Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

[Virus] Trojan - Spyware ...

Dernière réponse le 23 aoû 2007 à 22:15:56 CurLy64, le 8 aoû 2007 à 07:48:17

Signaler ce message aux modérateurs

Salut,

Pour une fois, c'est moi qui est besoin d'aide ...

Ca fait deja quelques jour que j'ai un virus (trojan) et d'autres saloperie, je vous met donc en premier lieu les messages d'alertes envoyé par Symantec Antivirus :

[quote]08/08/2007 15:59:28,ddlbbcas.exe,Downloader,Fichier,Supprimé,E98GNC002A,bas,C:\WINDOWS\system32\,Supprimé,Supprimé,Nettoyer le virus du fichier,Supprimer le fichier infecté,Analyse manuelle,Le fichier a été supprimé.
08/08/2007 13:23:11,kcehc_eicooc20070702[1],Trojan.Vundo,Fichier,Supprimé,E98GNC002A,bas,C:\Documents and Settings\janeau\Local Settings\Temporary Internet Files\Content.IE5\RI07V1O1\,Supprimé,Supprimé,Nettoyer le virus du fichier,Supprimer le fichier infecté,Analyse Auto-Protect,Le fichier a été supprimé.
08/08/2007 13:20:51,masiyxanidi[2],Downloader,Fichier,Conservé,E98GNC002A,bas,C:\Documents and Settings\janeau\Local Settings\Temporary Internet Files\Content.IE5\4TUR0HQB\,Infectés,C:\Documents and Settings\janeau\Local Settings\Temporary Internet Files\Content.IE5\4TUR0HQB\,Nettoyer le virus du fichier,Supprimer le fichier infecté,Analyse Auto-Protect,Le fichier n’a pas été modifié.[/quote]

Voila en gros ce que ca donne ... c'est Downloader, et Trojan.Vundo, j'ai redemarré en mode sans échec, scanné avec Symantec, virer les fichiers temporaire, scanné avec The Cleaner, ad-aware, spybot et j'ai toujours ces saloperie ...

Je vous donne également le log de HiJackThis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:21:45, on 08/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\4760\Netscape\server5\bin\https\bin\ns-httpd.exe
c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
c:\4760\Netscape\server5\bin\https\bin\httpd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
c:\4760\Netscape\server5\bin\slapd\server\ns-slapd.exe
c:\4760\Netscape\server5\bin\slapd\server\slapd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\4760\bin\svc_mgr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\Documents and Settings\janeau\Application Data\explorer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe
C:\Program Files\InstantTimeZone\InstantTimeZone.exe
C:\applics\Launcher400\LNCsrv.exe
C:\applics\Launcher400\LNCadm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Alcatel_PIMphony\aocphone.exe
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\Webshots\webshots.scr
c:\4760\apache2\bin\apache.exe
C:\Program Files\Messenger\msmsgs.exe
C:\4760\apache2\bin\apache.exe
c:\4760\bin\ExecdEx.exe
c:\4760\bin\extractor.exe
c:\4760\bin\LicenseServer.exe
C:\Program Files\lotus\notes\ntaskldr.EXE
c:\4760\bin\save_restore.exe
c:\4760\bin\scheduler.exe
c:\4760\bin\SecurityServer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\4760\bin\ns_service.exe
c:\4760\bin\ComServer.exe
c:\4760\bin\cmisd.exe
c:\4760\bin\FaultManager.exe
c:\4760\bin\GCSAdmin.exe
c:\4760\bin\GCSConfig.exe
c:\4760\bin\loader.exe
c:\4760\bin\SyncLdapPbx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alcatel_PIMphony\UAProc.exe
C:\Program Files\Alcatel_PIMphony\abers.exe
C:\WINDOWS\System32\rsvp.exe
U:\-= truc =-\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\janeau\Application Data\explorer.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5A4A2D56-931A-4733-9121-033A2D95A274} - C:\WINDOWS\system32\tuvtqno.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A2B5476A-23EB-4180-9C40-49ABF9615620} - C:\WINDOWS\system32\geede.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\uvbubsbh.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Receiver] C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\cddvgtqd.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PerSonoCall] "C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" -nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lotus Notes 6.5.lnk = C:\Program Files\lotus\notes\notes.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: PIMphony.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launcher400.LNK = C:\applics\Launcher400\LNCsrv.exe
O4 - Global Startup: Windows Live Messenger.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\Software\..\Telephony: DomainName = intra.groupama.nc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O20 - Winlogon Notify: geede - C:\WINDOWS\system32\geede.dll
O20 - Winlogon Notify: tuvtqno - C:\WINDOWS\SYSTEM32\tuvtqno.dll
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\SYSTEM32\winbjt32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Sun One Administration Server 5.2 (admin52-serv) - Sun Microsystems Inc - c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe
O23 - Service: NMC Alarm server (AlarmServer) - Unknown owner - c:\4760\bin\FaultManager.exe
O23 - Service: Apache - Apache Software Foundation - c:\4760\apache2\bin\apache.exe
O23 - Service: NMC50 Database (ASANYs_nmc50) - iAnywhere Solutions, Inc. - c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NMC CMISE server (Cmisd) - Unknown owner - c:\4760\bin\cmisd.exe
O23 - Service: NMC Communication Server (ComServer) - Unknown owner - c:\4760\bin\ComServer.exe
O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: NMC executables launcher (ExecdEx) - Unknown owner - c:\4760\bin\ExecdEx.exe
O23 - Service: NMC extractor (Extractor) - Unknown owner - c:\4760\bin\extractor.exe
O23 - Service: NMC GCS administration server (GCSAdmin) - Unknown owner - c:\4760\bin\GCSAdmin.exe
O23 - Service: NMC GCS config server (GCSConfig) - Unknown owner - c:\4760\bin\GCSConfig.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMC License server (LicenseServer) - Unknown owner - c:\4760\bin\LicenseServer.exe
O23 - Service: NMC Loader (Loader) - Unknown owner - c:\4760\bin\loader.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: ORBacus Notify Service (NotifyService) - Unknown owner - c:\4760\bin\ns_service.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: NMC Save/Restore (SaveRestore) - Unknown owner - c:\4760\bin\save_restore.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: NMC Scheduler (Scheduler) - Unknown owner - c:\4760\bin\scheduler.exe
O23 - Service: NMC Security Server (SecurityServer) - Unknown owner - c:\4760\bin\SecurityServer.exe
O23 - Service: ServiceOMC - Unknown owner - C:\WINDOWS\system32\ServiceOMC.exe
O23 - Service: Sun ONE Directory Server 5.2 (4760) (slapd-4760) - Unknown owner - c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: NMC Service Manager (svc_mgr) - Unknown owner - c:\4760\bin\svc_mgr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NMC Pbx/Ldap synchronization (SyncLdapPbx) - Unknown owner - c:\4760\bin\SyncLdapPbx.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
End of file - 12952 bytes

