Aller au contenu

yecro

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    16

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    français

yecro's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. yecro
    Bonjour, Avec Ad Aware, il y a marqué Win 32 Trojan.agent malware Process File : c document Process Process hask File (3 fois) Registry entry Root : HKLM Path SYSTEM (6 fois) En ce qui concerne Spybot, je l'ai téléchargé, mais impossible de le lancer. Cela m'a généré une page bleu au démarrage de l'ordinateur : 0x00000050 (0xFFFFFFF0, 0x00000000, 0x8052570D, 0x00000000). De plus, l'ordinateur ne veut parfois pas s'éteindre normallement. Que faire désormais, merci d'avance.
  2. yecro
    Rien n'a changé. Je ne peux toujours pas téléchargé antivir, spybot. Le seul qui marche est ad-aware(c'était impossible avant), quand je fais un scan, il indique que j'ai Win 32.Trojan.agent malware et Win 32.Generic.PWS moritoring Tool. Je les supprime mais ils sont toujours là.
  3. yecro
    As-tu bien reçu le fichier que j'ai envoyé ? Merci d'avance.
  4. yecro
    le fichier -4-Submit-2008 fait 443 ko
  5. yecro
    Voici le rapport combofix ComboFix 08-07-05.1 - MAZARD Cécile 2008-07-08 19:32:02.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.981 [GMT 2:00] Endroit: C:\Documents and Settings\MAZARD Cécile\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\MAZARD Cécile\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w1584fab.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w25e15b4.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w2fe27dc.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w38d6238.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w7ea9038.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w8188abc.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w935c943.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))))))) . 2008-07-08 07:03 . 2008-07-08 07:03 <REP> d-------- C:\SBOT 2008-07-06 17:11 . 2008-07-06 17:11 <REP> d-------- C:\Documents and Settings\MAZARD CÚcile 2008-07-06 09:59 . 2008-07-06 09:59 <REP> d-------- C:\Program Files\Lavasoft 2008-07-06 09:59 . 2008-07-06 10:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-06 09:31 . 2008-07-06 09:31 <REP> d-------- C:\Program Files\AxBx 2008-07-05 21:30 . 2008-07-06 09:01 <REP> d-------- C:\Program Files\Mozilla Thunderbird 2008-07-05 21:30 . 2008-07-05 21:30 <REP> d-------- C:\Documents and Settings\MAZARD Cécile\Application Data\Thunderbird 2008-07-05 21:30 . 2008-07-05 21:30 <REP> d-------- C:\Documents and Settings\MAZARD Cécile\Application Data\Thunderbird 2008-07-05 21:30 . 2008-07-05 21:30 <REP> d-------- C:\Documents and Settings\MAZARD Cécile\Application Data\Thunderbird 2008-07-05 17:51 . 2008-07-05 17:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-05 17:51 . 2008-07-05 17:51 <REP> d-------- C:\Documents and Settings\MAZARD Cécile\Application Data\Malwarebytes 2008-07-05 17:51 . 2008-07-05 17:51 <REP> d-------- C:\Documents and Settings\MAZARD Cécile\Application Data\Malwarebytes 2008-07-05 17:51 . 2008-07-05 17:51 <REP> d-------- C:\Documents and Settings\MAZARD Cécile\Application Data\Malwarebytes 2008-07-05 17:51 . 2008-07-05 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-05 17:51 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-05 17:51 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-05 17:14 . 2008-07-06 15:02 98,304 --a------ C:\WINDOWS\DUMP7e19.tmp 2008-07-05 17:14 . 2008-07-06 15:45 98,304 --a------ C:\WINDOWS\DUMP56da.tmp 2008-07-05 06:21 . 2008-07-05 06:21 <REP> d-------- C:\SDfix 2008-07-04 07:57 . 2008-07-04 08:09 <REP> d-------- C:\Combo-Fix 2008-06-22 10:53 . 2008-06-22 11:47 132,401,704 --a------ C:\Micro Hebdo No 527 du 22 au 28 Mai 2008 - Bignames.pdf 2008-06-22 10:51 . 2008-06-22 11:52 69,809,990 --a------ C:\Micro Hebdo No 525 du 8 au 14 Mai 2008 - Bignames.pdf 2008-06-22 10:50 . 2008-06-22 12:34 130,116,482 --a------ C:\Micro Hebdo No 526 du 15 au 21 Mai 2008 - Bignames.pdf 2008-06-22 10:45 . 2008-06-22 10:45 <REP> d-------- C:\Micro Hebdo No 528-529-530 du 29 Mai au 18 Juin 2008 - Bignames 2008-06-21 20:31 . 2008-06-21 20:31 <REP> d-------- C:\Program Files\a-squared Free 2008-06-14 17:32 . 2008-07-07 21:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-14 17:32 . 