Fenêtres IE qui s'ouvrent toutes seules
Dernière réponse : dans Sécurité
Bonjour,
J'ai vu que d'autres personnes ont le meme problème que moi, mais je me permets de créer un autre sujet.
J'utilise Firefoxe, mais j'ai des fenêtres internet explorer avec de la publicité, qui s'ouvrent toutes seules.. J'ai fait un scan avec Hijackthis et je vous recopie le log final.
Si quelqu'un peux m'aider merci d'avance.
Logfile of HijackThis v1.99.1
Scan saved at 13:51:18, on 31/05/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\DWRCST.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINNT\avp.exe
C:\Program Files\Cybera Client\cybcli.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\smgr.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 195.46.214.112 www.orange.fr
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} -
C:\WINNT\system32\bdwcnyjo.dll
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINNT\system32\yayyaxv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {BCDB6F2A-6BFE-40B1-86B4-72AB0D66C832} - C:\WINNT\system32\mljgd.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition
Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan
Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [avp] C:\WINNT\avp.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINNT\system32\hgdgfpxx.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKCU\..\Run: [Cybera Client] "C:\Program Files\Cybera Client\cybcli.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\MSIMN.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) -
https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment
SetupINICtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment
SetupCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) -
https://10.0.0.139:4343/officescan/console/html/AtxEnc....
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment
ObjRemoveCtrl Class) -
https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls...
335734
O17 - HKLM\System\CCS\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer =
10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer =
10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer =
10.0.0.138
O20 - Winlogon Notify: mljgd - C:\WINNT\system32\mljgd.dll
O20 - Winlogon Notify: winkve32 - C:\WINNT\SYSTEM32\winkve32.dll
O20 - Winlogon Notify: yayyaxv - C:\WINNT\SYSTEM32\yayyaxv.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC -
C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program
Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program
Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program
Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend
Micro\OfficeScan Client\tmlisten.exe
J'ai vu que d'autres personnes ont le meme problème que moi, mais je me permets de créer un autre sujet.
J'utilise Firefoxe, mais j'ai des fenêtres internet explorer avec de la publicité, qui s'ouvrent toutes seules.. J'ai fait un scan avec Hijackthis et je vous recopie le log final.
Si quelqu'un peux m'aider merci d'avance.
Logfile of HijackThis v1.99.1
Scan saved at 13:51:18, on 31/05/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\DWRCST.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINNT\avp.exe
C:\Program Files\Cybera Client\cybcli.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\smgr.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 195.46.214.112 www.orange.fr
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} -
C:\WINNT\system32\bdwcnyjo.dll
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINNT\system32\yayyaxv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {BCDB6F2A-6BFE-40B1-86B4-72AB0D66C832} - C:\WINNT\system32\mljgd.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition
Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan
Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [avp] C:\WINNT\avp.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINNT\system32\hgdgfpxx.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKCU\..\Run: [Cybera Client] "C:\Program Files\Cybera Client\cybcli.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\MSIMN.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) -
https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment
SetupINICtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment
SetupCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) -
https://10.0.0.139:4343/officescan/console/html/AtxEnc....
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment
ObjRemoveCtrl Class) -
https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls...
335734
O17 - HKLM\System\CCS\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer =
10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer =
10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer =
10.0.0.138
O20 - Winlogon Notify: mljgd - C:\WINNT\system32\mljgd.dll
O20 - Winlogon Notify: winkve32 - C:\WINNT\SYSTEM32\winkve32.dll
O20 - Winlogon Notify: yayyaxv - C:\WINNT\SYSTEM32\yayyaxv.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC -
C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program
Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program
Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program
Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend
Micro\OfficeScan Client\tmlisten.exe
Autres pages sur : fenetres ouvrent seules
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Bonjour,
voici le rapport de Vundofix :
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 15:18:29 30/05/2007
Listing files found while scanning....
C:\WINNT\system32\dgjlm.bak1
C:\WINNT\system32\dgjlm.ini
C:\WINNT\system32\hgdgfpxx.dll
C:\WINNT\system32\mljgd.dll
C:\WINNT\system32\xxpfgdgh.ini
C:\WINNT\system32\yayyaxv.dll
Beginning removal...
