romaric81

Logfile of HijackThis v1.99.1 Scan saved at 12:00:27, on 11/03/2008 Platform: Windows 2003 SP1 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Running processes: C:\Documents and Settings\herbert\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\mnmsrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lserver.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I091.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\rdpclip.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I091.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\DOCUME~1\herbert\LOCALS~1\Temp\1\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/hardUser.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mail.yahoo.com/?.intl=fr&.redir....cldefstat=Def0 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - E:\eoRezo\EoAdv\EOREZO~1.DLL (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48" O4 - HKLM\..\Run: [Auto EPSON Stylus C48 Series sur HTT-XFNYYTCX2OK] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P48 "Auto EPSON Stylus C48 Series sur HTT-XFNYYTCX2OK" /O26 "\\HTT-XFNYYTCX2OK\EPSONSty" /M "Stylus C48" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Auto EPSON Stylus C48 Series (Copie 1) sur HTT-DKYE8PIQ8W3] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P58 "Auto EPSON Stylus C48 Series (Copie 1) sur HTT-DKYE8PIQ8W3" /O28 "\\HTT-DKYE8PIQ8W3\EPSONSty.2" /M "Stylus C48" O4 - HKLM\..\Run: [EoEngine] "E:\eoRezo\EoEngine.exe" O4 - HKLM\..\Run: [.nvsvc] C:\DOCUME~1\herbert\LOCALS~1\Temp\2\sxe40.tmp O4 - HKLM\..\Run: [EPSON Stylus C48 Series (Copie 1)] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P33 "EPSON Stylus C48 Series (Copie 1)" /O5 "LPT1:" /M "Stylus C48" O4 - HKLM\..\Run: [EPSON Stylus C48 Series (à partir de HTT15) dans la session 2] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P61 "EPSON Stylus C48 Series (à partir de HTT15) dans la session 2" /O5 "TS001" /M "Stylus C48" O4 - HKLM\..\Run: [EPSON Stylus C48 Series (à partir de HTT15) dans la session 1] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P61 "EPSON Stylus C48 Series (à partir de HTT15) dans la session 1" /O5 "TS001" /M "Stylus C48" O4 - HKLM\..\Run: [EPSON Stylus C48 Series (à partir de HTT15) dans la session 3] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P61 "EPSON Stylus C48 Series (à partir de HTT15) dans la session 3" /O5 "TS001" /M "Stylus C48" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [bandwidthMeterPro] C:\Program Files\BandwidthMeterPro\BWMeterPro.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Fichiers communs\Adobe\ESD\AdobeDownloadManager.exe" restart=1 O4 - HKCU\..\Run: [Nokia.PCSync] C:\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\herbert\Application Data\Mozilla\Firefox\Profiles\lghspezh.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\herbert\Application Data\Mozilla\Firefox\Profiles/lghspezh.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Launch Gigaget.lnk = E:\Gigaget\GigagetShell.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O10 - Broken Internet access because of LSP provider 'c:\documents and settings\herbert\windows\system32\mswsock.dll' missing O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{398E6A48-33F3-4CE9-BF62-C821FCAB8D28}: NameServer = 209.212.96.1,209.212.97.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{627ED3AF-278E-4FB5-A080-696F5A82D787}: NameServer = 210.80.58.66,196.202.232.6 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - dimsntfy.dll (file missing) O23 - Service: Service Application Experience Lookup (AeLookupSvc) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\alg.exe (file missing) O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Audio Windows (AudioSrv) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Explorateur d'ordinateurs (Browser) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Services de cryptographie (CryptSvc) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Lanceur de processus serveur DCOM (DcomLaunch) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Système de fichiers distribués (Dfs) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\Dfssvc.exe (file missing) O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: DNS Connection (dnscon) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service de rapport d'erreurs (ERSvc) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\services.exe (file missing) O23 - Service: Aide et support (helpsvc) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Enregistrement de licences (LicenseService) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\llssrv.exe (file missing) O23 - Service: Assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Network Manager Service (NetManager) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: NLA (Network Location Awareness) (Nla) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Réplication de fichiers (NtFrs) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\ntfrs.exe (file missing) O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Stockage amovible (NtmsSvc) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\services.exe (file missing) O23 - Service: Services IPSEC (PolicyAgent) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Routage et accès distant (RemoteAccess) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Accès à distance au Registre (RemoteRegistry) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Localisateur d'appels de procédure distante (RPC) (RpcLocator) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\locator.exe (file missing) O23 - Service: Appel de procédure distante (RPC) (RpcSs) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Fournisseur d'un jeu de stratégie résultant (RSoPProv) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\RSoPProv.exe (file missing) O23 - Service: Application d'assistance de la Console d'administration spéciale (sacsvr) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\SCardSvr.exe (file missing) O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Ouverture de session secondaire (seclogon) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Notification d'événement système (SENS) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Détection matériel noyau (ShellHWDetection) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\spoolsv.exe (file missing) O23 - Service: Microsoft Software Shadow Copy Provider (swprv) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\smlogsvc.exe (file missing) O23 - Service: Téléphonie (TapiSrv) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Services Terminal Server (TermService) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Gestion de licences Terminal Server (TermServLicensing) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\lserver.exe (file missing) O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Onduleur (UPS) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\ups.exe (file missing) O23 - Service: Service de disque virtuel (vds) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\vds.exe (file missing) O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service de publication World Wide Web (W3SVC) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service de découverte automatique de Proxy Web pour les services HTTP Windows (WinHttpAutoProxySvc) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Infrastructure de gestion Windows (winmgmt) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Configuration sans fil (WZCSVC) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service d'approvisionnement réseau (xmlprov) - Unknown owner - C:\Documents and Settings\herbert\WINDOWS\System32\svchost.exe (file missing) merci de m'aider.

bonjour j'ai un ordinateur équipé de window server 2003 service pack 1 qui a été infecté. je n'ai plus accès aux différents disques durs et ladite machine est devenue très lente. équipé d'AVG, celui ci ne détecte rien et pourtant un virus ou plusieurs sont présents dans le server. j'ai éssayé la procedure de nettoyage préliminaire et d'analyse qui est proposée mais je me heurte au fait que ANTIVIR ne peut être installé sur window server. QUE FAIRE?