ciko_59

la mise a jour du scanner on line ne fonctionne pas...j'ai telecharger le fichier cumul.zip mais ne c que faire ensuite

rebjr eh oui windows update plante tjrs...il bloque tjrs sur la recherche des maj desolé bruce lee, j'ai pas sauvegardé le rapport avg que faire maintenant ?

Bjr a tous Je n'ai pas retrouvé la ligne 04 msblast.exe , mais j'avais lancé le fixblast auparavant (il avait rien trouvé d'ailleurs) bizarre j'ai donc lancé ewido qui ma supprimer 8 cookies voici le nouveau rapport Logfile of HijackThis v1.99.1 Scan saved at 09:12:58, on 18/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe C:\Windows\Cpqdiag\Cpqdfwag.exe C:\Windows\System32\inetsrv\inetinfo.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\OfficeScan NT\ntrtscan.exe c:\orant\bin\omtsreco.exe C:\Windows\System32\svchost.exe C:\OfficeScan NT\tmlisten.exe C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe C:\OfficeScan NT\OfcPfwSvc.exe C:\Windows\Explorer.EXE C:\WINDOWS\TEMP\YIFA00.EXE C:\OfficeScan NT\pccntmon.exe C:\Windows\system32\hkcmd.exe C:\Windows\system32\igfxtray.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Windows\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe C:\DOCUME~1\jeherbin\LOCALS~1\Temp\Répertoire temporaire 4 pour hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/040C/bl7.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = omnivista;sezam;150.1.10.6;http://kidam;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/big/1.1....g/GoogleNav.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175092531343 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_06) - O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.2.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{73702708-2322-43D0-BCB8-BDE17D9E0A4A}: Domain = lmcu.fr O17 - HKLM\System\CS1\Services\Tcpip\..\{73702708-2322-43D0-BCB8-BDE17D9E0A4A}: Domain = lmcu.fr O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOADFO~1\RNetPin.dll O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Compaq Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett Packard - C:\Windows\Cpqdiag\Cpqdfwag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe O23 - Service: OracleMTSRecoveryService - Oracle Corporation - c:\orant\bin\omtsreco.exe O23 - Service: OracleORACLE_HOMEClientCache - Unknown owner - c:\orant\BIN\ONRSD.EXE O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

Bjr Plus moyen de mettre à jour mon poste à partir de microsoft update De plus j'ai l'impression qu'il rame de plus en plus Que faire ? please Ci joint le rapport Logfile of HijackThis v1.99.1 Scan saved at 14:00:34, on 16/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe C:\Windows\Cpqdiag\Cpqdfwag.exe C:\Windows\System32\inetsrv\inetinfo.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Windows\System32\NMSSvc.exe C:\OfficeScan NT\ntrtscan.exe c:\orant\bin\omtsreco.exe C:\Windows\System32\svchost.exe C:\OfficeScan NT\tmlisten.exe C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\OfficeScan NT\OfcPfwSvc.exe C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe C:\WINDOWS\TEMP\KZ5B5.EXE C:\Windows\Explorer.EXE C:\OfficeScan NT\pccntmon.exe C:\Windows\system32\hkcmd.exe C:\Windows\system32\igfxtray.exe C:\Windows\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\mstsc.exe C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe C:\Program Files\UltraEdit\uedit32.exe C:\Program Files\Client Terminal Server\mstsc.exe C:\Program Files\Client Terminal Server\CONMAN.EXE C:\DOCUME~1\jeherbin\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/040C/bl7.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxys:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = omnivista;sezam;150.1.10.6;http://kidam;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [windows auto update] msblast.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/big/1.1....g/GoogleNav.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175092531343 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_06) - O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.2.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{73702708-2322-43D0-BCB8-BDE17D9E0A4A}: Domain = lmcu.fr O17 - HKLM\System\CS1\Services\Tcpip\..\{73702708-2322-43D0-BCB8-BDE17D9E0A4A}: Domain = lmcu.fr O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOADFO~1\RNetPin.dll O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\WPDShServiceObj.dll O23 - Service: Compaq Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett Packard - C:\Windows\Cpqdiag\Cpqdfwag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe O23 - Service: OracleMTSRecoveryService - Oracle Corporation - c:\orant\bin\omtsreco.exe O23 - Service: OracleORACLE_HOMEClientCache - Unknown owner - c:\orant\BIN\ONRSD.EXE O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