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 17:03:42 31/05/2007
Listing files found while scanning....
C:\WINNT\system32\dgjlm.bak1
C:\WINNT\system32\dgjlm.bak2
C:\WINNT\system32\dgjlm.ini
C:\WINNT\system32\hgdgfpxx.dll
C:\WINNT\system32\mljgd.dll
C:\WINNT\system32\xxpfgdgh.ini
C:\WINNT\system32\yayyaxv.dll
Beginning removal...
Attempting to delete C:\WINNT\system32\dgjlm.bak1
C:\WINNT\system32\dgjlm.bak1 Has been deleted!
Attempting to delete C:\WINNT\system32\dgjlm.bak2
C:\WINNT\system32\dgjlm.bak2 Has been deleted!
Attempting to delete C:\WINNT\system32\dgjlm.ini
C:\WINNT\system32\dgjlm.ini Has been deleted!
Attempting to delete C:\WINNT\system32\hgdgfpxx.dll
C:\WINNT\system32\hgdgfpxx.dll Has been deleted!
Attempting to delete C:\WINNT\system32\mljgd.dll
C:\WINNT\system32\mljgd.dll Has been deleted!
Attempting to delete C:\WINNT\system32\xxpfgdgh.ini
C:\WINNT\system32\xxpfgdgh.ini Has been deleted!
Attempting to delete C:\WINNT\system32\yayyaxv.dll
C:\WINNT\system32\yayyaxv.dll Has been deleted!
Performing Repairs to the registry.
Done!
Et voici le rapport de HijackThis :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 07:30:10, on 01/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\DWRCST.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINNT\smgr.exe
C:\Program Files\Cybera Client\cybcli.exe
C:\WINNT\avp.exe
C:\WINNT\avp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\INT_MU~1\LOCALS~1\Temp\host32.exe
C:\WINNT\avp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\int_multimedia\Bureau\HiJackThis_v2.exe
C:\DOCUME~1\INT_MU~1\LOCALS~1\Temp\47428906.exe
C:\DOCUME~1\INT_MU~1\LOCALS~1\Temp\47428906.exe
C:\DOCUME~1\INT_MU~1\LOCALS~1\Temp\47428937.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 195.46.214.112 www.orange.fr
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINNT\system32\yayyaxv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {BCDB6F2A-6BFE-40B1-86B4-72AB0D66C832} - C:\WINNT\system32\mljgd.dll (file missing)
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINNT\system32\dmdbkgtq.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avp] C:\WINNT\avp.exe
O4 - HKCU\..\Run: [Cybera Client] "C:\Program Files\Cybera Client\cybcli.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\MSIMN.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.0.0.139:4343/officescan/console/html/AtxEnc....
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O20 - Winlogon Notify: winkve32 - C:\WINNT\SYSTEM32\winkve32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service d'administration IIS (IISADMIN) - Unknown owner - C:\WINNT\system32\inetsrv\inetinfo.exe
O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Affichage des messages (Messenger) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\System32\mnmsrvc.exe
O23 - Service: Service de publication FTP (MSFTPSVC) - Unknown owner - C:\WINNT\system32\inetsrv\inetinfo.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe
O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\System32\lsass.exe
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\System32\lsass.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\System32\lsass.exe
O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe
O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINNT\system32\inetsrv\inetinfo.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINNT\system32\tlntsvr.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe
O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Service de publication World Wide Web (W3SVC) - Unknown owner - C:\WINNT\system32\inetsrv\inetinfo.exe
O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe
O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe
--
End of file - 10144 bytes
voici le rapport de Vundofix :
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 15:18:29 30/05/2007
Listing files found while scanning....
C:\WINNT\system32\dgjlm.bak1
C:\WINNT\system32\dgjlm.ini
C:\WINNT\system32\hgdgfpxx.dll
C:\WINNT\system32\mljgd.dll
C:\WINNT\system32\xxpfgdgh.ini
C:\WINNT\system32\yayyaxv.dll
Beginning removal...
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 17:03:42 31/05/2007
Listing files found while scanning....
