Sujet Précédent Sujet Suivant

GROS PROBLEME OFFICESCAN TROJ_VUNDO.ATT

Clara -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
bonjour à tous
j'ai un petit problème concernant OfficeScan NT : en effet celui-ci a trouvé le TROJ_VUNDO.ATT mais n'arrive ni à le supprimer, ni à le mettre ne quarantaine. J'ai essayé de le faire manuellement, sans résultat (violation de partage, impossibilité de copier le fichier pour supprimer l'original infecté...). de plus, la fenêtre du journal qui détecte les virus en temps réel (je crois que ça s'appelle comme ça) s'affiche toutes les secondes, ça me rend dingue!
merci d'avance

18 réponses

Réponse 1 / 18
s.spark Messages postés 2528 Statut Contributeur 618
 
Salut,

Supprime-le manuellement en mode sans échec, appuis sur F8 plusieurs fois avant le démarrage de Windows pour passer dans ce mode.
0
Réponse 2 / 18
Clara
 
bin je veux bien mais j'ai peur de faire une bêtise, je m'en sors bien en informaique mais j'ai jamais fait ça alors bin ça me fait un peu peur :(
0
Réponse 3 / 18
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

Télécharge ceci sur ton bureau :

Lien : hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

++
0
Réponse 4 / 18
Clara
 
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:58:59, on 14/05/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\svchost.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINNT\Mixer.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINNT\system32\cidaemon.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINNT\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINNT\system32\ssqnkif.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {620EEF7C-8570-4CDA-B8BB-8AEDF203258F} - C:\WINNT\Microsoft.NET\acbmcd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINNT\system32\hhnvllbe.dll
O2 - BHO: (no name) - {DDE6BAD5-5713-46A6-B713-D5A43B641356} - C:\WINNT\system32\dpftmbka.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [Moniteur OfficeScanNT] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteAgent] C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [downloadmealwebshow] C:\Documents and Settings\All Users\Application Data\Axis Cash Download Meal\Aim road.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [MULTI LIVE] C:\DOCUME~1\ADMINI~1\APPLIC~1\SIZESE~1\drawbows.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O20 - Winlogon Notify: acbmcd - C:\WINNT\Microsoft.NET\acbmcd.dll
O20 - Winlogon Notify: ssqnkif - C:\WINNT\SYSTEM32\ssqnkif.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\system32\mnmsrvc.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\system32\msasvc.exe (file missing)
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe
O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Scan en temps réel OfficeScanNT (ntrtscan) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe
O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Still Image Service (StiSvc) - Unknown owner - C:\WINNT\system32\stisvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe
O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe
O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut :)

c'est pas triste ...

Téléchargez VundoFix.exe (par Atribune) sur ton Bureau :

http://www.atribune.org/ccount/click.php?id=4

*Double-clique VundoFix.exe afin de le lancer.
* Cliquez sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquez sur le bouton Remove Vundo.
* Une invite vous demandera supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* le PC va s'éteindre ("shutdown") : clique OK
* Démarrez votre PC à nouveau
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

++
0
Clara
 
A mais c'est bien ton truc! Sans vouloir te vexer ça fait depuis 5h20 que VundoFix scanne mon ordi et jusqu'à maintenant, il recherche toujours! Question poids lourds il est pas mal ce logiciel !!!
0
Réponse 6 / 18
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
J'aurais vraiment aimé que ce truc soit à moi :) , mais ce n'est pas le cas ...

avec ce que tu as comme bébétes, ce n'est pas étonnant ...

mais il fait des miracles :)
0
Réponse 7 / 18
Clara
 
Voilà le rapport de VundoFix (enfin ;) )

VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 17:11:41 14/05/2007

Listing files found while scanning....

