GROS PROBLEME OFFICESCAN TROJ_VUNDO.ATT

Clara -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
bonjour à tous
j'ai un petit problème concernant OfficeScan NT : en effet celui-ci a trouvé le TROJ_VUNDO.ATT mais n'arrive ni à le supprimer, ni à le mettre ne quarantaine. J'ai essayé de le faire manuellement, sans résultat (violation de partage, impossibilité de copier le fichier pour supprimer l'original infecté...). de plus, la fenêtre du journal qui détecte les virus en temps réel (je crois que ça s'appelle comme ça) s'affiche toutes les secondes, ça me rend dingue!
merci d'avance
Configuration: Windows 2000
Firefox 2.0.0.3

18 réponses

  1. s.spark Messages postés 2528 Statut Contributeur 618
     
    Salut,

    Supprime-le manuellement en mode sans échec, appuis sur F8 plusieurs fois avant le démarrage de Windows pour passer dans ce mode.
    0
  2. Clara
     
    bin je veux bien mais j'ai peur de faire une bêtise, je m'en sors bien en informaique mais j'ai jamais fait ça alors bin ça me fait un peu peur :(
    0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    Télécharge ceci sur ton bureau :

    Lien : hijackthis

    Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

    Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

    ++
    0
  4. Clara
     
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 16:58:59, on 14/05/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\drivers\CDAC11BA.EXE
    C:\WINNT\system32\cisvc.exe
    C:\WINNT\system32\svchost.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
    C:\WINNT\Mixer.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
    C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\WINNT\system32\cidaemon.exe
    C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\WINNT\system32\svchost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINNT\system32\ssqnkif.dll
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
    O2 - BHO: (no name) - {620EEF7C-8570-4CDA-B8BB-8AEDF203258F} - C:\WINNT\Microsoft.NET\acbmcd.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINNT\system32\hhnvllbe.dll
    O2 - BHO: (no name) - {DDE6BAD5-5713-46A6-B713-D5A43B641356} - C:\WINNT\system32\dpftmbka.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
    O4 - HKLM\..\Run: [Moniteur OfficeScanNT] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [RemoteAgent] C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [downloadmealwebshow] C:\Documents and Settings\All Users\Application Data\Axis Cash Download Meal\Aim road.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
    O4 - HKCU\..\Run: [MULTI LIVE] C:\DOCUME~1\ADMINI~1\APPLIC~1\SIZESE~1\drawbows.exe
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O20 - Winlogon Notify: acbmcd - C:\WINNT\Microsoft.NET\acbmcd.dll
    O20 - Winlogon Notify: ssqnkif - C:\WINNT\SYSTEM32\ssqnkif.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
    O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
    O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe
    O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\system32\mnmsrvc.exe
    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\system32\msasvc.exe (file missing)
    O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe
    O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe
    O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\system32\lsass.exe
    O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\system32\lsass.exe
    O23 - Service: Scan en temps réel OfficeScanNT (ntrtscan) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\system32\lsass.exe
    O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe
    O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
    O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe
    O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Still Image Service (StiSvc) - Unknown owner - C:\WINNT\system32\stisvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe
    O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe
    O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe
    O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut :)

    c'est pas triste ...

    Téléchargez VundoFix.exe (par Atribune) sur ton Bureau :

    http://www.atribune.org/ccount/click.php?id=4

    *Double-clique VundoFix.exe afin de le lancer.
    * Cliquez sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, cliquez sur le bouton Remove Vundo.
    * Une invite vous demandera supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * le PC va s'éteindre ("shutdown") : clique OK
    * Démarrez votre PC à nouveau
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    ++
    0
    1. Clara
       
      A mais c'est bien ton truc! Sans vouloir te vexer ça fait depuis 5h20 que VundoFix scanne mon ordi et jusqu'à maintenant, il recherche toujours! Question poids lourds il est pas mal ce logiciel !!!
      0
  7. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    J'aurais vraiment aimé que ce truc soit à moi :) , mais ce n'est pas le cas ...

    avec ce que tu as comme bébétes, ce n'est pas étonnant ...

    mais il fait des miracles :)
    0
  8. Clara
     
    Voilà le rapport de VundoFix (enfin ;) )

    VundoFix V6.3.21

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 17:11:41 14/05/2007

    Listing files found while scanning....

