[Virus] Trojan - Spyware ...
Résolu/Fermé
CurLy64
Messages postés
71
Date d'inscription
lundi 16 juillet 2007
Statut
Membre
Dernière intervention
18 février 2009
-
8 août 2007 à 07:48
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 - 23 août 2007 à 22:15
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 - 23 août 2007 à 22:15
A voir également:
- [Virus] Trojan - Spyware ...
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Message virus iphone site adulte - Forum iPhone
- Trojan wacatac ✓ - Forum Virus
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
18 réponses
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
8 août 2007 à 08:56
8 août 2007 à 08:56
Salut
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
A+
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
A+
CurLy64
Messages postés
71
Date d'inscription
lundi 16 juillet 2007
Statut
Membre
Dernière intervention
18 février 2009
4
9 août 2007 à 01:54
9 août 2007 à 01:54
Voici le log de VundoFix :
VundoFix V6.5.7
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 10:37:51 09/08/2007
Listing files found while scanning....
C:\windows\system32\cddvgtqd.dll
C:\windows\system32\cxreuxnq.ini
C:\WINDOWS\system32\dqtgvddc.ini
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\geede.dll
C:\windows\system32\ivxbovqj.ini
C:\windows\system32\jqvobxvi.dll
C:\windows\system32\qnxuerxc.dll
C:\WINDOWS\system32\tuvtqno.dll
C:\WINDOWS\system32\uvbubsbh.dll
Beginning removal...
Attempting to delete C:\windows\system32\cddvgtqd.dll
C:\windows\system32\cddvgtqd.dll Has been deleted!
Attempting to delete C:\windows\system32\cxreuxnq.ini
C:\windows\system32\cxreuxnq.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\dqtgvddc.ini
C:\WINDOWS\system32\dqtgvddc.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\edeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\geede.dll Has been deleted!
Attempting to delete C:\windows\system32\ivxbovqj.ini
C:\windows\system32\ivxbovqj.ini Has been deleted!
Attempting to delete C:\windows\system32\jqvobxvi.dll
C:\windows\system32\jqvobxvi.dll Has been deleted!
Attempting to delete C:\windows\system32\qnxuerxc.dll
C:\windows\system32\qnxuerxc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvtqno.dll
C:\WINDOWS\system32\tuvtqno.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\uvbubsbh.dll
C:\WINDOWS\system32\uvbubsbh.dll Has been deleted!
Performing Repairs to the registry.
Done!
Et le nouveau log de Hijackthis :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:52:10, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\4760\Netscape\server5\bin\https\bin\ns-httpd.exe
c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
c:\4760\Netscape\server5\bin\https\bin\httpd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\fdvrtblq.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
c:\4760\Netscape\server5\bin\slapd\server\ns-slapd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\4760\Netscape\server5\bin\slapd\server\slapd.exe
c:\4760\bin\svc_mgr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe
C:\Program Files\InstantTimeZone\InstantTimeZone.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\applics\Launcher400\LNCsrv.exe
C:\applics\Launcher400\LNCadm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Alcatel_PIMphony\aocphone.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
c:\4760\apache2\bin\apache.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\4760\apache2\bin\apache.exe
C:\Program Files\lotus\notes\ntaskldr.EXE
c:\4760\bin\ExecdEx.exe
c:\4760\bin\extractor.exe
C:\Program Files\Alcatel_PIMphony\UAProc.exe
C:\WINDOWS\System32\rsvp.exe
c:\4760\bin\LicenseServer.exe
C:\Program Files\Alcatel_PIMphony\abers.exe
c:\4760\bin\save_restore.exe
c:\4760\bin\scheduler.exe
c:\4760\bin\SecurityServer.exe
c:\4760\bin\ns_service.exe
c:\4760\bin\ComServer.exe
c:\4760\bin\cmisd.exe
c:\4760\bin\FaultManager.exe
c:\4760\bin\GCSAdmin.exe
c:\4760\bin\GCSConfig.exe
c:\4760\bin\loader.exe
c:\4760\bin\SyncLdapPbx.exe
C:\Documents and Settings\janeau\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\janeau\Application Data\explorer.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C8C729FD-9C9F-4D53-A419-EC5101ED52AF} - C:\WINDOWS\system32\geede.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Receiver] C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PerSonoCall] "C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" -nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lotus Notes 6.5.lnk = C:\Program Files\lotus\notes\notes.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: PIMphony.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launcher400.LNK = C:\applics\Launcher400\LNCsrv.exe
O4 - Global Startup: Windows Live Messenger.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105936747789
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\Software\..\Telephony: DomainName = intra.groupama.nc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\SYSTEM32\winbjt32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Sun One Administration Server 5.2 (admin52-serv) - Sun Microsystems Inc - c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe
O23 - Service: NMC Alarm server (AlarmServer) - Unknown owner - c:\4760\bin\FaultManager.exe
O23 - Service: Apache - Apache Software Foundation - c:\4760\apache2\bin\apache.exe
O23 - Service: NMC50 Database (ASANYs_nmc50) - iAnywhere Solutions, Inc. - c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: NMC CMISE server (Cmisd) - Unknown owner - c:\4760\bin\cmisd.exe
O23 - Service: NMC Communication Server (ComServer) - Unknown owner - c:\4760\bin\ComServer.exe
O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\fdvrtblq.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: NMC executables launcher (ExecdEx) - Unknown owner - c:\4760\bin\ExecdEx.exe
O23 - Service: NMC extractor (Extractor) - Unknown owner - c:\4760\bin\extractor.exe
O23 - Service: NMC GCS administration server (GCSAdmin) - Unknown owner - c:\4760\bin\GCSAdmin.exe
O23 - Service: NMC GCS config server (GCSConfig) - Unknown owner - c:\4760\bin\GCSConfig.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMC License server (LicenseServer) - Unknown owner - c:\4760\bin\LicenseServer.exe
O23 - Service: NMC Loader (Loader) - Unknown owner - c:\4760\bin\loader.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: ORBacus Notify Service (NotifyService) - Unknown owner - c:\4760\bin\ns_service.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: NMC Save/Restore (SaveRestore) - Unknown owner - c:\4760\bin\save_restore.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: NMC Scheduler (Scheduler) - Unknown owner - c:\4760\bin\scheduler.exe
O23 - Service: NMC Security Server (SecurityServer) - Unknown owner - c:\4760\bin\SecurityServer.exe
O23 - Service: ServiceOMC - Unknown owner - C:\WINDOWS\system32\ServiceOMC.exe
O23 - Service: Sun ONE Directory Server 5.2 (4760) (slapd-4760) - Unknown owner - c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: NMC Service Manager (svc_mgr) - Unknown owner - c:\4760\bin\svc_mgr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NMC Pbx/Ldap synchronization (SyncLdapPbx) - Unknown owner - c:\4760\bin\SyncLdapPbx.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
VundoFix V6.5.7
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 10:37:51 09/08/2007
Listing files found while scanning....