Sachant que j'ai deja supprimé le fichier explorer.exe contenu dans Application Data (il n'avait rien a faire la Oo')

Merci de votre aide :)

Configuration: Windows XP
Firefox 2.0.0.6

Meilleures réponses pour « [Virus] Trojan Spyware ... » dans :

Virus win32 spyware-gen, a l'aide ! (Résolu) Voir

Virus/ trojan msn messenger Voir

[Virus] Trojan - Spyware ... (Résolu) Voir

Virus et Malwares ... Le truc pour les éliminer Voir

Differences entre virus,trojan et vers Voir

VIRUS TROJAN EMPECHANT L ACCES A INTERNET (Résolu) Voir

Pb pr supprimer le virus : Trojan.agent.CS (Résolu) Voir

Posez votre question Répondre

Regis59, le 8 aoû 2007 à 08:56:12

Salut

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

A+ "J'avais rêvé d'un monde meilleur...Sans différence de couleurS...Egalité..."-MLK-

Répondre à Regis59

CurLy64, le 9 aoû 2007 à 01:54:17

Voici le log de VundoFix :

VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 10:37:51 09/08/2007

Listing files found while scanning....

C:\windows\system32\cddvgtqd.dll
C:\windows\system32\cxreuxnq.ini
C:\WINDOWS\system32\dqtgvddc.ini
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\geede.dll
C:\windows\system32\ivxbovqj.ini
C:\windows\system32\jqvobxvi.dll
C:\windows\system32\qnxuerxc.dll
C:\WINDOWS\system32\tuvtqno.dll
C:\WINDOWS\system32\uvbubsbh.dll

Beginning removal...

Attempting to delete C:\windows\system32\cddvgtqd.dll
C:\windows\system32\cddvgtqd.dll Has been deleted!

Attempting to delete C:\windows\system32\cxreuxnq.ini
C:\windows\system32\cxreuxnq.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dqtgvddc.ini
C:\WINDOWS\system32\dqtgvddc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\edeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\geede.dll Has been deleted!

Attempting to delete C:\windows\system32\ivxbovqj.ini
C:\windows\system32\ivxbovqj.ini Has been deleted!

Attempting to delete C:\windows\system32\jqvobxvi.dll
C:\windows\system32\jqvobxvi.dll Has been deleted!

Attempting to delete C:\windows\system32\qnxuerxc.dll
C:\windows\system32\qnxuerxc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvtqno.dll
C:\WINDOWS\system32\tuvtqno.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uvbubsbh.dll
C:\WINDOWS\system32\uvbubsbh.dll Has been deleted!

Performing Repairs to the registry.
Done!