    C:\Documents and settings\Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
    C:\Documents and settings\Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
    C:\Program Files\VSAdd-in\VSAdd-in.dll
    C:\WINNT\Microsoft.NET\acbmcd.dll
    C:\WINNT\Microsoft.NET\dcmbca.bak1
    C:\WINNT\Microsoft.NET\dcmbca.bak2
    C:\WINNT\Microsoft.NET\dcmbca.ini
    C:\WINNT\Microsoft.NET\dcmbca.ini2
    C:\WINNT\Microsoft.NET\dcmbca.tmp
    C:\WINNT\system32\afbynbad.dll
    C:\WINNT\system32\bxowgvkg.dll
    C:\WINNT\system32\efmtkoye.dll
    C:\WINNT\system32\ehicghhm.dll
    C:\WINNT\system32\fhfewvof.dll
    C:\WINNT\system32\fyivxuif.dll
    C:\WINNT\system32\hhnvllbe.dll
    C:\WINNT\system32\hydyqqfk.dll
    C:\WINNT\system32\klcnhoan.dll
    C:\WINNT\system32\kmngilvy.dll
    C:\WINNT\system32\kudscmea.dll
    C:\WINNT\system32\mjiblbvc.dll
    C:\WINNT\system32\mxygftrd.dll
    C:\WINNT\system32\nietlkkm.dll
    C:\WINNT\system32\nnnnmlk.dll
    C:\WINNT\system32\orrnxugb.dll
    C:\WINNT\system32\pevewagw.dll
    C:\WINNT\system32\qxmqgeqk.dll
    C:\WINNT\system32\ssqnkif.dll
    C:\WINNT\system32\sssyikav.dll
    C:\WINNT\system32\ttbtvthv.dll
    C:\WINNT\system32\vvqvuool.dll
    C:\WINNT\system32\wghkddyy.dll
    C:\WINNT\system32\ynsnffjv.dll

    Beginning removal...

    Attempting to delete C:\Documents and settings\Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
    C:\Documents and settings\Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

    Attempting to delete C:\Documents and settings\Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
    C:\Documents and settings\Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

    Attempting to delete C:\WINNT\Microsoft.NET\acbmcd.dll
    C:\WINNT\Microsoft.NET\acbmcd.dll Has been deleted!

    Attempting to delete C:\WINNT\Microsoft.NET\dcmbca.bak1
    C:\WINNT\Microsoft.NET\dcmbca.bak1 Has been deleted!

    Attempting to delete C:\WINNT\Microsoft.NET\dcmbca.bak2
    C:\WINNT\Microsoft.NET\dcmbca.bak2 Has been deleted!

    Attempting to delete C:\WINNT\Microsoft.NET\dcmbca.ini
    C:\WINNT\Microsoft.NET\dcmbca.ini Has been deleted!

    Attempting to delete C:\WINNT\Microsoft.NET\dcmbca.ini2
    C:\WINNT\Microsoft.NET\dcmbca.ini2 Has been deleted!

    Attempting to delete C:\WINNT\Microsoft.NET\dcmbca.tmp
    C:\WINNT\Microsoft.NET\dcmbca.tmp Has been deleted!