un grand merci à vous 2 @+

c ok

bjr non plus de dysfonctionnement voici le rapport blacklight 07/31/06 10:16:18 [info]: BlackLight Engine 1.0.42 initialized 07/31/06 10:16:18 [info]: OS: 5.1 build 2600 (Service Pack 2) 07/31/06 10:16:19 [Note]: 7019 4 07/31/06 10:16:19 [Note]: 7005 0 07/31/06 10:16:23 [Note]: 7006 0 07/31/06 10:16:23 [Note]: 7011 2132 07/31/06 10:16:23 [Note]: 7026 0 07/31/06 10:16:24 [Note]: 7026 0 07/31/06 10:16:39 [Note]: FSRAW library version 1.7.1019 07/31/06 10:24:17 [Note]: 7007 0 qu'en penses tu ?

bjr super un grand merci que me conseilles tu comme procedure a suivre afin de ne plus avoir ces soucis par le futur ?

re voici le scan Incident Statut Analyse Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt[fe.lea.lycos.fr/] Spyware:Cookie/Netster No Désinfecté C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt[lb3.netster.com/] Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\jeherbin\Cookies\jeherbin@fl01.ct2.comclick[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\jeherbin\Cookies\jeherbin@xiti[1].txt

bjr j'ai tout fait sauf que j'ai pas trouvé ms.exe voici le rapport Incident Statut Analyse Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt[fe.lea.lycos.fr/] Spyware:Cookie/Netster No Désinfecté C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt[lb3.netster.com/] Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\jeherbin\Cookies\jeherbin@xiti[1].txt Outil indésirable:Application/MyWebSearch No Désinfecté C:\Program Files\Uninstall My Global Search Bar.dll

re j'ai supprimer le fichier et fait un scan au fur et a mesure que je bosse on dirait ques lichiers infectés sont plus nombreux (cf scan par rapport au scan d'avant) pour info : dans ie une barre de recherche a ete ajoutée a coté de la saisie de l'url ci joint rapport Incident Statut Analyse Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt[fe.lea.lycos.fr/] Spyware:Cookie/Netster No Désinfecté C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt[lb3.netster.com/] Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\jeherbin\Cookies\jeherbin@microsofteup.112.2o7[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\jeherbin\Cookies\jeherbin@xiti[1].txt Outil indésirable:Application/MyWebSearch No Désinfecté C:\Documents and Settings\jeherbin\Local Settings\Temp\is-OTAC2.tmp\ms.exe Outil indésirable:Application/MyWebSearch No Désinfecté C:\Program Files\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL Outil indésirable:Application/MyWebSearch No Désinfecté C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL Outil indésirable:Application/MyWebSearch No Désinfecté C:\Program Files\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL Adware:Adware/EShopper No Désinfecté C:\WINDOWS\HelperVer.exe Adware:Adware/EShopper No Désinfecté C:\WINDOWS\system32\m247es.exe Outil indésirable:Application/MyWebSearch No Désinfecté C:\WINDOWS\system32\mgsb.exe Adware:Adware/EShopper No Désinfecté C:\WINDOWS\UnInstallKey.exe