Et le nouveau log de Hijackthis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:52:10, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\4760\Netscape\server5\bin\https\bin\ns-httpd.exe
c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
c:\4760\Netscape\server5\bin\https\bin\httpd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\fdvrtblq.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
c:\4760\Netscape\server5\bin\slapd\server\ns-slapd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\4760\Netscape\server5\bin\slapd\server\slapd.exe
c:\4760\bin\svc_mgr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe
C:\Program Files\InstantTimeZone\InstantTimeZone.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\applics\Launcher400\LNCsrv.exe
C:\applics\Launcher400\LNCadm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Alcatel_PIMphony\aocphone.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
c:\4760\apache2\bin\apache.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\4760\apache2\bin\apache.exe
C:\Program Files\lotus\notes\ntaskldr.EXE
c:\4760\bin\ExecdEx.exe
c:\4760\bin\extractor.exe
C:\Program Files\Alcatel_PIMphony\UAProc.exe
C:\WINDOWS\System32\rsvp.exe
c:\4760\bin\LicenseServer.exe
C:\Program Files\Alcatel_PIMphony\abers.exe
c:\4760\bin\save_restore.exe
c:\4760\bin\scheduler.exe
c:\4760\bin\SecurityServer.exe
c:\4760\bin\ns_service.exe
c:\4760\bin\ComServer.exe
c:\4760\bin\cmisd.exe
c:\4760\bin\FaultManager.exe
c:\4760\bin\GCSAdmin.exe
c:\4760\bin\GCSConfig.exe
c:\4760\bin\loader.exe
c:\4760\bin\SyncLdapPbx.exe
C:\Documents and Settings\janeau\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\janeau\Application Data\explorer.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C8C729FD-9C9F-4D53-A419-EC5101ED52AF} - C:\WINDOWS\system32\geede.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Receiver] C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PerSonoCall] "C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" -nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lotus Notes 6.5.lnk = C:\Program Files\lotus\notes\notes.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: PIMphony.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launcher400.LNK = C:\applics\Launcher400\LNCsrv.exe
O4 - Global Startup: Windows Live Messenger.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\Software\..\Telephony: DomainName = intra.groupama.nc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\SYSTEM32\winbjt32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Sun One Administration Server 5.2 (admin52-serv) - Sun Microsystems Inc - c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe
O23 - Service: NMC Alarm server (AlarmServer) - Unknown owner - c:\4760\bin\FaultManager.exe
O23 - Service: Apache - Apache Software Foundation - c:\4760\apache2\bin\apache.exe
O23 - Service: NMC50 Database (ASANYs_nmc50) - iAnywhere Solutions, Inc. - c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: NMC CMISE server (Cmisd) - Unknown owner - c:\4760\bin\cmisd.exe
O23 - Service: NMC Communication Server (ComServer) - Unknown owner - c:\4760\bin\ComServer.exe
O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\fdvrtblq.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: NMC executables launcher (ExecdEx) - Unknown owner - c:\4760\bin\ExecdEx.exe
O23 - Service: NMC extractor (Extractor) - Unknown owner - c:\4760\bin\extractor.exe
O23 - Service: NMC GCS administration server (GCSAdmin) - Unknown owner - c:\4760\bin\GCSAdmin.exe
O23 - Service: NMC GCS config server (GCSConfig) - Unknown owner - c:\4760\bin\GCSConfig.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMC License server (LicenseServer) - Unknown owner - c:\4760\bin\LicenseServer.exe
O23 - Service: NMC Loader (Loader) - Unknown owner - c:\4760\bin\loader.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: ORBacus Notify Service (NotifyService) - Unknown owner - c:\4760\bin\ns_service.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: NMC Save/Restore (SaveRestore) - Unknown owner - c:\4760\bin\save_restore.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: NMC Scheduler (Scheduler) - Unknown owner - c:\4760\bin\scheduler.exe
O23 - Service: NMC Security Server (SecurityServer) - Unknown owner - c:\4760\bin\SecurityServer.exe
O23 - Service: ServiceOMC - Unknown owner - C:\WINDOWS\system32\ServiceOMC.exe
O23 - Service: Sun ONE Directory Server 5.2 (4760) (slapd-4760) - Unknown owner - c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: NMC Service Manager (svc_mgr) - Unknown owner - c:\4760\bin\svc_mgr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NMC Pbx/Ldap synchronization (SyncLdapPbx) - Unknown owner - c:\4760\bin\SyncLdapPbx.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
End of file - 12637 bytes

Ca a bien supprimé les fichiers infecté :)

Merci beaucoup pour ton aide Regis59 :p

Répondre à CurLy64

Regis59, le 9 aoû 2007 à 11:39:10

Re,

On continue...

Télécharge Combofix sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
"J'avais rêvé d'un monde meilleur...Sans différence de couleurS...Egalité..."-MLK-

Répondre à Regis59

CurLy64, le 10 aoû 2007 à 00:23:08

Allez log suivant :

ComboFix 07-08-09.3 - "bas" 2007-08-10 9:09:17.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.138 [GMT 11:00]
* Created a new restore point

[i] ADS removed - svchost.exe: deleted 58880 bytes in 1 streams. [/i]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\1_exception.nls
C:\WINDOWS\system32\ASPI32.EXE
C:\WINDOWS\system32\winbjt32.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_ASC3550U
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_ICF
-------\LEGACY_NPF
-------\DomainService
-------\ICF
-------\SysLibrary

((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))

2007-08-10 09:08 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 08:23 <REP> d-------- C:\Program Files\Windows Live
2007-08-10 08:22 <REP> d-------- C:\Program Files\MessengerDiscovery
2007-08-09 12:16 <REP> d-------- C:\Program Files\MegauploadToolbar
2007-08-09 12:16 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\MegauploadToolbar
2007-08-09 10:37 75,328 --a------ C:\WINDOWS\system32\fdvrtblq.exe
2007-08-09 10:37 <REP> d-------- C:\VundoFix Backups
2007-08-07 11:27 <REP> d-------- C:\Program Files\The Cleaner
2007-08-06 14:45 <REP> d-------- C:\Program Files\Lavasoft
2007-08-06 14:45 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-06 14:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-08-06 09:11 <REP> d-------- C:\Program Files\RegCleaner
2007-08-03 12:49 <REP> d-------- C:\pps
2007-07-25 12:04 <REP> d-------- C:\Program Files\PhotoFiltre
2007-07-25 10:29 <REP> d-------- C:\DOCUME~1\janeau\A4902Logs
2007-07-23 10:57 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\vlc
2007-07-23 09:29 <REP> d-------- C:\Program Files\VideoLAN
2007-07-16 16:09 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\Alcatel PIMphony
2007-07-16 15:48 <REP> d-------- C:\Program Files\Nice Recorder
2007-07-16 15:43 <REP> d-------- C:\Program Files\FuzLez
2007-07-16 15:43 <REP> d-------- C:\DOCUME~1\janeau\APPLIC~1\FuzLez
2007-07-16 15:40 <REP> d-------- C:\My Recordings
2007-07-16 15:39 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-07-16 14:41 <REP> d-------- C:\Program Files\Audacity
2007-07-13 14:04 <REP> d-------- C:\Program Files\Cain
2007-07-13 13:19 39,424 --a------ C:\WINDOWS\zipinst.exe
2007-07-13 13:19 <REP> d-------- C:\Program Files\MessenPass
2007-07-13 08:56 <REP> d-------- C:\crark31
2007-07-11 14:49 <REP> d-------- C:\WhoLockMe104
2007-07-11 14:48 3,888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-10 09:14 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-08-10 09:12 --------- d-------- C:\Program Files\mIRC
2007-08-10 08:23 --------- d-------- C:\Program Files\MSN Messenger
2007-08-10 07:30 --------- d-------- C:\Program Files\Alcatel_PIMphony
2007-08-08 16:32 --------- d-------- C:\Program Files\Bonjour
2007-08-07 15:22 0 --a------ C:\CONFIG.SYS
2007-08-07 15:22 0 --a------ C:\AUTOEXEC.BAT
2007-08-06 13:31 14336 --a--c--- C:\WINDOWS\system32\dllcache\svchost.exe
2007-08-06 13:31 14336 --a------ C:\WINDOWS\system32\svchost.exe
2007-07-25 11:39 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\gtk-2.0
2007-07-23 12:58 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\U3
2007-07-02 09:06 --------- d-------- C:\Program Files\Webshots
2007-07-02 09:06 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\Webshots
2007-07-02 08:33 74752 --a------ C:\WINDOWS\ST6UNST.EXE
2007-07-02 08:33 290816 --------- C:\WINDOWS\Setup1.exe
2007-07-02 08:33 --------- d-------- C:\Program Files\SwitchWallPaper
2007-06-29 10:17 --------- d-------- C:\Program Files\MSN Pictures Displayer
2007-06-29 09:56 446976 --a------ C:\WINDOWS\system32\ShellMPD.dll
2007-06-29 09:56 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\MSN Pictures Displayer
2007-06-28 14:09 --------- d-------- C:\Program Files\PSPad editor
2007-06-28 14:09 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\WaterProof
2007-06-28 14:08 --------- d-------- C:\Program Files\WaterProof
2007-06-27 10:38 --------- d-------- C:\Program Files\Look@LAN
2007-06-27 10:32 720896 --a------ C:\WINDOWS\iun6002.exe
2007-06-26 14:40 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\X-Chat 2
2007-06-21 12:05 --------- d-------- C:\Program Files\InstantTimeZone
2007-06-20 08:23 45 ---h----- C:\WINDOWS\dsez2661.dat
2007-06-19 08:45 --------- d-------- C:\DOCUME~1\janeau\APPLIC~1\ICAClient
2007-06-19 08:32 --------- d-------- C:\Program Files\Citrix

