[Virus] Trojan - Spyware ...

Résolu
CurLy64 Messages postés 71 Statut Membre -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Salut,

Pour une fois, c'est moi qui est besoin d'aide ...

Ca fait deja quelques jour que j'ai un virus (trojan) et d'autres saloperie, je vous met donc en premier lieu les messages d'alertes envoyé par Symantec Antivirus :

[quote]08/08/2007 15:59:28,ddlbbcas.exe,Downloader,Fichier,Supprimé,E98GNC002A,bas,C:\WINDOWS\system32\,Supprimé,Supprimé,Nettoyer le virus du fichier,Supprimer le fichier infecté,Analyse manuelle,Le fichier a été supprimé.
08/08/2007 13:23:11,kcehc_eicooc20070702[1],Trojan.Vundo,Fichier,Supprimé,E98GNC002A,bas,C:\Documents and Settings\janeau\Local Settings\Temporary Internet Files\Content.IE5\RI07V1O1\,Supprimé,Supprimé,Nettoyer le virus du fichier,Supprimer le fichier infecté,Analyse Auto-Protect,Le fichier a été supprimé.
08/08/2007 13:20:51,masiyxanidi[2],Downloader,Fichier,Conservé,E98GNC002A,bas,C:\Documents and Settings\janeau\Local Settings\Temporary Internet Files\Content.IE5\4TUR0HQB\,Infectés,C:\Documents and Settings\janeau\Local Settings\Temporary Internet Files\Content.IE5\4TUR0HQB\,Nettoyer le virus du fichier,Supprimer le fichier infecté,Analyse Auto-Protect,Le fichier n’a pas été modifié.[/quote]

Voila en gros ce que ca donne ... c'est Downloader, et Trojan.Vundo, j'ai redemarré en mode sans échec, scanné avec Symantec, virer les fichiers temporaire, scanné avec The Cleaner, ad-aware, spybot et j'ai toujours ces saloperie ...

Je vous donne également le log de HiJackThis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:21:45, on 08/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\4760\Netscape\server5\bin\https\bin\ns-httpd.exe
c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
c:\4760\Netscape\server5\bin\https\bin\httpd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
c:\4760\Netscape\server5\bin\slapd\server\ns-slapd.exe
c:\4760\Netscape\server5\bin\slapd\server\slapd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\4760\bin\svc_mgr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\Documents and Settings\janeau\Application Data\explorer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe
C:\Program Files\InstantTimeZone\InstantTimeZone.exe
C:\applics\Launcher400\LNCsrv.exe
C:\applics\Launcher400\LNCadm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Alcatel_PIMphony\aocphone.exe
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\Webshots\webshots.scr
c:\4760\apache2\bin\apache.exe
C:\Program Files\Messenger\msmsgs.exe
C:\4760\apache2\bin\apache.exe
c:\4760\bin\ExecdEx.exe
c:\4760\bin\extractor.exe
c:\4760\bin\LicenseServer.exe
C:\Program Files\lotus\notes\ntaskldr.EXE
c:\4760\bin\save_restore.exe
c:\4760\bin\scheduler.exe
c:\4760\bin\SecurityServer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\4760\bin\ns_service.exe
c:\4760\bin\ComServer.exe
c:\4760\bin\cmisd.exe
c:\4760\bin\FaultManager.exe
c:\4760\bin\GCSAdmin.exe
c:\4760\bin\GCSConfig.exe
c:\4760\bin\loader.exe
c:\4760\bin\SyncLdapPbx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alcatel_PIMphony\UAProc.exe
C:\Program Files\Alcatel_PIMphony\abers.exe
C:\WINDOWS\System32\rsvp.exe
U:\-= truc =-\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\janeau\Application Data\explorer.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5A4A2D56-931A-4733-9121-033A2D95A274} - C:\WINDOWS\system32\tuvtqno.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A2B5476A-23EB-4180-9C40-49ABF9615620} - C:\WINDOWS\system32\geede.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\uvbubsbh.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Receiver] C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\cddvgtqd.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PerSonoCall] "C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" -nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lotus Notes 6.5.lnk = C:\Program Files\lotus\notes\notes.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: PIMphony.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launcher400.LNK = C:\applics\Launcher400\LNCsrv.exe
O4 - Global Startup: Windows Live Messenger.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105936747789
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\Software\..\Telephony: DomainName = intra.groupama.nc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O20 - Winlogon Notify: geede - C:\WINDOWS\system32\geede.dll
O20 - Winlogon Notify: tuvtqno - C:\WINDOWS\SYSTEM32\tuvtqno.dll
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\SYSTEM32\winbjt32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Sun One Administration Server 5.2 (admin52-serv) - Sun Microsystems Inc - c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe
O23 - Service: NMC Alarm server (AlarmServer) - Unknown owner - c:\4760\bin\FaultManager.exe
O23 - Service: Apache - Apache Software Foundation - c:\4760\apache2\bin\apache.exe
O23 - Service: NMC50 Database (ASANYs_nmc50) - iAnywhere Solutions, Inc. - c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NMC CMISE server (Cmisd) - Unknown owner - c:\4760\bin\cmisd.exe
O23 - Service: NMC Communication Server (ComServer) - Unknown owner - c:\4760\bin\ComServer.exe
O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: NMC executables launcher (ExecdEx) - Unknown owner - c:\4760\bin\ExecdEx.exe
O23 - Service: NMC extractor (Extractor) - Unknown owner - c:\4760\bin\extractor.exe
O23 - Service: NMC GCS administration server (GCSAdmin) - Unknown owner - c:\4760\bin\GCSAdmin.exe
O23 - Service: NMC GCS config server (GCSConfig) - Unknown owner - c:\4760\bin\GCSConfig.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMC License server (LicenseServer) - Unknown owner - c:\4760\bin\LicenseServer.exe
O23 - Service: NMC Loader (Loader) - Unknown owner - c:\4760\bin\loader.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: ORBacus Notify Service (NotifyService) - Unknown owner - c:\4760\bin\ns_service.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: NMC Save/Restore (SaveRestore) - Unknown owner - c:\4760\bin\save_restore.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: NMC Scheduler (Scheduler) - Unknown owner - c:\4760\bin\scheduler.exe
O23 - Service: NMC Security Server (SecurityServer) - Unknown owner - c:\4760\bin\SecurityServer.exe
O23 - Service: ServiceOMC - Unknown owner - C:\WINDOWS\system32\ServiceOMC.exe
O23 - Service: Sun ONE Directory Server 5.2 (4760) (slapd-4760) - Unknown owner - c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: NMC Service Manager (svc_mgr) - Unknown owner - c:\4760\bin\svc_mgr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NMC Pbx/Ldap synchronization (SyncLdapPbx) - Unknown owner - c:\4760\bin\SyncLdapPbx.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 12952 bytes