    Attempting to delete C:\WINNT\system32\afbynbad.dll
    C:\WINNT\system32\afbynbad.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\efmtkoye.dll
    C:\WINNT\system32\efmtkoye.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\ehicghhm.dll
    C:\WINNT\system32\ehicghhm.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\fyivxuif.dll
    C:\WINNT\system32\fyivxuif.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\hhnvllbe.dll
    C:\WINNT\system32\hhnvllbe.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\hydyqqfk.dll
    C:\WINNT\system32\hydyqqfk.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\klcnhoan.dll
    C:\WINNT\system32\klcnhoan.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\kmngilvy.dll
    C:\WINNT\system32\kmngilvy.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\kudscmea.dll
    C:\WINNT\system32\kudscmea.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\nietlkkm.dll
    C:\WINNT\system32\nietlkkm.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\nnnnmlk.dll
    C:\WINNT\system32\nnnnmlk.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\qxmqgeqk.dll
    C:\WINNT\system32\qxmqgeqk.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\ssqnkif.dll
    C:\WINNT\system32\ssqnkif.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\sssyikav.dll
    C:\WINNT\system32\sssyikav.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\ttbtvthv.dll
    C:\WINNT\system32\ttbtvthv.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\vvqvuool.dll
    C:\WINNT\system32\vvqvuool.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\wghkddyy.dll
    C:\WINNT\system32\wghkddyy.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\ynsnffjv.dll
    C:\WINNT\system32\ynsnffjv.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Et maintenant le rapport de Hijackthis

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 20:46:13, on 14/05/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\drivers\CDAC11BA.EXE
    C:\WINNT\system32\cisvc.exe
    C:\WINNT\system32\svchost.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
    C:\WINNT\Mixer.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\WINNT\system32\cidaemon.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\WINNT\system32\svchost.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {620EEF7C-8570-4CDA-B8BB-8AEDF203258F} - C:\WINNT\Microsoft.NET\acbmcd.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {DDE6BAD5-5713-46A6-B713-D5A43B641356} - C:\WINNT\system32\dpftmbka.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
    O4 - HKLM\..\Run: [Moniteur OfficeScanNT] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [RemoteAgent] C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [downloadmealwebshow] C:\Documents and Settings\All Users\Application Data\Axis Cash Download Meal\Aim road.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
    O4 - HKCU\..\Run: [MULTI LIVE] C:\DOCUME~1\ADMINI~1\APPLIC~1\SIZESE~1\drawbows.exe
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
    O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
    O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe
    O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\system32\mnmsrvc.exe
    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\system32\msasvc.exe (file missing)
    O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe
    O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe
    O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\system32\lsass.exe
    O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\system32\lsass.exe
    O23 - Service: Scan en temps réel OfficeScanNT (ntrtscan) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\system32\lsass.exe
    O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe
    O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
    O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe
    O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Still Image Service (StiSvc) - Unknown owner - C:\WINNT\system32\stisvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe
    O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe
    O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe
    O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe
    0
  9. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Ok, il a très bien travaillé !

    Télécharge ComboFix (par sUBs) d'un de ces liens sur ton bureau:

    http://www.techsupportforum.com/sectools/combofix.exe

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Double clique combofix.exe et suis les invites

    Poste le rapport stp

    ++
    0
  10. Clara
     
    j'ai doucle cliqué sur combofix le petit problème c'est que je tombe sur une invite de commandes et que je peux pas copier le rapport qu'il fait (en même temps il fait 300 fois le même alors bon...)
    0
  11. Clara
     
    ya personne pr m'aider?
    svp les gens help
    j'ai l'ordi qui rame de plus en plus
    help!
    0
  12. Clara
     
    "Administrateur" - 2007-05-15 16:52:28 Service Pack 4
    ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\Administrateur\Bureau\"

    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-15 ))))))))))))))))))))))))))))))))))