C:\WINNT\system32\dgjlm.bak1
C:\WINNT\system32\dgjlm.bak2
C:\WINNT\system32\dgjlm.ini
C:\WINNT\system32\hgdgfpxx.dll
C:\WINNT\system32\mljgd.dll
C:\WINNT\system32\xxpfgdgh.ini
C:\WINNT\system32\yayyaxv.dll
Beginning removal...
Attempting to delete C:\WINNT\system32\dgjlm.bak1
C:\WINNT\system32\dgjlm.bak1 Has been deleted!
Attempting to delete C:\WINNT\system32\dgjlm.bak2
C:\WINNT\system32\dgjlm.bak2 Has been deleted!
Attempting to delete C:\WINNT\system32\dgjlm.ini
C:\WINNT\system32\dgjlm.ini Has been deleted!
Attempting to delete C:\WINNT\system32\hgdgfpxx.dll
C:\WINNT\system32\hgdgfpxx.dll Has been deleted!
Attempting to delete C:\WINNT\system32\mljgd.dll
C:\WINNT\system32\mljgd.dll Has been deleted!
Attempting to delete C:\WINNT\system32\xxpfgdgh.ini
C:\WINNT\system32\xxpfgdgh.ini Has been deleted!
Attempting to delete C:\WINNT\system32\yayyaxv.dll
C:\WINNT\system32\yayyaxv.dll Has been deleted!
Performing Repairs to the registry.
Done!
Et voici le rapport de HijackThis :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 07:30:10, on 01/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\DWRCST.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINNT\smgr.exe
C:\Program Files\Cybera Client\cybcli.exe
C:\WINNT\avp.exe
C:\WINNT\avp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\INT_MU~1\LOCALS~1\Temp\host32.exe
C:\WINNT\avp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\int_multimedia\Bureau\HiJackThis_v2.exe
C:\DOCUME~1\INT_MU~1\LOCALS~1\Temp\47428906.exe
C:\DOCUME~1\INT_MU~1\LOCALS~1\Temp\47428906.exe
C:\DOCUME~1\INT_MU~1\LOCALS~1\Temp\47428937.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 195.46.214.112 www.orange.fr
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINNT\system32\yayyaxv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {BCDB6F2A-6BFE-40B1-86B4-72AB0D66C832} - C:\WINNT\system32\mljgd.dll (file missing)
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINNT\system32\dmdbkgtq.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avp] C:\WINNT\avp.exe
O4 - HKCU\..\Run: [Cybera Client] "C:\Program Files\Cybera Client\cybcli.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\MSIMN.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.0.0.139:4343/officescan/console/html/AtxEnc....
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O20 - Winlogon Notify: winkve32 - C:\WINNT\SYSTEM32\winkve32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service d'administration IIS (IISADMIN) - Unknown owner - C:\WINNT\system32\inetsrv\inetinfo.exe
O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Affichage des messages (Messenger) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\System32\mnmsrvc.exe
O23 - Service: Service de publication FTP (MSFTPSVC) - Unknown owner - C:\WINNT\system32\inetsrv\inetinfo.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe
O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\System32\lsass.exe
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\System32\lsass.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\System32\lsass.exe
O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe
O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINNT\system32\inetsrv\inetinfo.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINNT\system32\tlntsvr.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe
O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe
O23 - Service: Service de publication World Wide Web (W3SVC) - Unknown owner - C:\WINNT\system32\inetsrv\inetinfo.exe
O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe
O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe
--
End of file - 10144 bytes
Re,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Bonjour,
de retour après le week-end. Comme demandé voici le log de Combofix :
"int_multimedia" - 2007-06-04 8:38:58 Service Pack 4
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\int_multimedia\Bureau\"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINNT\system32\dmdbkgtq.dll
C:\WINNT\system32\winkve32.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 ))))))))))))))))))))))))))))))))))
2007-05-31 16:48 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_328.dat
2007-05-31 16:04 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-31 15:38 <DIR> d---s---- C:\Documents and Settings\INT_MU~1\UserData
2007-05-31 15:38 <DIR> d---s---- C:\DOCUME~1\INT_MU~1\UserData
2007-05-30 16:52 <DIR> d-------- C:\Program Files\Yahoo!