C:\windows\system32\cddvgtqd.dll
C:\windows\system32\cxreuxnq.ini
C:\WINDOWS\system32\dqtgvddc.ini
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\geede.dll
C:\windows\system32\ivxbovqj.ini
C:\windows\system32\jqvobxvi.dll
C:\windows\system32\qnxuerxc.dll
C:\WINDOWS\system32\tuvtqno.dll
C:\WINDOWS\system32\uvbubsbh.dll
Beginning removal...
Attempting to delete C:\windows\system32\cddvgtqd.dll
C:\windows\system32\cddvgtqd.dll Has been deleted!
Attempting to delete C:\windows\system32\cxreuxnq.ini
C:\windows\system32\cxreuxnq.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\dqtgvddc.ini
C:\WINDOWS\system32\dqtgvddc.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\edeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\geede.dll Has been deleted!
Attempting to delete C:\windows\system32\ivxbovqj.ini
C:\windows\system32\ivxbovqj.ini Has been deleted!
Attempting to delete C:\windows\system32\jqvobxvi.dll
C:\windows\system32\jqvobxvi.dll Has been deleted!
Attempting to delete C:\windows\system32\qnxuerxc.dll
C:\windows\system32\qnxuerxc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvtqno.dll
C:\WINDOWS\system32\tuvtqno.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\uvbubsbh.dll
C:\WINDOWS\system32\uvbubsbh.dll Has been deleted!
Performing Repairs to the registry.
Done!
Et le nouveau log de Hijackthis :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:52:10, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\4760\Netscape\server5\bin\https\bin\ns-httpd.exe
c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
c:\4760\Netscape\server5\bin\https\bin\httpd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\fdvrtblq.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
c:\4760\Netscape\server5\bin\slapd\server\ns-slapd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\4760\Netscape\server5\bin\slapd\server\slapd.exe
c:\4760\bin\svc_mgr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe
C:\Program Files\InstantTimeZone\InstantTimeZone.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\applics\Launcher400\LNCsrv.exe
C:\applics\Launcher400\LNCadm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Alcatel_PIMphony\aocphone.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
c:\4760\apache2\bin\apache.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\4760\apache2\bin\apache.exe
C:\Program Files\lotus\notes\ntaskldr.EXE
c:\4760\bin\ExecdEx.exe
c:\4760\bin\extractor.exe
C:\Program Files\Alcatel_PIMphony\UAProc.exe
C:\WINDOWS\System32\rsvp.exe
c:\4760\bin\LicenseServer.exe
C:\Program Files\Alcatel_PIMphony\abers.exe
c:\4760\bin\save_restore.exe
c:\4760\bin\scheduler.exe
c:\4760\bin\SecurityServer.exe
c:\4760\bin\ns_service.exe
c:\4760\bin\ComServer.exe
c:\4760\bin\cmisd.exe
c:\4760\bin\FaultManager.exe
c:\4760\bin\GCSAdmin.exe
c:\4760\bin\GCSConfig.exe
c:\4760\bin\loader.exe
c:\4760\bin\SyncLdapPbx.exe
C:\Documents and Settings\janeau\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\janeau\Application Data\explorer.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C8C729FD-9C9F-4D53-A419-EC5101ED52AF} - C:\WINDOWS\system32\geede.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Receiver] C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PerSonoCall] "C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" -nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lotus Notes 6.5.lnk = C:\Program Files\lotus\notes\notes.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: PIMphony.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launcher400.LNK = C:\applics\Launcher400\LNCsrv.exe
O4 - Global Startup: Windows Live Messenger.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105936747789
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\Software\..\Telephony: DomainName = intra.groupama.nc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\SYSTEM32\winbjt32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Sun One Administration Server 5.2 (admin52-serv) - Sun Microsystems Inc - c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe
O23 - Service: NMC Alarm server (AlarmServer) - Unknown owner - c:\4760\bin\FaultManager.exe
O23 - Service: Apache - Apache Software Foundation - c:\4760\apache2\bin\apache.exe
O23 - Service: NMC50 Database (ASANYs_nmc50) - iAnywhere Solutions, Inc. - c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: NMC CMISE server (Cmisd) - Unknown owner - c:\4760\bin\cmisd.exe
O23 - Service: NMC Communication Server (ComServer) - Unknown owner - c:\4760\bin\ComServer.exe
O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\fdvrtblq.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: NMC executables launcher (ExecdEx) - Unknown owner - c:\4760\bin\ExecdEx.exe
O23 - Service: NMC extractor (Extractor) - Unknown owner - c:\4760\bin\extractor.exe
O23 - Service: NMC GCS administration server (GCSAdmin) - Unknown owner - c:\4760\bin\GCSAdmin.exe
O23 - Service: NMC GCS config server (GCSConfig) - Unknown owner - c:\4760\bin\GCSConfig.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMC License server (LicenseServer) - Unknown owner - c:\4760\bin\LicenseServer.exe
O23 - Service: NMC Loader (Loader) - Unknown owner - c:\4760\bin\loader.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: ORBacus Notify Service (NotifyService) - Unknown owner - c:\4760\bin\ns_service.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: NMC Save/Restore (SaveRestore) - Unknown owner - c:\4760\bin\save_restore.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: NMC Scheduler (Scheduler) - Unknown owner - c:\4760\bin\scheduler.exe
O23 - Service: NMC Security Server (SecurityServer) - Unknown owner - c:\4760\bin\SecurityServer.exe
O23 - Service: ServiceOMC - Unknown owner - C:\WINDOWS\system32\ServiceOMC.exe
O23 - Service: Sun ONE Directory Server 5.2 (4760) (slapd-4760) - Unknown owner - c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: NMC Service Manager (svc_mgr) - Unknown owner - c:\4760\bin\svc_mgr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NMC Pbx/Ldap synchronization (SyncLdapPbx) - Unknown owner - c:\4760\bin\SyncLdapPbx.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
9 août 2007 à 11:39
9 août 2007 à 11:39
Re,
On continue...
Télécharge Combofix sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
On continue...