2008-06-14 17:32 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-11 07:35 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 07:35 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-08 17:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-07-08 10:48 --------- d-----w C:\Documents and Settings\MAZARD Cécile\Application Data\WTablet 2008-07-08 10:48 --------- d-----w C:\Documents and Settings\MAZARD Cécile\Application Data\WTablet 2008-07-08 10:48 --------- d-----w C:\Documents and Settings\MAZARD Cécile\Application Data\WTablet 2008-07-08 05:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-07 22:52 --------- d-----w C:\Documents and Settings\MAZARD Cécile\Application Data\Azureus 2008-07-07 22:52 --------- d-----w C:\Documents and Settings\MAZARD Cécile\Application Data\Azureus 2008-07-07 22:52 --------- d-----w C:\Documents and Settings\MAZARD Cécile\Application Data\Azureus 2008-07-06 11:32 --------- d-----w C:\Program Files\CCleaner 2008-07-06 07:58 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-07-05 22:53 --------- d-----w C:\Program Files\eMule 2008-07-05 19:10 --------- d-----w C:\Program Files\IncrediMail 2008-07-05 17:05 --------- d-----w C:\Program Files\Motorola Phone Tools 2008-06-20 14:50 --------- d-----w C:\Program Files\Corel 2008-06-20 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel 2008-06-20 13:58 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-05-29 20:48 4,398 -c--a-w C:\Program Files\FLORIAN.txt 2008-05-28 04:35 150,808 ----a-w C:\Documents and Settings\MAZARD Cécile\Application Data\GDIPFONTCACHEV1.DAT 2008-05-28 04:35 150,808 ----a-w C:\Documents and Settings\MAZARD Cécile\Application Data\GDIPFONTCACHEV1.DAT 2008-05-28 04:35 150,808 ----a-w C:\Documents and Settings\MAZARD Cécile\Application Data\GDIPFONTCACHEV1.DAT 2008-05-23 15:36 --------- d-----w C:\Program Files\ONES Trial (F) 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-10 04:53 --------- d-----w C:\Documents and Settings\MAZARD Cécile\Application Data\WinPatrol 2008-05-10 04:53 --------- d-----w C:\Documents and Settings\MAZARD Cécile\Application Data\WinPatrol 2008-05-10 04:53 --------- d-----w C:\Documents and Settings\MAZARD Cécile\Application Data\WinPatrol 2008-05-09 11:54 --------- d-----w C:\Program Files\Yahoo! 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 19:00 360,064 ----a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-05-03 18:13 172,032 ----a-w C:\WINDOWS\ALCMTR.EXE 2008-04-30 12:17 116,224 ---h--w C:\Documents and Settings\MAZARD Cécile\bselyn.exe 2008-04-30 12:17 116,224 ---h--w C:\Documents and Settings\MAZARD Cécile\bselyn.exe 2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-03-06 10:56 1,140,304 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe 2005-08-30 15:01 8 -c--a-w C:\Program Files\nomutil.txt 1999-12-13 15:38 192,512 ----a-r C:\WINDOWS\inf\AGFA\Message.exe 2006-01-05 17:57 104 -csh--r C:\WINDOWS\system32\18EFB78CAF.sys 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot@2008-07-04_ 8.06.35,84 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-04 05:27:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-08 10:47:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2004-08-05 13:00:00 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe + 2004-08-05 13:00:00 10,752 ----a-w C:\WINDOWS\system32\dllcache\dumprep.exe + 2004-08-05 13:00:00 39,424 ----a-w C:\WINDOWS\system32\dllcache\grpconv.exe + 2004-08-05 13:00:00 153,088 ----a-w C:\WINDOWS\system32\dllcache\regedit.exe + 2008-04-29 09:19:50 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys + 2008-04-29 09:19:54 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys + 2008-04-29 09:20:00 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys - 2004-03-17 14:10:40 176,640 ----a-w C:\WINDOWS\system32\Hdaudpropshortcut.exe + 2004-03-17 14:10:40 233,984 ----a-w C:\WINDOWS\system32\Hdaudpropshortcut.exe - 2008-07-04 05:32:35 79,740 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-07-08 10:52:52 79,740 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-07-04 05:32:35 93,284 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-07-08 10:52:52 93,284 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-07-04 05:32:35 444,892 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-07-08 10:52:52 444,892 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-07-04 05:32:35 512,732 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-07-08 10:52:52 512,732 ----a-w C:\WINDOWS\system32\perfh00C.