2007-05-30 15:38 <DIR> d-------- C:\DrWatson
2007-05-30 15:18 <DIR> d-------- C:\VundoFix Backups
2007-05-30 14:12 11,776 --a------ C:\WINNT\smgr.exe
2007-05-30 13:47 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-30 13:47 <DIR> d-------- C:\DOCUME~1\INT_MU~1\APPLIC~1\Lavasoft
2007-05-29 16:42 28,160 --a------ C:\WINNT\system32\winsys64.exe
2007-05-29 15:19 <DIR> d-------- C:\DOCUME~1\INT_MU~1\APPLIC~1\SorensonMedia
2007-05-29 15:03 15,664 --a------ C:\WINNT\system32\drivers\GEARAspiWDM.sys
2007-05-29 15:03 109,360 --a------ C:\WINNT\system32\GEARAspi.dll
2007-05-29 15:03 <DIR> d-------- C:\Program Files\Sorenson Media
2007-05-29 15:02 82,432 --a------ C:\WINNT\system32\drmstor.dll
2007-05-23 08:31 <DIR> d-------- C:\divx
2007-05-21 09:22 <DIR> d-------- C:\temp
2007-05-10 10:17 <DIR> d-------- C:\DOCUME~1\INT_MU~1\APPLIC~1\Media Player Classic
2007-05-10 10:14 <DIR> d-------- C:\Program Files\QuickTime Alternative
2007-05-10 10:14 <DIR> d-------- C:\Program Files\Media Player Classic
2007-05-10 09:36 <DIR> d-------- C:\WINNT\system32\embedded
2007-05-10 09:36 <DIR> d-------- C:\Program Files\WinAVI Video Converter
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-29 13:03:23 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-10 08:11:15 -------- d-----w C:\Program Files\QuickTime
2007-04-05 07:17:56 2,854,400 ----a-w C:\WINNT\system32\msi.dll
2007-03-13 09:45:08 246,032 ----a-w C:\WINNT\system32\WINSRV.DLL
2007-03-06 11:18:04 381,712 ----a-w C:\WINNT\system32\USER32.DLL
2007-03-06 11:18:03 38,160 ----a-w C:\WINNT\system32\mf3216.dll
2007-03-06 11:18:03 235,280 ----a-w C:\WINNT\system32\GDI32.DLL
2007-03-06 11:14:50 1,642,064 ----a-w C:\WINNT\system32\WIN32K.SYS
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [06-12-18 05:16 ]
{73BA12CB-F801-41F7-B199-0474FB66D090}=C:\WINNT\system32\yayyaxv.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [07-03-14 03:43 ]
{BCDB6F2A-6BFE-40B1-86B4-72AB0D66C832}=C:\WINNT\system32\mljgd.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 13:05 C:\WINNT\system32\mobsync.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [06-05-04 07:21 ]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [06-04-03 20:45 ]
"smgr"="smgr.exe" []
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [07-04-27 09:41 ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cybera Client"="C:\Program Files\Cybera Client\cybcli.exe" [06-12-09 17:26 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{73BA12CB-F801-41F7-B199-0474FB66D090}"="C:\WINNT\system32\yayyaxv.dll" []
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
Contents of the 'Scheduled Tasks' folder
2007-05-31 14:04:27 C:\WINNT\tasks\AppleSoftwareUpdate.job
2007-05-31 22:30:01 C:\WINNT\tasks\sauvegarde site internet.job
********************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-04 08:39:38
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\ATI2MTAG]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\ATI2MTAG]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\ATI2MTAG]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]
Completion time: 2007-06-04 8:39:55
C:\ComboFix-quarantined-files.txt ... 07-06-04 08:39
--- E O F ---
de retour après le week-end. Comme demandé voici le log de Combofix :
"int_multimedia" - 2007-06-04 8:38:58 Service Pack 4
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\int_multimedia\Bureau\"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINNT\system32\dmdbkgtq.dll
C:\WINNT\system32\winkve32.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 ))))))))))))))))))))))))))))))))))
2007-05-31 16:48 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_328.dat
2007-05-31 16:04 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-31 15:38 <DIR> d---s---- C:\Documents and Settings\INT_MU~1\UserData
2007-05-31 15:38 <DIR> d---s---- C:\DOCUME~1\INT_MU~1\UserData
2007-05-30 16:52 <DIR> d-------- C:\Program Files\Yahoo!