Sachant que j'ai deja supprimé le fichier explorer.exe contenu dans Application Data (il n'avait rien a faire la Oo')

Merci de votre aide :)
Configuration: Windows XP
Firefox 2.0.0.6

18 réponses

  1.
    Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    Double-clique VundoFix.exe afin de le lancer.
    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.
    Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    A+
    0
  2. CurLy64 Messages postés 71 Statut Membre 4
     
    Voici le log de VundoFix :

    VundoFix V6.5.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 10:37:51 09/08/2007

    Listing files found while scanning....

    C:\windows\system32\cddvgtqd.dll
    C:\windows\system32\cxreuxnq.ini
    C:\WINDOWS\system32\dqtgvddc.ini
    C:\WINDOWS\system32\edeeg.bak1
    C:\WINDOWS\system32\edeeg.bak2
    C:\WINDOWS\system32\edeeg.ini
    C:\WINDOWS\system32\geede.dll
    C:\windows\system32\ivxbovqj.ini
    C:\windows\system32\jqvobxvi.dll
    C:\windows\system32\qnxuerxc.dll
    C:\WINDOWS\system32\tuvtqno.dll
    C:\WINDOWS\system32\uvbubsbh.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\cddvgtqd.dll
    C:\windows\system32\cddvgtqd.dll Has been deleted!

    Attempting to delete C:\windows\system32\cxreuxnq.ini
    C:\windows\system32\cxreuxnq.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dqtgvddc.ini
    C:\WINDOWS\system32\dqtgvddc.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\edeeg.bak1
    C:\WINDOWS\system32\edeeg.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\edeeg.bak2
    C:\WINDOWS\system32\edeeg.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\edeeg.ini
    C:\WINDOWS\system32\edeeg.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\geede.dll
    C:\WINDOWS\system32\geede.dll Has been deleted!

    Attempting to delete C:\windows\system32\ivxbovqj.ini
    C:\windows\system32\ivxbovqj.ini Has been deleted!

    Attempting to delete C:\windows\system32\jqvobxvi.dll
    C:\windows\system32\jqvobxvi.dll Has been deleted!