re J'ai fait EasyCleaner (il a pas reussi a me virer 2 fichiers inutiles) j'ai viré la clé dans fichiers communs j'ai viré les cookies de ie (désolé j'ai pas firefox) j'ai lancé Offiscan et ci joint nouveau rapport Incident Statut Analyse Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt[fe.lea.lycos.fr/] Spyware:Cookie/Netster No Désinfecté C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt[lb3.netster.com/] Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\jeherbin\Cookies\jeherbin@xiti[1].txt Adware:Adware/Maxifiles No Désinfecté C:\Documents and Settings\jeherbin\Local Settings\Temp\win28F5.tmp.exe Spyware:Cookie/Tradedoubler No Désinfecté C:\RECYCLER\S-1-5-21-3666875560-2347126982-119465411-1007\Dc102.txt Spyware:Cookie/Xiti No Désinfecté C:\RECYCLER\S-1-5-21-3666875560-2347126982-119465411-1007\Dc126.txt Spyware:Cookie/Adtech No Désinfecté C:\RECYCLER\S-1-5-21-3666875560-2347126982-119465411-1007\Dc132.txt Spyware:Spyware/Virtumonde No Désinfecté C:\RECYCLER\S-1-5-21-3666875560-2347126982-119465411-1007\Dc3216\services.dll Outil indésirable:Application/Processor No Désinfecté C:\RECYCLER\S-1-5-21-3666875560-2347126982-119465411-1007\Dc33.tmp Spyware:Spyware/Virtumonde No Désinfecté C:\RECYCLER\S-1-5-21-3666875560-2347126982-119465411-1007\Dc83.old

re ci joint rapport ActiveScan Incident Statut Analyse Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt[fe.lea.lycos.fr/] Spyware:Cookie/Netster No Désinfecté C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt[lb3.netster.com/] Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\jeherbin\Bureau\SmitfraudFix\SmitfraudFix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\jeherbin\Bureau\SmitfraudFix.zip[smitfraudFix/Process.exe] Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\jeherbin\Cookies\jeherbin@xiti[1].txt Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\jeherbin\Local Settings\Temp\nsvC.tmp Adware:Adware/Maxifiles No Désinfecté C:\Documents and Settings\jeherbin\Local Settings\Temp\win28F5.tmp.exe Spyware:Spyware/Virtumonde No Désinfecté C:\Program Files\Fichiers communs\{FC702006-06A4-1036-1002-020522200021}\services.dll

re j'ai supprimé ishost.Exe mais je n'arrive pas a ytiliser l'antivirus en ligne pb : ÉCHEC du processus de mise à jour. Aucune autre action ne peut être réalisée par l'antivirus ! j'ai ie et il arrive pourtant a initialiser l'antivirus dois je utiliser la version d'eval que l'on peut telecharger ?

re voici le rapport (a la fin de mes misères, il faudra que tu me fasses un resumé de tout ces outils qui ont l'air tres interessant à utiliser -) ) SmitFraudFix v2.75b Rapport fait à 12:10:35,93, 25/07/2006 Executé à partir de C:\Documents and Settings\jeherbin\Bureau\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32 C:\Windows\system32\ishost.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jeherbin\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\jeherbin\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="http://wallpaper-land.com/xorg.php?categ=3d&souscateg=3D_Formes&reso=1024&nom=3dformes15mars49"'>http://wallpaper-land.com/xorg.php?categ=3d&souscateg=3D_Formes&reso=1024&nom=3dformes15mars49" "SubscribedURL"="http://wallpaper-land.com/xorg.php?categ=3d&souscateg=3D_Formes&reso=1024&nom=3dformes15mars49" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

