Aller au contenu

szbouby

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    9

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par szbouby

  1. szbouby
    YESSSS merci pour toutes tes recommandations !
  2. szbouby
    voici le rapport ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, March 08, 2008 11:40:35 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 8/03/2008 Kaspersky Anti-Virus database records: 613069 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 43972 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 00:50:29 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Hervé\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Hervé\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Hervé\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Hervé\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Hervé\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Hervé\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Hervé\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{850FB77B-4604-4730-9DDA-AE67307FFF2E}\RP97\change.log Object is locked skipped C:\WINDOWS\CSC\00000001 Object is locked skipped C:\WINDOWS\Debug\Netlogon.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed.
  3. szbouby
    voici mon dernier rapport hijack en revanche ewido ne m'a proposé aucun rapport (j'ai fait second scan idem) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:05:41, on 07/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Hervé\Mes documents\logiciels\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [install_Choix] D:\choix.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Moniteur & Configuration.lnk = ? O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120384046921 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.157.152.82/AxisCamControl.ocx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domaine.barbot O17 - HKLM\Software\..\Telephony: DomainName = domaine.barbot O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domaine.barbot O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domaine.barbot O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6227 bytes
  4. szbouby
    Avec un peu (bcp ?) de retard mais voici le rapport CF ComboFix 08-02-25.3 - Hervé 2008-03-03 14:44:17.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.254 [GMT 1:00] Endroit: C:\Documents and Settings\Hervé\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Hervé\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\drivers\ohhbeguc.dat C:\WINDOWS\system32\svchost.exe.tmp . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\SDFIX C:\SDFIX\SDFix\apps\assosfix.reg C:\SDFIX\SDFix\apps\cliptext.exe C:\SDFIX\SDFix\apps\download.exe C:\SDFIX\SDFix\apps\dummy.exe C:\SDFIX\SDFix\apps\dummy.sys C:\SDFIX\SDFix\apps\Enable_Command_Prompt.reg C:\SDFIX\SDFix\apps\ERDNT.E_E C:\SDFIX\SDFix\apps\ERDNTDOS.LOC C:\SDFIX\SDFix\apps\ERDNTWIN.LOC C:\SDFIX\SDFix\apps\ERUNT.EXE C:\SDFIX\SDFix\apps\ERUNT.LOC C:\SDFIX\SDFix\apps\fix.reg C:\SDFIX\SDFix\apps\FixBH.reg C:\SDFIX\SDFix\apps\FixComponents.reg C:\SDFIX\SDFix\apps\FIXCU.reg C:\SDFIX\SDFix\apps\FIXLM.reg C:\SDFIX\SDFix\apps\FixPath.exe C:\SDFIX\SDFix\apps\FixRedir.reg C:\SDFIX\SDFix\apps\FixSchedule.reg C:\SDFIX\SDFix\apps\FixWebCheck.reg C:\SDFIX\SDFix\apps\fixXP.reg C:\SDFIX\SDFix\apps\FixXPsp2.reg C:\SDFIX\SDFix\apps\grep.exe C:\SDFIX\SDFix\apps\HPFix.reg C:\SDFIX\SDFix\apps\HPFix2.reg C:\SDFIX\SDFix\apps\HPFix3.reg C:\SDFIX\SDFix\apps\HPFix4.reg C:\SDFIX\SDFix\apps\HPFix5.reg C:\SDFIX\SDFix\apps\HPFix6.reg C:\SDFIX\SDFix\apps\HPFix7.reg C:\SDFIX\SDFix\apps\isadmin.exe C:\SDFIX\SDFix\apps\leg2.txt C:\SDFIX\SDFix\apps\legacy.txt C:\SDFIX\SDFix\apps\legacybk.txt C:\SDFIX\SDFix\apps\locate.com C:\SDFIX\SDFix\apps\LS.exe C:\SDFIX\SDFix\apps\MD5File.exe C:\SDFIX\SDFix\apps\MyGcpvFix.reg C:\SDFIX\SDFix\apps\MyGkFix2.reg C:\SDFIX\SDFix\apps\Process.exe C:\SDFIX\SDFix\apps\procs.exe