Télécharge Combofix sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
CurLy64
Messages postés
71
Date d'inscription
lundi 16 juillet 2007
Statut
Membre
Dernière intervention
18 février 2009
4
10 août 2007 à 00:23
10 août 2007 à 00:23
Allez log suivant :
ComboFix 07-08-09.3 - "bas" 2007-08-10 9:09:17.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.138 [GMT 11:00]
* Created a new restore point
[i] ADS removed - svchost.exe: deleted 58880 bytes in 1 streams. [/i]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\1_exception.nls
C:\WINDOWS\system32\ASPI32.EXE
C:\WINDOWS\system32\winbjt32.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_ASC3550U
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_ICF
-------\LEGACY_NPF
-------\DomainService
-------\ICF
-------\SysLibrary
((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))
2007-08-10 09:08 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 08:23 <REP> d-------- C:\Program Files\Windows Live
2007-08-10 08:22 <REP> d-------- C:\Program Files\MessengerDiscovery
2007-08-09 12:16 <REP> d-------- C:\Program Files\MegauploadToolbar
2007-08-09 12:16 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\MegauploadToolbar
2007-08-09 10:37 75,328 --a------ C:\WINDOWS\system32\fdvrtblq.exe
2007-08-09 10:37 <REP> d-------- C:\VundoFix Backups
2007-08-07 11:27 <REP> d-------- C:\Program Files\The Cleaner
2007-08-06 14:45 <REP> d-------- C:\Program Files\Lavasoft
2007-08-06 14:45 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-06 14:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-08-06 09:11 <REP> d-------- C:\Program Files\RegCleaner
2007-08-03 12:49 <REP> d-------- C:\pps
2007-07-25 12:04 <REP> d-------- C:\Program Files\PhotoFiltre
2007-07-25 10:29 <REP> d-------- C:\DOCUME~1\janeau\A4902Logs
2007-07-23 10:57 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\vlc
2007-07-23 09:29 <REP> d-------- C:\Program Files\VideoLAN
2007-07-16 16:09 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\Alcatel PIMphony
2007-07-16 15:48 <REP> d-------- C:\Program Files\Nice Recorder
2007-07-16 15:43 <REP> d-------- C:\Program Files\FuzLez
2007-07-16 15:43 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\FuzLez
2007-07-16 15:40 <REP> d-------- C:\My Recordings
2007-07-16 15:39 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-07-16 14:41 <REP> d-------- C:\Program Files\Audacity
2007-07-13 14:04 <REP> d-------- C:\Program Files\Cain
2007-07-13 13:19 39,424 --a------ C:\WINDOWS\zipinst.exe
2007-07-13 13:19 <REP> d-------- C:\Program Files\MessenPass
2007-07-13 08:56 <REP> d-------- C:\crark31
2007-07-11 14:49 <REP> d-------- C:\WhoLockMe104
2007-07-11 14:48 3,888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-10 09:14 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-08-10 09:12 --------- d-------- C:\Program Files\mIRC
2007-08-10 08:23 --------- d-------- C:\Program Files\MSN Messenger
2007-08-10 07:30 --------- d-------- C:\Program Files\Alcatel_PIMphony
2007-08-08 16:32 --------- d-------- C:\Program Files\Bonjour
2007-08-07 15:22 0 --a------ C:\CONFIG.SYS
2007-08-07 15:22 0 --a------ C:\AUTOEXEC.BAT
2007-08-06 13:31 14336 --a--c--- C:\WINDOWS\system32\dllcache\svchost.exe
2007-08-06 13:31 14336 --a------ C:\WINDOWS\system32\svchost.exe
2007-07-25 11:39 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\gtk-2.0
2007-07-23 12:58 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\U3
2007-07-02 09:06 --------- d-------- C:\Program Files\Webshots
2007-07-02 09:06 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\Webshots
2007-07-02 08:33 74752 --a------ C:\WINDOWS\ST6UNST.EXE
2007-07-02 08:33 290816 --------- C:\WINDOWS\Setup1.exe
2007-07-02 08:33 --------- d-------- C:\Program Files\SwitchWallPaper
2007-06-29 10:17 --------- d-------- C:\Program Files\MSN Pictures Displayer
2007-06-29 09:56 446976 --a------ C:\WINDOWS\system32\ShellMPD.dll
2007-06-29 09:56 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\MSN Pictures Displayer
2007-06-28 14:09 --------- d-------- C:\Program Files\PSPad editor
2007-06-28 14:09 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\WaterProof
2007-06-28 14:08 --------- d-------- C:\Program Files\WaterProof
2007-06-27 10:38 --------- d-------- C:\Program Files\Look@LAN
2007-06-27 10:32 720896 --a------ C:\WINDOWS\iun6002.exe
2007-06-26 14:40 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\X-Chat 2
2007-06-21 12:05 --------- d-------- C:\Program Files\InstantTimeZone
2007-06-20 08:23 45 ---h----- C:\WINDOWS\dsez2661.dat
2007-06-19 08:45 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\ICAClient
2007-06-19 08:32 --------- d-------- C:\Program Files\Citrix
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8C729FD-9C9F-4D53-A419-EC5101ED52AF}]
C:\WINDOWS\system32\geede.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-09-30 15:41]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-09-30 15:37]
"SetRefresh"="C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 18:01]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 15:46]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 05:20]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 05:20]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2002-05-07 05:20]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 05:20]
"JobHisInit"="C:\Program Files\RMClient\JobHisInit.exe" [2000-09-28 19:52]
"MplSetUp"="C:\Program Files\RMClient\MplSetUp.exe" [2000-11-04 21:09]
"WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [2004-06-20 20:45]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-03 19:21]
"Receiver"="C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe" [2004-11-12 10:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-15 16:50]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"PerSonoCall"="C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" [2004-12-09 11:03]
C:\Documents and Settings\janeau\Menu D‚marrer\Programmes\D‚marrage\
Lotus Notes 6.5.lnk - C:\Program Files\lotus\notes\notes.exe [2004-09-15 05:39:00]
MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-06-29 09:56:23]
PIMphony.lnk - C:\Program Files\Alcatel_PIMphony\aocphone.exe [2007-05-16 09:11:24]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-07-02 09:06:53]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
InstantTimeZone.lnk - C:\Program Files\InstantTimeZone\InstantTimeZone.exe [2006-09-03 02:39:36]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Launcher400.LNK - C:\applics\Launcher400\LNCsrv.exe [2005-09-06 17:16:43]
Windows Live Messenger.lnk - C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe [2007-07-06 09:22:06]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 ASANYs_nmc50;NMC50 Database;"c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe" -hvASANYs_nmc50