bjr a tous j'ai suivi les instrcutions avec succés au reboot j'ai tjrs le message suivant : c:\windows\system32\ishost.exe Le processeur NTVDM a rencontré une instruction non autorisée CS : 070e IP:0106 OP: ff ff f9 ff fe choisissez fermer pour mettre fin à l'application et au reboot aussi Ediwo (qui tourne au demaragge d'apres ce que je vois) me dis malware sur les fichiers : C:\Program Files\ORL\VNC\VNCHooks.dll C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\Real\VNC\VNC4\WinVNC4.exe j'ai fait ignore por l'instant au fait, j'ai pas renommer les fichiers d'hier VOICI LES RAPPORTS EDIWO --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 10:42:55 25/07/2006 + Scan result: HKU\S-1-5-21-3666875560-2347126982-119465411-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined). HKU\S-1-5-21-3666875560-2347126982-119465411-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined). C:\Program Files\themexp\Themexp.org File\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{126DECE4-BF5A-4C45-B448-087B466AD9D7}\RP3\A0002296.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\tuvusts.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\Program Files\ORL\VNC\VNCHooks.dll -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Ignored. C:\Program Files\ORL\VNC\WinVNC.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Ignored. C:\Program Files\ORL\VNC\vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Ignored. C:\Program Files\RealVNC\VNC4\winvnc4.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4110 : Ignored. :mozilla.6:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.7:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.8:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.10:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.11:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.12:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.13:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.14:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.9:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.148:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.149:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.21:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.22:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.182:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.169:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Comclick : Cleaned. :mozilla.170:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Comclick : Cleaned. :mozilla.171:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Comclick : Cleaned. :mozilla.162:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Enhance : Cleaned. :mozilla.49:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Estat : Cleaned. :mozilla.66:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned. :mozilla.198:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Onestat : Cleaned. :mozilla.199:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Onestat : Cleaned. :mozilla.84:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.85:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.43:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.44:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.45:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.46:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.102:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.103:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.104:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.105:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.161:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.174:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.175:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.176:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.261:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.262:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.263:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.115:C:\Documents and Settings\jeherbin\Application Data\Mozilla\Firefox\Profiles\i327mtfj.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Program Files\Fichiers communs\{FC702006-06A4-1036-1002-020522200021}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined). C:\System Volume Information\_restore{126DECE4-BF5A-4C45-B448-087B466AD9D7}\RP4\A0003324.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined). ::Report end ET HIJACKTHIS Logfile of HijackThis v1.99.1 Scan saved at 10:49:22, on 25/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe C:\Windows\Cpqdiag\Cpqdfwag.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Windows\System32\inetsrv\inetinfo.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Windows\System32\NMSSvc.exe C:\OfficeScan NT\ntrtscan.exe C:\OfficeScan NT\OfcPfwSvc.exe C:\Windows\System32\svchost.exe C:\OfficeScan NT\tmlisten.exe C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe C:\WINDOWS\TEMP\DX6A8D.EXE C:\Windows\system32\wuauclt.exe C:\Windows\Explorer.EXE C:\OfficeScan NT\pccntmon.exe C:\Program Files\QuickTime\qttask.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\jeherbin\Bureau\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sezam/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/040C/bl7.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxys:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = omnivista;sezam;150.1.10.6;http://kidam;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150811665156 O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/big/1.1....g/GoogleNav.cab O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_06) - O17 - HKLM\System\CCS\Services\Tcpip\..\{73702708-2322-43D0-BCB8-BDE17D9E0A4A}: Domain = lmcu.fr O17 - HKLM\System\CS1\Services\Tcpip\..\{73702708-2322-43D0-BCB8-BDE17D9E0A4A}: Domain = lmcu.fr O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll O23 - Service: Compaq Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett Packard - C:\Windows\Cpqdiag\Cpqdfwag.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing) O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) MERCI POUR VOTRE AIDE

j'ai envoyé aussi update.exe, mad m'a repondu Hash des fichiers envoyés: MD5: 56615860fde60e74d9d57c77aa45e1b4 SHA1: d2ca76f19ece32f4c0acee492b9c68750d95cbcb Le fichier envoyé semble quant à lui différent de celui que nous avions. Nous sommes sur l'analyse de ce fichier, merci de votre patience. merci de ta participation

