Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Gros ralnetissement et pics de CPU noyau

Vincent François
 Partager

Messages recommandés

Vincent François Junior Member

Vincent François

Posté(e)
Posté(e)

Bonjour,

 

Après de nombreuses recherches personnelles, mise à jour et autres essais, je viens vous vonsulter sur les symptômes suivants :

- gros ralentissement, avec des démarrages d'application de l'ordre de la minute

- cycle de reboot de 20 à 30 mn

- pics réguliers du noyau, à intervalle de 2-3 sec, continus...

 

J'ai mis à jour tout ce que je pensais pouvoir faire :

- remplacement d'Avast par Antivir,

- rempalcement d'Adaware par Spybot,

- passage de HiJack et débuts d'analyse personnelle des logs,

- passage de Gmer,

- nettoyages divers de cookies, fichiers temporaires,

- création d'un nouvel utilisateur, autre qu'administrateur,

- ...

 

J'ai bien trouvé quelques trucs bénins, mais il me smeble que ça ressemble à un rootkit, je n'en sais pas plus, si ce n'est la théorie.

 

Je profite de ce genre de problème pour en apprendre pus sur la sécurité et l'informatique en général, vu que mon métier consiste à développer des applications Web, mais je sèche un peu...

 

Alors, je me permets de vous soumettre les rapports de HiJackTHis et GMer en espérant que vous puissiez m'indiquer une piste à suivre pour comprendre mon problème et me permettre de réparer.

 

Merci d'avance

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:35:55, on 2008-02-10

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe

C:\Program Files\Borland\InterBase\bin\ibguard.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Borland\InterBase\bin\ibserver.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program Files\wamp\wampmanager.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\wamp\mysql\bin\mysqld-nt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\WAT_FR\ACCESS~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"

O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ulead AutoDetector] "C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe"

O4 - HKLM\..\Run: [DT HPW] "C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" -startup_folder

O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Startup: WampServer.lnk = C:\Program Files\wamp\wampmanager.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)

O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)

O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)

O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)

O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)

O15 - Trusted Zone: http://*.secuser.com

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: GWMHOOK.DLL

O20 - Winlogon Notify: wineyes - C:\WINDOWS\SYSTEM32\welogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\Apache2\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 10670 bytes

 

 

 

GMER 1.0.14.14116 - http://www.gmer.net

Rootkit scan 2008-02-10 03:02:04

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.14 ----

 

SSDT A16A911C ZwCreateThread

SSDT A16A9108 ZwOpenProcess

SSDT A16A910D ZwOpenThread

SSDT A16A9117 ZwTerminateProcess

SSDT A16A9112 ZwWriteVirtualMemory

 

---- User IAT/EAT - GMER 1.0.14 ----

 

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

 

---- Devices - GMER 1.0.14 ----

 

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

angelique Devil Member !

angelique

Posté(e)
Posté(e)

salut ;o)

 

1/relance HJT " do a system scan ionly" coche uniquement et clic fixchecked::

 

O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O20 - AppInit_DLLs: GWMHOOK.DLL

O20 - Winlogon Notify: wineyes - C:\WINDOWS\SYSTEM32\welogon.dll

 

 

2/relance un scan de gmer et arrte le, ceci pour lancer son service

 

ouvre ton bloc note et copie/colle le contenu du cadre ci dessous dedans::

 

gmer.exe -del file "C:\WINDOWS\SYSTEM32\welogon.dll"
gmer.exe -del file "C:\WINDOWS\SYSTEM32\GWMHOOK.DLL"

 

*sur ton bureau ,enregistre le sous le nom rem.bat , "type de fichier tous les fichiers"< tres important!!!!

 

*avec ton bloc note , copie/colle le contenu du cadre ci dessous::

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-

 

cette fois ci enregistre le sous le nom mov.reg , type de fichier "tous les fichiers" et double clic dessus ainsi que sur rem.bat

 

* reposte un nouveau rapport HJT stp.

Vincent François Junior Member

Vincent François

Posté(e)
  • Auteur
Posté(e)

Bonjour angelique,

 

Je viens de suivre les instructions et voi mon rapport HJT final,

 

Je dois ajouter au préalable que

1. lors du lancement de gmer, en manuel, j'ai eu un message d'alerte et j'ai donc conservé le log que voici :

2. après ces manipulations, les pics de lu noyau restent les mêmes

 

Merci en tout cas de votre aide.