R2 cpqdfw;Diagnostics Driver;\??\C:\WINDOWS\System32\drivers\cpqdfw.sys
R2 cq_mem;Diagnostics Memory Driver;\??\C:\WINDOWS\System32\drivers\cq_mem.sys
R2 cqcpu;Diagnostics CPU Driver;\??\C:\WINDOWS\System32\drivers\cqcpu.sys
R2 hardlock;hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R2 slapd-4760;Sun ONE Directory Server 5.2 (4760);c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R2 svc_mgr;NMC Service Manager;"c:\4760\bin\svc_mgr.exe"
R3 ExecdEx;NMC executables launcher;"c:\4760\bin\ExecdEx.exe"
R3 Extractor;NMC extractor;"c:\4760\bin\extractor.exe"
R3 LicenseServer;NMC License server;"c:\4760\bin\LicenseServer.exe"
R3 NotifyService;ORBacus Notify Service;"c:\4760\bin\ns_service.exe"
R3 SaveRestore;NMC Save/Restore;"c:\4760\bin\save_restore.exe"
R3 Scheduler;NMC Scheduler;"c:\4760\bin\scheduler.exe"
R3 SecurityServer;NMC Security Server;"c:\4760\bin\SecurityServer.exe"
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys
S3 nm;Pilote du Moniteur réseau;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 ServiceOMC;ServiceOMC;C:\WINDOWS\system32\ServiceOMC.exe
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld
Start Pending3 ComServer;NMC Communication Server;"c:\4760\bin\ComServer.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Kelio\autorun\autorun.exe
*Newly Created Service* - APACHE
*Newly Created Service* - COMSERVER
*Newly Created Service* - EXECDEX
*Newly Created Service* - EXTRACTOR
*Newly Created Service* - LICENSESERVER
*Newly Created Service* - NOTIFYSERVICE
*Newly Created Service* - SAVERESTORE
*Newly Created Service* - SCHEDULER
*Newly Created Service* - SECURITYSERVER
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 09:15:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\admin52-serv]
"ImagePath"="c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe"
Completion time: 2007-08-10 9:18:07 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 09:17
--- E O F ---
Merci encore :)
ComboFix 07-08-09.3 - "bas" 2007-08-10 9:09:17.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.138 [GMT 11:00]
* Created a new restore point
[i] ADS removed - svchost.exe: deleted 58880 bytes in 1 streams. [/i]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\1_exception.nls
C:\WINDOWS\system32\ASPI32.EXE
C:\WINDOWS\system32\winbjt32.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_ASC3550U
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_ICF
-------\LEGACY_NPF
-------\DomainService
-------\ICF
-------\SysLibrary
((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))
2007-08-10 09:08 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 08:23 <REP> d-------- C:\Program Files\Windows Live
2007-08-10 08:22 <REP> d-------- C:\Program Files\MessengerDiscovery
2007-08-09 12:16 <REP> d-------- C:\Program Files\MegauploadToolbar
2007-08-09 12:16 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\MegauploadToolbar
2007-08-09 10:37 75,328 --a------ C:\WINDOWS\system32\fdvrtblq.exe
2007-08-09 10:37 <REP> d-------- C:\VundoFix Backups
2007-08-07 11:27 <REP> d-------- C:\Program Files\The Cleaner
2007-08-06 14:45 <REP> d-------- C:\Program Files\Lavasoft
2007-08-06 14:45 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-06 14:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-08-06 09:11 <REP> d-------- C:\Program Files\RegCleaner
2007-08-03 12:49 <REP> d-------- C:\pps
2007-07-25 12:04 <REP> d-------- C:\Program Files\PhotoFiltre
2007-07-25 10:29 <REP> d-------- C:\DOCUME~1\janeau\A4902Logs
2007-07-23 10:57 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\vlc
2007-07-23 09:29 <REP> d-------- C:\Program Files\VideoLAN
2007-07-16 16:09 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\Alcatel PIMphony
2007-07-16 15:48 <REP> d-------- C:\Program Files\Nice Recorder
2007-07-16 15:43 <REP> d-------- C:\Program Files\FuzLez
2007-07-16 15:43 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\FuzLez
2007-07-16 15:40 <REP> d-------- C:\My Recordings
2007-07-16 15:39 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-07-16 14:41 <REP> d-------- C:\Program Files\Audacity
2007-07-13 14:04 <REP> d-------- C:\Program Files\Cain
2007-07-13 13:19 39,424 --a------ C:\WINDOWS\zipinst.exe
2007-07-13 13:19 <REP> d-------- C:\Program Files\MessenPass
2007-07-13 08:56 <REP> d-------- C:\crark31
2007-07-11 14:49 <REP> d-------- C:\WhoLockMe104
2007-07-11 14:48 3,888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-10 09:14 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-08-10 09:12 --------- d-------- C:\Program Files\mIRC
2007-08-10 08:23 --------- d-------- C:\Program Files\MSN Messenger
2007-08-10 07:30 --------- d-------- C:\Program Files\Alcatel_PIMphony
2007-08-08 16:32 --------- d-------- C:\Program Files\Bonjour
2007-08-07 15:22 0 --a------ C:\CONFIG.SYS
2007-08-07 15:22 0 --a------ C:\AUTOEXEC.BAT
2007-08-06 13:31 14336 --a--c--- C:\WINDOWS\system32\dllcache\svchost.exe
2007-08-06 13:31 14336 --a------ C:\WINDOWS\system32\svchost.exe
2007-07-25 11:39 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\gtk-2.0
2007-07-23 12:58 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\U3
2007-07-02 09:06 --------- d-------- C:\Program Files\Webshots
2007-07-02 09:06 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\Webshots
2007-07-02 08:33 74752 --a------ C:\WINDOWS\ST6UNST.EXE
2007-07-02 08:33 290816 --------- C:\WINDOWS\Setup1.exe
2007-07-02 08:33 --------- d-------- C:\Program Files\SwitchWallPaper
2007-06-29 10:17 --------- d-------- C:\Program Files\MSN Pictures Displayer
2007-06-29 09:56 446976 --a------ C:\WINDOWS\system32\ShellMPD.dll
2007-06-29 09:56 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\MSN Pictures Displayer
2007-06-28 14:09 --------- d-------- C:\Program Files\PSPad editor
2007-06-28 14:09 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\WaterProof
2007-06-28 14:08 --------- d-------- C:\Program Files\WaterProof
2007-06-27 10:38 --------- d-------- C:\Program Files\Look@LAN
2007-06-27 10:32 720896 --a------ C:\WINDOWS\iun6002.exe
2007-06-26 14:40 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\X-Chat 2
2007-06-21 12:05 --------- d-------- C:\Program Files\InstantTimeZone
2007-06-20 08:23 45 ---h----- C:\WINDOWS\dsez2661.dat
2007-06-19 08:45 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\ICAClient
2007-06-19 08:32 --------- d-------- C:\Program Files\Citrix
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8C729FD-9C9F-4D53-A419-EC5101ED52AF}]
C:\WINDOWS\system32\geede.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-09-30 15:41]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-09-30 15:37]
"SetRefresh"="C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 18:01]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 15:46]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 05:20]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 05:20]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2002-05-07 05:20]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 05:20]