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1] @="{E4000AC4-5E5F-4956-807A-C5854405D64F}" [HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}] %SystemRoot%\system32\VirtualExpander\VEShellExt.dll [bU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-12-20 21:03 151552] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] "SpybotSD TeaTimer"="C:\SBOT\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 22:10 454656] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 12:10 167936] "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2004-03-04 15:08 356352] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 578048] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-02-28 21:25 294912] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 524288] "WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-10-05 15:23 222784] "ACTIVBOARD"="c:\APPS\ABOARD\ABOARD.EXE" [2003-05-02 11:31 139264] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 339968] "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 233984 C:\WINDOWS\system32\Hdaudpropshortcut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360] "EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-12-20 21:03 151552] C:\Documents and Settings\MAZARD C‚cile\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 171008] VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [2005-08-12 19:31:03 487424] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Hyperappel de l'Encyclop‚die Universelle Larousse.lnk - C:\Program Files\Larousse\Encyclop‚die Universelle Larousse\bin\hyperappel.exe [2005-08-06 09:16:22 110592] Microsoft Office.lnk - C:\Program Files\microsoft office\office10\OSA.EXE [2001-02-13 10:01:04 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoBandCustomize"= 0 (0x0) "NoMovingBands"= 0 (0x0) "NoCloseDragDropBands"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.CSCD"= camcodec.dll "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SymWSC"=2 (0x2) "SNDSrvc"=2 (0x2) "SBService"=2 (0x2) "SAVScan"=2 (0x2) "navapsvc"=2 (0x2) "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccProxy"=2 (0x2) "ccEvtMgr"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe"= "%ProgramFiles%\\AOL 9.0\\aol.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\APPS\\Inventime\\my.exe"= "C:\\WINDOWS\\system32\\HDAudPropShortcut.exe"= "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "C:\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"= "C:\\Apps\\Powercinema\\PCMService.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Apps\\EZHome\\EZStatus.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\WINDOWS\\system32\\ctfmon.exe"= "C:\\WINDOWS\\system32\\userinit.exe"= "C:\\WINDOWS\\system32\\PSDrvCheck.exe"= "C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE"= "C:\\ComboFix\\nircmd.com"= "C:\\Program Files\\Morgan\\Azureus\\Azureus.exe"= "C:\\WINDOWS\\system32\\WTablet\\Wacom_TabletUser.exe"= "C:\\WINDOWS\\system32\\VirtualExpander\\VirtualExpander.exe"= R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 02:38] R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 17:07] R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 12:40] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 10:11] R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 12:17] R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-08 18:58] R3 dpti930;dpti930;C:\WINDOWS\system32\drivers\ohroqi.sys [] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30] R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11] S3 Conrvid;Conrvid;C:\WINDOWS\system32\drivers\ql1280.sys [2001-08-17 22:52] S4 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34] S4 Pixar License Server;Pixar License Server;C:\Program Files\Pixar\license-2.0\lmgrd.exe [] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-08 19:35:56 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime] "ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime" . Temps d'accomplissement: 2008-07-08 19:38:19 ComboFix-quarantined-files.txt 2008-07-08 17:38:02 ComboFix2.txt 2008-07-07 17:27:45 ComboFix3.txt 2008-07-06 15:11:35 ComboFix4.txt 2008-07-04 06:08:59 Pre-Run: 14,046,552,064 octets libres Post-Run: 14,190,706,688 octets libres 236 --- E O F --- 2008-06-20 05:33:37 et le rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:42:49, on 08/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Alias\Maya7.0\docs\wrapper.