Aller au contenu

nard27

Membres
  • Compteur de contenus

    10
  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    FRANCAIS

nard27's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Merci pour ton aide mais j'avais déjà essayé et le seul message que j'avais de la part de l'outil c'est... veuillez désinstaller le logiciel. Bref==> solution radicale : formate + réisntall maintenant tout est oK Encore merci
  2. Bjr SUite à infction puis nettoyage complet (merci Wawaseb...) j'ai acheté Norton Internet Security 2008. Install Ok sur le portable mais plantage en cours d'installa sur le fixe ==> l'installa ne s'est pas terminée et j'i du arrêter le pC Depuuis je ne peux ni désinstaller ni continuer l'install - dans menu démarrer / Norton / désinstaller => il ne se passe rien - via le CD d'install ==> quand je lance le setup il ne se passe rien - via supprimer programm => il me dit que la désinstall doit se faire via le MSI - avec un outil (type CCleaner) m^me chose il me dit que la déinstall doit se faire via le MSI Je souhaiterai installer correctement le produit. merci pour votre aide
  3. merci pour tout
  4. Bjr WawaSeb tout d'abord merci pour ton aide précieuse j'ai suivi ton ordonnance... et tu trouveras ci-parès les derniers raaport (celui du cleaner et celui de hijackthis) mais que pensez du précédent rapport de kaspersky qui trouvait des virus partout don un trojan (win32.obfuscated) ? bonne journée ********ToolsCleaner2 (A.Rothstein)******** Debut le 07/10/2007 a 11:57:23,64 /////////////////// -Hijackthis = Trouve! -Hijackthis = Suppression effectuee! ********Fin de Scan principal******** Programme(s) supprime(s) avec succes! ** Module de recherche complementaire ** (Beta Test 1) C:\Documents and Settings\All Users\Documents\Securite\Combofix C:\Documents and Settings\Thomas\Bureau\HijackThis.exe /////////////////// Fin le 07/10/2007 a 11:59:08,75 - Points de Restauration Ok! - Vidage de la corbeille Ok! - Fichiers temporaires Ok! Merci d'avoir utilise ToolsCleaner2 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:13:18, on 07/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- End of file - 5993 bytes
  5. Bsr, dernier rapport hijackthis (je n'arrive pas à fixer 2 lignes O23 dont a-squaredfree que j'ai pourtant désinstallé) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:05:01, on 06/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: a-squared Free Service (a2free) - Unknown owner - c:\program files\a-squared free\a2service.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DirectX Service (DirectWavk) - Unknown owner - c:\windows\system32\directx.exe (file missing) O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- End of file - 6279 bytes
  6. Bjr, j'ai fairt les dernière action puis un scan en ligne avec kaspersky ==> ça a l'air d'être une cata (en plus il semble trouver qq chose sur le D alors que c'est un lecteur CD...) voici le rapport C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\17d51d148819dc1d762d753a37c23fcd_1ab0cb99-7ccf-4b60-b6b7-62d07de8d8a5 L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5acb432e1ad2f1544ab02837e9d0ce95_1ab0cb99-7ccf-4b60-b6b7-62d07de8d8a5 L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84d708d846916ce3e6da6cba921153c5_1ab0cb99-7ccf-4b60-b6b7-62d07de8d8a5 L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9373fd753e26c56fe692a4a5eed030d5_1ab0cb99-7ccf-4b60-b6b7-62d07de8d8a5 L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b08775788810a100cbb80fb418af221f_1ab0cb99-7ccf-4b60-b6b7-62d07de8d8a5 L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee1fd2dd8f5db2abb65da52f5bc55e62_1ab0cb99-7ccf-4b60-b6b7-62d07de8d8a5 L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20071006_Time-134922031_EnterceptExceptions.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20071006_Time-134922031_EnterceptRules.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_BELETTE-M4FCB7C.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_BELETTE-M4FCB7C.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Pascale\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Pascale\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Pascale\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Pascale\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Pascale\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Pascale\ntuser.dat L'objet est verrouillé ignoré C:\Documents and Settings\Pascale\NTUSER.DAT.