    Attempting to delete C:\windows\system32\qnxuerxc.dll
    C:\windows\system32\qnxuerxc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tuvtqno.dll
    C:\WINDOWS\system32\tuvtqno.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\uvbubsbh.dll
    C:\WINDOWS\system32\uvbubsbh.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Et le nouveau log de Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10:52:10, on 09/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    c:\4760\Netscape\server5\bin\https\bin\ns-httpd.exe
    c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
    c:\4760\Netscape\server5\bin\https\bin\httpd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\fdvrtblq.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    c:\4760\Netscape\server5\bin\slapd\server\ns-slapd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    c:\4760\Netscape\server5\bin\slapd\server\slapd.exe
    c:\4760\bin\svc_mgr.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\Program Files\Citrix\Client ICA\ssonsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe
    C:\Program Files\InstantTimeZone\InstantTimeZone.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\applics\Launcher400\LNCsrv.exe
    C:\applics\Launcher400\LNCadm.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    C:\Program Files\Alcatel_PIMphony\aocphone.exe
    C:\Program Files\Webshots\webshots.scr
    C:\Program Files\lotus\notes\NLNOTES.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\svchost.exe
    c:\4760\apache2\bin\apache.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\4760\apache2\bin\apache.exe
    C:\Program Files\lotus\notes\ntaskldr.EXE
    c:\4760\bin\ExecdEx.exe
    c:\4760\bin\extractor.exe
    C:\Program Files\Alcatel_PIMphony\UAProc.exe
    C:\WINDOWS\System32\rsvp.exe
    c:\4760\bin\LicenseServer.exe
    C:\Program Files\Alcatel_PIMphony\abers.exe
    c:\4760\bin\save_restore.exe
    c:\4760\bin\scheduler.exe
    c:\4760\bin\SecurityServer.exe
    c:\4760\bin\ns_service.exe
    c:\4760\bin\ComServer.exe
    c:\4760\bin\cmisd.exe
    c:\4760\bin\FaultManager.exe
    c:\4760\bin\GCSAdmin.exe
    c:\4760\bin\GCSConfig.exe
    c:\4760\bin\loader.exe
    c:\4760\bin\SyncLdapPbx.exe
    C:\Documents and Settings\janeau\Bureau\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\janeau\Application Data\explorer.exe,
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {C8C729FD-9C9F-4D53-A419-EC5101ED52AF} - C:\WINDOWS\system32\geede.dll (file missing)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
    O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
    O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
    O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
    O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
    O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Receiver] C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PerSonoCall] "C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" -nosplash
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Lotus Notes 6.5.lnk = C:\Program Files\lotus\notes\notes.exe
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Startup: PIMphony.lnk = ?
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Launcher400.LNK = C:\applics\Launcher400\LNCsrv.exe
    O4 - Global Startup: Windows Live Messenger.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105936747789
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intra.groupama.nc
    O17 - HKLM\Software\..\Telephony: DomainName = intra.groupama.nc
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intra.groupama.nc
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intra.groupama.nc
    O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\SYSTEM32\winbjt32.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Sun One Administration Server 5.2 (admin52-serv) - Sun Microsystems Inc - c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe
    O23 - Service: NMC Alarm server (AlarmServer) - Unknown owner - c:\4760\bin\FaultManager.exe
    O23 - Service: Apache - Apache Software Foundation - c:\4760\apache2\bin\apache.exe
    O23 - Service: NMC50 Database (ASANYs_nmc50) - iAnywhere Solutions, Inc. - c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: NMC CMISE server (Cmisd) - Unknown owner - c:\4760\bin\cmisd.exe
    O23 - Service: NMC Communication Server (ComServer) - Unknown owner - c:\4760\bin\ComServer.exe
    O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\fdvrtblq.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: NMC executables launcher (ExecdEx) - Unknown owner - c:\4760\bin\ExecdEx.exe
    O23 - Service: NMC extractor (Extractor) - Unknown owner - c:\4760\bin\extractor.exe
    O23 - Service: NMC GCS administration server (GCSAdmin) - Unknown owner - c:\4760\bin\GCSAdmin.exe
    O23 - Service: NMC GCS config server (GCSConfig) - Unknown owner - c:\4760\bin\GCSConfig.exe
    O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMC License server (LicenseServer) - Unknown owner - c:\4760\bin\LicenseServer.exe
    O23 - Service: NMC Loader (Loader) - Unknown owner - c:\4760\bin\loader.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: ORBacus Notify Service (NotifyService) - Unknown owner - c:\4760\bin\ns_service.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: NMC Save/Restore (SaveRestore) - Unknown owner - c:\4760\bin\save_restore.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: NMC Scheduler (Scheduler) - Unknown owner - c:\4760\bin\scheduler.exe
    O23 - Service: NMC Security Server (SecurityServer) - Unknown owner - c:\4760\bin\SecurityServer.exe
    O23 - Service: ServiceOMC - Unknown owner - C:\WINDOWS\system32\ServiceOMC.exe
    O23 - Service: Sun ONE Directory Server 5.2 (4760) (slapd-4760) - Unknown owner - c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: NMC Service Manager (svc_mgr) - Unknown owner - c:\4760\bin\svc_mgr.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: NMC Pbx/Ldap synchronization (SyncLdapPbx) - Unknown owner - c:\4760\bin\SyncLdapPbx.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
    O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
    0
  3. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re,

    On continue...

    Télécharge Combofix sUBs :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    0
  4. CurLy64 Messages postés 71 Statut Membre 4
     
    Allez log suivant :

    ComboFix 07-08-09.3 - "bas" 2007-08-10 9:09:17.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.138 [GMT 11:00]
    * Created a new restore point

    [i] ADS removed - svchost.exe: deleted 58880 bytes in 1 streams. [/i]

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\1_exception.nls
    C:\WINDOWS\system32\ASPI32.EXE
    C:\WINDOWS\system32\winbjt32.dll

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\LEGACY_ASC3550U
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_ICF
    -------\LEGACY_NPF
    -------\DomainService
    -------\ICF
    -------\SysLibrary

    ((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))