"JobHisInit"="C:\Program Files\RMClient\JobHisInit.exe" [2000-09-28 19:52]
"MplSetUp"="C:\Program Files\RMClient\MplSetUp.exe" [2000-11-04 21:09]
"WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [2004-06-20 20:45]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-03 19:21]
"Receiver"="C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe" [2004-11-12 10:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-15 16:50]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"PerSonoCall"="C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" [2004-12-09 11:03]
C:\Documents and Settings\janeau\Menu D‚marrer\Programmes\D‚marrage\
Lotus Notes 6.5.lnk - C:\Program Files\lotus\notes\notes.exe [2004-09-15 05:39:00]
MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-06-29 09:56:23]
PIMphony.lnk - C:\Program Files\Alcatel_PIMphony\aocphone.exe [2007-05-16 09:11:24]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-07-02 09:06:53]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
InstantTimeZone.lnk - C:\Program Files\InstantTimeZone\InstantTimeZone.exe [2006-09-03 02:39:36]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Launcher400.LNK - C:\applics\Launcher400\LNCsrv.exe [2005-09-06 17:16:43]
Windows Live Messenger.lnk - C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe [2007-07-06 09:22:06]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 ASANYs_nmc50;NMC50 Database;"c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe" -hvASANYs_nmc50
R2 cpqdfw;Diagnostics Driver;\??\C:\WINDOWS\System32\drivers\cpqdfw.sys
R2 cq_mem;Diagnostics Memory Driver;\??\C:\WINDOWS\System32\drivers\cq_mem.sys
R2 cqcpu;Diagnostics CPU Driver;\??\C:\WINDOWS\System32\drivers\cqcpu.sys
R2 hardlock;hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R2 slapd-4760;Sun ONE Directory Server 5.2 (4760);c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R2 svc_mgr;NMC Service Manager;"c:\4760\bin\svc_mgr.exe"
R3 ExecdEx;NMC executables launcher;"c:\4760\bin\ExecdEx.exe"
R3 Extractor;NMC extractor;"c:\4760\bin\extractor.exe"
R3 LicenseServer;NMC License server;"c:\4760\bin\LicenseServer.exe"
R3 NotifyService;ORBacus Notify Service;"c:\4760\bin\ns_service.exe"
R3 SaveRestore;NMC Save/Restore;"c:\4760\bin\save_restore.exe"
R3 Scheduler;NMC Scheduler;"c:\4760\bin\scheduler.exe"
R3 SecurityServer;NMC Security Server;"c:\4760\bin\SecurityServer.exe"
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys
S3 nm;Pilote du Moniteur réseau;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 ServiceOMC;ServiceOMC;C:\WINDOWS\system32\ServiceOMC.exe
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld
Start Pending3 ComServer;NMC Communication Server;"c:\4760\bin\ComServer.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Kelio\autorun\autorun.exe
*Newly Created Service* - APACHE
*Newly Created Service* - COMSERVER
*Newly Created Service* - EXECDEX
*Newly Created Service* - EXTRACTOR
*Newly Created Service* - LICENSESERVER
*Newly Created Service* - NOTIFYSERVICE
*Newly Created Service* - SAVERESTORE
*Newly Created Service* - SCHEDULER
*Newly Created Service* - SECURITYSERVER
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 09:15:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\admin52-serv]
"ImagePath"="c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe"
Completion time: 2007-08-10 9:18:07 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 09:17
--- E O F ---
Merci encore :)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
salut quelqu en utilise mon msn
meme en chnageant de code il le recupere
je dois avoir un programme qu il utilise
a laide
ci joint bloc hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:20, on 10/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - https://www.canalplus.com/canalplay/
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
meme en chnageant de code il le recupere
je dois avoir un programme qu il utilise
a laide
ci joint bloc hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:20, on 10/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - https://www.canalplus.com/canalplay/
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
philae83
Messages postés
12837
Date d'inscription
mercredi 3 janvier 2007
Statut
Contributeur sécurité
Dernière intervention
8 décembre 2009
206
10 août 2007 à 01:02
10 août 2007 à 01:02
bonsoir CurLy64,
marco,
tu dois te créer un sujet pour ton problème pour ne pas interférer dans celui ci. Merci. Quelqu'un te viendra en aide.
ps : hello Quentin :)
marco,
tu dois te créer un sujet pour ton problème pour ne pas interférer dans celui ci. Merci. Quelqu'un te viendra en aide.
ps : hello Quentin :)
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
10 août 2007 à 10:55
10 août 2007 à 10:55
Coucou Catherine,
Merco :-)
Remet un HijackThis !
A+
Merco :-)
Remet un HijackThis !
A+
CurLy64
Messages postés
71
Date d'inscription
lundi 16 juillet 2007
Statut
Membre
Dernière intervention
18 février 2009
4
13 août 2007 à 03:46
13 août 2007 à 03:46
Ce matin, j'ai l'AV qui supprimé un trojan.vundo dans systeme32 ... décidemment, il est tenace celui la :/
Voici comme demandé un nouveau log de HiJackThis :
M'ci :)
Voici comme demandé un nouveau log de HiJackThis :
Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 12:43, on 2007-08-13 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\4760\Netscape\server5\bin\https\bin\ns-httpd.exe c:\4760\Netscape\server5\bin\https\bin\httpd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\UltraVNC\WinVNC.exe C:\Program Files\MSN Messenger\usnsvc.exe c:\4760\Netscape\server5\bin\slapd\server\ns-slapd.exe c:\4760\Netscape\server5\bin\slapd\server\slapd.exe c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe c:\4760\bin\svc_mgr.exe c:\4760\apache2\bin\apache.exe C:\4760\apache2\bin\apache.exe c:\4760\bin\ExecdEx.exe c:\4760\bin\extractor.exe c:\4760\bin\LicenseServer.exe c:\4760\bin\save_restore.exe c:\4760\bin\scheduler.exe c:\4760\bin\SecurityServer.exe c:\4760\bin\ns_service.exe c:\4760\bin\ComServer.exe c:\4760\bin\cmisd.exe c:\4760\bin\FaultManager.exe c:\4760\bin\GCSAdmin.exe c:\4760\bin\GCSConfig.exe c:\4760\bin\loader.exe c:\4760\bin\SyncLdapPbx.exe C:\Program Files\Citrix\Client ICA\ssonsvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe C:\Program Files\InstantTimeZone\InstantTimeZone.exe C:\applics\Launcher400\LNCsrv.