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Thomas\Application Data\Ball Drv Bib\About Bold The.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\Documents and Settings\Thomas\Application Data\Ball Drv Bib\About Bone Spam.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\Documents and Settings\Thomas\Application Data\Ball Drv Bib\itksqwoa.exe Infecté : Trojan.Win32.Obfuscated.io ignoré C:\Documents and Settings\Thomas\Application Data\Ball Drv Bib\xbopurza.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-770614b0-2216b2f0.zip/BaaaaBaa.class Infecté : Exploit.Java.Gimsh.a ignoré C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-770614b0-2216b2f0.zip ZIP: infecté - 1 ignoré C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\great coal love default\Sect heart.exe.vir Infecté : Trojan.Win32.Obfuscated.io ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP3\A0002177.exe Infecté : Trojan.Win32.Obfuscated.io ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP3\A0002274.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP3\A0002275.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP3\A0003269.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP4\A0004269.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP4\A0005269.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP5\A0005285.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP6\A0006329.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP6\A0007329.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP7\A0007340.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP7\A0007372.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP7\A0007381.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP7\A0007382.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP7\A0007489.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP7\A0007490.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP7\A0007491.exe Infecté : Trojan.Win32.Obfuscated.en ignoré C:\System Volume Information\_restore{2D28A633-C419-4C89-9964-747B5214DDFA}\RP9\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{A0A79966-75EE-4A3F-AF22-E4B13EDEEF60}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré F:\System Volume Information\MountPointManagerRemoteDatabase cdlt
  7. Bjr WawaSeb, Pas eu le temps de continuer hier et hélas je ne vais pas pouvoir le faire cette semaine (je ne serai pas sur place). Je ne pourrais reprendre que le WE prochain. Merci beaucoup pour ton aide et désolé pour le silence cette semaine... Je mettrais en place ton plan d'action samedi prochain et reposterai le résultat. Encore merci et à +
  8. re-bjr et tout d'abord merci beaucoup pour votre aide. je vais répondre point par point a votre dernier mail 1) trop d'antispy ==> j'en ai supprimer qq'un 2) concernant les p2p je sais que c'est une cata mais c'est le fiston qui installe ça. Je ne sais pas comment les desinstallé (absent de ajout-supprimer programme) 3) concernantxceedcry.dll, le scan online n'a rien trouvé (nothing found à chaque ligne) 4) le stop et delete de DirectX Service n'a pas fonctionné ==> message : "n'existe pas en tant que service installé" 5) j'ai fixé la ligne O4..... 6) ci-joint le rapport de combofix lancé avec le script ComboFix 07-09-21.2 - "Pascale" 2007-09-30 18:08:56.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.204 [GMT 2:00] Command switches used :: C:\Documents and Settings\All Users\Documents\Securite\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\Tasks\AA52F5D691F9666A.job . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\great coal love default C:\Documents and Settings\All Users\Application Data\great coal love default\Sect heart.exe C:\Documents and Settings\All Users\Application Data\great coal love default\SIXTH RULE.exe C:\Documents and Settings\All Users\Application Data\Internet debug mess great C:\Documents and Settings\All Users\Application Data\upload amok date cool C:\Documents and Settings\All Users\Application Data\upload amok date cool\Sign boob save C:\Documents and Settings\All Users\Application Data\upload amok date cool\user regs balm . ((((((((((((((((((((((((((((( Fichiers créés 2007-08-28 to 2007-09-30 )))))))))))))))))))))))))))))))))))) . 