 

 

GMER 1.0.14.14116 - http://www.gmer.net

Rootkit scan 2008-02-10 23:49:00

Windows 5.1.2600 Service Pack 2

 

 

---- Devices - GMER 1.0.14 ----

 

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

 

---- Processes - GMER 1.0.14 ----

 

Process C:\Program Files\notepad2_fr\Notepad2.exe (*** hidden *** ) 4344

 

---- EOF - GMER 1.0.14 ----

 

 

Puis le HJT :

--------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:50:57, on 2008-02-10

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe

C:\Program Files\Borland\InterBase\bin\ibguard.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Borland\InterBase\bin\ibserver.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SEBasic\Monitor.exe

C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\PortraitDisplays\Shared\HookManager.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program Files\wamp\wampmanager.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\wamp\mysql\bin\mysqld-nt.exe

C:\Program Files\wamp\Apache2\bin\httpd.exe

C:\Program Files\wamp\Apache2\bin\httpd.exe

C:\program files\microsoft office\OFFICE11\1036\msohelp.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.dell.ca

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName= Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\WAT_FR\ACCESS~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] "C:\ProgramFiles\Synaptics\SynTP\SynTPLpr.exe"

O4 - HKLM\..\Run: [synTPEnh] "C:\ProgramFiles\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\ProgramFiles\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichierscommuns\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ulead AutoDetector] "C:\Program Files\UleadSystems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe"

O4 - HKLM\..\Run: [DT HPW] "C:\Program Files\Portrait Displays\HP MyDisplay\DTHtml.exe" -startup_folder

O4 - HKLM\..\Run: [iTunesHelper] "C:\ProgramFiles\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\WindowsDefender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEditionClassic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\ProgramFiles\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org2.3\program\quickstart.exe

O4 - Startup: WampServer.lnk = C:\ProgramFiles\wamp\wampmanager.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\ProgramFiles\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\ProgramFiles\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: Convertir les liens sélectionnés en fichierAdobe PDF - res://C:\Program Files\Adobe\Acrobat7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel -res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\NetworkDiagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\InternetExplorer\6\Antidote K - IE 6.htm (HKCU)

O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet

Explorer\6\Antidote D - IE 6.htm (HKCU)

O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet

Explorer\6\Antidote S - IE 6.htm (HKCU)

O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet

Explorer\6\Antidote C - IE 6.htm (HKCU)

O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet

Explorer\6\Antidote G - IE 6.htm (HKCU)

O15 - Trusted Zone: http://*.secuser.com

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F}(InstallerBehaviorFactory Class) -https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (ShockwaveFlash Object) -http://fpdownload2.macromedia.com/get/shoc...flash/swflash.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB -C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler)- Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition

Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) -Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition

Classic\avguard.exe

O23 - Service: Crypkey License - CrypKey (Canada) Ltd. -C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknownowner - C:\Program Files\Fichiers communs\Portrait

Displays\Shared\DTSRVC.exe

O23 - Service: EvtEng - Intel Corporation - C:\ProgramFiles\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - MacrovisionCorporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11

\Intel 32\IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland SoftwareCorporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Borland SoftwareCorporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe

O23 - Service: iPod Service - Apple Inc. - C:\ProgramFiles\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner -C:\Program Files\Fichiers communs\Macromedia

Shared\Service\Macromedia Licensing.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\ProgramFiles\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\ProgramFiles\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - IntelCorporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) -SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) -SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe

O23 - Service: TabletService - Wacom Technology, Corp. -C:\WINDOWS\system32\Tablet.exe

O23 - Service: wampapache - Apache Software Foundation - C:\ProgramFiles\wamp\Apache2\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - C:\ProgramFiles\wamp\mysql\bin\mysqld-nt.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\ProgramFiles\Intel\Wireless\Bin\WLKeeper.exe

 

 

--

End of file - 10360 bytes

angelique Devil Member !

angelique

Posté(e)
Posté(e)

c'est plutot bien , je suis plutot étonné que ce fut aussi simple de virer tes 2 020 :P

 

1/va justement faire analyser ce notepad2.exe chez jotti >> http://virusscan.jotti.org/

 

c'est un *hidden*, donc affiche dossiers et fichiers cachés ainsi que dossiers et fichiers systeme

 

selectionne le scan et son resultat, et colle le ici

 

2/telecharge sur ton bureau>> - AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

3/Télécharge ewido anti-spyware micro scanner sur ton bureau.