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\applics\Launcher400\LNCadm.exe C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe C:\Program Files\Alcatel_PIMphony\aocphone.exe C:\Program Files\lotus\notes\NLNOTES.EXE C:\Program Files\Webshots\webshots.scr C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe C:\Program Files\Alcatel_PIMphony\UAProc.exe C:\WINDOWS\System32\rsvp.exe C:\Program Files\Alcatel_PIMphony\abers.exe C:\Program Files\lotus\notes\ntaskldr.EXE C:\Program Files\mIRC\mirc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Documents and Settings\janeau\Bureau\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local., R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {C8C729FD-9C9F-4D53-A419-EC5101ED52AF} - C:\WINDOWS\system32\geede.dll (file missing) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Receiver] C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PerSonoCall] "C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" -nosplash O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Lotus Notes 6.5.lnk = C:\Program Files\lotus\notes\notes.exe O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe O4 - Startup: PIMphony.lnk = ? O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Launcher400.LNK = C:\applics\Launcher400\LNCsrv.exe O4 - Global Startup: Windows Live Messenger.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105936747789 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intra.groupama.nc O17 - HKLM\Software\..\Telephony: DomainName = intra.groupama.nc O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intra.groupama.nc O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intra.groupama.nc O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Sun One Administration Server 5.2 (admin52-serv) - Sun Microsystems Inc - c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe O23 - Service: NMC Alarm server (AlarmServer) - Unknown owner - c:\4760\bin\FaultManager.exe O23 - Service: Apache - Apache Software Foundation - c:\4760\apache2\bin\apache.exe O23 - Service: NMC50 Database (ASANYs_nmc50) - iAnywhere Solutions, Inc. - c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: NMC CMISE server (Cmisd) - Unknown owner - c:\4760\bin\cmisd.exe O23 - Service: NMC Communication Server (ComServer) - Unknown owner - c:\4760\bin\ComServer.exe O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: NMC executables launcher (ExecdEx) - Unknown owner - c:\4760\bin\ExecdEx.exe O23 - Service: NMC extractor (Extractor) - Unknown owner - c:\4760\bin\extractor.exe O23 - Service: NMC GCS administration server (GCSAdmin) - Unknown owner - c:\4760\bin\GCSAdmin.exe O23 - Service: NMC GCS config server (GCSConfig) - Unknown owner - c:\4760\bin\GCSConfig.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMC License server (LicenseServer) - Unknown owner - c:\4760\bin\LicenseServer.exe O23 - Service: NMC Loader (Loader) - Unknown owner - c:\4760\bin\loader.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: ORBacus Notify Service (NotifyService) - Unknown owner - c:\4760\bin\ns_service.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: NMC Save/Restore (SaveRestore) - Unknown owner - c:\4760\bin\save_restore.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: NMC Scheduler (Scheduler) - Unknown owner - c:\4760\bin\scheduler.exe O23 - Service: NMC Security Server (SecurityServer) - Unknown owner - c:\4760\bin\SecurityServer.exe O23 - Service: ServiceOMC - Unknown owner - C:\WINDOWS\system32\ServiceOMC.exe O23 - Service: Sun ONE Directory Server 5.2 (4760) (slapd-4760) - Unknown owner - c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: NMC Service Manager (svc_mgr) - Unknown owner - c:\4760\bin\svc_mgr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: NMC Pbx/Ldap synchronization (SyncLdapPbx) - Unknown owner - c:\4760\bin\SyncLdapPbx.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe -- End of file - 12516 bytes
M'ci :)
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
13 août 2007 à 08:09
13 août 2007 à 08:09
Salut
Met un rapport Combofix.
A+
Met un rapport Combofix.
A+
CurLy64
Messages postés
71
Date d'inscription
lundi 16 juillet 2007
Statut
Membre
Dernière intervention
18 février 2009
4
14 août 2007 à 03:13
14 août 2007 à 03:13
C'est l'histoire sans fin version informatisé :]
Tata :)
ComboFix 07-08-09.3 - "bas" 2007-08-14 12:07:08.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.150 [GMT 11:00]
((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))
2007-08-10 09:08 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 08:23 <REP> d-------- C:\Program Files\Windows Live
2007-08-10 08:22 <REP> d-------- C:\Program Files\MessengerDiscovery
2007-08-09 12:16 <REP> d-------- C:\Program Files\MegauploadToolbar
2007-08-09 12:16 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\MegauploadToolbar
2007-08-09 10:37 <REP> d-------- C:\VundoFix Backups
2007-08-07 11:27 <REP> d-------- C:\Program Files\The Cleaner
2007-08-06 14:45 <REP> d-------- C:\Program Files\Lavasoft
2007-08-06 14:45 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-06 14:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-08-06 09:11 <REP> d-------- C:\Program Files\RegCleaner
2007-08-03 12:49 <REP> d-------- C:\pps
2007-07-25 12:04 <REP> d-------- C:\Program Files\PhotoFiltre
2007-07-25 10:29 <REP> d-------- C:\DOCUME~1\janeau\A4902Logs
2007-07-23 10:57 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\vlc
2007-07-23 09:29 <REP> d-------- C:\Program Files\VideoLAN
2007-07-16 16:09 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\Alcatel PIMphony
2007-07-16 15:48 <REP> d-------- C:\Program Files\Nice Recorder
2007-07-16 15:43 <REP> d-------- C:\Program Files\FuzLez
2007-07-16 15:43 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\FuzLez
2007-07-16 15:40 <REP> d-------- C:\My Recordings
2007-07-16 15:39 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-07-16 14:41 <REP> d-------- C:\Program Files\Audacity
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-14 11:47 --------- d-------- C:\Program Files\mIRC
2007-08-14 07:27 --------- d-------- C:\Program Files\Alcatel_PIMphony
2007-08-13 16:45 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-08-10 08:23 --------- d-------- C:\Program Files\MSN Messenger
2007-08-08 16:32 --------- d-------- C:\Program Files\Bonjour
2007-08-07 15:22 0 --a------ C:\CONFIG.SYS
2007-08-07 15:22 0 --a------ C:\AUTOEXEC.BAT
2007-08-06 13:31 14336 --a--c--- C:\WINDOWS\system32\dllcache\svchost.exe
2007-08-06 13:31 14336 --a------ C:\WINDOWS\system32\svchost.exe
2007-07-25 11:39 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\gtk-2.0
2007-07-23 12:58 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\U3
2007-07-13 15:04 --------- d-------- C:\Program Files\Cain
2007-07-13 13:19 39424 --a------ C:\WINDOWS\zipinst.exe
2007-07-13 13:19 --------- d-------- C:\Program Files\MessenPass
2007-07-11 14:52 3888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2007-07-02 09:06 --------- d-------- C:\Program Files\Webshots