C:\SDFIX\SDFix\apps\psservice.exe C:\SDFIX\SDFix\apps\RegDACL.exe C:\SDFIX\SDFix\apps\regedit.exe C:\SDFIX\SDFix\apps\Rem.txt C:\SDFIX\SDFix\apps\Rem2.txt C:\SDFIX\SDFix\apps\Replace\W2K.exe C:\SDFIX\SDFix\apps\Replace\w2k\beep.sys C:\SDFIX\SDFix\apps\Replace\w2k\null.sys C:\SDFIX\SDFix\apps\Replace\XP.exe C:\SDFIX\SDFix\apps\Replace\xp\beep.sys C:\SDFIX\SDFix\apps\Replace\xp\null.sys C:\SDFIX\SDFix\apps\Reset_AppInit_DLLs.reg C:\SDFIX\SDFix\apps\RestartIt!.exe C:\SDFIX\SDFix\apps\Restore_SecurityCenter.reg C:\SDFIX\SDFix\apps\Restore_SharedAccess.reg C:\SDFIX\SDFix\apps\sc.exe C:\SDFIX\SDFix\apps\sed.exe C:\SDFIX\SDFix\apps\SF.exe C:\SDFIX\SDFix\apps\shutdown.exe C:\SDFIX\SDFix\apps\srv2.txt C:\SDFIX\SDFix\apps\srv2bk.txt C:\SDFIX\SDFix\apps\svc.txt C:\SDFIX\SDFix\apps\svcbk.txt C:\SDFIX\SDFix\apps\swreg.exe C:\SDFIX\SDFix\apps\swsc.exe C:\SDFIX\SDFix\apps\unzip.exe C:\SDFIX\SDFix\apps\vfind.exe C:\SDFIX\SDFix\apps\WINMSG.EXE C:\SDFIX\SDFix\apps\winsec.reg C:\SDFIX\SDFix\apps\zip.exe C:\SDFIX\SDFix\backups\attrib.exe C:\SDFIX\SDFix\backups\backupreg.zip C:\SDFIX\SDFix\backups\backups.zip C:\SDFIX\SDFix\backups\find.exe C:\SDFIX\SDFix\backups\findstr.exe C:\SDFIX\SDFix\backups\HOSTS C:\SDFIX\SDFix\backups\regedit.exe C:\SDFIX\SDFix\catchme.exe C:\SDFIX\SDFix\dummy.exe C:\SDFIX\SDFix\dummy.sys C:\SDFIX\SDFix\Report.txt C:\SDFIX\SDFix\RunThis.bat C:\SDFIX\SDFix\SDFIX_ReadMe_Online.url C:\WINDOWS\system32\drivers\ohhbeguc.dat C:\WINDOWS\system32\svchost.exe.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_OJYBATUV -------\ojybatuv ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))))))) . 2008-02-23 19:07 . 2008-02-23 19:07 250 --a------ C:\WINDOWS\gmer.ini 2008-02-23 18:52 . 2008-02-23 18:52 <REP> d-------- C:\WINDOWS\ERUNT 2008-02-22 14:38 . 2008-02-22 14:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-22 14:38 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-22 12:09 . 2008-02-22 12:09 <REP> d-------- C:\Program Files\Avira 2008-02-22 12:09 . 2008-02-22 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-18 16:24 . 2008-02-18 16:24 <REP> d-------- C:\Program Files\Yahoo! 2008-02-18 16:24 . 2008-02-18 16:24 <REP> d-------- C:\Program Files\CCleaner . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-18 15:45 --------- d-----w C:\Program Files\Alwil Software 2008-02-18 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-23 13:11 21,504 ----a-w C:\WINDOWS\jestertb.dll 2007-12-23 09:43 14,336 ----a-w C:\WINDOWS\system32\svchost.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-03 03:29 2904064] "nwiz"="nwiz.exe" [2004-03-03 03:29 782336 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-03-03 03:29 46080] "Install_Choix"="D:\choix.exe" [ ] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 02:52 36975] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 18:45 35328] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-22 12:33 249896] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\svchost.exe"= R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-12 03:47] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-12 02:40] R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-02 22:18] S3 ATMELFVNETusb(505A_2958)®;ATMEL FVNETusb(505A_2958)® Service for ATMEL USB FastVNET (505A);C:\WINDOWS\system32\DRIVERS\vnet5a8x.sys [2003-07-23 13:03] S3 ATMELFVNETusb(AR)®;ATMEL FVNETusb(AR)® Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2003-04-05 06:33] S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2003-04-01 09:23] *Newly Created Service* - PCANDIS5 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-03 14:49:18 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe . ************************************************************************** . Temps d'accomplissement: 2008-03-03 14:51:44 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-03 13:51:09 ComboFix2.txt 2008-02-25 16:48:12 On touche au but ?