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\Program Files\QuickTime\qttask.exe C:\Apps\EZHome\EZStatus.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\CMD.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\MAZARD Cécile\Bureau\vazyjack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SBOT\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [ACTIVBOARD] c:\APPS\ABOARD\ABOARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [EzStatus] C:\Apps\EZHome\EZStatus.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\SBOT\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SBOT\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SBOT\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1C1C4D34-0D8D-4DA6-A9DF-FD2E32B85943}: NameServer = 212.27.54.252,212.27.53.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{1C1C4D34-0D8D-4DA6-A9DF-FD2E32B85943}: NameServer = 212.27.54.252,212.27.53.252 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 10417 bytes Quelle est la marche à suivre désormais? merci
  6. yecro
    J'ai essayé plusieurs fois (à plusieurs moments), il n'y a rien à faire. Je ne peux pas y accéder. Que faire?
  7. yecro
    Impossible de se connecter sur ce site.
  8. yecro
    Je ne peux pas faire le test de mémoire. Je n'ai pas de lecteur de disquette et mon graveur de CD ne marche pas.
  9. yecro
    Voici le rapport de combo fix ComboFix 08-07-05.1 - MAZARD Cécile 2008-07-06 16:52:33.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1033 [GMT 2:00] Endroit: C:\Documents and Settings\MAZARD Cécile\Bureau\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))))))) . 2008-07-06 09:59 . 2008-07-06 09:59 <REP> d-------- C:\Program Files\Lavasoft 2008-07-06 09:59 . 2008-07-06 10:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-06 09:31 . 2008-07-06 09:31 <REP> d-------- C:\Program Files\AxBx 2008-07-05 21:30 . 2008-07-06 09:01 <REP> d-------- C:\Program Files\Mozilla Thunderbird 2008-07-05 17:51 . 2008-07-05 17:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-05 17:51 . 2008-07-05 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-05 17:51 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-05 17:51 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-05 17:14 . 2008-07-06 15:02 98,304 --a------ C:\WINDOWS\DUMP7e19.tmp 2008-07-05 17:14 . 2008-07-06 15:45 98,304 --a------ C:\WINDOWS\DUMP56da.tmp 2008-07-05 06:21 . 2008-07-05 06:21 <REP> d-------- C:\SDfix 2008-07-04 07:57 . 2008-07-04 08:09 <REP> d-------- C:\Combo-Fix 2008-06-22 10:53 . 2008-06-22 11:47 132,401,704 --a------ C:\Micro Hebdo No 527 du 22 au 28 Mai 2008 - Bignames.pdf 2008-06-22 10:51 . 2008-06-22 11:52 69,809,990 --a------ C:\Micro Hebdo No 525 du 8 au 14 Mai 2008 - Bignames.pdf 2008-06-22 10:50 . 2008-06-22 12:34 130,116,482 --a------ C:\Micro Hebdo No 526 du 15 au 21 Mai 2008 - Bignames.pdf 2008-06-22 10:45 . 2008-06-22 10:45 <REP> d-------- C:\Micro Hebdo No 528-529-530 du 29 Mai au 18 Juin 2008 - Bignames 2008-06-21 20:31 . 2008-06-21 20:31 <REP> d-------- C:\Program Files\a-squared Free 2008-06-14 17:32 . 2008-07-05 15:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-14 17:32 . 2008-06-14 17:32 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-11 07:35 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 07:35 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-06 11:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-07-06 11:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-06 11:32 --------- d-----w C:\Program Files\CCleaner 2008-07-06 07:58 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-07-05 22:53 --------- d-----w C:\Program Files\eMule 2008-07-05 19:10 --------- d-----w C:\Program Files\IncrediMail 2008-07-05 17:05 --------- d-----w C:\Program Files\Motorola Phone Tools 2008-06-20 14:50 --------- d-----w C:\Program Files\Corel 2008-06-20 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel 2008-06-20 13:58 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-05-29 20:48 4,398 -c--a-w C:\Program Files\FLORIAN.txt 2008-05-23 15:36 --------- d-----w C:\Program Files\ONES Trial (F) 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-09 11:54 --------- d-----w C:\Program Files\Yahoo! 