    2007-05-14 19:01 58,952 --a------ C:\WINNT\system32\MsgPlusLoader.dll
    2007-05-14 17:11 <DIR> d-------- C:\VundoFix Backups
    2007-05-14 16:48 16,384 --a------ C:\WINNT\system32\Perflib_Perfdata_308.dat
    2007-05-12 11:47 <DIR> d-------- C:\WINNT\system32\appmgmt
    2007-05-12 10:31 76,560 --a------ C:\WINNT\system32\drivers\tmcomm.sys
    2007-05-12 10:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
    2007-05-10 18:56 25,808 --a------ C:\WINNT\ctl3dv2.dll
    2007-05-10 12:43 52,496 --a------ C:\WINNT\system32\vfwwdm32.dll
    2007-05-10 12:43 45,840 --a------ C:\WINNT\system32\iyuv_32.dll
    2007-05-10 12:43 12,560 --a------ C:\WINNT\system32\tsbyuv.dll
    2007-05-10 11:42 16,384 --a------ C:\WINNT\system32\Perflib_Perfdata_2f8.dat
    2007-05-07 20:02 <DIR> d-------- C:\FOUND.005
    2007-05-03 20:51 <DIR> d-------- C:\FOUND.004
    2007-05-03 12:07 <DIR> d-------- C:\Program Files\iTunes
    2007-05-03 12:07 <DIR> d-------- C:\Program Files\iPod
    2007-05-03 11:56 <DIR> d-------- C:\Program Files\QuickTime
    2007-05-02 12:27 16,384 --a------ C:\WINNT\system32\Perflib_Perfdata_300.dat
    2007-05-02 12:23 <DIR> d-------- C:\FOUND.003
    2007-04-19 14:58 <DIR> d-------- C:\Program Files\Windows Journal Viewer
    2007-04-16 18:18 <DIR> d-------- C:\Program Files\Picasa2
    2007-04-16 18:18 <DIR> d-------- C:\Program Files\Google

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-15 14:07:54 18 ----a-w C:\WINNT\system32\drivers\nwlnkcr.sys
    2007-04-24 17:04:06 664 ----a-w C:\WINNT\system32\d3d9caps.dat
    2007-04-10 14:20:52 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_30c.dat
    2007-04-06 15:19:24 -------- d-----w C:\Program Files\Usability Sciences
    2007-04-05 17:33:06 57,344 ----a-w C:\WINNT\uneng.exe
    2007-04-05 17:32:52 -------- d-----w C:\Program Files\Fichiers communs\Adaptec Shared
    2007-04-05 17:32:50 49,152 ----a-w C:\WINNT\system32\cdrtc.dll
    2007-04-05 17:32:50 45,056 ----a-w C:\WINNT\system32\cdral.dll
    2007-04-05 09:15:36 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_2e8.dat
    2007-04-04 10:19:26 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_2f4.dat
    2007-03-28 11:26:16 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\sizesecondeq
    2007-03-25 17:33:42 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_334.dat
    2007-03-13 09:45:08 246,032 ----a-w C:\WINNT\system32\WINSRV.DLL
    2007-03-08 18:27:34 72,164 ----a-w C:\WINNT\system32\perfc00C.dat
    2007-03-08 18:27:34 454,862 ----a-w C:\WINNT\system32\perfh00C.dat
    2007-03-07 17:08:20 -------- d-----w C:\Program Files\Fichiers communs\LogiShrd
    2007-03-07 17:04:56 -------- d-----w C:\Program Files\Logitech
    2007-03-06 11:18:04 381,712 ----a-w C:\WINNT\system32\USER32.DLL
    2007-03-06 11:18:04 38,160 ----a-w C:\WINNT\system32\mf3216.dll
    2007-03-06 11:18:04 235,280 ----a-w C:\WINNT\system32\GDI32.DLL
    2007-03-06 11:14:50 1,642,064 ----a-w C:\WINNT\system32\WIN32K.SYS
    2007-02-16 14:37:10 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_2d0.dat
    2007-02-16 09:51:44 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_2d4.dat
    2007-02-14 15:46:02 12,288 ----a-w C:\WINNT\impborl.dll
    2007-02-09 14:07:32 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_2e0.dat
    2007-02-07 22:24:46 323,624 ----a-w C:\WINNT\system32\wiaaut.dll
    2007-02-06 10:09:26 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_32c.dat