2007-05-30 15:38 <DIR> d-------- C:\DrWatson
2007-05-30 15:18 <DIR> d-------- C:\VundoFix Backups
2007-05-30 14:12 11,776 --a------ C:\WINNT\smgr.exe
2007-05-30 13:47 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-30 13:47 <DIR> d-------- C:\DOCUME~1\INT_MU~1\APPLIC~1\Lavasoft
2007-05-29 16:42 28,160 --a------ C:\WINNT\system32\winsys64.exe
2007-05-29 15:19 <DIR> d-------- C:\DOCUME~1\INT_MU~1\APPLIC~1\SorensonMedia
2007-05-29 15:03 15,664 --a------ C:\WINNT\system32\drivers\GEARAspiWDM.sys
2007-05-29 15:03 109,360 --a------ C:\WINNT\system32\GEARAspi.dll
2007-05-29 15:03 <DIR> d-------- C:\Program Files\Sorenson Media
2007-05-29 15:02 82,432 --a------ C:\WINNT\system32\drmstor.dll
2007-05-23 08:31 <DIR> d-------- C:\divx
2007-05-21 09:22 <DIR> d-------- C:\temp
2007-05-10 10:17 <DIR> d-------- C:\DOCUME~1\INT_MU~1\APPLIC~1\Media Player Classic
2007-05-10 10:14 <DIR> d-------- C:\Program Files\QuickTime Alternative
2007-05-10 10:14 <DIR> d-------- C:\Program Files\Media Player Classic
2007-05-10 09:36 <DIR> d-------- C:\WINNT\system32\embedded
2007-05-10 09:36 <DIR> d-------- C:\Program Files\WinAVI Video Converter
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-29 13:03:23 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-10 08:11:15 -------- d-----w C:\Program Files\QuickTime
2007-04-05 07:17:56 2,854,400 ----a-w C:\WINNT\system32\msi.dll
2007-03-13 09:45:08 246,032 ----a-w C:\WINNT\system32\WINSRV.DLL
2007-03-06 11:18:04 381,712 ----a-w C:\WINNT\system32\USER32.DLL
2007-03-06 11:18:03 38,160 ----a-w C:\WINNT\system32\mf3216.dll
2007-03-06 11:18:03 235,280 ----a-w C:\WINNT\system32\GDI32.DLL
2007-03-06 11:14:50 1,642,064 ----a-w C:\WINNT\system32\WIN32K.SYS
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [06-12-18 05:16 ]
{73BA12CB-F801-41F7-B199-0474FB66D090}=C:\WINNT\system32\yayyaxv.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [07-03-14 03:43 ]
{BCDB6F2A-6BFE-40B1-86B4-72AB0D66C832}=C:\WINNT\system32\mljgd.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 13:05 C:\WINNT\system32\mobsync.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [06-05-04 07:21 ]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [06-04-03 20:45 ]
"smgr"="smgr.exe" []
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [07-04-27 09:41 ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cybera Client"="C:\Program Files\Cybera Client\cybcli.exe" [06-12-09 17:26 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{73BA12CB-F801-41F7-B199-0474FB66D090}"="C:\WINNT\system32\yayyaxv.dll" []
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
Contents of the 'Scheduled Tasks' folder
2007-05-31 14:04:27 C:\WINNT\tasks\AppleSoftwareUpdate.job
2007-05-31 22:30:01 C:\WINNT\tasks\sauvegarde site internet.job
********************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-04 08:39:38
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\ATI2MTAG]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\ATI2MTAG]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\ATI2MTAG]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Hardware Profiles\0001\System\ControlSet001\Services\ati2mtag]
Completion time: 2007-06-04 8:39:55
C:\ComboFix-quarantined-files.txt ... 07-06-04 08:39
--- E O F ---
Voici le log avec la version demandée :
Logfile of HijackThis v1.99.1
Scan saved at 13:21:06, on 05/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\TEMP\KRE5E8.EXE
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\SYSTEM32\DWRCST.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINNT\smgr.exe
C:\Program Files\Cybera Client\cybcli.exe
C:\WINNT\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\int_multimedia\Bureau\hijackthis\HijackThis.exe
C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 195.46.214.112 www.orange.fr
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINNT\system32\yayyaxv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {BCDB6F2A-6BFE-40B1-86B4-72AB0D66C832} - C:\WINNT\system32\mljgd.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Cybera Client] "C:\Program Files\Cybera Client\cybcli.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\MSIMN.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.0.0.139:4343/officescan/console/html/AtxEnc....