  5. szbouby
    plus de nouvelles, bonnes nouvelles ???
  6. szbouby
    voilà, j'ai passé combofix. Voici le rapport ComboFix 08-02-25.3 - Hervé 2008-02-25 17:44:09.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.234 [GMT 1:00] Endroit: C:\Documents and Settings\Hervé\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ADS - ntoskrnl.exe: deleted 68 bytes in 1 streams. ADS - explorer.exe: deleted 132 bytes in 1 streams. ((((((((((((((((((((((((((((( Fichiers créés 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))))))) . 2008-02-23 19:07 . 2008-02-23 19:07 250 --a------ C:\WINDOWS\gmer.ini 2008-02-23 18:52 . 2008-02-23 18:52 <REP> d-------- C:\WINDOWS\ERUNT 2008-02-23 18:49 . 2008-02-23 18:49 <REP> d-------- C:\SDFIX 2008-02-22 14:38 . 2008-02-22 14:38 <REP> d-------- C:\Documents and Settings\Hervé\Application Data\Grisoft 2008-02-22 14:38 . 2008-02-22 14:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-22 14:38 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-22 12:09 . 2008-02-22 12:09 <REP> d-------- C:\Program Files\Avira 2008-02-22 12:09 . 2008-02-22 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-18 16:24 . 2008-02-18 16:24 <REP> d-------- C:\Program Files\Yahoo! 2008-02-18 16:24 . 2008-02-18 16:24 <REP> d-------- C:\Program Files\CCleaner . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-22 11:05 14,336 ----a-w C:\WINDOWS\system32\svchost.exe.tmp 2008-02-18 16:10 19,584 ----a-w C:\WINDOWS\system32\drivers\ohhbeguc.dat 2008-02-18 15:45 --------- d-----w C:\Program Files\Alwil Software 2008-02-18 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-28 09:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2007-12-23 13:11 21,504 ----a-w C:\WINDOWS\jestertb.dll 2007-12-23 09:43 14,336 ----a-w C:\WINDOWS\system32\svchost.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1817234B-E5C0-4C91-91C2-DB14F3DB3823}] C:\WINDOWS\system32\appmg.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-03 03:29 2904064] "nwiz"="nwiz.exe" [2004-03-03 03:29 782336 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-03-03 03:29 46080] "Install_Choix"="D:\choix.exe" [ ] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 02:52 36975] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 18:45 35328] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-22 12:33 249896] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] C:\Documents and Settings\Herv‚\Menu D‚marrer\Programmes\D‚marrage\ Moniteur & Configuration.lnk - C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe [2003-10-01 15:27:44 450560] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Sagem - Utilitaire r‚seau pour Cl‚ USB Wi-Fi 802.11g.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2005-06-19 19:01:27 679936] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\svchost.exe"= R0 ojybatuv;ojybatuv;C:\WINDOWS\system32\drivers\ohhbeguc.dat [] R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-12 03:47] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-12 02:40] R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-02 22:18] S3 ATMELFVNETusb(505A_2958)®;ATMEL FVNETusb(505A_2958)® Service for ATMEL USB FastVNET (505A);C:\WINDOWS\system32\DRIVERS\vnet5a8x.sys [2003-07-23 13:03] S3 ATMELFVNETusb(AR)®;ATMEL FVNETusb(AR)® Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2003-04-05 06:33] S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2003-04-01 09:23] *Newly Created Service* - PCANDIS5 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-25 17:46:22 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... C:\WINDOWS\system32\svchost.exe.tmp:ext.exe 28674 bytes executable Scan terminé avec succès Les fichiers cachés: 1 ************************************************************************** . Temps d'accomplissement: 2008-02-25 17:48:11 Pour le fichier, dsl mais je ne l'ai pas trouvé... pourtant j'affiche ts les fichiers....