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [06-12-18 04:16 ]
    {620EEF7C-8570-4CDA-B8BB-8AEDF203258F}=C:\WINNT\Microsoft.NET\acbmcd.dll []
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [05-11-10 13:22 ]
    {DDE6BAD5-5713-46A6-B713-D5A43B641356}=C:\WINNT\system32\dpftmbka.dll []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Synchronization Manager"="mobsync.exe /logon"
    "C-Media Mixer"="Mixer.exe /startup"
    "NeroFilterCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
    "EPSON Stylus C84 Series"="C:\\WINNT\\system32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C84 Series\" /O5 \"LPT1:\" /M \"Stylus C84\""
    "Moniteur OfficeScanNT"="\"C:\\Program Files\\Trend Micro\\OfficeScan Client\\pccntmon.exe\" -HideWindow"
    "RemoteAgent"="C:\\Program Files\\Trend Micro\\OfficeScan Client\\RAUAgent.exe"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "%FP%Friendly fts.exe"="\"C:\\Program Files\\Friendly Technologies\\BroadbandAccess\\fts.exe\""
    "LogitechCommunicationsManager"="\"C:\\Program Files\\Fichiers communs\\LogiShrd\\LComMgr\\Communications_Helper.exe\""
    "LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
    "downloadmealwebshow"="C:\\Documents and Settings\\All Users\\Application Data\\Axis Cash Download Meal\\Aim road.exe"
    "Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [03-06-19 10:05 C:\WINNT\system32\mobsync.exe])
    "C-Media Mixer"="Mixer.exe" [])
    "NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 10:50 ]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [07-03-28 13:25 ]
    "EPSON Stylus C84 Series"="C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [03-05-27 05:08 ]
    "Moniteur OfficeScanNT"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [04-07-05 19:14 ]
    "RemoteAgent"="C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe" [04-02-02 12:51 ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [05-11-10 13:03 ]
    "%FP%Friendly fts.exe"="C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" [03-05-06 09:28 ]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [07-02-08 01:12 ]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [07-02-08 01:13 ]
    "downloadmealwebshow"="C:\Documents and Settings\All Users\Application Data\Axis Cash Download Meal\Aim road.exe" [07-04-03 07:43 ]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [07-02-01 04:52 ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 ]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07-04-27 11:25 ]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EPSON Stylus C84 Series"="C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [03-05-27 05:08 ]
    "MULTI LIVE"="C:\DOCUME~1\ADMINI~1\APPLIC~1\SIZESE~1\drawbows.exe" [07-04-03 07:42 ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "EPSON Stylus C84 Series"="C:\\WINNT\\system32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C84 Series\" /M \"Stylus C84\" /EF \"HKCU\""
    "MULTI LIVE"="C:\\DOCUME~1\\ADMINI~1\\APPLIC~1\\SIZESE~1\\drawbows.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="MsgPlusLoader.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages msv1_0\0\0
    Security Packages kerberos\0msv1_0\0schannel\0\0
    Notification Packages scecli\0\0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
    rpcss RpcSs\0\0
    wugroup wuauserv\0\0
    BITSgroup BITS\0\0

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
    WmdmPmSN

    Contents of the 'Scheduled Tasks' folder
    C:\WINNT\tasks\AppleSoftwareUpdate.job
    C:\WINNT\tasks\A7DFF2F791887013.job

    ********************************************************************

    je sia spas si c sa mais bon
    0
  13. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut :)

    reposte un hijack stp

    ++
    0
  14. C
     
    ok merci pour ton aide je reposte un hijack

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 19:30:29, on 15/05/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\drivers\CDAC11BA.EXE
    C:\WINNT\system32\cisvc.exe
    C:\WINNT\system32\svchost.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Mixer.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\cidaemon.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
    C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINNT\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {620EEF7C-8570-4CDA-B8BB-8AEDF203258F} - C:\WINNT\Microsoft.NET\acbmcd.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {DDE6BAD5-5713-46A6-B713-D5A43B641356} - C:\WINNT\system32\dpftmbka.dll (file missing)
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
    O4 - HKLM\..\Run: [Moniteur OfficeScanNT] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [RemoteAgent] C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [downloadmealwebshow] C:\Documents and Settings\All Users\Application Data\Axis Cash Download Meal\Aim road.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
    O4 - HKCU\..\Run: [MULTI LIVE] C:\DOCUME~1\ADMINI~1\APPLIC~1\SIZESE~1\drawbows.exe
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
    O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
    O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe
    O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\system32\mnmsrvc.exe
    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\system32\msasvc.exe (file missing)
    O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe
    O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe
    O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\system32\lsass.exe
    O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\system32\lsass.exe
    O23 - Service: Scan en temps réel OfficeScanNT (ntrtscan) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\system32\lsass.exe
    O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe
    O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
    O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe
    O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Still Image Service (StiSvc) - Unknown owner - C:\WINNT\system32\stisvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe
    O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe
    O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe
    O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe
    0
  15. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