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 19:00 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2008-05-07 19:00 360,064 ----a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-05-03 18:13 172,032 ----a-w C:\WINDOWS\ALCMTR.EXE 2008-04-30 12:17 81,408 ----a-w C:\kyprxc.exe 2008-04-30 12:17 71,168 ----a-w C:\wtddpbtx.exe 2008-04-30 12:17 61,440 ----a-w C:\mkdm.exe 2008-04-30 12:17 131,584 ----a-w C:\ergmoed.exe 2008-04-30 12:17 116,224 ----a-w C:\WINDOWS\system32\xchv.exe 2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-03-06 10:56 1,140,304 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe 2005-08-30 15:01 8 -c--a-w C:\Program Files\nomutil.txt 1999-12-13 15:38 192,512 ----a-r C:\WINDOWS\inf\AGFA\Message.exe 2006-01-05 17:57 104 -csh--r C:\WINDOWS\system32\18EFB78CAF.sys 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot@2008-07-04_ 8.06.35,84 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-04 05:27:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-06 15:01:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE - 2004-08-05 13:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe + 2004-08-05 13:00:00 72,704 ----a-w C:\WINDOWS\system32\ctfmon.exe + 2008-04-29 09:19:50 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys + 2008-04-29 09:19:54 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys + 2008-04-29 09:20:00 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys - 2004-08-05 13:00:00 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe + 2004-08-05 13:00:00 512,512 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe - 2008-07-04 05:32:35 79,740 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-07-06 13:51:58 79,740 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-07-04 05:32:35 93,284 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-07-06 13:51:58 93,284 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-07-04 05:32:35 444,892 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-07-06 13:51:58 444,892 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-07-04 05:32:35 512,732 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-07-06 13:51:58 512,732 ----a-w C:\WINDOWS\system32\perfh00C.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1] @="{E4000AC4-5E5F-4956-807A-C5854405D64F}" [HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}] %SystemRoot%\system32\VirtualExpander\VEShellExt.dll [bU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-12-20 21:03 151552] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 22:10 454656] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 12:10 167936] "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2004-03-04 15:08 356352] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 578048] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-02-28 21:25 294912] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 524288] "WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-10-05 15:23 222784] "ACTIVBOARD"="c:\APPS\ABOARD\ABOARD.EXE" [2003-05-02 11:31 139264] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 339968] "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 176640 C:\WINDOWS\system32\Hdaudpropshortcut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360] "EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-12-20 21:03 151552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoBandCustomize"= 0 (0x0) "NoMovingBands"= 0 (0x0) "NoCloseDragDropBands"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.CSCD"= camcodec.dll "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SymWSC"=2 (0x2) "SNDSrvc"=2 (0x2) "SBService"=2 (0x2) "SAVScan"=2 (0x2) "navapsvc"=2 (0x2) "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccProxy"=2 (0x2) "ccEvtMgr"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe"= "%ProgramFiles%\\AOL 9.0\\aol.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\APPS\\Inventime\\my.exe"= "C:\\WINDOWS\\system32\\HDAudPropShortcut.exe"= "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "C:\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"= "C:\\Apps\\Powercinema\\PCMService.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Apps\\EZHome\\EZStatus.