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8C729FD-9C9F-4D53-A419-EC5101ED52AF}]
C:\WINDOWS\system32\geede.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-09-30 15:41]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-09-30 15:37]
"SetRefresh"="C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 18:01]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 15:46]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 05:20]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 05:20]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2002-05-07 05:20]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 05:20]
"JobHisInit"="C:\Program Files\RMClient\JobHisInit.exe" [2000-09-28 19:52]
"MplSetUp"="C:\Program Files\RMClient\MplSetUp.exe" [2000-11-04 21:09]
"WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [2004-06-20 20:45]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-03 19:21]
"Receiver"="C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe" [2004-11-12 10:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-15 16:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"PerSonoCall"="C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" [2004-12-09 11:03]

C:\Documents and Settings\janeau\Menu D‚marrer\Programmes\D‚marrage\
Lotus Notes 6.5.lnk - C:\Program Files\lotus\notes\notes.exe [2004-09-15 05:39:00]
MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-06-29 09:56:23]
PIMphony.lnk - C:\Program Files\Alcatel_PIMphony\aocphone.exe [2007-05-16 09:11:24]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-07-02 09:06:53]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
InstantTimeZone.lnk - C:\Program Files\InstantTimeZone\InstantTimeZone.exe [2006-09-03 02:39:36]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Launcher400.LNK - C:\applics\Launcher400\LNCsrv.exe [2005-09-06 17:16:43]
Windows Live Messenger.lnk - C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe [2007-07-06 09:22:06]

R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 ASANYs_nmc50;NMC50 Database;"c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe" -hvASANYs_nmc50
R2 cpqdfw;Diagnostics Driver;\??\C:\WINDOWS\System32\drivers\cpqdfw.sys
R2 cq_mem;Diagnostics Memory Driver;\??\C:\WINDOWS\System32\drivers\cq_mem.sys
R2 cqcpu;Diagnostics CPU Driver;\??\C:\WINDOWS\System32\drivers\cqcpu.sys
R2 hardlock;hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R2 slapd-4760;Sun ONE Directory Server 5.2 (4760);c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R2 svc_mgr;NMC Service Manager;"c:\4760\bin\svc_mgr.exe"
R3 ExecdEx;NMC executables launcher;"c:\4760\bin\ExecdEx.exe"
R3 Extractor;NMC extractor;"c:\4760\bin\extractor.exe"
R3 LicenseServer;NMC License server;"c:\4760\bin\LicenseServer.exe"
R3 NotifyService;ORBacus Notify Service;"c:\4760\bin\ns_service.exe"
R3 SaveRestore;NMC Save/Restore;"c:\4760\bin\save_restore.exe"
R3 Scheduler;NMC Scheduler;"c:\4760\bin\scheduler.exe"
R3 SecurityServer;NMC Security Server;"c:\4760\bin\SecurityServer.exe"
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys
S3 nm;Pilote du Moniteur réseau;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 ServiceOMC;ServiceOMC;C:\WINDOWS\system32\ServiceOMC.exe
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld
Start Pending3 ComServer;NMC Communication Server;"c:\4760\bin\ComServer.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Kelio\autorun\autorun.exe

*Newly Created Service* - APACHE
*Newly Created Service* - COMSERVER
*Newly Created Service* - EXECDEX
*Newly Created Service* - EXTRACTOR
*Newly Created Service* - LICENSESERVER
*Newly Created Service* - NOTIFYSERVICE
*Newly Created Service* - SAVERESTORE
*Newly Created Service* - SCHEDULER
*Newly Created Service* - SECURITYSERVER

