:\WINDOWS\system32\awtoolb.dll - Deleted C:\WINDOWS\system32\bdn.com - Deleted C:\WINDOWS\system32\bsva-egihsg52.exe - Deleted C:\WINDOWS\system32\dpcproxy.exe - Deleted C:\WINDOWS\system32\emesx.dll - Deleted C:\WINDOWS\system32\h@tkeysh@@k.dll - Deleted C:\WINDOWS\system32\hoproxy.dll - Deleted C:\WINDOWS\system32\hxiwlgpm.dat - Deleted C:\WINDOWS\system32\hxiwlgpm.exe - Deleted C:\WINDOWS\system32\medup012.dll - Deleted C:\WINDOWS\system32\medup020.dll - Deleted C:\WINDOWS\system32\msgp.exe - Deleted C:\WINDOWS\system32\msnbho.dll - Deleted C:\WINDOWS\system32\mssecu.exe - Deleted C:\WINDOWS\system32\msvchost.exe - Deleted C:\WINDOWS\system32\mtr2.exe - Deleted C:\WINDOWS\system32\mwin32.exe - Deleted C:\WINDOWS\system32\netode.exe - Deleted C:\WINDOWS\system32\newsd32.exe - Deleted C:\WINDOWS\system32\ps1.exe - Deleted C:\WINDOWS\system32\psof1.exe - Deleted C:\WINDOWS\system32\psoft1.exe - Deleted C:\WINDOWS\system32\regc64.dll - Deleted C:\WINDOWS\system32\regm64.dll - Deleted C:\WINDOWS\system32\Rundl1.exe - Deleted C:\WINDOWS\system32\sncntr.exe - Deleted C:\WINDOWS\system32\ssurf022.dll - Deleted C:\WINDOWS\system32\ssvchost.com - Deleted C:\WINDOWS\system32\ssvchost.exe - Deleted C:\WINDOWS\system32\sysreq.exe - Deleted C:\WINDOWS\system32\taack.dat - Deleted C:\WINDOWS\system32\taack.exe - Deleted C:\WINDOWS\system32\temp#01.exe - Deleted C:\WINDOWS\system32\thun.dll - Deleted C:\WINDOWS\system32\thun32.dll - Deleted C:\WINDOWS\system32\VBIEWER.OCX - Deleted C:\WINDOWS\system32\vbsys2.dll - Deleted C:\WINDOWS\system32\vcatchpi.dll - Deleted C:\WINDOWS\system32\winlogonpc.exe - Deleted C:\WINDOWS\system32\winsystem.exe - Deleted C:\WINDOWS\system32\WINWGPX.EXE - Deleted C:\WINDOWS\userconfig9x.dll - Deleted C:\WINDOWS\Web\def.htm - Deleted C:\WINDOWS\winsystem.exe - Deleted Folder C:\Documents and Settings\All Users\Application Data\Secure Solutions - Removed Folder C:\Documents and Settings\All Users\Application Data\services - Removed Folder C:\Program Files\Inet Delivery - Removed Folder C:\WINDOWS\mslagent - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-08 15:00:41 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"="C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe:*:Enabled:MSN Messenger 7.5" "C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe:*:Enabled:SMC Service" "C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE:*:Enabled:SNAC Service" "C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe"="C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe:*:Enabled:Symantec Email" "C:\\WINDOWS\\EXPLORER.EXE"="C:\\WINDOWS\\EXPLORER.EXE:*:Enabled:Explorateur Windows" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"="C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe:*:Enabled:MSN Messenger 7.5" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Finished! --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:03:53, on 08/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\HiJackThis 2.0.2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: (no name) - {0462D6BD-4724-45EE-9354-F967D0AEB44C} - C:\WINDOWS\system32\iifebXQh.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: {391f28ec-d53b-4a7a-0bd4-1e7b3d218012} - {210812d3-b7e1-4db0-a7a4-b35dce82f193} - C:\WINDOWS\system32\iikxld.dll O2 - BHO: (no name) - {5BFC1E05-8287-420E-8526-F6D76E1FEBB8} - (no file) O2 - BHO: (no name) - {CE86878F-D099-4FFC-A4DC-E51D192063B1} - (no file) O2 - BHO: (no name) - {E9942195-8F1A-4D79-8E8B-D07804198C79} - (no file) O3 - Toolbar: (no name) - {C3169036-557E-45E1-840F-C845DC406C55} - (no file) O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [08531673] rundll32.exe "C:\WINDOWS\system32\uamoctkh.dll",b O4 - HKLM\..\Run: [bM0b6025ef] Rundll32.exe "C:\WINDOWS\system32\fikebsrw.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.ceget...FAutoConfig.ocx O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0127bc53cef5da...RdxIE601_fr.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O20 - AppInit_DLLs: iikxld.dll O20 - Winlogon Notify: vtUkifcd - vtUkifcd.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe (file missing) O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- End of file - 6324 bytes
  15. hstiti
    Effectivement, il est beaucoup plus long à redémarrer^^ Je posterai les rapports lundi. Merci et bon week end à tous.
×
×
  • Créer...