    ++
    0
  16. Clara
     
    [05/15/2007, 20:21:53] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
    [05/15/2007, 20:21:59] - Detected System Information:
    [05/15/2007, 20:21:59] - Windows Version: 5.0.2195, Service Pack 4
    [05/15/2007, 20:21:59] - Current Username: Administrateur (Admin)
    [05/15/2007, 20:21:59] - Windows is in NORMAL mode.
    [05/15/2007, 20:21:59] - Searching for Browser Helper Objects:
    [05/15/2007, 20:21:59] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [05/15/2007, 20:21:59] - BHO 2: {620EEF7C-8570-4CDA-B8BB-8AEDF203258F} ()
    [05/15/2007, 20:21:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/15/2007, 20:21:59] - Checking for HKLM\...\Winlogon\Notify\acbmcd
    [05/15/2007, 20:21:59] - Key not found: HKLM\...\Winlogon\Notify\acbmcd, continuing.
    [05/15/2007, 20:21:59] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/15/2007, 20:21:59] - BHO 4: {DDE6BAD5-5713-46A6-B713-D5A43B641356} ()
    [05/15/2007, 20:21:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/15/2007, 20:21:59] - Checking for HKLM\...\Winlogon\Notify\dpftmbka
    [05/15/2007, 20:21:59] - Key not found: HKLM\...\Winlogon\Notify\dpftmbka, continuing.
    [05/15/2007, 20:21:59] - Finished Searching Browser Helper Objects
    [05/15/2007, 20:21:59] - Finishing up...
    [05/15/2007, 20:21:59] - Nothing found! Exiting...

    main tenan hijackthis

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 20:22:57, on 15/05/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\drivers\CDAC11BA.EXE
    C:\WINNT\system32\cisvc.exe
    C:\WINNT\system32\svchost.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Mixer.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\cidaemon.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
    C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINNT\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINNT\system32\NOTEPAD.EXE
    C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {620EEF7C-8570-4CDA-B8BB-8AEDF203258F} - C:\WINNT\Microsoft.NET\acbmcd.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {DDE6BAD5-5713-46A6-B713-D5A43B641356} - C:\WINNT\system32\dpftmbka.dll (file missing)
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
    O4 - HKLM\..\Run: [Moniteur OfficeScanNT] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [RemoteAgent] C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [downloadmealwebshow] C:\Documents and Settings\All Users\Application Data\Axis Cash Download Meal\Aim road.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
    O4 - HKCU\..\Run: [MULTI LIVE] C:\DOCUME~1\ADMINI~1\APPLIC~1\SIZESE~1\drawbows.exe
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
    O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
    O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe
    O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\system32\mnmsrvc.exe
    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\system32\msasvc.exe (file missing)
    O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe
    O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe
    O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\system32\lsass.exe
    O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\system32\lsass.exe
    O23 - Service: Scan en temps réel OfficeScanNT (ntrtscan) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\system32\lsass.exe
    O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe
    O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
    O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe
    O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Still Image Service (StiSvc) - Unknown owner - C:\WINNT\system32\stisvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe
    O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe
    O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe
    O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe
    O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe
    0
  17. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Bien, fais ce qui est indiqué ici stp :

    virus methode preliminaire de desinfection version fr

    ++
    0
  18. Clara
     
    euh auu fait tu aurais pas un anti-virus gratuit et très efficace pour mon ordinateur car je ne suis pas une pro des anti virus mais le mien me semble assez innneficace !!! meric d'avance
    0