    2007-08-10 09:08 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-10 08:23 <REP> d-------- C:\Program Files\Windows Live
    2007-08-10 08:22 <REP> d-------- C:\Program Files\MessengerDiscovery
    2007-08-09 12:16 <REP> d-------- C:\Program Files\MegauploadToolbar
    2007-08-09 12:16 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\MegauploadToolbar
    2007-08-09 10:37 75,328 --a------ C:\WINDOWS\system32\fdvrtblq.exe
    2007-08-09 10:37 <REP> d-------- C:\VundoFix Backups
    2007-08-07 11:27 <REP> d-------- C:\Program Files\The Cleaner
    2007-08-06 14:45 <REP> d-------- C:\Program Files\Lavasoft
    2007-08-06 14:45 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-08-06 14:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-08-06 09:11 <REP> d-------- C:\Program Files\RegCleaner
    2007-08-03 12:49 <REP> d-------- C:\pps
    2007-07-25 12:04 <REP> d-------- C:\Program Files\PhotoFiltre
    2007-07-25 10:29 <REP> d-------- C:\DOCUME~1\janeau\A4902Logs
    2007-07-23 10:57 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\vlc
    2007-07-23 09:29 <REP> d-------- C:\Program Files\VideoLAN
    2007-07-16 16:09 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\Alcatel PIMphony
    2007-07-16 15:48 <REP> d-------- C:\Program Files\Nice Recorder
    2007-07-16 15:43 <REP> d-------- C:\Program Files\FuzLez
    2007-07-16 15:43 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\FuzLez
    2007-07-16 15:40 <REP> d-------- C:\My Recordings
    2007-07-16 15:39 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
    2007-07-16 14:41 <REP> d-------- C:\Program Files\Audacity
    2007-07-13 14:04 <REP> d-------- C:\Program Files\Cain
    2007-07-13 13:19 39,424 --a------ C:\WINDOWS\zipinst.exe
    2007-07-13 13:19 <REP> d-------- C:\Program Files\MessenPass
    2007-07-13 08:56 <REP> d-------- C:\crark31
    2007-07-11 14:49 <REP> d-------- C:\WhoLockMe104
    2007-07-11 14:48 3,888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-10 09:14 --------- d-------- C:\Program Files\Symantec AntiVirus
    2007-08-10 09:12 --------- d-------- C:\Program Files\mIRC
    2007-08-10 08:23 --------- d-------- C:\Program Files\MSN Messenger
    2007-08-10 07:30 --------- d-------- C:\Program Files\Alcatel_PIMphony
    2007-08-08 16:32 --------- d-------- C:\Program Files\Bonjour
    2007-08-07 15:22 0 --a------ C:\CONFIG.SYS
    2007-08-07 15:22 0 --a------ C:\AUTOEXEC.BAT
    2007-08-06 13:31 14336 --a--c--- C:\WINDOWS\system32\dllcache\svchost.exe
    2007-08-06 13:31 14336 --a------ C:\WINDOWS\system32\svchost.exe
    2007-07-25 11:39 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\gtk-2.0
    2007-07-23 12:58 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\U3
    2007-07-02 09:06 --------- d-------- C:\Program Files\Webshots
    2007-07-02 09:06 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\Webshots
    2007-07-02 08:33 74752 --a------ C:\WINDOWS\ST6UNST.EXE
    2007-07-02 08:33 290816 --------- C:\WINDOWS\Setup1.exe
    2007-07-02 08:33 --------- d-------- C:\Program Files\SwitchWallPaper
    2007-06-29 10:17 --------- d-------- C:\Program Files\MSN Pictures Displayer
    2007-06-29 09:56 446976 --a------ C:\WINDOWS\system32\ShellMPD.dll
    2007-06-29 09:56 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\MSN Pictures Displayer
    2007-06-28 14:09 --------- d-------- C:\Program Files\PSPad editor
    2007-06-28 14:09 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\WaterProof
    2007-06-28 14:08 --------- d-------- C:\Program Files\WaterProof
    2007-06-27 10:38 --------- d-------- C:\Program Files\Look@LAN
    2007-06-27 10:32 720896 --a------ C:\WINDOWS\iun6002.exe
    2007-06-26 14:40 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\X-Chat 2
    2007-06-21 12:05 --------- d-------- C:\Program Files\InstantTimeZone
    2007-06-20 08:23 45 ---h----- C:\WINDOWS\dsez2661.dat
    2007-06-19 08:45 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\ICAClient
    2007-06-19 08:32 --------- d-------- C:\Program Files\Citrix

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8C729FD-9C9F-4D53-A419-EC5101ED52AF}]
    C:\WINDOWS\system32\geede.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-09-30 15:41]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-09-30 15:37]
    "SetRefresh"="C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 18:01]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 15:46]
    "Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 05:20]
    "Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 05:20]
    "Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2002-05-07 05:20]
    "Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 05:20]
    "JobHisInit"="C:\Program Files\RMClient\JobHisInit.exe" [2000-09-28 19:52]
    "MplSetUp"="C:\Program Files\RMClient\MplSetUp.exe" [2000-11-04 21:09]
    "WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [2004-06-20 20:45]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-03 19:21]
    "Receiver"="C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe" [2004-11-12 10:28]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-15 16:50]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
    "PerSonoCall"="C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" [2004-12-09 11:03]

    C:\Documents and Settings\janeau\Menu D‚marrer\Programmes\D‚marrage\
    Lotus Notes 6.5.lnk - C:\Program Files\lotus\notes\notes.exe [2004-09-15 05:39:00]
    MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-06-29 09:56:23]
    PIMphony.lnk - C:\Program Files\Alcatel_PIMphony\aocphone.exe [2007-05-16 09:11:24]
    Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-07-02 09:06:53]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    InstantTimeZone.lnk - C:\Program Files\InstantTimeZone\InstantTimeZone.exe [2006-09-03 02:39:36]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Launcher400.LNK - C:\applics\Launcher400\LNCsrv.exe [2005-09-06 17:16:43]
    Windows Live Messenger.lnk - C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe [2007-07-06 09:22:06]

    R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    R2 ASANYs_nmc50;NMC50 Database;"c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe" -hvASANYs_nmc50
    R2 cpqdfw;Diagnostics Driver;\??\C:\WINDOWS\System32\drivers\cpqdfw.sys
    R2 cq_mem;Diagnostics Memory Driver;\??\C:\WINDOWS\System32\drivers\cq_mem.sys
    R2 cqcpu;Diagnostics CPU Driver;\??\C:\WINDOWS\System32\drivers\cqcpu.sys
    R2 hardlock;hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
    R2 slapd-4760;Sun ONE Directory Server 5.2 (4760);c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
    R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    R2 svc_mgr;NMC Service Manager;"c:\4760\bin\svc_mgr.exe"
    R3 ExecdEx;NMC executables launcher;"c:\4760\bin\ExecdEx.exe"
    R3 Extractor;NMC extractor;"c:\4760\bin\extractor.exe"
    R3 LicenseServer;NMC License server;"c:\4760\bin\LicenseServer.exe"
    R3 NotifyService;ORBacus Notify Service;"c:\4760\bin\ns_service.exe"
    R3 SaveRestore;NMC Save/Restore;"c:\4760\bin\save_restore.exe"
    R3 Scheduler;NMC Scheduler;"c:\4760\bin\scheduler.exe"
    R3 SecurityServer;NMC Security Server;"c:\4760\bin\SecurityServer.exe"
    S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys
    S3 nm;Pilote du Moniteur réseau;C:\WINDOWS\system32\DRIVERS\NMnt.sys
    S3 ServiceOMC;ServiceOMC;C:\WINDOWS\system32\ServiceOMC.exe
    S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice
    S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld
    Start Pending3 ComServer;NMC Communication Server;"c:\4760\bin\ComServer.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- D:\Kelio\autorun\autorun.exe