2007-09-30 17:33 106 --a------ C:\delete.bat 2007-09-30 17:13 <REP> d-------- C:\NoLopBackups 2007-09-30 16:47 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-30 16:33 <REP> d-------- C:\Program Files\Trend Micro 2007-09-26 19:43 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-09-26 19:43 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-09-26 19:43 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-09-26 19:43 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-09-22 18:56 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion 2007-09-22 13:57 <REP> d-------- C:\Program Files\Lavasoft 2007-09-22 13:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-09-22 13:54 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-09-22 13:42 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-09-22 12:50 <REP> d-------- C:\WINDOWS\pss 2007-09-22 12:30 <REP> d-------- C:\Program Files\Yahoo! 2007-09-22 12:29 <REP> d-------- C:\Program Files\CCleaner 2007-09-16 18:01 <REP> d-------- C:\Program Files\uTorrent 2007-09-08 13:59 <REP> d-------- C:\DOCUME~1\Pascale\APPLIC~1\Media Player Classic 2007-09-04 00:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2007-09-04 00:04 <REP> d-------- C:\Program Files\Windows Live 2007-09-02 16:24 <REP> d-------- C:\VundoFix Backups 2007-08-31 03:09 <REP> d-------- C:\DOCUME~1\Thomas\APPLIC~1\My Battle for Middle-earth II Demo Files 2007-08-30 13:50 <REP> d-------- C:\Program Files\FreeUndelete 2007-08-29 10:55 <REP> d-------- C:\DOCUME~1\Pascale\APPLIC~1\iShell 2007-08-28 10:46 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2007-08-28 10:46 516,784 -ra------ C:\WINDOWS\system32\XceedCry.dll 2007-08-28 10:46 217,088 --a------ C:\WINDOWS\system32\DartSock.dll 2007-08-28 10:46 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll 2007-08-28 10:46 <REP> d-------- C:\Program Files\Convar 2007-08-27 12:51 <REP> d-------- C:\DOCUME~1\Pascale\APPLIC~1\Ball Drv Bib 2007-08-03 17:49 <REP> d-------- C:\DOCUME~1\Thomas\APPLIC~1\iShell 2007-08-01 21:37 <REP> d--hs---- C:\WINDOWS\ftpcache 2007-08-01 21:04 <REP> d-------- C:\DOCUME~1\WLIA~1\Saved Games . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-30 17:58 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-09-30 17:57 --------- d-------- C:\Program Files\a-squared Free 2007-09-29 12:43 --------- d-------- C:\Program Files\MSN Messenger 2007-09-29 12:43 --------- d-------- C:\Program Files\Incomplete 2007-09-29 12:43 --------- d-------- C:\DOCUME~1\Thomas\APPLIC~1\uTorrent 2007-09-29 12:43 --------- d-------- C:\DOCUME~1\Thomas\APPLIC~1\Desktop Sidebar 2007-09-29 12:43 --------- d-------- C:\DOCUME~1\Pascale\APPLIC~1\uTorrent 2007-09-29 12:11 --------- d-------- C:\Program Files\MSN Games 2007-09-16 00:43 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-14 19:02 --------- d-------- C:\DOCUME~1\Thomas\APPLIC~1\Ball Drv Bib 2007-09-04 00:04 --------- d-------- C:\Program Files\Messenger Plus! Live 2007-08-31 00:01 --------- d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment 2007-08-30 23:35 --------- d-------- C:\Program Files\LimeWire 2007-08-30 23:22 --------- d-------- C:\Program Files\Thoosje Vista Sidebar v1.7.8 2007-08-30 23:14 --------- d-------- C:\Program Files\Nioubomatik Antrix 2007-08-28 10:46 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-02 17:16 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-11 20:36 681984 --a--c--- C:\WINDOWS\system32\CDUninst.exe 2007-07-03 02:45 46 --a------ C:\DOCUME~1\Thomas\Uninstall.bat 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-24 21:10] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28] "SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 C:\WINDOWS\SOUNDMAN.EXE] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50] "Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 16:24] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48] "PD0630 STISvc"="P0630Pin.dll" [2005-06-05 19:01 C:\WINDOWS\system32\P0630Pin.dll] "DT Task"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [2006-11-03 13:20] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [] C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-06-14 19:33:40] LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-05-27 13:38:12] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-04-22 15:59:55] R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys R3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys R3 PdiPorts;Portrait Displays low level device driver;C:\WINDOWS\system32\Drivers\PdiPorts.sys S2 DirectWavk;DirectX Service;c:\windows\system32\directx.exe S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys S3 pdiddcci;DDC/CI monitor;C:\WINDOWS\system32\DRIVERS\pdiddcci.sys S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-09-27 09:06:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-30 18:11:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-30 18:12:15 C:\ComboFix-quarantined-files.txt ... 