2007-07-02 09:06 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\Webshots
2007-07-02 08:33 74752 --a------ C:\WINDOWS\ST6UNST.EXE
2007-07-02 08:33 290816 --------- C:\WINDOWS\Setup1.exe
2007-07-02 08:33 --------- d-------- C:\Program Files\SwitchWallPaper
2007-06-29 10:17 --------- d-------- C:\Program Files\MSN Pictures Displayer
2007-06-29 09:56 446976 --a------ C:\WINDOWS\system32\ShellMPD.dll
2007-06-29 09:56 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\MSN Pictures Displayer
2007-06-28 14:09 --------- d-------- C:\Program Files\PSPad editor
2007-06-28 14:09 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\WaterProof
2007-06-28 14:08 --------- d-------- C:\Program Files\WaterProof
2007-06-27 10:38 --------- d-------- C:\Program Files\Look@LAN
2007-06-27 10:32 720896 --a------ C:\WINDOWS\iun6002.exe
2007-06-26 14:40 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\X-Chat 2
2007-06-21 12:05 --------- d-------- C:\Program Files\InstantTimeZone
2007-06-20 08:23 45 ---h----- C:\WINDOWS\dsez2661.dat
2007-06-19 08:45 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\ICAClient
2007-06-19 08:32 --------- d-------- C:\Program Files\Citrix
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8C729FD-9C9F-4D53-A419-EC5101ED52AF}]
C:\WINDOWS\system32\geede.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-09-30 15:41]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-09-30 15:37]
"SetRefresh"="C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 18:01]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 15:46]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 05:20]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 05:20]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2002-05-07 05:20]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 05:20]
"JobHisInit"="C:\Program Files\RMClient\JobHisInit.exe" [2000-09-28 19:52]
"MplSetUp"="C:\Program Files\RMClient\MplSetUp.exe" [2000-11-04 21:09]
"WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [2004-06-20 20:45]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-03 19:21]
"Receiver"="C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe" [2004-11-12 10:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-15 16:50]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"PerSonoCall"="C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" [2004-12-09 11:03]
C:\Documents and Settings\janeau\Menu D‚marrer\Programmes\D‚marrage\
Lotus Notes 6.5.lnk - C:\Program Files\lotus\notes\notes.exe [2004-09-15 05:39:00]
MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-06-29 09:56:23]
PIMphony.lnk - C:\Program Files\Alcatel_PIMphony\aocphone.exe [2007-05-16 09:11:24]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-07-02 09:06:53]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
InstantTimeZone.lnk - C:\Program Files\InstantTimeZone\InstantTimeZone.exe [2006-09-03 02:39:36]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Launcher400.LNK - C:\applics\Launcher400\LNCsrv.exe [2005-09-06 17:16:43]
Windows Live Messenger.lnk - C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe [2007-07-06 09:22:06]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 ASANYs_nmc50;NMC50 Database;"c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe" -hvASANYs_nmc50
R2 cpqdfw;Diagnostics Driver;\??\C:\WINDOWS\System32\drivers\cpqdfw.sys
R2 cq_mem;Diagnostics Memory Driver;\??\C:\WINDOWS\System32\drivers\cq_mem.sys
R2 cqcpu;Diagnostics CPU Driver;\??\C:\WINDOWS\System32\drivers\cqcpu.sys
R2 hardlock;hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R2 slapd-4760;Sun ONE Directory Server 5.2 (4760);c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R2 svc_mgr;NMC Service Manager;"c:\4760\bin\svc_mgr.exe"
R3 AlarmServer;NMC Alarm server;"c:\4760\bin\FaultManager.exe"
R3 Cmisd;NMC CMISE server;"c:\4760\bin\cmisd.exe"
R3 ComServer;NMC Communication Server;"c:\4760\bin\ComServer.exe"
R3 ExecdEx;NMC executables launcher;"c:\4760\bin\ExecdEx.exe"
R3 Extractor;NMC extractor;"c:\4760\bin\extractor.exe"
R3 GCSAdmin;NMC GCS administration server;"c:\4760\bin\GCSAdmin.exe"
R3 GCSConfig;NMC GCS config server;"c:\4760\bin\GCSConfig.exe"
R3 LicenseServer;NMC License server;"c:\4760\bin\LicenseServer.exe"
R3 Loader;NMC Loader;"c:\4760\bin\loader.exe"
R3 NotifyService;ORBacus Notify Service;"c:\4760\bin\ns_service.exe"
R3 SaveRestore;NMC Save/Restore;"c:\4760\bin\save_restore.exe"
R3 Scheduler;NMC Scheduler;"c:\4760\bin\scheduler.exe"
R3 SecurityServer;NMC Security Server;"c:\4760\bin\SecurityServer.exe"
R3 SyncLdapPbx;NMC Pbx/Ldap synchronization;"c:\4760\bin\SyncLdapPbx.exe"
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys
S3 nm;Pilote du Moniteur réseau;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 ServiceOMC;ServiceOMC;C:\WINDOWS\system32\ServiceOMC.exe
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Kelio\autorun\autorun.exe
*Newly Created Service* - ALARMSERVER
*Newly Created Service* - APACHE
*Newly Created Service* - CMISD
*Newly Created Service* - COMSERVER
*Newly Created Service* - EXECDEX
*Newly Created Service* - EXTRACTOR
*Newly Created Service* - GCSADMIN
*Newly Created Service* - GCSCONFIG
*Newly Created Service* - LICENSESERVER
*Newly Created Service* - LOADER
*Newly Created Service* - NOTIFYSERVICE
*Newly Created Service* - SAVERESTORE
*Newly Created Service* - SCHEDULER
*Newly Created Service* - SECURITYSERVER
*Newly Created Service* - SYNCLDAPPBX
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 12:10:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\admin52-serv]
"ImagePath"="c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe"
Completion time: 2007-08-14 12:11:04
C:\ComboFix-quarantined-files.txt ... 2007-08-14 12:10
C:\ComboFix2.txt ... 2007-08-10 09:18
--- E O F ---
Tata :)
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
14 août 2007 à 10:39
14 août 2007 à 10:39
Salut,
Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier : C:\WINDOWS\iun6002.exe
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799
Et relance Vundofix. Copie colle le rapport.
Remet egalement un HijackThis.
Dis moi ou en sont tes soucis.
A+
Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier : C:\WINDOWS\iun6002.exe
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799
Et relance Vundofix. Copie colle le rapport.
Remet egalement un HijackThis.
Dis moi ou en sont tes soucis.
A+
CurLy64
Messages postés
71
Date d'inscription
lundi 16 juillet 2007
Statut
Membre
Dernière intervention
18 février 2009
4
16 août 2007 à 04:07
16 août 2007 à 04:07
Plus besoin de log a mon avis, ca a rien trouvé :)
Depuis 2/3 jours, j'ai plus d'alerte, plus de lag, bref on dirait bien que c'est reglé.
Merci beaucoup pour ton aide Regis59, t'es un chef ;)
Depuis 2/3 jours, j'ai plus d'alerte, plus de lag, bref on dirait bien que c'est reglé.