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 09:15:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\admin52-serv]
"ImagePath"="c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe"

Completion time: 2007-08-10 9:18:07 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 09:17

--- E O F ---

Merci encore :)

Répondre à CurLy64

marco, le 10 aoû 2007 à 00:44:26

Salut quelqu en utilise mon msn
meme en chnageant de code il le recupere
je dois avoir un programme qu il utilise
a laide
ci joint bloc hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:20, on 10/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - http://www.canalplay.com/cabs/msway44.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
End of file - 12323 bytes

merci
tres urgent

Répondre à marco

philae83, le 10 aoû 2007 à 01:02:26

Bonsoir CurLy64,

marco,

tu dois te créer un sujet pour ton problème pour ne pas interférer dans celui ci. Merci. Quelqu'un te viendra en aide.

ps : hello Quentin :) Il n'y a jamais de raccourci vers les endroits qui en valent la peine - Beverley Sills

Répondre à philae83

Regis59, le 10 aoû 2007 à 10:55:43

Coucou Catherine,

Merco :-)

Remet un HijackThis !

A+ "J'avais rêvé d'un monde meilleur...Sans différence de couleurS...Egalité..."-MLK-

Répondre à Regis59

CurLy64, le 13 aoû 2007 à 03:46:09

Ce matin, j'ai l'AV qui supprimé un trojan.vundo dans systeme32 ... décidemment, il est tenace celui la :/

Voici comme demandé un nouveau log de HiJackThis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:43, on 2007-08-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\4760\Netscape\server5\bin\https\bin\ns-httpd.exe
c:\4760\Netscape\server5\bin\https\bin\httpd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\4760\Netscape\server5\bin\slapd\server\ns-slapd.exe
c:\4760\Netscape\server5\bin\slapd\server\slapd.exe
c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
c:\4760\bin\svc_mgr.exe
c:\4760\apache2\bin\apache.exe
C:\4760\apache2\bin\apache.exe
c:\4760\bin\ExecdEx.exe
c:\4760\bin\extractor.exe
c:\4760\bin\LicenseServer.exe
c:\4760\bin\save_restore.exe
c:\4760\bin\scheduler.exe
c:\4760\bin\SecurityServer.exe
c:\4760\bin\ns_service.exe
c:\4760\bin\ComServer.exe
c:\4760\bin\cmisd.exe
c:\4760\bin\FaultManager.exe
c:\4760\bin\GCSAdmin.exe
c:\4760\bin\GCSConfig.exe
c:\4760\bin\loader.exe
c:\4760\bin\SyncLdapPbx.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe
C:\Program Files\InstantTimeZone\InstantTimeZone.exe
C:\applics\Launcher400\LNCsrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\applics\Launcher400\LNCadm.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Alcatel_PIMphony\aocphone.exe
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Alcatel_PIMphony\UAProc.exe
C:\WINDOWS\System32\rsvp.exe
C:\Program Files\Alcatel_PIMphony\abers.exe
C:\Program Files\lotus\notes\ntaskldr.EXE
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\janeau\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C8C729FD-9C9F-4D53-A419-EC5101ED52AF} - C:\WINDOWS\system32\geede.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Receiver] C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PerSonoCall] "C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" -nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lotus Notes 6.5.lnk = C:\Program Files\lotus\notes\notes.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: PIMphony.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launcher400.LNK = C:\applics\Launcher400\LNCsrv.exe
O4 - Global Startup: Windows Live Messenger.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\Software\..\Telephony: DomainName = intra.groupama.nc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Sun One Administration Server 5.2 (admin52-serv) - Sun Microsystems Inc - c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe
O23 - Service: NMC Alarm server (AlarmServer) - Unknown owner - c:\4760\bin\FaultManager.exe
O23 - Service: Apache - Apache Software Foundation - c:\4760\apache2\bin\apache.exe
O23 - Service: NMC50 Database (ASANYs_nmc50) - iAnywhere Solutions, Inc. - c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: NMC CMISE server (Cmisd) - Unknown owner - c:\4760\bin\cmisd.exe
O23 - Service: NMC Communication Server (ComServer) - Unknown owner - c:\4760\bin\ComServer.exe
O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: NMC executables launcher (ExecdEx) - Unknown owner - c:\4760\bin\ExecdEx.exe
O23 - Service: NMC extractor (Extractor) - Unknown owner - c:\4760\bin\extractor.exe
O23 - Service: NMC GCS administration server (GCSAdmin) - Unknown owner - c:\4760\bin\GCSAdmin.exe
O23 - Service: NMC GCS config server (GCSConfig) - Unknown owner - c:\4760\bin\GCSConfig.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMC License server (LicenseServer) - Unknown owner - c:\4760\bin\LicenseServer.exe
O23 - Service: NMC Loader (Loader) - Unknown owner - c:\4760\bin\loader.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: ORBacus Notify Service (NotifyService) - Unknown owner - c:\4760\bin\ns_service.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: NMC Save/Restore (SaveRestore) - Unknown owner - c:\4760\bin\save_restore.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: NMC Scheduler (Scheduler) - Unknown owner - c:\4760\bin\scheduler.exe
O23 - Service: NMC Security Server (SecurityServer) - Unknown owner - c:\4760\bin\SecurityServer.exe
O23 - Service: ServiceOMC - Unknown owner - C:\WINDOWS\system32\ServiceOMC.exe
O23 - Service: Sun ONE Directory Server 5.2 (4760) (slapd-4760) - Unknown owner - c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: NMC Service Manager (svc_mgr) - Unknown owner - c:\4760\bin\svc_mgr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NMC Pbx/Ldap synchronization (SyncLdapPbx) - Unknown owner - c:\4760\bin\SyncLdapPbx.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 12516 bytes

M'ci :)

Répondre à CurLy64

Regis59, le 13 aoû 2007 à 08:09:24

Salut

Met un rapport Combofix.