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
Logfile of HijackThis v1.99.1
Scan saved at 13:21:06, on 05/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\TEMP\KRE5E8.EXE
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\SYSTEM32\DWRCST.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINNT\smgr.exe
C:\Program Files\Cybera Client\cybcli.exe
C:\WINNT\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\int_multimedia\Bureau\hijackthis\HijackThis.exe
C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 195.46.214.112 www.orange.fr
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINNT\system32\yayyaxv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {BCDB6F2A-6BFE-40B1-86B4-72AB0D66C832} - C:\WINNT\system32\mljgd.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Cybera Client] "C:\Program Files\Cybera Client\cybcli.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\MSIMN.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.0.0.139:4343/officescan/console/html/AtxEnc....
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
T'es pas parti j'espère ? ![:D]( ":D")
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne l'emplacement en gras ci-dessous :
C:\WINNT\system32\winsys64.exe
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne l'emplacement en gras ci-dessous :
C:\WINNT\system32\winsys64.exe
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Voici le log demandé :
Logfile of HijackThis v1.99.1
Scan saved at 13:34:42, on 07/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\TEMP\ATA58B.EXE
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\DWRCST.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Cybera Client\cybcli.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\int_multimedia\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 195.46.214.112 www.orange.fr
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINNT\system32\yayyaxv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {BCDB6F2A-6BFE-40B1-86B4-72AB0D66C832} - C:\WINNT\system32\mljgd.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Cybera Client] "C:\Program Files\Cybera Client\cybcli.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\MSIMN.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.0.0.139:4343/officescan/console/html/AtxEnc....
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
Logfile of HijackThis v1.99.1
Scan saved at 13:34:42, on 07/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\TEMP\ATA58B.EXE
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\DWRCST.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Cybera Client\cybcli.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\int_multimedia\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 195.46.214.112 www.orange.fr
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINNT\system32\yayyaxv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {BCDB6F2A-6BFE-40B1-86B4-72AB0D66C832} - C:\WINNT\system32\mljgd.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Cybera Client] "C:\Program Files\Cybera Client\cybcli.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\MSIMN.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.0.0.139:4343/officescan/console/html/AtxEnc....
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
Re,
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINNT\system32\yayyaxv.dll (file missing)
O2 - BHO: (no name) - {BCDB6F2A-6BFE-40B1-86B4-72AB0D66C832} - C:\WINNT\system32\mljgd.dll (file missing)
O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
Clique sur Fix checked (en bas à gauche)
&
Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINNT\system32\yayyaxv.dll (file missing)
O2 - BHO: (no name) - {BCDB6F2A-6BFE-40B1-86B4-72AB0D66C832} - C:\WINNT\system32\mljgd.dll (file missing)
O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
Clique sur Fix checked (en bas à gauche)
&
Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.
voila le log Hitjackthis :
Logfile of HijackThis v1.99.1
Scan saved at 15:52:56, on 07/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\TEMP\ATA58B.EXE
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\DWRCST.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Cybera Client\cybcli.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\int_multimedia\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Cybera Client] "C:\Program Files\Cybera Client\cybcli.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\MSIMN.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.0.0.139:4343/officescan/console/html/AtxEnc....
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
Logfile of HijackThis v1.99.1
Scan saved at 15:52:56, on 07/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\TEMP\ATA58B.EXE
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\DWRCST.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Cybera Client\cybcli.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\int_multimedia\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Cybera Client] "C:\Program Files\Cybera Client\cybcli.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\MSIMN.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.0.0.139:4343/officescan/console/html/AtxEnc....
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.0.0.139:4343/officescan/console/ClientInstal...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{2956979D-D215-4537-8CAA-341A85210D6B}: NameServer = 10.0.0.138
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
Lassé par la pub ? Créez un compte
- Contenus similaires :