  7. szbouby
    Bonsoir Pour répondre à la première question, je suis bien en ip Free. En revanche le PC infecté se connecte habituellement via Livebox d'où la confusion. On va dire qu'il est en convalescence chez moi Sinon, je n'ai pas pu uploader le fichier car il n'y est plus. Il restait que celui ci ntfyapp.config avanty que je lance SDFIX et Gmer . Voici les rapports : SDFix: Version 1.145 Run by Herv‚ on 23/02/2008 at 18:54 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFIX\SDFix Checking Services : Name: FCI runtime symavc32 SysLibrary Path: C:\WINDOWS\system32\svchost.exe:ext.exe \??\C:\WINDOWS\System32\drivers\runtime.sys \??\C:\WINDOWS\system32\drivers\symavc32.sys \??\C:\WINDOWS\system32\DefLib.sys FCI - Deleted runtime - Deleted symavc32 - Deleted SysLibrary - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\3D.TMP - Deleted C:\3E.TMP - Deleted C:\3F.TMP - Deleted C:\40.TMP - Deleted C:\41.TMP - Deleted C:\42.TMP - Deleted C:\43.TMP - Deleted C:\44.TMP - Deleted C:\45.TMP - Deleted C:\SVCIPA.EXE - Deleted C:\WINDOWS\ntfyapp.config - Deleted C:\WINDOWS\system32\svcp.csv - Deleted C:\WINDOWS\system32\winsub.xml - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-23 18:58:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\system32\svchost.exe.tmp:ext.exe 28674 bytes executable scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 3 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost" "C:\\WINDOWS\\ntfyapp.exe"="C:\\WINDOWS\\ntfyapp.exe:*:Enabled:enable" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\ntfyapp.exe"="C:\\WINDOWS\\ntfyapp.exe:*:Enabled:enable" Remaining Files : File Backups: - C:\SDFIX\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 26 Dec 2006 33,792 ...H. --- "C:\Documents and Settings\Herv‚\Mes documents\Boulot\~WRL0459.tmp" Tue 26 Dec 2006 37,376 ...H. --- "C:\Documents and Settings\Herv‚\Mes documents\Boulot\~WRL1750.tmp" Tue 26 Dec 2006 29,696 ...H. --- "C:\Documents and Settings\Herv‚\Mes documents\Boulot\~WRL2095.tmp" Tue 26 Dec 2006 25,600 ...H. --- "C:\Documents and Settings\Herv‚\Mes documents\Boulot\~WRL2800.tmp" Tue 26 Dec 2006 28,160 ...H. --- "C:\Documents and Settings\Herv‚\Mes documents\Boulot\~WRL2958.tmp" Finished! GMER 1.0.14.14116 - http://www.gmer.net Rootkit scan 2008-02-23 19:12:55 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT F8B22AEC ZwCreateThread SSDT F8B22AD8 ZwOpenProcess SSDT F8B22ADD ZwOpenThread SSDT F8B22AE7 ZwTerminateProcess SSDT F8B22AE2 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.14 ---- PAGE ntoskrnl.exe!RtlCopySid + FF 805671BA 7 Bytes JMP F87B62C6 ohhbeguc.dat ? ohhbeguc.dat Le fichier spécifié est introuvable. ! ? C:\DOCUME~1\HERV~1\LOCALS~1\Temp\catchme.sys Le fichier spécifié est introuvable. ! ---- Services - GMER 1.0.14 ---- Service system32\drivers\ohhbeguc.dat (*** hidden *** ) [bOOT] ojybatuv <-- ROOTKIT !!! ---- Files - GMER 1.0.14 ---- ADS C:\WINDOWS\system32\svchost.exe.tmp:ext.exe 28674 bytes executable ---- EOF - GMER 1.0.14 ---- et un petit HJ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:31:42, on 23/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Hervé\Mes documents\logiciels\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1817234B-E5C0-4C91-91C2-DB14F3DB3823} - C:\WINDOWS\system32\appmg.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [install_Choix] D:\choix.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Moniteur & Configuration.lnk = ? O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120384046921 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.157.152.82/AxisCamControl.ocx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domaine.barbot O17 - HKLM\Software\..\Telephony: DomainName = domaine.barbot O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domaine.barbot O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domaine.barbot O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6402 bytes Vouilou pour ce soir. on va essayer d'oublier les malwares et autres worm et passer un bon samedi soir