    *Newly Created Service* - APACHE
    *Newly Created Service* - COMSERVER
    *Newly Created Service* - EXECDEX
    *Newly Created Service* - EXTRACTOR
    *Newly Created Service* - LICENSESERVER
    *Newly Created Service* - NOTIFYSERVICE
    *Newly Created Service* - SAVERESTORE
    *Newly Created Service* - SCHEDULER
    *Newly Created Service* - SECURITYSERVER

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-10 09:15:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\admin52-serv]
    "ImagePath"="c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe"

    Completion time: 2007-08-10 9:18:07 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-08-10 09:17

    --- E O F ---

    Merci encore :)
    0

  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. marco
     
    salut quelqu en utilise mon msn
    meme en chnageant de code il le recupere
    je dois avoir un programme qu il utilise
    a laide
    ci joint bloc hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:31:20, on 10/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Mio Technology\MioSync\mioSync.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
    O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
    O15 - Trusted Zone: *.canalplay.com
    O15 - Trusted Zone: *.canalplusactive.com
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - https://www.canalplus.com/canalplay/
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    0
    1. philae83 Messages postés 12854 Statut Contributeur sécurité 206
       
      bonsoir CurLy64,

      marco,

      tu dois te créer un sujet pour ton problème pour ne pas interférer dans celui ci. Merci. Quelqu'un te viendra en aide.

      ps : hello Quentin :)
      0
  7. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Coucou Catherine,

    Merco :-)

    Remet un HijackThis !

    A+
    0
  8. CurLy64 Messages postés 71 Statut Membre 4
     
    Ce matin, j'ai l'AV qui supprimé un trojan.vundo dans systeme32 ... décidemment, il est tenace celui la :/

    Voici comme demandé un nouveau log de HiJackThis : 

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:43, on 2007-08-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\4760\Netscape\server5\bin\https\bin\ns-httpd.exe
c:\4760\Netscape\server5\bin\https\bin\httpd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\4760\Netscape\server5\bin\slapd\server\ns-slapd.exe
c:\4760\Netscape\server5\bin\slapd\server\slapd.exe
c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
c:\4760\bin\svc_mgr.exe
c:\4760\apache2\bin\apache.exe
C:\4760\apache2\bin\apache.exe
c:\4760\bin\ExecdEx.exe
c:\4760\bin\extractor.exe
c:\4760\bin\LicenseServer.exe
c:\4760\bin\save_restore.exe
c:\4760\bin\scheduler.exe
c:\4760\bin\SecurityServer.exe
c:\4760\bin\ns_service.exe
c:\4760\bin\ComServer.exe
c:\4760\bin\cmisd.exe
c:\4760\bin\FaultManager.exe
c:\4760\bin\GCSAdmin.exe
c:\4760\bin\GCSConfig.exe
c:\4760\bin\loader.exe
c:\4760\bin\SyncLdapPbx.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe
C:\Program Files\InstantTimeZone\InstantTimeZone.exe
C:\applics\Launcher400\LNCsrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\applics\Launcher400\LNCadm.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Alcatel_PIMphony\aocphone.exe
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Alcatel_PIMphony\UAProc.exe
C:\WINDOWS\System32\rsvp.exe
C:\Program Files\Alcatel_PIMphony\abers.exe
C:\Program Files\lotus\notes\ntaskldr.EXE
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\janeau\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C8C729FD-9C9F-4D53-A419-EC5101ED52AF} - C:\WINDOWS\system32\geede.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Receiver] C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PerSonoCall] "C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" -nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lotus Notes 6.5.lnk = C:\Program Files\lotus\notes\notes.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: PIMphony.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launcher400.LNK = C:\applics\Launcher400\LNCsrv.exe
O4 - Global Startup: Windows Live Messenger.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105936747789
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\Software\..\Telephony: DomainName = intra.groupama.nc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Sun One Administration Server 5.2 (admin52-serv) - Sun Microsystems Inc - c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe
O23 - Service: NMC Alarm server (AlarmServer) - Unknown owner - c:\4760\bin\FaultManager.exe
O23 - Service: Apache - Apache Software Foundation - c:\4760\apache2\bin\apache.exe
O23 - Service: NMC50 Database (ASANYs_nmc50) - iAnywhere Solutions, Inc. - c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: NMC CMISE server (Cmisd) - Unknown owner - c:\4760\bin\cmisd.exe
O23 - Service: NMC Communication Server (ComServer) - Unknown owner - c:\4760\bin\ComServer.exe
O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: NMC executables launcher (ExecdEx) - Unknown owner - c:\4760\bin\ExecdEx.exe
O23 - Service: NMC extractor (Extractor) - Unknown owner - c:\4760\bin\extractor.exe
O23 - Service: NMC GCS administration server (GCSAdmin) - Unknown owner - c:\4760\bin\GCSAdmin.exe
O23 - Service: NMC GCS config server (GCSConfig) - Unknown owner - c:\4760\bin\GCSConfig.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMC License server (LicenseServer) - Unknown owner - c:\4760\bin\LicenseServer.exe
O23 - Service: NMC Loader (Loader) - Unknown owner - c:\4760\bin\loader.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: ORBacus Notify Service (NotifyService) - Unknown owner - c:\4760\bin\ns_service.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: NMC Save/Restore (SaveRestore) - Unknown owner - c:\4760\bin\save_restore.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: NMC Scheduler (Scheduler) - Unknown owner - c:\4760\bin\scheduler.exe
O23 - Service: NMC Security Server (SecurityServer) - Unknown owner - c:\4760\bin\SecurityServer.exe
O23 - Service: ServiceOMC - Unknown owner - C:\WINDOWS\system32\ServiceOMC.exe
O23 - Service: Sun ONE Directory Server 5.2 (4760) (slapd-4760) - Unknown owner - c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: NMC Service Manager (svc_mgr) - Unknown owner - c:\4760\bin\svc_mgr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NMC Pbx/Ldap synchronization (SyncLdapPbx) - Unknown owner - c:\4760\bin\SyncLdapPbx.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 12516 bytes


    M'ci :)
    0
  9. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Met un rapport Combofix.