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\WINDOWS\\system32\\ctfmon.exe"= "C:\\WINDOWS\\system32\\userinit.exe"= "C:\\WINDOWS\\system32\\PSDrvCheck.exe"= "C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE"= "C:\\ComboFix\\nircmd.com"= "C:\\DOCUME~1\\MAZARD~1\\LOCALS~1\\Temp\\wfd93e.exe"= "C:\\DOCUME~1\\MAZARD~1\\LOCALS~1\\Temp\\w20635b.exe"= "C:\\DOCUME~1\\MAZARD~1\\LOCALS~1\\Temp\\w248cae.exe"= R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 02:38] R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 17:07] R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 12:40] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 10:11] R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 12:17] R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-08 18:58] R3 dpti930;dpti930;C:\WINDOWS\system32\drivers\ohroqi.sys [] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30] R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11] S3 Conrvid;Conrvid;C:\WINDOWS\system32\drivers\ql1280.sys [2001-08-17 22:52] S4 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34] S4 Pixar License Server;Pixar License Server;C:\Program Files\Pixar\license-2.0\lmgrd.exe [] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-06 17:02:42 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... C:\WINDOWS\system32\OLD4.tmp 72704 bytes executable Scan termin‚ avec succŠs Les fichiers cach‚s: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime] "ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\a-squared Free\a2service.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\drivers\CDANTSRV.EXE C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Alias\Maya7.0\docs\wrapper.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe C:\WINDOWS\system32\OLD4.tmpxe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Larousse\Encyclopédie Universelle Larousse\Bin\hyperappel.exe C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\wfd93e.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w20635b.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w248cae.exe . ************************************************************************** . Temps d'accomplissement: 2008-07-06 17:11:33 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-06 15:11:29 ComboFix2.txt 2008-07-04 06:08:59 Pre-Run: 4,982,669,312 octets libres Post-Run: 5,149,868,032 octets libres 239 --- E O F --- 2008-06-20 05:33:37
  10. yecro
    Je n'ai plus incrédimail (j'ai mis thunderbird à la place) Lors du démarrage de l'ordinateur un message apparait : windows pas de disque exception processig Message c0000013 Parameters 75afbf9c 475afb9c. Sur la page beue est inscrit : PAGE_FAULT_IN_NONPAGED_AREA STOP : 0X00000050 (0XFFFFFFFO 0X00000000 0X805257OD 0X00000000) Avast, Spybot, windows media player ne marchent toujours pas, seul le parefeu de windows remarche.
  11. yecro
    Oui, j'ai essayer de réinstaller avast et lorsque que l'installeur s'est ouvert, le pc a redémarré. De même, j'ai réinstallé spybot (l'installation à apparement réussi) mais il est impossible de le lancer.
  12. yecro
    voici le rapport MBAM Malwarebytes' Anti-Malware 1.19 Version de la base de données: 923 Windows 5.1.2600 Service Pack 2 19:05:43 05/07/2008 mbam-log-7-5-2008 (19-05-43).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 245934 Temps écoulé: 1 hour(s), 4 minute(s), 40 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 10 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Program Files\Motorola Phone Tools\MPT_TEST_Info.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Documents and Settings\All Users\Documents\Settings\partnership.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1227\A0356213.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1228\A0357961.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1229\A0359836.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1230\A0362085.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1230\A0364107.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1231\A0365771.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1233\A0367762.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winresponse32.exe (Adware.Agent) -> Quarantined and deleted successfully.
  13. yecro
    Je ne peux pas accéder au mode sans échec car lorsque je le selectionne le mode sans échec, il s'inscrit sur l'écran ceci "press escape to cancel loading SPTD.sys". Je peux pas aller plus loin avec le mode sans échec. En appuyant sur echap le pc repart sur la première page qui apparait à l'écran lorsque je démarre mon ordinateur. Que faire?