A+ "J'avais rêvé d'un monde meilleur...Sans différence de couleurS...Egalité..."-MLK-

Répondre à Regis59

CurLy64, le 14 aoû 2007 à 03:13:44

C'est l'histoire sans fin version informatisé :]

ComboFix 07-08-09.3 - "bas" 2007-08-14 12:07:08.2 - NTFSx86 
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.150 [GMT 11:00]


(((((((((((((((((((((((((   Files Created from 2007-07-14 to 2007-08-14  )))))))))))))))))))))))))))))))


2007-08-10 09:08	51,200	--a------	C:\WINDOWS\nircmd.exe
2007-08-10 08:23	<REP>	d--------	C:\Program Files\Windows Live
2007-08-10 08:22	<REP>	d--------	C:\Program Files\MessengerDiscovery
2007-08-09 12:16	<REP>	d--------	C:\Program Files\MegauploadToolbar
2007-08-09 12:16	<REP>	d--------	C:\DOCUME~1\janeau\APPLIC~1\MegauploadToolbar
2007-08-09 10:37	<REP>	d--------	C:\VundoFix Backups
2007-08-07 11:27	<REP>	d--------	C:\Program Files\The Cleaner
2007-08-06 14:45	<REP>	d--------	C:\Program Files\Lavasoft
2007-08-06 14:45	<REP>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-06 14:44	<REP>	d--------	C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-08-06 09:11	<REP>	d--------	C:\Program Files\RegCleaner
2007-08-03 12:49	<REP>	d--------	C:\pps
2007-07-25 12:04	<REP>	d--------	C:\Program Files\PhotoFiltre
2007-07-25 10:29	<REP>	d--------	C:\DOCUME~1\janeau\A4902Logs
2007-07-23 10:57	<REP>	d--------	C:\DOCUME~1\janeau\APPLIC~1\vlc
2007-07-23 09:29	<REP>	d--------	C:\Program Files\VideoLAN
2007-07-16 16:09	<REP>	d--------	C:\DOCUME~1\janeau\APPLIC~1\Alcatel PIMphony
2007-07-16 15:48	<REP>	d--------	C:\Program Files\Nice Recorder
2007-07-16 15:43	<REP>	d--------	C:\Program Files\FuzLez
2007-07-16 15:43	<REP>	d--------	C:\DOCUME~1\janeau\APPLIC~1\FuzLez
2007-07-16 15:40	<REP>	d--------	C:\My Recordings
2007-07-16 15:39	344,064	--a------	C:\WINDOWS\system32\msvcr70.dll
2007-07-16 14:41	<REP>	d--------	C:\Program Files\Audacity


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-14 11:47	---------	d--------	C:\Program Files\mIRC
2007-08-14 07:27	---------	d--------	C:\Program Files\Alcatel_PIMphony
2007-08-13 16:45	---------	d--------	C:\Program Files\Symantec AntiVirus
2007-08-10 08:23	---------	d--------	C:\Program Files\MSN Messenger
2007-08-08 16:32	---------	d--------	C:\Program Files\Bonjour
2007-08-07 15:22	0	--a------	C:\CONFIG.SYS
2007-08-07 15:22	0	--a------	C:\AUTOEXEC.BAT
2007-08-06 13:31	14336	--a--c---	C:\WINDOWS\system32\dllcache\svchost.exe
2007-08-06 13:31	14336	--a------	C:\WINDOWS\system32\svchost.exe
2007-07-25 11:39	---------	d--------	C:\DOCUME~1\janeau\APPLIC~1\gtk-2.0
2007-07-23 12:58	---------	d--------	C:\DOCUME~1\janeau\APPLIC~1\U3
2007-07-13 15:04	---------	d--------	C:\Program Files\Cain
2007-07-13 13:19	39424	--a------	C:\WINDOWS\zipinst.exe
2007-07-13 13:19	---------	d--------	C:\Program Files\MessenPass
2007-07-11 14:52	3888	--a------	C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2007-07-02 09:06	---------	d--------	C:\Program Files\Webshots
2007-07-02 09:06	---------	d--------	C:\DOCUME~1\janeau\APPLIC~1\Webshots
2007-07-02 08:33	74752	--a------	C:\WINDOWS\ST6UNST.EXE
2007-07-02 08:33	290816	---------	C:\WINDOWS\Setup1.exe
2007-07-02 08:33	---------	d--------	C:\Program Files\SwitchWallPaper
2007-06-29 10:17	---------	d--------	C:\Program Files\MSN Pictures Displayer
2007-06-29 09:56	446976	--a------	C:\WINDOWS\system32\ShellMPD.dll
2007-06-29 09:56	---------	d--------	C:\DOCUME~1\janeau\APPLIC~1\MSN Pictures Displayer
2007-06-28 14:09	---------	d--------	C:\Program Files\PSPad editor
2007-06-28 14:09	---------	d--------	C:\DOCUME~1\janeau\APPLIC~1\WaterProof
2007-06-28 14:08	---------	d--------	C:\Program Files\WaterProof
2007-06-27 10:38	---------	d--------	C:\Program Files\Look@LAN
2007-06-27 10:32	720896	--a------	C:\WINDOWS\iun6002.exe
2007-06-26 14:40	---------	d--------	C:\DOCUME~1\janeau\APPLIC~1\X-Chat 2
2007-06-21 12:05	---------	d--------	C:\Program Files\InstantTimeZone
2007-06-20 08:23	45	---h-----	C:\WINDOWS\dsez2661.dat
2007-06-19 08:45	---------	d--------	C:\DOCUME~1\janeau\APPLIC~1\ICAClient
2007-06-19 08:32	---------	d--------	C:\Program Files\Citrix