    A+
    0
  10. CurLy64 Messages postés 71 Statut Membre 4
     
    C'est l'histoire sans fin version informatisé :] 

    ComboFix 07-08-09.3 - "bas" 2007-08-14 12:07:08.2 - NTFSx86 
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.150 [GMT 11:00]


(((((((((((((((((((((((((   Files Created from 2007-07-14 to 2007-08-14  )))))))))))))))))))))))))))))))


2007-08-10 09:08	51,200	--a------	C:\WINDOWS\nircmd.exe
2007-08-10 08:23	<REP>	d--------	C:\Program Files\Windows Live
2007-08-10 08:22	<REP>	d--------	C:\Program Files\MessengerDiscovery
2007-08-09 12:16	<REP>	d--------	C:\Program Files\MegauploadToolbar
2007-08-09 12:16	<REP>	d--------	C:\DOCUME~1\janeau\APPLIC~1\MegauploadToolbar
2007-08-09 10:37	<REP>	d--------	C:\VundoFix Backups
2007-08-07 11:27	<REP>	d--------	C:\Program Files\The Cleaner
2007-08-06 14:45	<REP>	d--------	C:\Program Files\Lavasoft
2007-08-06 14:45	<REP>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-06 14:44	<REP>	d--------	C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-08-06 09:11	<REP>	d--------	C:\Program Files\RegCleaner
2007-08-03 12:49	<REP>	d--------	C:\pps
2007-07-25 12:04	<REP>	d--------	C:\Program Files\PhotoFiltre
2007-07-25 10:29	<REP>	d--------	C:\DOCUME~1\janeau\A4902Logs
2007-07-23 10:57	<REP>	d--------	C:\DOCUME~1\janeau\APPLIC~1\vlc
2007-07-23 09:29	<REP>	d--------	C:\Program Files\VideoLAN
2007-07-16 16:09	<REP>	d--------	C:\DOCUME~1\janeau\APPLIC~1\Alcatel PIMphony
2007-07-16 15:48	<REP>	d--------	C:\Program Files\Nice Recorder
2007-07-16 15:43	<REP>	d--------	C:\Program Files\FuzLez
2007-07-16 15:43	<REP>	d--------	C:\DOCUME~1\janeau\APPLIC~1\FuzLez
2007-07-16 15:40	<REP>	d--------	C:\My Recordings
2007-07-16 15:39	344,064	--a------	C:\WINDOWS\system32\msvcr70.dll
2007-07-16 14:41	<REP>	d--------	C:\Program Files\Audacity


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-14 11:47	---------	d--------	C:\Program Files\mIRC
2007-08-14 07:27	---------	d--------	C:\Program Files\Alcatel_PIMphony
2007-08-13 16:45	---------	d--------	C:\Program Files\Symantec AntiVirus
2007-08-10 08:23	---------	d--------	C:\Program Files\MSN Messenger
2007-08-08 16:32	---------	d--------	C:\Program Files\Bonjour
2007-08-07 15:22	0	--a------	C:\CONFIG.SYS
2007-08-07 15:22	0	--a------	C:\AUTOEXEC.BAT
2007-08-06 13:31	14336	--a--c---	C:\WINDOWS\system32\dllcache\svchost.exe
2007-08-06 13:31	14336	--a------	C:\WINDOWS\system32\svchost.exe
2007-07-25 11:39	---------	d--------	C:\DOCUME~1\janeau\APPLIC~1\gtk-2.0
2007-07-23 12:58	---------	d--------	C:\DOCUME~1\janeau\APPLIC~1\U3
2007-07-13 15:04	---------	d--------	C:\Program Files\Cain
2007-07-13 13:19	39424	--a------	C:\WINDOWS\zipinst.exe
2007-07-13 13:19	---------	d--------	C:\Program Files\MessenPass
2007-07-11 14:52	3888	--a------	C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2007-07-02 09:06	---------	d--------	C:\Program Files\Webshots
2007-07-02 09:06	---------	d--------	C:\DOCUME~1\janeau\APPLIC~1\Webshots
2007-07-02 08:33	74752	--a------	C:\WINDOWS\ST6UNST.EXE
2007-07-02 08:33	290816	---------	C:\WINDOWS\Setup1.exe
2007-07-02 08:33	---------	d--------	C:\Program Files\SwitchWallPaper
2007-06-29 10:17	---------	d--------	C:\Program Files\MSN Pictures Displayer
2007-06-29 09:56	446976	--a------	C:\WINDOWS\system32\ShellMPD.dll
2007-06-29 09:56	---------	d--------	C:\DOCUME~1\janeau\APPLIC~1\MSN Pictures Displayer
2007-06-28 14:09	---------	d--------	C:\Program Files\PSPad editor
2007-06-28 14:09	---------	d--------	C:\DOCUME~1\janeau\APPLIC~1\WaterProof
2007-06-28 14:08	---------	d--------	C:\Program Files\WaterProof
2007-06-27 10:38	---------	d--------	C:\Program Files\Look@LAN
2007-06-27 10:32	720896	--a------	C:\WINDOWS\iun6002.exe
2007-06-26 14:40	---------	d--------	C:\DOCUME~1\janeau\APPLIC~1\X-Chat 2
2007-06-21 12:05	---------	d--------	C:\Program Files\InstantTimeZone
2007-06-20 08:23	45	---h-----	C:\WINDOWS\dsez2661.dat
2007-06-19 08:45	---------	d--------	C:\DOCUME~1\janeau\APPLIC~1\ICAClient
2007-06-19 08:32	---------	d--------	C:\Program Files\Citrix