C:\Documents and settings\Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINNT\Microsoft.NET\acbmcd.dll
C:\WINNT\Microsoft.NET\dcmbca.bak1
C:\WINNT\Microsoft.NET\dcmbca.bak2
C:\WINNT\Microsoft.NET\dcmbca.ini
C:\WINNT\Microsoft.NET\dcmbca.ini2
C:\WINNT\Microsoft.NET\dcmbca.tmp
C:\WINNT\system32\afbynbad.dll
C:\WINNT\system32\bxowgvkg.dll
C:\WINNT\system32\efmtkoye.dll
C:\WINNT\system32\ehicghhm.dll
C:\WINNT\system32\fhfewvof.dll
C:\WINNT\system32\fyivxuif.dll
C:\WINNT\system32\hhnvllbe.dll
C:\WINNT\system32\hydyqqfk.dll
C:\WINNT\system32\klcnhoan.dll
C:\WINNT\system32\kmngilvy.dll
C:\WINNT\system32\kudscmea.dll
C:\WINNT\system32\mjiblbvc.dll
C:\WINNT\system32\mxygftrd.dll
C:\WINNT\system32\nietlkkm.dll
C:\WINNT\system32\nnnnmlk.dll
C:\WINNT\system32\orrnxugb.dll
C:\WINNT\system32\pevewagw.dll
C:\WINNT\system32\qxmqgeqk.dll
C:\WINNT\system32\ssqnkif.dll
C:\WINNT\system32\sssyikav.dll
C:\WINNT\system32\ttbtvthv.dll
C:\WINNT\system32\vvqvuool.dll
C:\WINNT\system32\wghkddyy.dll
C:\WINNT\system32\ynsnffjv.dll

Beginning removal...

Attempting to delete C:\Documents and settings\Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\WINNT\Microsoft.NET\acbmcd.dll
C:\WINNT\Microsoft.NET\acbmcd.dll Has been deleted!

Attempting to delete C:\WINNT\Microsoft.NET\dcmbca.bak1
C:\WINNT\Microsoft.NET\dcmbca.bak1 Has been deleted!

Attempting to delete C:\WINNT\Microsoft.NET\dcmbca.bak2
C:\WINNT\Microsoft.NET\dcmbca.bak2 Has been deleted!

Attempting to delete C:\WINNT\Microsoft.NET\dcmbca.ini
C:\WINNT\Microsoft.NET\dcmbca.ini Has been deleted!

Attempting to delete C:\WINNT\Microsoft.NET\dcmbca.ini2
C:\WINNT\Microsoft.NET\dcmbca.ini2 Has been deleted!

Attempting to delete C:\WINNT\Microsoft.NET\dcmbca.tmp
C:\WINNT\Microsoft.NET\dcmbca.tmp Has been deleted!

Attempting to delete C:\WINNT\system32\afbynbad.dll
C:\WINNT\system32\afbynbad.dll Has been deleted!

Attempting to delete C:\WINNT\system32\efmtkoye.dll
C:\WINNT\system32\efmtkoye.dll Has been deleted!

Attempting to delete C:\WINNT\system32\ehicghhm.dll
C:\WINNT\system32\ehicghhm.dll Has been deleted!

Attempting to delete C:\WINNT\system32\fyivxuif.dll
C:\WINNT\system32\fyivxuif.dll Has been deleted!

Attempting to delete C:\WINNT\system32\hhnvllbe.dll
C:\WINNT\system32\hhnvllbe.dll Has been deleted!

Attempting to delete C:\WINNT\system32\hydyqqfk.dll
C:\WINNT\system32\hydyqqfk.dll Has been deleted!

Attempting to delete C:\WINNT\system32\klcnhoan.dll
C:\WINNT\system32\klcnhoan.dll Has been deleted!

Attempting to delete C:\WINNT\system32\kmngilvy.dll
C:\WINNT\system32\kmngilvy.dll Has been deleted!

Attempting to delete C:\WINNT\system32\kudscmea.dll
C:\WINNT\system32\kudscmea.dll Has been deleted!

Attempting to delete C:\WINNT\system32\nietlkkm.dll
C:\WINNT\system32\nietlkkm.dll Has been deleted!

Attempting to delete C:\WINNT\system32\nnnnmlk.dll
C:\WINNT\system32\nnnnmlk.dll Has been deleted!

Attempting to delete C:\WINNT\system32\qxmqgeqk.dll
C:\WINNT\system32\qxmqgeqk.dll Has been deleted!

Attempting to delete C:\WINNT\system32\ssqnkif.dll
C:\WINNT\system32\ssqnkif.dll Has been deleted!

Attempting to delete C:\WINNT\system32\sssyikav.dll
C:\WINNT\system32\sssyikav.dll Has been deleted!

Attempting to delete C:\WINNT\system32\ttbtvthv.dll
C:\WINNT\system32\ttbtvthv.dll Has been deleted!

Attempting to delete C:\WINNT\system32\vvqvuool.dll
C:\WINNT\system32\vvqvuool.dll Has been deleted!