  • Double-clique sur le fichier ewido_micro.exe pour l'exécuter.
  • Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.
  • Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.
  • Clique sur Start Scan et laisse l'outil travailler.
  • Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau.
  • Poste le dans ta prochaine réponse.

  • Nb, clique Remove infections;

4/fait un scan avec antivir que tu possedes et poste le resultat du scan

Vincent François Junior Member

Vincent François

Posté(e)
  • Auteur
Posté(e)

Bonjour angelique,

 

Voilà le résultat des actions proposées :

- Virsucan

- ewido

- antivir

 

Le sysmptôme des pics d'UC-noyau est toujours là.

À un moment donné, en lciquand sur l'icône de haut-parleur sur la bande du bas de Windows, j'ai une message d'Antivir, deux fois de suite, évoquant C:\System Volume Information\_restore{..., ce qu'on retrouve dans le rapport d'ewido.

 

Je dois ajouter aussi que l'utilisateur "Jean-Marie d'Amour" qui apparaît dans les cookies repérés par Ewido a été détruit depuis et qu'il est ausis l'utilisateur - administrateur à l'époque - qui a probablement reçu l'infection, si c'en est une.

 

Merci.

 

--

Vincent

 

 

Viruscan de notepad2.exe

Ça a l'air propre.

 

Service

Service load:

0% 100%

File: Notepad2.exe

Status:

OK

MD5: 16080bb7945b35e3a898c753812819ac

Packers detected:

-

Bit9 reports: No threat detected (more info)

Scanner results

Scan taken on 11 Feb 2008 16:21:28 (GMT)

A-Squared

Found nothing

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Ikarus

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Rising Antivirus

Found nothing

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

 

ewido

 

__________________________________________________

ewido anti-spyware online scanner

http://www.ewido.net

__________________________________________________

 

 

Name: TrackingCookie.Atdmt

Path: :mozilla.6:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: :mozilla.8:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: :mozilla.18:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: :mozilla.19:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: :mozilla.20:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: :mozilla.21:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: :mozilla.22:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: :mozilla.23:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Safer-networking

Path: :mozilla.28:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: :mozilla.17:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: :mozilla.18:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.247realmedia

Path: :mozilla.36:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.247realmedia

Path: :mozilla.37:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.38:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.39:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.40:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.41:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.42:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.43:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.44:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Euroclick

Path: :mozilla.54:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Euroclick

Path: :mozilla.55:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Euroclick

Path: :mozilla.56:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Euroclick

Path: :mozilla.57:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Adtech

Path: :mozilla.58:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Advertising

Path: :mozilla.59:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Advertising

Path: :mozilla.60:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Advertising

Path: :mozilla.61:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Advertising

Path: :mozilla.62:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Atdmt

Path: :mozilla.78:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: :mozilla.96:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Gemius

Path: :mozilla.186:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Gemius

Path: :mozilla.187:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Imrworldwide

Path: :mozilla.200:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Imrworldwide

Path: :mozilla.201:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.202:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.242:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Overture

Path: :mozilla.288:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Realmedia

Path: :mozilla.317:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Revsci

Path: :mozilla.318:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Revsci

Path: :mozilla.319:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Revsci

Path: :mozilla.320:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Revsci

Path: :mozilla.321:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Revsci

Path: :mozilla.322:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Revsci

Path: :mozilla.323:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: :mozilla.336:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: :mozilla.337:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: :mozilla.338:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: :mozilla.339:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: :mozilla.340:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: :mozilla.341:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Smartadserver

Path: :mozilla.343:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Smartadserver

Path: :mozilla.344:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Smartadserver

Path: :mozilla.345:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Smartadserver

Path: :mozilla.346:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Tribalfusion

Path: :mozilla.370:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: :mozilla.410:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: :mozilla.411:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: :mozilla.412:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: :mozilla.413:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Revsci

Path: :mozilla.417:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Comclick

Path: :mozilla.423:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Comclick

Path: :mozilla.424:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Comclick

Path: :mozilla.425:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Webtrends

Path: :mozilla.441:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt

Risk: Medium

 

Name: Adware.Accessibility

Path: C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP722\A0199297.dll

Risk: Medium

 