re C:\Program Files\Fichiers communs\{FC702006-06A4-1036-1002-020522200021} est en fait un dossier qui comporte services.dll et update.exe j'ai donc demandé l'analyse de services.dll. c le bon fichier ? voici la reponse du site http://secubox.gateweb.org/mad.php Fichier: services.dll Nom d'origine: Services.dll Compilateur: Microsoft VC++ Compilé le: Mercredi 5 Juillet 2006 à 08:44:20 MD5: e2f1ec87af6d5767a882d89ea6b52fbe SHA1: 579f57cb1f47288204b96175d80e5f5e6760fe93 La librairie dispose de 3 fonctions: • RVA ›› 0x00001054 (Nom fonction: 0x00002133 -› DownloadFile) • RVA ›› 0x00001000 (Nom fonction: 0x00002140 -› GetUserAgent) • RVA ›› 0x0000103F (Nom fonction: 0x0000214D -› SetUserAgent Fonctions importées: 10002000 ›› strcpy (importée de la librairie msvcr71.dll) 10002008 ›› URLDownloadToFileW (importée de la librairie urlmon.dll) 1000200C ›› UrlMkSetSessionOption (importée de la librairie urlmon.dll) 10002010 ›› UrlMkGetSessionOption (importée de la librairie urlmon.dll) URLDownloadToFileW ( LPUNKNOWN, LPCWSTR, LPCWSTR, DWORD, LPBINDSTATUSCALLBACK ) UrlMkSetSessionOption ( DWORD dwOption, LPVOID pBuffer, DWORD dwBufferLength, DWORD dwReserved ) UrlMkGetSessionOption( DWORD dwOption, LPVOID pBuffer, DWORD dwBufferLength, DWORD *pdwBufferLength, DWORD dwReserved )