Attempting to delete C:\WINNT\system32\wghkddyy.dll
C:\WINNT\system32\wghkddyy.dll Has been deleted!

Attempting to delete C:\WINNT\system32\ynsnffjv.dll
C:\WINNT\system32\ynsnffjv.dll Has been deleted!

Performing Repairs to the registry.
Done!

Et maintenant le rapport de Hijackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:46:13, on 14/05/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\svchost.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINNT\Mixer.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {620EEF7C-8570-4CDA-B8BB-8AEDF203258F} - C:\WINNT\Microsoft.NET\acbmcd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {DDE6BAD5-5713-46A6-B713-D5A43B641356} - C:\WINNT\system32\dpftmbka.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [Moniteur OfficeScanNT] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteAgent] C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [downloadmealwebshow] C:\Documents and Settings\All Users\Application Data\Axis Cash Download Meal\Aim road.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [MULTI LIVE] C:\DOCUME~1\ADMINI~1\APPLIC~1\SIZESE~1\drawbows.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\system32\mnmsrvc.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\system32\msasvc.exe (file missing)
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe
O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Scan en temps réel OfficeScanNT (ntrtscan) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe
O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Still Image Service (StiSvc) - Unknown owner - C:\WINNT\system32\stisvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe
O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe
O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe
0
Réponse 8 / 18
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Ok, il a très bien travaillé !

Télécharge ComboFix (par sUBs) d'un de ces liens sur ton bureau:

http://www.techsupportforum.com/sectools/combofix.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites

Poste le rapport stp

++
0
Réponse 9 / 18
Clara
 
j'ai doucle cliqué sur combofix le petit problème c'est que je tombe sur une invite de commandes et que je peux pas copier le rapport qu'il fait (en même temps il fait 300 fois le même alors bon...)
0
Réponse 10 / 18
Clara
 
ya personne pr m'aider?
svp les gens help
j'ai l'ordi qui rame de plus en plus
help!
0
Réponse 11 / 18
Clara
 
"Administrateur" - 2007-05-15 16:52:28 Service Pack 4
ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\Administrateur\Bureau\"

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-15 ))))))))))))))))))))))))))))))))))

2007-05-14 19:01 58,952 --a------ C:\WINNT\system32\MsgPlusLoader.dll
2007-05-14 17:11 <DIR> d-------- C:\VundoFix Backups
2007-05-14 16:48 16,384 --a------ C:\WINNT\system32\Perflib_Perfdata_308.dat
2007-05-12 11:47 <DIR> d-------- C:\WINNT\system32\appmgmt
2007-05-12 10:31 76,560 --a------ C:\WINNT\system32\drivers\tmcomm.sys
2007-05-12 10:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2007-05-10 18:56 25,808 --a------ C:\WINNT\ctl3dv2.dll
2007-05-10 12:43 52,496 --a------ C:\WINNT\system32\vfwwdm32.dll
2007-05-10 12:43 45,840 --a------ C:\WINNT\system32\iyuv_32.dll
2007-05-10 12:43 12,560 --a------ C:\WINNT\system32\tsbyuv.dll
2007-05-10 11:42 16,384 --a------ C:\WINNT\system32\Perflib_Perfdata_2f8.dat
2007-05-07 20:02 <DIR> d-------- C:\FOUND.005
2007-05-03 20:51 <DIR> d-------- C:\FOUND.004
2007-05-03 12:07 <DIR> d-------- C:\Program Files\iTunes
2007-05-03 12:07 <DIR> d-------- C:\Program Files\iPod
2007-05-03 11:56 <DIR> d-------- C:\Program Files\QuickTime
2007-05-02 12:27 16,384 --a------ C:\WINNT\system32\Perflib_Perfdata_300.dat
2007-05-02 12:23 <DIR> d-------- C:\FOUND.003
2007-04-19 14:58 <DIR> d-------- C:\Program Files\Windows Journal Viewer
2007-04-16 18:18 <DIR> d-------- C:\Program Files\Picasa2
2007-04-16 18:18 <DIR> d-------- C:\Program Files\Google