  14. yecro
    Voici, le rapport hijackthis que j'ai obtenu Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:35:25, on 04/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Alias\Maya7.0\docs\wrapper.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\QuickTime\qttask.exe C:\Apps\EZHome\EZStatus.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w4f9644.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\wef016c.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w9f7ecc.exe C:\Program Files\Morgan\Azureus\Azureus.exe C:\WINDOWS\system32\CMD.EXE C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w2fe27dc.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w38d6238.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w1584fab.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w25e15b4.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w8188abc.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w7ea9038.exe C:\DOCUME~1\MAZARD~1\LOCALS~1\Temp\w935c943.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\eMule\emule.exe C:\Documents and Settings\MAZARD Cécile\Bureau\vazyjack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [ACTIVBOARD] c:\APPS\ABOARD\ABOARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [EzStatus] C:\Apps\EZHome\EZStatus.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1C1C4D34-0D8D-4DA6-A9DF-FD2E32B85943}: NameServer = 212.27.54.252,212.27.53.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{1C1C4D34-0D8D-4DA6-A9DF-FD2E32B85943}: NameServer = 212.27.54.252,212.27.53.252 O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing) O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 11107 bytes
  15. yecro
    bonjour à tous, Voici le rapport que j'ai obtenu avec combofix ComboFix 08-07-03.3 - MAZARD Cécile 2008-07-04 7:58:37.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1057 [GMT 2:00] Endroit: C:\Documents and Settings\MAZARD Cécile\Bureau\Combo-Fix.exe * Création d'un nouveau point de restauration . /wow section - STAGE 41 'ecgo.SpyMaxx' n'est pas reconnu en tant que commande interne ou externe, un programme exécutable ou un fichier de commandes. pv: No matching processes found Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users.\documents\settings C:\Documents and Settings\All Users.\documents\settings\config.ini C:\Documents and Settings\All Users.\documents\settings\partnership.dll C:\Program Files\myglobalsearch C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system\smss.exe C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\uninstall.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))))))) . 2008-06-22 10:53 . 2008-06-22 11:47 132,401,704 --a------ C:\Micro Hebdo No 527 du 22 au 28 Mai 2008 - Bignames.pdf 2008-06-22 10:51 . 2008-06-22 11:52 69,809,990 --a------ C:\Micro Hebdo No 525 du 8 au 14 Mai 2008 - Bignames.pdf 2008-06-22 10:50 . 2008-06-22 12:34 130,116,482 --a------ C:\Micro Hebdo No 526 du 15 au 21 Mai 2008 - Bignames.pdf 2008-06-22 10:45 . 2008-06-22 10:45 <REP> d-------- C:\Micro Hebdo No 528-529-530 du 29 Mai au 18 Juin 2008 - Bignames 2008-06-21 20:31 . 2008-06-21 20:31 <REP> d-------- C:\Program Files\a-squared Free 2008-06-14 17:32 . 2008-07-02 19:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-14 17:32 . 2008-06-14 17:32 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-11 07:35 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 07:35 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-04 05:28 --------- d-----w C:\Documents and Settings\MAZARD Cécile\Application Data\WTablet 2008-07-03 13:38 --------- d-----w C:\Documents and Settings\MAZARD Cécile\Application Data\Azureus 2008-07-03 12:25 --------- d-----w C:\Program Files\eMule 2008-06-28 14:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-28 05:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-20 14:50 --------- d-----w C:\Program Files\Corel 2008-06-20 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel 2008-06-20 13:58 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-05-29 20:48 4,398 -c--a-w C:\Program Files\FLORIAN.txt 2008-05-28 04:35 150,808 ----a-w C:\Documents and Settings\MAZARD Cécile\Application Data\GDIPFONTCACHEV1.DAT 2008-05-23 15:36 --------- d-----w C:\Program Files\ONES Trial (F) 2008-05-10 08:51 --------- d-----w C:\Program Files\CCleaner 2008-05-10 04:53 --------- d-----w C:\Documents and Settings\MAZARD Cécile\Application Data\WinPatrol 2008-05-09 11:54 --------- d-----w C:\Program Files\Yahoo! 