re merci pour ton aide tjrs apres le rebbot le msg sur ishost.exe et j'ai pas eu l'ecran bleu voici le rapport vbg.txt [07/24/2006, 9:34:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\jeherbin\Bureau\VirtumundoBeGone.exe" ) [07/24/2006, 9:35:02] - Detected System Information: [07/24/2006, 9:35:02] - Windows Version: 5.1.2600, Service Pack 2 [07/24/2006, 9:35:02] - Current Username: jeherbin (Admin) [07/24/2006, 9:35:02] - Windows is in NORMAL mode. [07/24/2006, 9:35:02] - Searching for Browser Helper Objects: [07/24/2006, 9:35:02] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} () [07/24/2006, 9:35:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/24/2006, 9:35:02] - Checking for HKLM\...\Winlogon\Notify\SDHelper [07/24/2006, 9:35:02] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [07/24/2006, 9:35:02] - BHO 2: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} () [07/24/2006, 9:35:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/24/2006, 9:35:02] - Checking for HKLM\...\Winlogon\Notify\tuvusts [07/24/2006, 9:35:02] - Found: HKLM\...\Winlogon\Notify\tuvusts - This is probably Virtumundo. [07/24/2006, 9:35:02] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object [07/24/2006, 9:35:02] - BHO list has been changed! Starting over... [07/24/2006, 9:35:02] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} () [07/24/2006, 9:35:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/24/2006, 9:35:02] - Checking for HKLM\...\Winlogon\Notify\SDHelper [07/24/2006, 9:35:02] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [07/24/2006, 9:35:02] - BHO 2: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (MSEvents Object) [07/24/2006, 9:35:02] - ALERT: Found MSEvents Object! [07/24/2006, 9:35:02] - BHO 3: {944864A5-3916-46E2-96A9-A2E84F3F1208} () [07/24/2006, 9:35:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/24/2006, 9:35:02] - No filename found. Continuing. [07/24/2006, 9:35:02] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [07/24/2006, 9:35:02] - Finished Searching Browser Helper Objects [07/24/2006, 9:35:02] - *** Detected MSEvents Object [07/24/2006, 9:35:02] - Trying to remove MSEvents Object... [07/24/2006, 9:35:03] - Terminating Process: IEXPLORE.EXE [07/24/2006, 9:35:03] - Terminating Process: RUNDLL32.EXE [07/24/2006, 9:35:03] - Disabling Automatic Shell Restart [07/24/2006, 9:35:03] - Terminating Process: EXPLORER.EXE [07/24/2006, 9:35:03] - Suspending the NT Session Manager System Service [07/24/2006, 9:35:04] - Terminating Windows NT Logon/Logoff Manager [07/24/2006, 9:35:04] - Re-enabling Automatic Shell Restart [07/24/2006, 9:35:04] - File to disable: C:\Windows\system32\tuvusts.dll [07/24/2006, 9:35:04] - Renaming C:\Windows\system32\tuvusts.dll -> C:\Windows\system32\tuvusts.dll.vir [07/24/2006, 9:35:04] - File successfully renamed! [07/24/2006, 9:35:04] - Removing HKLM\...\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [07/24/2006, 9:35:04] - Removing HKCR\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [07/24/2006, 9:35:04] - Adding Kill Bit for ActiveX for GUID: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [07/24/2006, 9:35:04] - Deleting ATLEvents/MSEvents Registry entries [07/24/2006, 9:35:04] - Removing HKLM\...\Winlogon\Notify\tuvusts [07/24/2006, 9:35:04] - Searching for Browser Helper Objects: [07/24/2006, 9:35:04] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} () [07/24/2006, 9:35:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/24/2006, 9:35:04] - Checking for HKLM\...\Winlogon\Notify\SDHelper [07/24/2006, 9:35:04] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [07/24/2006, 9:35:04] - BHO 2: {944864A5-3916-46E2-96A9-A2E84F3F1208} () [07/24/2006, 9:35:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/24/2006, 9:35:04] - No filename found. Continuing. [07/24/2006, 9:35:04] - BHO 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [07/24/2006, 9:35:04] - Finished Searching Browser Helper Objects [07/24/2006, 9:35:04] - Finishing up... [07/24/2006, 9:35:04] - A restart is needed. [07/24/2006, 9:35:09] - Attempting to Restart via STOP error (Blue Screen!) et voici le rapport HijackThis Logfile of HijackThis v1.99.1 Scan saved at 09:44:29, on 24/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe C:\Windows\Cpqdiag\Cpqdfwag.exe C:\Windows\System32\inetsrv\inetinfo.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\OfficeScan NT\ntrtscan.exe C:\OfficeScan NT\OfcPfwSvc.exe C:\Windows\System32\svchost.exe C:\OfficeScan NT\tmlisten.exe C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe C:\WINDOWS\TEMP\SFB309.EXE C:\Windows\Explorer.EXE C:\OfficeScan NT\pccntmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\{FC702006-06A4-1036-1002-020522200021}\Update.exe C:\Windows\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Windows\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sidebar.exe C:\Program Files\Messenger\msmsgs.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\jeherbin\Bureau\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sezam/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/040C/bl7.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxys:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = omnivista;sezam;150.1.10.6;http://kidam;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - <default> - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file) O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [sIDEBAR] "C:\Windows\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sidebar.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150811665156 O16 - DPF: {64E27CFB-8B69-4B83-80F0-36A81437D587} - http://activex.camfrogweb.com/basic/cfweb_..._instmodule.exe O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/big/1.1....g/GoogleNav.cab O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microsoft.com/...p/TLIEFlash.CAB O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_06) - O17 - HKLM\System\CCS\Services\Tcpip\..\{73702708-2322-43D0-BCB8-BDE17D9E0A4A}: Domain = lmcu.fr O17 - HKLM\System\CS1\Services\Tcpip\..\{73702708-2322-43D0-BCB8-BDE17D9E0A4A}: Domain = lmcu.fr O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wingsa32 - wingsa32.dll (file missing) O23 - Service: Compaq Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett Packard - C:\Windows\Cpqdiag\Cpqdfwag.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing) O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