2007-09-30 18:12 C:\ComboFix2.txt ... 2007-09-30 16:54 . --- E O F --- 7) voici le dernier rapport de hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:13:24, on 30/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\a-squared free\a2service.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DirectX Service (DirectWavk) - Unknown owner - c:\windows\system32\directx.exe (file missing) O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- End of file - 6527 bytes cdlt
  9. Bjr, ci joints le rapport de hijackthis (V2.0.2) ainsi que celui de combofix cdlt Rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:33:30, on 30/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe c:\program files\a-squared free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\Sect heart.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DirectX Service (DirectWavk) - Unknown owner - c:\windows\system32\directx.exe (file missing) O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- End of file - 8079 bytes rapport de combofix ComboFix 07-09-21.2 - "Pascale" 2007-09-30 16:50:21.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.141 [GMT 2:00] * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\Thomas\APPLIC~1\macromedia\Flash Player\#SharedObjects\U37WCC9M\www.broadcaster.com C:\DOCUME~1\Thomas\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\DOCUME~1\Thomas\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\DOCUME~1\Thomas\Bureau\internet.lnk . ((((((((((((((((((((((((((((( Fichiers créés 2007-08-28 to 2007-09-30 )))))))))))))))))))))))))))))))))))) . 2007-09-30 16:47 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-30 16:33 <REP> d-------- C:\Program Files\Trend Micro 2007-09-26 19:43 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-09-26 19:43 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-09-26 19:43 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-09-26 19:43 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-09-22 18:56 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion 2007-09-22 13:57 <REP> d-------- C:\Program Files\Lavasoft 2007-09-22 13:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-09-22 13:54 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-09-22 13:42 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-09-22 12:50 <REP> d-------- C:\WINDOWS\pss 2007-09-22 12:30 <REP> d-------- C:\Program Files\Yahoo! 2007-09-22 12:29 <REP> d-------- C:\Program Files\CCleaner 2007-09-16 18:01 <REP> d-------- C:\Program Files\uTorrent 2007-09-08 13:59 <REP> d-------- C:\DOCUME~1\Pascale\APPLIC~1\Media Player Classic 2007-09-04 00:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2007-09-04 00:04 <REP> d-------- C:\Program Files\Windows Live 2007-09-02 16:24 <REP> d-------- C:\VundoFix Backups 2007-08-31 03:09 <REP> d-------- C:\DOCUME~1\Thomas\APPLIC~1\My Battle for Middle-earth II Demo Files 2007-08-30 13:50 <REP> d-------- C:\Program Files\FreeUndelete 2007-08-29 10:55 <REP> d-------- C:\DOCUME~1\Pascale\APPLIC~1\iShell 2007-08-28 10:46 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2007-08-28 10:46 516,784 -ra------ C:\WINDOWS\system32\XceedCry.dll 2007-08-28 10:46 217,088 --a------ C:\WINDOWS\system32\DartSock.dll 2007-08-28 10:46 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll 2007-08-28 10:46 <REP> d-------- C:\Program Files\Convar 2007-08-27 12:51 <REP> d-------- C:\DOCUME~1\Pascale\APPLIC~1\Ball Drv Bib 2007-08-03 17:49 <REP> d-------- C:\DOCUME~1\Thomas\APPLIC~1\iShell 2007-08-03 13:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Internet debug mess great 2007-08-03 13:46 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default 2007-08-01 21:37 <REP> d--hs---- C:\WINDOWS\ftpcache 2007-08-01 21:04 <REP> d-------- C:\DOCUME~1\WLIA~1\Saved Games . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-29 12:43 --------- d-------- C:\Program Files\MSN Messenger 2007-09-29 12:43 --------- d-------- C:\Program Files\Incomplete 2007-09-29 12:43 --------- d-------- C:\Program Files\a-squared Anti-Malware 2007-09-29 12:43 --------- d-------- C:\DOCUME~1\Thomas\APPLIC~1\uTorrent 2007-09-29 12:43 --------- d-------- C:\DOCUME~1\Thomas\APPLIC~1\Desktop Sidebar 2007-09-29 12:43 --------- d-------- C:\DOCUME~1\Pascale\APPLIC~1\uTorrent 2007-09-29 12:11 --------- d-------- C:\Program Files\MSN Games 2007-09-22 12:53 --------- d-------- C:\Program Files\a-squared Free 2007-09-22 12:34 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-09-16 00:43 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-14 19:02 --------- d-------- C:\DOCUME~1\Thomas\APPLIC~1\Ball Drv Bib 2007-09-04 00:04 --------- d-------- C:\Program Files\Messenger Plus! Live 2007-08-31 00:01 --------- d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment 2007-08-30 23:35 --------- d-------- C:\Program Files\LimeWire 2007-08-30 23:22 --------- d-------- C:\Program Files\Thoosje Vista Sidebar v1.7.8 2007-08-30 23:14 --------- d-------- C:\Program Files\Nioubomatik Antrix 2007-08-28 10:46 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-03 13:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\upload amok date cool 2007-08-02 17:16 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-11 20:36 681984 --a--c--- C:\WINDOWS\system32\CDUninst.exe 2007-07-03 02:45 46 --a------ C:\DOCUME~1\Thomas\Uninstall.bat 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-24 21:10] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28] "SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 C:\WINDOWS\SOUNDMAN.EXE] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50] "Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48] "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2007-03-03 15:18] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 16:24] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48] "PD0630 STISvc"="P0630Pin.dll" [2005-06-05 19:01 C:\WINDOWS\system32\P0630Pin.dll] "DT Task"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [2006-11-03 13:20] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07] "Love default global mess"="C:\Documents and Settings\All Users\Application Data\great coal love default\Sect heart.exe" [2007-09-29 07:40] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55] C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-06-14 19:33:40] LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-05-27 13:38:12] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-04-22 15:59:55] R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys R3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys R3 PdiPorts;Portrait Displays low level device driver;C:\WINDOWS\system32\Drivers\PdiPorts.sys S2 DirectWavk;DirectX Service;c:\windows\system32\directx.exe S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys S3 pdiddcci;DDC/CI monitor;C:\WINDOWS\system32\DRIVERS\pdiddcci.sys S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS *Newly Created Service* - CATCHME . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-09-30 14:00:00 C:\WINDOWS\Tasks\AA52F5D691F9666A.job" "2007-09-27 09:06:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-30 16:52:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g scanning hidden files ... ************************************************************************** . Completion time: 2007-09-30 16:54:23 C:\ComboFix-quarantined-files.txt ... 2007-09-30 16:53 . --- E O F ---
  10. Bjr MC afee (8.1) détecte Bo:heap comme virus, le PC est souvent très lent. J'ai tenté plusieurs nettoyage (en mode sans echec + retauration windows désactivée) et je n'aarive à rien. J'ai passé les outils suivants : stinger , vundofix, spybot, avg anti-spyware, ad-aware, a-squared. J'ai télécharger + installé patch de sécurité XP concernant bo:heap. Toujours rien. Je me retourne donc vers vous, si qq'un peut m'aider ? d'avance merci Voici le rapport ijackThis Logfile of HijackThis v1.99.1 Scan saved at 12:56:25, on 30/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe c:\program files\a-squared free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\All Users\Documents\Securite\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\Sect heart.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DirectX Service (DirectWavk) - Unknown owner - c:\windows\system32\directx.exe (file missing) O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
×
×
  • Créer...