2008-05-09 07:09 --------- d-----w C:\Program Files\AxBx 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 19:00 39,936 ----a-w C:\WINDOWS\system32\winresponse32.exe 2008-05-07 19:00 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2008-05-07 19:00 360,064 ----a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-05-03 18:13 172,032 ----a-w C:\WINDOWS\ALCMTR.EXE 2008-04-30 12:17 81,408 ----a-w C:\kyprxc.exe 2008-04-30 12:17 71,168 ----a-w C:\wtddpbtx.exe 2008-04-30 12:17 61,440 ----a-w C:\mkdm.exe 2008-04-30 12:17 131,584 ----a-w C:\ergmoed.exe 2008-04-30 12:17 116,224 ---h--w C:\Documents and Settings\MAZARD Cécile\bselyn.exe 2008-04-30 12:17 116,224 ---h--w C:\Documents and Settings\MAZARD Cécile\bselyn.exe 2008-04-30 12:17 116,224 ----a-w C:\WINDOWS\system32\xchv.exe 2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-03-06 10:56 1,140,304 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe 2005-08-30 15:01 8 -c--a-w C:\Program Files\nomutil.txt 1999-12-13 15:38 192,512 ----a-r C:\WINDOWS\inf\AGFA\Message.exe 2006-01-05 17:57 104 -csh--r C:\WINDOWS\system32\18EFB78CAF.sys 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-12-20 21:03 151552] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] "IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [2005-09-15 16:33 307200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 22:10 397312] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 12:10 167936] "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2004-03-04 15:08 356352] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 578048] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-02-28 21:25 294912] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 524288] "WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-10-05 15:23 222784] "ACTIVBOARD"="c:\APPS\ABOARD\ABOARD.EXE" [2003-05-02 11:31 139264] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 339968] "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 176640 C:\WINDOWS\system32\Hdaudpropshortcut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360] "EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-12-20 21:03 151552] C:\Documents and Settings\MAZARD C‚cile\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 171008] VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [2005-08-12 19:31:03 487424] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Hyperappel de l'Encyclop‚die Universelle Larousse.lnk - C:\Program Files\Larousse\Encyclop‚die Universelle Larousse\bin\hyperappel.exe [2005-08-06 09:16:22 110592] Microsoft Office.lnk - C:\Program Files\microsoft office\office10\OSA.EXE [2001-02-13 10:01:04 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoBandCustomize"= 0 (0x0) "NoMovingBands"= 0 (0x0) "NoCloseDragDropBands"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.CSCD"= camcodec.dll "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SymWSC"=2 (0x2) "SNDSrvc"=2 (0x2) "SBService"=2 (0x2) "SAVScan"=2 (0x2) "navapsvc"=2 (0x2) "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccProxy"=2 (0x2) "ccEvtMgr"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 02:38] R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 17:07] R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 12:40] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 10:11] R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 12:17] R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-08 18:58] R3 dpti930;dpti930;C:\WINDOWS\system32\drivers\ohroqi.sys [] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30] R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11] S3 Conrvid;Conrvid;C:\WINDOWS\system32\drivers\ql1280.sys [2001-08-17 22:52] S4 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34] S4 Pixar License Server;Pixar License Server;C:\Program Files\Pixar\license-2.0\lmgrd.exe [] *Newly Created Service* - CATCHME . - - - - ORPHANS REMOVED - - - - WebBrowser-{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file) ShellIconOverlayIdentifiers-{E4000AC4-5E5F-4956-807A-C5854405D64F} - %SystemRoot%\system32\VirtualExpander\VEShellExt.dll HKCU-Run-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Notify-partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll Notify-winuns32 - winuns32.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-04 08:05:30 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime] "ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime" . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Documents and Settings\All Users\Documents\Settings\partnership.dll . Temps d'accomplissement: 2008-07-04 8:08:59 ComboFix-quarantined-files.txt 2008-07-04 06:08:26 Pre-Run: 5,876,510,720 octets libres Post-Run: 6,871,605,248 octets libres 186 --- E O F --- 2008-06-20 05:33:37 Que doit je faire désormais? PS : désolé d'avoir mis autant de temps pour répondre
×
×
  • Créer...