  8. szbouby
    Bonjour ZONK Merci pour ce tuto très précis. J'ai donc suivi le guide et fait toutes les actions recommandées . J'ai fait le choix de virer mon Avast au profit d'antivir qui il est vrai est une bombe Voici mes rapports ---------- MSE ------------ AntiVir PersonalEdition Classic Report file date: vendredi 22 février 2008 14:52 Scanning for 1119683 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Hervé Computer name: BARBOT-1A3597E9 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 11:33:51 ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 11:33:51 ANTIVIR3.VDF : 7.0.2.177 325632 Bytes 22/02/2008 11:33:51 AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 22/02/2008 11:33:51 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 22/02/2008 11:33:51 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: F:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 22 février 2008 14:52 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '59' files ). Starting the file scan: Begin scan in 'C:\' C:\38.tmp [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.no [iNFO] The file was moved to '47ecd3e4.qua'! C:\39.tmp [DETECTION] Contains detection pattern of the worm WORM/Mydoom.BO.1 [iNFO] The file was moved to '47ecd3e7.qua'! C:\3A.tmp [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '47ecd3f2.qua'! C:\pagefile.sys [WARNING] The file could not be opened! C:\C_DILLA\setup\_install.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.nn [iNFO] The file was moved to '482cd41e.qua'! C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47ecd3e4.qua [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.no [iNFO] The file was moved to '4823d3f6.qua'! C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47ecd3e7.qua [DETECTION] Contains detection pattern of the worm WORM/Mydoom.BO.1 [iNFO] The file was moved to '494f8b6f.qua'! C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47ecd3f2.qua [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '4823d3f7.qua'! C:\Documents and Settings\Hervé\Mes documents\boulot olivier\_install.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.nn [iNFO] The file was moved to '482cd446.qua'! C:\WINDOWS\system32\shift.exe.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.nn [iNFO] The file was moved to '4827dcc0.qua'! Begin scan in 'F:\' End of the scan: vendredi 22 février 2008 15:35 Used time: 42:36 min The scan has been done completely. 2429 Scanning directories 243079 Files were scanned 9 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 9 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 243070 Files not concerned 931 Archives were scanned 1 Warnings 0 Notes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - A V G A n t i - S p y w a r e - R a p p o r t d ' a n a l y s e - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + C r é é à : 1 6 : 1 4 : 1 7 2 2 / 0 2 / 2 0 0 8 + R é s u l t a t d e l ' a n a l y s e : C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 8 5 0 F B 7 7 B - 4 6 0 4 - 4 7 3 0 - 9 D D A - A E 6 7 3 0 7 F F F 2 E } \ R P 9 2 \ A 0 1 3 0 7 7 6 . s y s - > R o o t k i t . A g e n t . p r : A u c u n e a c t i o n e n t r e p r i s e . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 8 5 0 F B 7 7 B - 4 6 0 4 - 4 7 3 0 - 9 D D A - A E 6 7 3 0 7 F F F 2 E } \ R P 9 3 \ A 0 1 3 7 3 9 3 . e x e : e x t . e x e - > T r o j a n . A g e n t . d k y : A u c u n e a c t i o n e n t r e p r i s e . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 8 5 0 F B 7 7 B - 4 6 0 4 - 4 7 3 0 - 9 D D A - A E 6 7 3 0 7 F F F 2 E } \ R P 9 4 \ A 0 1 3 7 5 0 9 . d l l - > T r o j a n . B H O . a g z : A u c u n e a c t i o n e n t r e p r i s e . F i n d u r a p p o r t Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:17:03, on 22/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Documents and Settings\Hervé\Mes documents\logiciels\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1817234B-E5C0-4C91-91C2-DB14F3DB3823} - C:\WINDOWS\system32\appmg.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [install_Choix] D:\choix.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ntfyapp] C:\WINDOWS\ntfyapp.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Moniteur & Configuration.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120384046921 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.157.152.82/AxisCamControl.ocx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domaine.barbot O17 - HKLM\Software\..\Telephony: DomainName = domaine.barbot O17 - HKLM\System\CCS\Services\Tcpip\..\{26C210A7-17B7-4946-A995-903B087447BB}: NameServer = 202.40.171.30 O17 - HKLM\System\CCS\Services\Tcpip\..\{7AF49F00-AE0A-443E-AC73-4D99A22F885F}: NameServer = 202.40.171.30 O17 - HKLM\System\CCS\Services\Tcpip\..\{985D3C75-7595-4F34-92A0-36838500D60E}: NameServer = 202.40.171.30 O17 - HKLM\System\CCS\Services\Tcpip\..\{B84F8CE3-C37C-4B04-8754-BC8BBA451489}: NameServer = 202.40.171.30 O17 - HKLM\System\CCS\Services\Tcpip\..\{BAFEF51C-6C5D-444E-B125-851073DECBDE}: NameServer = 202.40.171.30 O17 - HKLM\System\CCS\Services\Tcpip\..\{CEDD6BDA-DBF4-4C01-A5CC-D46564CEDE06}: NameServer = 202.40.171.30 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domaine.barbot O17 - HKLM\System\CS1\Services\Tcpip\..\{26C210A7-17B7-4946-A995-903B087447BB}: NameServer = 202.40.171.30 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domaine.barbot O17 - HKLM\System\CS2\Services\Tcpip\..\{26C210A7-17B7-4946-A995-903B087447BB}: NameServer = 202.40.171.30 O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6552 bytes ------------------------ et le HiJack en mode normal --------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:20:37, on 22/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Hervé\Mes documents\logiciels\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1817234B-E5C0-4C91-91C2-DB14F3DB3823} - C:\WINDOWS\system32\appmg.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [install_Choix] D:\choix.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ntfyapp] C:\WINDOWS\ntfyapp.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Moniteur & Configuration.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120384046921 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.157.152.82/AxisCamControl.ocx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domaine.barbot O17 - HKLM\Software\..\Telephony: DomainName = domaine.barbot O17 - HKLM\System\CCS\Services\Tcpip\..\{26C210A7-17B7-4946-A995-903B087447BB}: NameServer = 202.40.171.30 O17 - HKLM\System\CCS\Services\Tcpip\..\{7AF49F00-AE0A-443E-AC73-4D99A22F885F}: NameServer = 202.40.171.30 O17 - HKLM\System\CCS\Services\Tcpip\..\{985D3C75-7595-4F34-92A0-36838500D60E}: NameServer = 202.40.171.30 O17 - HKLM\System\CCS\Services\Tcpip\..\{B84F8CE3-C37C-4B04-8754-BC8BBA451489}: NameServer = 202.40.171.30 O17 - HKLM\System\CCS\Services\Tcpip\..\{BAFEF51C-6C5D-444E-B125-851073DECBDE}: NameServer = 202.40.171.30 O17 - HKLM\System\CCS\Services\Tcpip\..\{CEDD6BDA-DBF4-4C01-A5CC-D46564CEDE06}: NameServer = 202.40.171.30 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domaine.barbot O17 - HKLM\System\CS1\Services\Tcpip\..\{26C210A7-17B7-4946-A995-903B087447BB}: NameServer = 202.40.171.30 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domaine.barbot O17 - HKLM\System\CS2\Services\Tcpip\..\{26C210A7-17B7-4946-A995-903B087447BB}: NameServer = 202.40.171.30 O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 7616 bytes J'attends donc l'aval de l'équipe sécurité avant de crier victoire Encore merci à toi et longue vie à Zebulon !!!!