j'ai lancé vundofix.exe comme tu me l'as dis mais il me repond après scan "done searching for files. Not infected files were found" si ça peut t'aider, lorsque j'allume le micro j'ai un message dans une fenetre dos concernant le fichier ishost.exe voila le nouveau rapport merci d'avance Logfile of HijackThis v1.99.1 Scan saved at 14:40:23, on 21/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe C:\Windows\Cpqdiag\Cpqdfwag.exe C:\Windows\System32\inetsrv\inetinfo.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Windows\System32\NMSSvc.exe C:\OfficeScan NT\ntrtscan.exe C:\OfficeScan NT\OfcPfwSvc.exe C:\Windows\System32\svchost.exe C:\OfficeScan NT\tmlisten.exe C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe C:\WINDOWS\TEMP\LXA76F.EXE C:\Windows\Explorer.EXE C:\OfficeScan NT\pccntmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\{FC702006-06A4-1036-1002-020522200021}\Update.exe C:\Windows\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Windows\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sidebar.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\jeherbin\Bureau\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sezam/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/040C/bl7.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxys:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = omnivista;sezam;150.1.10.6;http://kidam;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - <default> - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\Windows\system32\tuvusts.dll O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file) O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [sIDEBAR] "C:\Windows\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sidebar.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150811665156 O16 - DPF: {64E27CFB-8B69-4B83-80F0-36A81437D587} - http://activex.camfrogweb.com/basic/cfweb_..._instmodule.exe O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/big/1.1....g/GoogleNav.cab O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microsoft.com/...p/TLIEFlash.CAB O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_06) - O17 - HKLM\System\CCS\Services\Tcpip\..\{73702708-2322-43D0-BCB8-BDE17D9E0A4A}: Domain = lmcu.fr O17 - HKLM\System\CS1\Services\Tcpip\..\{73702708-2322-43D0-BCB8-BDE17D9E0A4A}: Domain = lmcu.fr O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: tuvusts - C:\Windows\SYSTEM32\tuvusts.dll O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wingsa32 - wingsa32.dll (file missing) O23 - Service: Compaq Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett Packard - C:\Windows\Cpqdiag\Cpqdfwag.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing) O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

depuis 3 jours, j'ai choppé troj_vundo.be j'ai essayé adaware, spybot, antivir... rien n'y fait voici le rapport hijackthis qui a une idée ? Logfile of HijackThis v1.99.1 Scan saved at 13:39:08, on 21/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe C:\Windows\Cpqdiag\Cpqdfwag.exe C:\Windows\System32\inetsrv\inetinfo.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Windows\System32\NMSSvc.exe C:\OfficeScan NT\ntrtscan.exe C:\OfficeScan NT\OfcPfwSvc.exe C:\Windows\System32\svchost.exe C:\OfficeScan NT\tmlisten.exe C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe C:\WINDOWS\TEMP\CF4B23.EXE C:\Windows\Explorer.EXE C:\OfficeScan NT\pccntmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Fichiers communs\{FC702006-06A4-1036-1002-020522200021}\Update.exe C:\Windows\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Windows\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sidebar.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Documents and Settings\jeherbin\Bureau\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sezam/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/040C/bl7.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxys:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = omnivista;sezam;150.1.10.6;http://kidam;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - <default> - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\Windows\system32\tuvusts.dll O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file) O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [sIDEBAR] "C:\Windows\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sidebar.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150811665156 O16 - DPF: {64E27CFB-8B69-4B83-80F0-36A81437D587} - http://activex.camfrogweb.com/basic/cfweb_..._instmodule.exe O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/big/1.1....g/GoogleNav.cab O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microsoft.com/...p/TLIEFlash.CAB O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_06) - O17 - HKLM\System\CCS\Services\Tcpip\..\{73702708-2322-43D0-BCB8-BDE17D9E0A4A}: Domain = lmcu.fr O17 - HKLM\System\CS1\Services\Tcpip\..\{73702708-2322-43D0-BCB8-BDE17D9E0A4A}: Domain = lmcu.fr O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: tuvusts - C:\Windows\SYSTEM32\tuvusts.dll O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wingsa32 - wingsa32.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Compaq Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett Packard - C:\Windows\Cpqdiag\Cpqdfwag.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing) O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)