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8C729FD-9C9F-4D53-A419-EC5101ED52AF}]
			C:\WINDOWS\system32\geede.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-09-30 15:41]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-09-30 15:37]
"SetRefresh"="C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 18:01]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 15:46]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 05:20]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 05:20]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2002-05-07 05:20]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 05:20]
"JobHisInit"="C:\Program Files\RMClient\JobHisInit.exe" [2000-09-28 19:52]
"MplSetUp"="C:\Program Files\RMClient\MplSetUp.exe" [2000-11-04 21:09]
"WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [2004-06-20 20:45]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-03 19:21]
"Receiver"="C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe" [2004-11-12 10:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-15 16:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"PerSonoCall"="C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" [2004-12-09 11:03]

C:\Documents and Settings\janeau\Menu D‚marrer\Programmes\D‚marrage\
Lotus Notes 6.5.lnk - C:\Program Files\lotus\notes\notes.exe [2004-09-15 05:39:00]
MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-06-29 09:56:23]
PIMphony.lnk - C:\Program Files\Alcatel_PIMphony\aocphone.exe [2007-05-16 09:11:24]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-07-02 09:06:53]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
InstantTimeZone.lnk - C:\Program Files\InstantTimeZone\InstantTimeZone.exe [2006-09-03 02:39:36]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Launcher400.LNK - C:\applics\Launcher400\LNCsrv.exe [2005-09-06 17:16:43]
Windows Live Messenger.lnk - C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe [2007-07-06 09:22:06]

R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 ASANYs_nmc50;NMC50 Database;"c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe" -hvASANYs_nmc50
R2 cpqdfw;Diagnostics Driver;\??\C:\WINDOWS\System32\drivers\cpqdfw.sys
R2 cq_mem;Diagnostics Memory Driver;\??\C:\WINDOWS\System32\drivers\cq_mem.sys
R2 cqcpu;Diagnostics CPU Driver;\??\C:\WINDOWS\System32\drivers\cqcpu.sys
R2 hardlock;hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R2 slapd-4760;Sun ONE Directory Server 5.2 (4760);c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R2 svc_mgr;NMC Service Manager;"c:\4760\bin\svc_mgr.exe"
R3 AlarmServer;NMC Alarm server;"c:\4760\bin\FaultManager.exe"
R3 Cmisd;NMC CMISE server;"c:\4760\bin\cmisd.exe"
R3 ComServer;NMC Communication Server;"c:\4760\bin\ComServer.exe"
R3 ExecdEx;NMC executables launcher;"c:\4760\bin\ExecdEx.exe"
R3 Extractor;NMC extractor;"c:\4760\bin\extractor.exe"
R3 GCSAdmin;NMC GCS administration server;"c:\4760\bin\GCSAdmin.exe"
R3 GCSConfig;NMC GCS config server;"c:\4760\bin\GCSConfig.exe"
R3 LicenseServer;NMC License server;"c:\4760\bin\LicenseServer.exe"
R3 Loader;NMC Loader;"c:\4760\bin\loader.exe"
R3 NotifyService;ORBacus Notify Service;"c:\4760\bin\ns_service.exe"
R3 SaveRestore;NMC Save/Restore;"c:\4760\bin\save_restore.exe"
R3 Scheduler;NMC Scheduler;"c:\4760\bin\scheduler.exe"
R3 SecurityServer;NMC Security Server;"c:\4760\bin\SecurityServer.exe"
R3 SyncLdapPbx;NMC Pbx/Ldap synchronization;"c:\4760\bin\SyncLdapPbx.exe"
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys
S3 nm;Pilote du Moniteur réseau;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 ServiceOMC;ServiceOMC;C:\WINDOWS\system32\ServiceOMC.exe
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Kelio\autorun\autorun.exe

*Newly Created Service* - ALARMSERVER
*Newly Created Service* - APACHE
*Newly Created Service* - CMISD
*Newly Created Service* - COMSERVER
*Newly Created Service* - EXECDEX
*Newly Created Service* - EXTRACTOR
*Newly Created Service* - GCSADMIN
*Newly Created Service* - GCSCONFIG
*Newly Created Service* - LICENSESERVER
*Newly Created Service* - LOADER
*Newly Created Service* - NOTIFYSERVICE
*Newly Created Service* - SAVERESTORE
*Newly Created Service* - SCHEDULER
*Newly Created Service* - SECURITYSERVER
*Newly Created Service* - SYNCLDAPPBX

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 12:10:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\admin52-serv]
"ImagePath"="c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe"

Completion time: 2007-08-14 12:11:04
C:\ComboFix-quarantined-files.txt ... 2007-08-14 12:10
C:\ComboFix2.txt ... 2007-08-10 09:18

	--- E O F ---


    Tata :)
    0
  11. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    Vas sur le site https://virusscan.jotti.org/
    - Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier : C:\WINDOWS\iun6002.exe
    - Clic sur submit toujours en haut à droite
    - Le scan va se lancer, ça va prendre un petit instant
    - En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
    Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799

    Et relance Vundofix. Copie colle le rapport.
    Remet egalement un HijackThis.

    Dis moi ou en sont tes soucis.

    A+
    0
  12. CurLy64 Messages postés 71 Statut Membre 4
     
    Plus besoin de log a mon avis, ca a rien trouvé :)

    Depuis 2/3 jours, j'ai plus d'alerte, plus de lag, bref on dirait bien que c'est reglé.