 

 

 

 

Antivir

 

AntiVir PersonalEdition Classic

Report file date: 11 février 2008 21:15

 

Scanning for 1099264 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: Vincent

Computer name: TOUAREG

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 19:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 18:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 21:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 18:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 06:06:46

ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 06:06:50

ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 07:45:19

ANTIVIR3.VDF : 7.0.2.120 38912 Bytes 11/02/2008 02:13:15

AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 05/02/2008 06:07:09

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 16:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 13:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 19:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 05/02/2008 06:07:10

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 13:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 18:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 13:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 17:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 18:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 18:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 15:37:21

 

Configuration settings for the scan:

Jobname..........................: Local Hard Disks

Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: 11 février 2008 21:15

 

Starting search for hidden objects.

'60129' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'ewido_micro.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'httpd.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'mysqld-nt.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'httpd.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'ibserver.exe' - '1' Module(s) have been scanned

Scan process 'soffice.bin' - '1' Module(s) have been scanned

Scan process 'wampmanager.exe' - '1' Module(s) have been scanned

Scan process 'soffice.exe' - '1' Module(s) have been scanned

Scan process 'HookManager.exe' - '1' Module(s) have been scanned

Scan process 'TabUserW.exe' - '1' Module(s) have been scanned

Scan process 'Tablet.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'MSASCui.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'dthtml.exe' - '1' Module(s) have been scanned

Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned

Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned

Scan process 'hkcmd.exe' - '1' Module(s) have been scanned

Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned

Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process '1XConfig.exe' - '1' Module(s) have been scanned

Scan process 'ibguard.exe' - '1' Module(s) have been scanned

Scan process 'DTSRVC.exe' - '1' Module(s) have been scanned

Scan process 'igfxtray.exe' - '1' Module(s) have been scanned

Scan process 'Crypserv.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'TSVNCache.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned

Scan process 'EvtEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

53 processes with 53 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[NOTE] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '39' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

 

 

End of the scan: 12 février 2008 06:49

Used time: 9:33:35 min

 

The scan has been done completely.

 

29142 Scanning directories

570512 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

570512 Files not concerned

5177 Archives were scanned

2 Warnings

0 Notes

60129 Objects were scanned with rootkit scan

0 Hidden objects were found

angelique Devil Member !

angelique

Posté(e)
Posté(e)
j'ai une message d'Antivir, deux fois de suite, évoquant C:\System Volume Information\_restore{..., ce qu'on retrouve dans le rapport d'ewido.

 

Lorsque qu'ewido pendant son scan est passé sur le dossier "restauration du system\system volume information", antivir,son residant restait en alerte sur chaque fichier scanné ,et t'a donc proposé de delete ce point de restauration infecté.

 

Tout cela m'a l'air propre!!ton probleme n'est desormais plus d'origine infectieuse à mon avis :P

 

Le sysmptôme des pics d'UC-noyau est toujours là

 

quel process a ces pics?? ça peut venir d'un de tes services, je ne dis pas de les supprimer!!!::

 

O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland SoftwareCorporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Borland SoftwareCorporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe

 

à quoi cela sert il???

Vincent François Junior Member

Vincent François

Posté(e)
  • Auteur
Posté(e)
Tout cela m'a l'air propre!!ton probleme n'est desormais plus d'origine infectieuse à mon avis :P

quel process a ces pics?? ça peut venir d'un de tes services, je ne dis pas de les supprimer!!!::

 

O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland SoftwareCorporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Borland SoftwareCorporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe

 

à quoi cela sert il???

 

Bonjour angelique,

 

Je ne sais pas en détail à quoi servent ces deux process. Ils sont installés avec mon l'environnement de travail de Delphi et sont liés à la base de données Interbase qui vient avec. Je les ai arrêté et mis en démarrage manuel, car je n'utilise pas Interbase, mais ça ne change rien aux pics.

 

Ce sont d'ailleurs des pics rouges, donc issus du noyau, donc, je ne vois pas le process concernée, en tout cas, avec le gestionnaire de tâches de Windows.