Merci beaucoup pour ton aide Regis59, t'es un chef ;)
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
16 août 2007 à 10:26
16 août 2007 à 10:26
Salut
Autant bien terminé le travail nan? S'assurer que tout est ?
a+
Autant bien terminé le travail nan? S'assurer que tout est ?
a+
CurLy64
Messages postés
71
Date d'inscription
lundi 16 juillet 2007
Statut
Membre
Dernière intervention
18 février 2009
4
20 août 2007 à 00:38
20 août 2007 à 00:38
Salut,
Bon ben comme tu veux, voici un nouveau log HiJackThis tout frais, tout neuf de ce matin :)
Bye !
Bon ben comme tu veux, voici un nouveau log HiJackThis tout frais, tout neuf de ce matin :)
Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 09:35, on 2007-08-20 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\4760\Netscape\server5\bin\https\bin\ns-httpd.exe c:\4760\Netscape\server5\bin\https\bin\httpd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Citrix\Client ICA\ssonsvr.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\UltraVNC\WinVNC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\InstantTimeZone\InstantTimeZone.exe C:\applics\Launcher400\LNCsrv.exe C:\applics\Launcher400\LNCadm.exe C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe C:\Program Files\Alcatel_PIMphony\aocphone.exe C:\Program Files\Webshots\webshots.scr C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\rsvp.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Alcatel_PIMphony\UAProc.exe C:\Program Files\Alcatel_PIMphony\abers.exe C:\WINDOWS\system32\WISPTIS.EXE c:\4760\Netscape\server5\bin\slapd\server\ns-slapd.exe c:\4760\Netscape\server5\bin\slapd\server\slapd.exe c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe c:\4760\bin\svc_mgr.exe c:\4760\apache2\bin\apache.exe C:\4760\apache2\bin\apache.exe c:\4760\bin\ExecdEx.exe c:\4760\bin\extractor.exe c:\4760\bin\LicenseServer.exe c:\4760\bin\save_restore.exe c:\4760\bin\scheduler.exe c:\4760\bin\SecurityServer.exe c:\4760\bin\ns_service.exe c:\4760\bin\ComServer.exe c:\4760\bin\cmisd.exe c:\4760\bin\FaultManager.exe c:\4760\bin\GCSAdmin.exe c:\4760\bin\GCSConfig.exe c:\4760\bin\loader.exe c:\4760\bin\SyncLdapPbx.exe C:\Program Files\lotus\notes\NLNOTES.EXE C:\Program Files\lotus\notes\ntaskldr.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\janeau\Bureau\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local., R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {C8C729FD-9C9F-4D53-A419-EC5101ED52AF} - C:\WINDOWS\system32\geede.dll (file missing) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Receiver] C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PerSonoCall] "C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" -nosplash O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Lotus Notes 6.5.lnk = C:\Program Files\lotus\notes\notes.exe O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe O4 - Startup: PIMphony.lnk = ? O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Launcher400.LNK = C:\applics\Launcher400\LNCsrv.exe O4 - Global Startup: Windows Live Messenger.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105936747789 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intra.groupama.nc O17 - HKLM\Software\..\Telephony: DomainName = intra.groupama.nc O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intra.groupama.nc O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intra.groupama.nc O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Sun One Administration Server 5.2 (admin52-serv) - Sun Microsystems Inc - c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe O23 - Service: NMC Alarm server (AlarmServer) - Unknown owner - c:\4760\bin\FaultManager.exe O23 - Service: Apache - Apache Software Foundation - c:\4760\apache2\bin\apache.exe O23 - Service: NMC50 Database (ASANYs_nmc50) - iAnywhere Solutions, Inc. - c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: NMC CMISE server (Cmisd) - Unknown owner - c:\4760\bin\cmisd.exe O23 - Service: NMC Communication Server (ComServer) - Unknown owner - c:\4760\bin\ComServer.exe O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: NMC executables launcher (ExecdEx) - Unknown owner - c:\4760\bin\ExecdEx.exe O23 - Service: NMC extractor (Extractor) - Unknown owner - c:\4760\bin\extractor.exe O23 - Service: NMC GCS administration server (GCSAdmin) - Unknown owner - c:\4760\bin\GCSAdmin.exe O23 - Service: NMC GCS config server (GCSConfig) - Unknown owner - c:\4760\bin\GCSConfig.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMC License server (LicenseServer) - Unknown owner - c:\4760\bin\LicenseServer.exe O23 - Service: NMC Loader (Loader) - Unknown owner - c:\4760\bin\loader.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: ORBacus Notify Service (NotifyService) - Unknown owner - c:\4760\bin\ns_service.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: NMC Save/Restore (SaveRestore) - Unknown owner - c:\4760\bin\save_restore.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: NMC Scheduler (Scheduler) - Unknown owner - c:\4760\bin\scheduler.exe O23 - Service: NMC Security Server (SecurityServer) - Unknown owner - c:\4760\bin\SecurityServer.exe O23 - Service: ServiceOMC - Unknown owner - C:\WINDOWS\system32\ServiceOMC.exe O23 - Service: Sun ONE Directory Server 5.2 (4760) (slapd-4760) - Unknown owner - c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: NMC Service Manager (svc_mgr) - Unknown owner - c:\4760\bin\svc_mgr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: NMC Pbx/Ldap synchronization (SyncLdapPbx) - Unknown owner - c:\4760\bin\SyncLdapPbx.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe -- End of file - 12430 bytes
Bye !
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
20 août 2007 à 09:49
20 août 2007 à 09:49
Salut
C'est un PC de bureau, non?
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C8C729FD-9C9F-4D53-A419-EC5101ED52AF} - C:\WINDOWS\system32\geede.dll (file missing)
Ferme HijackThis.
A+
C'est un PC de bureau, non?
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C8C729FD-9C9F-4D53-A419-EC5101ED52AF} - C:\WINDOWS\system32\geede.dll (file missing)
Ferme HijackThis.
A+
CurLy64
Messages postés
71
Date d'inscription
lundi 16 juillet 2007
Statut
Membre
Dernière intervention
18 février 2009
4
20 août 2007 à 23:41
20 août 2007 à 23:41
Bonjour Regis,
Oui c'est un pc de bureau, allez je fix tout ça, merci :)
Oui c'est un pc de bureau, allez je fix tout ça, merci :)
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
21 août 2007 à 10:03
21 août 2007 à 10:03
Ok,
Ou en sont tes soucis?
a+
Ou en sont tes soucis?
a+
CurLy64
Messages postés
71
Date d'inscription
lundi 16 juillet 2007
Statut
Membre
Dernière intervention
18 février 2009
4
23 août 2007 à 00:48
23 août 2007 à 00:48
Y'en a plus, grâce a ton aide :)
Merci beaucoup :)
Merci beaucoup :)
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
23 août 2007 à 22:15
23 août 2007 à 22:15
De rien,
Bonne soirée
Bonne soirée