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8C729FD-9C9F-4D53-A419-EC5101ED52AF}]
			C:\WINDOWS\system32\geede.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-09-30 15:41]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-09-30 15:37]
"SetRefresh"="C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 18:01]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 15:46]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 05:20]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 05:20]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2002-05-07 05:20]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 05:20]
"JobHisInit"="C:\Program Files\RMClient\JobHisInit.exe" [2000-09-28 19:52]
"MplSetUp"="C:\Program Files\RMClient\MplSetUp.exe" [2000-11-04 21:09]
"WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [2004-06-20 20:45]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-03 19:21]
"Receiver"="C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe" [2004-11-12 10:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-15 16:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"PerSonoCall"="C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" [2004-12-09 11:03]

C:\Documents and Settings\janeau\Menu D‚marrer\Programmes\D‚marrage\
Lotus Notes 6.5.lnk - C:\Program Files\lotus\notes\notes.exe [2004-09-15 05:39:00]
MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-06-29 09:56:23]
PIMphony.lnk - C:\Program Files\Alcatel_PIMphony\aocphone.exe [2007-05-16 09:11:24]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-07-02 09:06:53]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
InstantTimeZone.lnk - C:\Program Files\InstantTimeZone\InstantTimeZone.exe [2006-09-03 02:39:36]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Launcher400.LNK - C:\applics\Launcher400\LNCsrv.exe [2005-09-06 17:16:43]
Windows Live Messenger.lnk - C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe [2007-07-06 09:22:06]

R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 ASANYs_nmc50;NMC50 Database;"c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe" -hvASANYs_nmc50
R2 cpqdfw;Diagnostics Driver;\??\C:\WINDOWS\System32\drivers\cpqdfw.sys
R2 cq_mem;Diagnostics Memory Driver;\??\C:\WINDOWS\System32\drivers\cq_mem.sys
R2 cqcpu;Diagnostics CPU Driver;\??\C:\WINDOWS\System32\drivers\cqcpu.sys
R2 hardlock;hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R2 slapd-4760;Sun ONE Directory Server 5.2 (4760);c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R2 svc_mgr;NMC Service Manager;"c:\4760\bin\svc_mgr.exe"
R3 AlarmServer;NMC Alarm server;"c:\4760\bin\FaultManager.exe"
R3 Cmisd;NMC CMISE server;"c:\4760\bin\cmisd.exe"
R3 ComServer;NMC Communication Server;"c:\4760\bin\ComServer.exe"
R3 ExecdEx;NMC executables launcher;"c:\4760\bin\ExecdEx.exe"
R3 Extractor;NMC extractor;"c:\4760\bin\extractor.exe"
R3 GCSAdmin;NMC GCS administration server;"c:\4760\bin\GCSAdmin.exe"
R3 GCSConfig;NMC GCS config server;"c:\4760\bin\GCSConfig.exe"
R3 LicenseServer;NMC License server;"c:\4760\bin\LicenseServer.exe"
R3 Loader;NMC Loader;"c:\4760\bin\loader.exe"
R3 NotifyService;ORBacus Notify Service;"c:\4760\bin\ns_service.exe"
R3 SaveRestore;NMC Save/Restore;"c:\4760\bin\save_restore.exe"
R3 Scheduler;NMC Scheduler;"c:\4760\bin\scheduler.exe"
R3 SecurityServer;NMC Security Server;"c:\4760\bin\SecurityServer.exe"
R3 SyncLdapPbx;NMC Pbx/Ldap synchronization;"c:\4760\bin\SyncLdapPbx.exe"
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys
S3 nm;Pilote du Moniteur réseau;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 ServiceOMC;ServiceOMC;C:\WINDOWS\system32\ServiceOMC.exe
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Kelio\autorun\autorun.exe

*Newly Created Service* - ALARMSERVER
*Newly Created Service* - APACHE
*Newly Created Service* - CMISD
*Newly Created Service* - COMSERVER
*Newly Created Service* - EXECDEX
*Newly Created Service* - EXTRACTOR
*Newly Created Service* - GCSADMIN
*Newly Created Service* - GCSCONFIG
*Newly Created Service* - LICENSESERVER
*Newly Created Service* - LOADER
*Newly Created Service* - NOTIFYSERVICE
*Newly Created Service* - SAVERESTORE
*Newly Created Service* - SCHEDULER
*Newly Created Service* - SECURITYSERVER
*Newly Created Service* - SYNCLDAPPBX

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 12:10:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\admin52-serv]
"ImagePath"="c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe"

Completion time: 2007-08-14 12:11:04
C:\ComboFix-quarantined-files.txt ... 2007-08-14 12:10
C:\ComboFix2.txt ... 2007-08-10 09:18

	--- E O F ---

Tata :)

Répondre à CurLy64

Regis59, le 14 aoû 2007 à 10:39:08

Salut,

Vas sur le site http://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier : C:\WINDOWS\iun6002.exe
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId662799

Et relance Vundofix. Copie colle le rapport.
Remet egalement un HijackThis.

Dis moi ou en sont tes soucis.

A+ "Une des meilleures façons d'aider quelqu'un est de lui donner des responsabilités et de lui fair

Répondre à Regis59

CurLy64, le 16 aoû 2007 à 04:07:09

Plus besoin de log a mon avis, ca a rien trouvé :)

Depuis 2/3 jours, j'ai plus d'alerte, plus de lag, bref on dirait bien que c'est reglé.