 

Je poste une image qui vaut mille mot :

080212-1312-Pics_UC.jpg

(http://consultation-boreale.com/visiteurs/...312-Pics_UC.jpg)

 

--

Vincent

angelique Devil Member !

angelique

Posté(e)
Posté(e)

j'ai pas vraiement d'idées :P

 

1/ouvre une invite [executer---cmd] et copie la ligne ci dessous en respectant les espaces et colle le contenue de c:\list.txt

 

tasklist /svc>c:\list.txt

exit

 

2/supp si posté c:\list.txt

 

Ce sont d'ailleurs des pics rouges, donc issus du noyau, donc, je ne vois pas le process concernée, en tout cas, avec le gestionnaire de tâches de Windows.

 

La question reste donc , comment voir les process pics noyau !! j'entends bien ^^

 

à l'heure actuellle , je sais pas :P , ça me vient pas à l'esprit.

Vincent François Junior Member

Vincent François

Posté(e)
  • Auteur
Posté(e)
tasklist /svc>c:\list.txt

 

Bonjour,

 

Voici le résultat :

 

 

Nom de l'image PIDÿ Services

========================= ====== =============================================

System Idle Process 0 N/D

System 4 N/D

smss.exe 580 N/D

csrss.exe 656 N/D

winlogon.exe 680 N/D

services.exe 724 Eventlog, PlugPlay

lsass.exe 744 PolicyAgent, ProtectedStorage, SamSs

svchost.exe 924 DcomLaunch, TermService

svchost.exe 1016 RpcSs

MsMpEng.exe 1056 WinDefend

svchost.exe 1096 AudioSrv, BITS, Browser, CryptSvc, Dhcp,

ERSvc, EventSystem,

FastUserSwitchingCompatibility, helpsvc,

HidServ, lanmanserver, lanmanworkstation,

Netman, Nla, RasMan, Schedule, seclogon,

SENS, SharedAccess, ShellHWDetection,

srservice, TapiSrv, Themes, TrkWks, w32time,

winmgmt, wscsvc, wuauserv

EvtEng.exe 1164 EvtEng

S24EvMon.exe 1224 S24EventMonitor

svchost.exe 1452 Dnscache

svchost.exe 1488 Alerter, LmHosts, SSDPSRV, upnphost,

WebClient

ZCfgSvc.exe 1652 N/D

explorer.exe 1760 N/D

spoolsv.exe 1864 Spooler

avguard.exe 116 AntiVirService

TSVNCache.exe 384 N/D

sched.exe 1352 AntiVirScheduler

Crypserv.exe 1212 Crypkey License

igfxtray.exe 1412 N/D

DTSRVC.exe 1432 DTSRVC

1XConfig.exe 1564 N/D

MDM.EXE 1748 MDM

NicConfigSvc.exe 1616 NICCONFIGSVC

RegSrvc.exe 2052 RegSrvc

hkcmd.exe 2104 N/D

SynTPLpr.exe 2216 N/D

SynTPEnh.exe 2260 N/D

iFrmewrk.exe 2280 N/D

tfswctrl.exe 2332 N/D

dthtml.exe 2368 N/D

iTunesHelper.exe 2376 N/D

MSASCui.exe 2396 N/D

avgnt.exe 2404 N/D

ctfmon.exe 2412 N/D

Tablet.exe 2456 TabletService

TabUserW.exe 2672 N/D

HookManager.exe 2708 N/D

soffice.exe 2884 N/D

wampmanager.exe 3032 N/D

soffice.bin 3472 N/D

iPodService.exe 2844 iPod Service

httpd.exe 3616 wampapache

wmiprvse.exe 3796 N/D

mysqld-nt.exe 1936 wampmysqld

alg.exe 3128 ALG

httpd.exe 1560 N/D

svchost.exe 4460 stisvc

cmd.exe 5736 N/D

wmiprvse.exe 4144 N/D

tasklist.exe 3304 N/D

 

--

Vincent

angelique Devil Member !

angelique

Posté(e)
Posté(e)

Bon j'ai regardé le mien aussi :P

 

et rien d'anormal dans le tiens en definitive ^^

 

les pics que j'ai corresponde au redimentionnement de l'interface du taskmgr, à cliquer sur "répondre" pour te repondre,donc meme sur de faibles actions j'ai aussi des pics :P, je dirais donc rien d'anormal chez toi , juste bcp de process 55^^

 

http://speedweb1.free.fr/frames2.php?page=service4

 

 

 

plopwx8.jpg

http://img137.imageshack.us/img137/3900/plopwx8.jpg

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...