    Merci beaucoup pour ton aide Regis59, t'es un chef ;)
    0
  13. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Autant bien terminé le travail nan? S'assurer que tout est ?

    a+
    0
  14. CurLy64 Messages postés 71 Statut Membre 4
     
    Salut,

    Bon ben comme tu veux, voici un nouveau log HiJackThis tout frais, tout neuf de ce matin :) 

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:35, on 2007-08-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\4760\Netscape\server5\bin\https\bin\ns-httpd.exe
c:\4760\Netscape\server5\bin\https\bin\httpd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\InstantTimeZone\InstantTimeZone.exe
C:\applics\Launcher400\LNCsrv.exe
C:\applics\Launcher400\LNCadm.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Alcatel_PIMphony\aocphone.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\rsvp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alcatel_PIMphony\UAProc.exe
C:\Program Files\Alcatel_PIMphony\abers.exe
C:\WINDOWS\system32\WISPTIS.EXE
c:\4760\Netscape\server5\bin\slapd\server\ns-slapd.exe
c:\4760\Netscape\server5\bin\slapd\server\slapd.exe
c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
c:\4760\bin\svc_mgr.exe
c:\4760\apache2\bin\apache.exe
C:\4760\apache2\bin\apache.exe
c:\4760\bin\ExecdEx.exe
c:\4760\bin\extractor.exe
c:\4760\bin\LicenseServer.exe
c:\4760\bin\save_restore.exe
c:\4760\bin\scheduler.exe
c:\4760\bin\SecurityServer.exe
c:\4760\bin\ns_service.exe
c:\4760\bin\ComServer.exe
c:\4760\bin\cmisd.exe
c:\4760\bin\FaultManager.exe
c:\4760\bin\GCSAdmin.exe
c:\4760\bin\GCSConfig.exe
c:\4760\bin\loader.exe
c:\4760\bin\SyncLdapPbx.exe
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\lotus\notes\ntaskldr.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\janeau\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C8C729FD-9C9F-4D53-A419-EC5101ED52AF} - C:\WINDOWS\system32\geede.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Receiver] C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PerSonoCall] "C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" -nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lotus Notes 6.5.lnk = C:\Program Files\lotus\notes\notes.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: PIMphony.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launcher400.LNK = C:\applics\Launcher400\LNCsrv.exe
O4 - Global Startup: Windows Live Messenger.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105936747789
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\Software\..\Telephony: DomainName = intra.groupama.nc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Sun One Administration Server 5.2 (admin52-serv) - Sun Microsystems Inc - c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe
O23 - Service: NMC Alarm server (AlarmServer) - Unknown owner - c:\4760\bin\FaultManager.exe
O23 - Service: Apache - Apache Software Foundation - c:\4760\apache2\bin\apache.exe
O23 - Service: NMC50 Database (ASANYs_nmc50) - iAnywhere Solutions, Inc. - c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: NMC CMISE server (Cmisd) - Unknown owner - c:\4760\bin\cmisd.exe
O23 - Service: NMC Communication Server (ComServer) - Unknown owner - c:\4760\bin\ComServer.exe
O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: NMC executables launcher (ExecdEx) - Unknown owner - c:\4760\bin\ExecdEx.exe
O23 - Service: NMC extractor (Extractor) - Unknown owner - c:\4760\bin\extractor.exe
O23 - Service: NMC GCS administration server (GCSAdmin) - Unknown owner - c:\4760\bin\GCSAdmin.exe
O23 - Service: NMC GCS config server (GCSConfig) - Unknown owner - c:\4760\bin\GCSConfig.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMC License server (LicenseServer) - Unknown owner - c:\4760\bin\LicenseServer.exe
O23 - Service: NMC Loader (Loader) - Unknown owner - c:\4760\bin\loader.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: ORBacus Notify Service (NotifyService) - Unknown owner - c:\4760\bin\ns_service.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: NMC Save/Restore (SaveRestore) - Unknown owner - c:\4760\bin\save_restore.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: NMC Scheduler (Scheduler) - Unknown owner - c:\4760\bin\scheduler.exe
O23 - Service: NMC Security Server (SecurityServer) - Unknown owner - c:\4760\bin\SecurityServer.exe
O23 - Service: ServiceOMC - Unknown owner - C:\WINDOWS\system32\ServiceOMC.exe
O23 - Service: Sun ONE Directory Server 5.2 (4760) (slapd-4760) - Unknown owner - c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: NMC Service Manager (svc_mgr) - Unknown owner - c:\4760\bin\svc_mgr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NMC Pbx/Ldap synchronization (SyncLdapPbx) - Unknown owner - c:\4760\bin\SyncLdapPbx.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 12430 bytes


    Bye !
    0
  15. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    C'est un PC de bureau, non?

    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: (no name) - {C8C729FD-9C9F-4D53-A419-EC5101ED52AF} - C:\WINDOWS\system32\geede.dll (file missing)

    Ferme HijackThis.

    A+
    0
  16. CurLy64 Messages postés 71 Statut Membre 4
     
    Bonjour Regis,

    Oui c'est un pc de bureau, allez je fix tout ça, merci :)
    0
  17. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Ok,

    Ou en sont tes soucis?

    a+
    0
  18. CurLy64 Messages postés 71 Statut Membre 4
     
    Y'en a plus, grâce a ton aide :)

    Merci beaucoup :)
    0
  19. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    De rien,

    Bonne soirée
    0

Discussions similaires

Chrome://newtab
Nova -
snoopy35_ -

14 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Erreur 0x800700E1
Didiervd -
Viktimz -

11 réponses
Virus dans filezilla
balnelius10 -
fabul -

9 réponses