  9. szbouby
    Bonjour à tous, Voilà j'ai un souci avec mon ordinateur. Au bout de quelques minutes, la CPU se met à monter en flèche pour rester à 100% quasiement tout le temps. J'ai l'impression qu'il y a un souci avec avast qui n'arrête pas de scanner des mails sortant. J'ai donc mis à jour l'antivirus mais rien n'y fait (j'ai lu votre article et je vais passer à antivir une fois le problème résolu) J'ai fait une analyse avec CCcleaner et Spybot, aucun résultat. Le problème persiste. Voici donc mon rapport HiJack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:09:20, on 18/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ntfyapp.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\Hervé\Mes documents\logiciels\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1817234B-E5C0-4C91-91C2-DB14F3DB3823} - C:\WINDOWS\system32\appmg.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [install_Choix] D:\choix.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ntfyapp] C:\WINDOWS\ntfyapp.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Moniteur & Configuration.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120384046921 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.157.152.82/AxisCamControl.ocx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domaine.barbot O17 - HKLM\Software\..\Telephony: DomainName = domaine.barbot O17 - HKLM\System\CCS\Services\Tcpip\..\{26C210A7-17B7-4946-A995-903B087447BB}: NameServer = 202.40.171.30 O17 - HKLM\System\CCS\Services\Tcpip\..\{7AF49F00-AE0A-443E-AC73-4D99A22F885F}: NameServer = 202.40.171.30 O17 - HKLM\System\CCS\Services\Tcpip\..\{985D3C75-7595-4F34-92A0-36838500D60E}: NameServer = 202.40.171.30 O17 - HKLM\System\CCS\Services\Tcpip\..\{B84F8CE3-C37C-4B04-8754-BC8BBA451489}: NameServer = 202.40.171.30 O17 - HKLM\System\CCS\Services\Tcpip\..\{BAFEF51C-6C5D-444E-B125-851073DECBDE}: NameServer = 202.40.171.30 O17 - HKLM\System\CCS\Services\Tcpip\..\{CEDD6BDA-DBF4-4C01-A5CC-D46564CEDE06}: NameServer = 202.40.171.30 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domaine.barbot O17 - HKLM\System\CS1\Services\Tcpip\..\{26C210A7-17B7-4946-A995-903B087447BB}: NameServer = 202.40.171.30 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domaine.barbot O17 - HKLM\System\CS2\Services\Tcpip\..\{26C210A7-17B7-4946-A995-903B087447BB}: NameServer = 202.40.171.30 O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Audio Windows (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: Services de cryptographie (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Lanceur de processus serveur DCOM (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Service de rapport d'erreurs (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Système d'événements de COM+ (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe O23 - Service: Aide et support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: NLA (Network Location Awareness) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Stockage amovible (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Accès à distance au Registre (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Appel de procédure distante (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Connexion secondaire (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Notification d'événement système (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Pare-feu Windows / Partage de connexion Internet (SharedAccess) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Détection matériel noyau (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Service de restauration système (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Service de découvertes SSDP (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Acquisition d'image Windows (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Téléphonie (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Services Terminal Server (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Thèmes (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Hôte de périphérique universel Plug-and-Play (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Infrastructure de gestion Windows (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Service de numéro de série du lecteur multimédia portable (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Centre de sécurité (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Configuration automatique sans fil (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Service d'approvisionnement réseau (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe -- End of file - 12241 bytes Je ne suis pas assez expert pour l'interprêter et déterminer les lignes à fixer. Pouvez vous m'aider dans l'analyse du rapport ? Un grand merci
×
×
  • Créer...