Merci beaucoup pour ton aide Regis59, t'es un chef ;)

Répondre à CurLy64

Regis59, le 16 aoû 2007 à 10:26:03

Salut

Autant bien terminé le travail nan? S'assurer que tout est ?

a+

Répondre à Regis59

CurLy64, le 20 aoû 2007 à 00:38:03

Salut,

Bon ben comme tu veux, voici un nouveau log HiJackThis tout frais, tout neuf de ce matin :)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:35, on 2007-08-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\4760\Netscape\server5\bin\https\bin\ns-httpd.exe
c:\4760\Netscape\server5\bin\https\bin\httpd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\InstantTimeZone\InstantTimeZone.exe
C:\applics\Launcher400\LNCsrv.exe
C:\applics\Launcher400\LNCadm.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Alcatel_PIMphony\aocphone.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\rsvp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alcatel_PIMphony\UAProc.exe
C:\Program Files\Alcatel_PIMphony\abers.exe
C:\WINDOWS\system32\WISPTIS.EXE
c:\4760\Netscape\server5\bin\slapd\server\ns-slapd.exe
c:\4760\Netscape\server5\bin\slapd\server\slapd.exe
c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
c:\4760\bin\svc_mgr.exe
c:\4760\apache2\bin\apache.exe
C:\4760\apache2\bin\apache.exe
c:\4760\bin\ExecdEx.exe
c:\4760\bin\extractor.exe
c:\4760\bin\LicenseServer.exe
c:\4760\bin\save_restore.exe
c:\4760\bin\scheduler.exe
c:\4760\bin\SecurityServer.exe
c:\4760\bin\ns_service.exe
c:\4760\bin\ComServer.exe
c:\4760\bin\cmisd.exe
c:\4760\bin\FaultManager.exe
c:\4760\bin\GCSAdmin.exe
c:\4760\bin\GCSConfig.exe
c:\4760\bin\loader.exe
c:\4760\bin\SyncLdapPbx.exe
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\lotus\notes\ntaskldr.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\janeau\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C8C729FD-9C9F-4D53-A419-EC5101ED52AF} - C:\WINDOWS\system32\geede.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Receiver] C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PerSonoCall] "C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe" -nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lotus Notes 6.5.lnk = C:\Program Files\lotus\notes\notes.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: PIMphony.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launcher400.LNK = C:\applics\Launcher400\LNCsrv.exe
O4 - Global Startup: Windows Live Messenger.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\Software\..\Telephony: DomainName = intra.groupama.nc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intra.groupama.nc
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Sun One Administration Server 5.2 (admin52-serv) - Sun Microsystems Inc - c:/4760/Netscape/server5/bin/https/bin/ns-httpd.exe
O23 - Service: NMC Alarm server (AlarmServer) - Unknown owner - c:\4760\bin\FaultManager.exe
O23 - Service: Apache - Apache Software Foundation - c:\4760\apache2\bin\apache.exe
O23 - Service: NMC50 Database (ASANYs_nmc50) - iAnywhere Solutions, Inc. - c:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: NMC CMISE server (Cmisd) - Unknown owner - c:\4760\bin\cmisd.exe
O23 - Service: NMC Communication Server (ComServer) - Unknown owner - c:\4760\bin\ComServer.exe
O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: NMC executables launcher (ExecdEx) - Unknown owner - c:\4760\bin\ExecdEx.exe
O23 - Service: NMC extractor (Extractor) - Unknown owner - c:\4760\bin\extractor.exe
O23 - Service: NMC GCS administration server (GCSAdmin) - Unknown owner - c:\4760\bin\GCSAdmin.exe
O23 - Service: NMC GCS config server (GCSConfig) - Unknown owner - c:\4760\bin\GCSConfig.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMC License server (LicenseServer) - Unknown owner - c:\4760\bin\LicenseServer.exe
O23 - Service: NMC Loader (Loader) - Unknown owner - c:\4760\bin\loader.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: ORBacus Notify Service (NotifyService) - Unknown owner - c:\4760\bin\ns_service.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: NMC Save/Restore (SaveRestore) - Unknown owner - c:\4760\bin\save_restore.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: NMC Scheduler (Scheduler) - Unknown owner - c:\4760\bin\scheduler.exe
O23 - Service: NMC Security Server (SecurityServer) - Unknown owner - c:\4760\bin\SecurityServer.exe
O23 - Service: ServiceOMC - Unknown owner - C:\WINDOWS\system32\ServiceOMC.exe
O23 - Service: Sun ONE Directory Server 5.2 (4760) (slapd-4760) - Unknown owner - c:\4760\Netscape\server5/bin/slapd/server/ns-slapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: NMC Service Manager (svc_mgr) - Unknown owner - c:\4760\bin\svc_mgr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NMC Pbx/Ldap synchronization (SyncLdapPbx) - Unknown owner - c:\4760\bin\SyncLdapPbx.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 12430 bytes

Bye ! sfc.olympe-network.com

Répondre à CurLy64

Regis59, le 20 aoû 2007 à 09:49:23

Salut

C'est un PC de bureau, non?

¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {C8C729FD-9C9F-4D53-A419-EC5101ED52AF} - C:\WINDOWS\system32\geede.dll (file missing)

Ferme HijackThis.

A+

Répondre à Regis59

CurLy64, le 20 aoû 2007 à 23:41:00

Bonjour Regis,

Oui c'est un pc de bureau, allez je fix tout ça, merci :) sfc.olympe-network.com

Répondre à CurLy64

Regis59, le 21 aoû 2007 à 10:03:22

Ok,

Ou en sont tes soucis?

a+

Répondre à Regis59

CurLy64, le 23 aoû 2007 à 00:48:14

Y'en a plus, grâce a ton aide :)

Merci beaucoup :)
sfc.olympe-network.com

Répondre à CurLy64

Regis59, le 23 aoû 2007 à 22:15:56

De rien,

Bonne soirée

Répondre à Regis59

Posez votre question Répondre