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-15 14:07:54 18 ----a-w C:\WINNT\system32\drivers\nwlnkcr.sys
2007-04-24 17:04:06 664 ----a-w C:\WINNT\system32\d3d9caps.dat
2007-04-10 14:20:52 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_30c.dat
2007-04-06 15:19:24 -------- d-----w C:\Program Files\Usability Sciences
2007-04-05 17:33:06 57,344 ----a-w C:\WINNT\uneng.exe
2007-04-05 17:32:52 -------- d-----w C:\Program Files\Fichiers communs\Adaptec Shared
2007-04-05 17:32:50 49,152 ----a-w C:\WINNT\system32\cdrtc.dll
2007-04-05 17:32:50 45,056 ----a-w C:\WINNT\system32\cdral.dll
2007-04-05 09:15:36 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_2e8.dat
2007-04-04 10:19:26 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_2f4.dat
2007-03-28 11:26:16 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\sizesecondeq
2007-03-25 17:33:42 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_334.dat
2007-03-13 09:45:08 246,032 ----a-w C:\WINNT\system32\WINSRV.DLL
2007-03-08 18:27:34 72,164 ----a-w C:\WINNT\system32\perfc00C.dat
2007-03-08 18:27:34 454,862 ----a-w C:\WINNT\system32\perfh00C.dat
2007-03-07 17:08:20 -------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2007-03-07 17:04:56 -------- d-----w C:\Program Files\Logitech
2007-03-06 11:18:04 381,712 ----a-w C:\WINNT\system32\USER32.DLL
2007-03-06 11:18:04 38,160 ----a-w C:\WINNT\system32\mf3216.dll
2007-03-06 11:18:04 235,280 ----a-w C:\WINNT\system32\GDI32.DLL
2007-03-06 11:14:50 1,642,064 ----a-w C:\WINNT\system32\WIN32K.SYS
2007-02-16 14:37:10 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_2d0.dat
2007-02-16 09:51:44 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_2d4.dat
2007-02-14 15:46:02 12,288 ----a-w C:\WINNT\impborl.dll
2007-02-09 14:07:32 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_2e0.dat
2007-02-07 22:24:46 323,624 ----a-w C:\WINNT\system32\wiaaut.dll
2007-02-06 10:09:26 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_32c.dat

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [06-12-18 04:16 ]
{620EEF7C-8570-4CDA-B8BB-8AEDF203258F}=C:\WINNT\Microsoft.NET\acbmcd.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [05-11-10 13:22 ]
{DDE6BAD5-5713-46A6-B713-D5A43B641356}=C:\WINNT\system32\dpftmbka.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"C-Media Mixer"="Mixer.exe /startup"
"NeroFilterCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"EPSON Stylus C84 Series"="C:\\WINNT\\system32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C84 Series\" /O5 \"LPT1:\" /M \"Stylus C84\""
"Moniteur OfficeScanNT"="\"C:\\Program Files\\Trend Micro\\OfficeScan Client\\pccntmon.exe\" -HideWindow"
"RemoteAgent"="C:\\Program Files\\Trend Micro\\OfficeScan Client\\RAUAgent.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\Friendly Technologies\\BroadbandAccess\\fts.exe\""
"LogitechCommunicationsManager"="\"C:\\Program Files\\Fichiers communs\\LogiShrd\\LComMgr\\Communications_Helper.exe\""
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"downloadmealwebshow"="C:\\Documents and Settings\\All Users\\Application Data\\Axis Cash Download Meal\\Aim road.exe"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 10:05 C:\WINNT\system32\mobsync.exe])
"C-Media Mixer"="Mixer.exe" [])
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 10:50 ]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [07-03-28 13:25 ]
"EPSON Stylus C84 Series"="C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [03-05-27 05:08 ]
"Moniteur OfficeScanNT"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [04-07-05 19:14 ]
"RemoteAgent"="C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe" [04-02-02 12:51 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [05-11-10 13:03 ]
"%FP%Friendly fts.exe"="C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" [03-05-06 09:28 ]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [07-02-08 01:12 ]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [07-02-08 01:13 ]
"downloadmealwebshow"="C:\Documents and Settings\All Users\Application Data\Axis Cash Download Meal\Aim road.exe" [07-04-03 07:43 ]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [07-02-01 04:52 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07-04-27 11:25 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C84 Series"="C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [03-05-27 05:08 ]
"MULTI LIVE"="C:\DOCUME~1\ADMINI~1\APPLIC~1\SIZESE~1\drawbows.exe" [07-04-03 07:42 ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"EPSON Stylus C84 Series"="C:\\WINNT\\system32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C84 Series\" /M \"Stylus C84\" /EF \"HKCU\""
"MULTI LIVE"="C:\\DOCUME~1\\ADMINI~1\\APPLIC~1\\SIZESE~1\\drawbows.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="MsgPlusLoader.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0\0
Notification Packages scecli\0\0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss RpcSs\0\0
wugroup wuauserv\0\0
BITSgroup BITS\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
WmdmPmSN

Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\A7DFF2F791887013.job

********************************************************************

je sia spas si c sa mais bon
0
Réponse 12 / 18
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut :)

reposte un hijack stp

++
0
Réponse 13 / 18
C
 
ok merci pour ton aide je reposte un hijack

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:30:29, on 15/05/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\svchost.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Mixer.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.EXE
C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {620EEF7C-8570-4CDA-B8BB-8AEDF203258F} - C:\WINNT\Microsoft.NET\acbmcd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {DDE6BAD5-5713-46A6-B713-D5A43B641356} - C:\WINNT\system32\dpftmbka.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [Moniteur OfficeScanNT] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteAgent] C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [downloadmealwebshow] C:\Documents and Settings\All Users\Application Data\Axis Cash Download Meal\Aim road.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [MULTI LIVE] C:\DOCUME~1\ADMINI~1\APPLIC~1\SIZESE~1\drawbows.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\system32\mnmsrvc.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\system32\msasvc.exe (file missing)
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe
O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Scan en temps réel OfficeScanNT (ntrtscan) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe
O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Still Image Service (StiSvc) - Unknown owner - C:\WINNT\system32\stisvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe
O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe
O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe
0
Réponse 14 / 18
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

++
0
Réponse 15 / 18
Clara
 
[05/15/2007, 20:21:53] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[05/15/2007, 20:21:59] - Detected System Information:
[05/15/2007, 20:21:59] - Windows Version: 5.0.2195, Service Pack 4
[05/15/2007, 20:21:59] - Current Username: Administrateur (Admin)
[05/15/2007, 20:21:59] - Windows is in NORMAL mode.
[05/15/2007, 20:21:59] - Searching for Browser Helper Objects:
[05/15/2007, 20:21:59] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[05/15/2007, 20:21:59] - BHO 2: {620EEF7C-8570-4CDA-B8BB-8AEDF203258F} ()
[05/15/2007, 20:21:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/15/2007, 20:21:59] - Checking for HKLM\...\Winlogon\Notify\acbmcd
[05/15/2007, 20:21:59] - Key not found: HKLM\...\Winlogon\Notify\acbmcd, continuing.
[05/15/2007, 20:21:59] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/15/2007, 20:21:59] - BHO 4: {DDE6BAD5-5713-46A6-B713-D5A43B641356} ()
[05/15/2007, 20:21:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/15/2007, 20:21:59] - Checking for HKLM\...\Winlogon\Notify\dpftmbka
[05/15/2007, 20:21:59] - Key not found: HKLM\...\Winlogon\Notify\dpftmbka, continuing.
[05/15/2007, 20:21:59] - Finished Searching Browser Helper Objects
[05/15/2007, 20:21:59] - Finishing up...
[05/15/2007, 20:21:59] - Nothing found! Exiting...

main tenan hijackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:22:57, on 15/05/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\svchost.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Mixer.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.EXE
C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {620EEF7C-8570-4CDA-B8BB-8AEDF203258F} - C:\WINNT\Microsoft.NET\acbmcd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {DDE6BAD5-5713-46A6-B713-D5A43B641356} - C:\WINNT\system32\dpftmbka.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [Moniteur OfficeScanNT] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteAgent] C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [downloadmealwebshow] C:\Documents and Settings\All Users\Application Data\Axis Cash Download Meal\Aim road.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [MULTI LIVE] C:\DOCUME~1\ADMINI~1\APPLIC~1\SIZESE~1\drawbows.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\system32\mnmsrvc.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\system32\msasvc.exe (file missing)
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe
O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Scan en temps réel OfficeScanNT (ntrtscan) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe
O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Still Image Service (StiSvc) - Unknown owner - C:\WINNT\system32\stisvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe
O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe
O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe
0
Réponse 16 / 18
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Bien, fais ce qui est indiqué ici stp :

virus methode preliminaire de desinfection version fr

++
0
Réponse 17 / 18
Clara
 
euh auu fait tu aurais pas un anti-virus gratuit et très efficace pour mon ordinateur car je ne suis pas une pro des anti virus mais le mien me semble assez innneficace !!! meric d'avance
0
Réponse 18 / 18
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
voir ici : antivirus gratuit lequel choisir

++
0