[resolu]cheval de troie

[getrogibbs]

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

DllUnregisterServer procedure not found in c:\windows\system32\khvgbw.dll

c:\windows\system32\khvgbw.dll NOT unregistered.

c:\windows\system32\khvgbw.dll moved successfully.

DllUnregisterServer procedure not found in c:\windows\system32\fxkwujjl.dll

c:\windows\system32\fxkwujjl.dll NOT unregistered.

c:\windows\system32\fxkwujjl.dll moved successfully.

DllUnregisterServer procedure not found in c:\windows\system32\yvobfvrx.dll

c:\windows\system32\yvobfvrx.dll NOT unregistered.

c:\windows\system32\yvobfvrx.dll moved successfully.

DllUnregisterServer procedure not found in c:\windows\system32\hsteui.dll

c:\windows\system32\hsteui.dll NOT unregistered.

c:\windows\system32\hsteui.dll moved successfully.

DllUnregisterServer procedure not found in c:\windows\system32\uysjnnpx.dll

c:\windows\system32\uysjnnpx.dll NOT unregistered.

c:\windows\system32\uysjnnpx.dll moved successfully.

DllUnregisterServer procedure not found in c:\windows\system32\qvjfxd.dll

c:\windows\system32\qvjfxd.dll NOT unregistered.

c:\windows\system32\qvjfxd.dll moved successfully.

c:\windows\system32\thsgwtwm.tmp moved successfully.

DllUnregisterServer procedure not found in c:\windows\system32\qbcvkaer.dll

c:\windows\system32\qbcvkaer.dll NOT unregistered.

c:\windows\system32\qbcvkaer.dll moved successfully.

DllUnregisterServer procedure not found in c:\windows\system32\jlaior.dll

c:\windows\system32\jlaior.dll NOT unregistered.

c:\windows\system32\jlaior.dll moved successfully.

DllUnregisterServer procedure not found in c:\windows\system32\otanqfpd.dll

c:\windows\system32\otanqfpd.dll NOT unregistered.

c:\windows\system32\otanqfpd.dll moved successfully.

DllUnregisterServer procedure not found in c:\windows\system32\kwrspc.dll

c:\windows\system32\kwrspc.dll NOT unregistered.

c:\windows\system32\kwrspc.dll moved successfully.

LoadLibrary failed for c:\windows\system32\ws59179.dll

c:\windows\system32\ws59179.dll NOT unregistered.

c:\windows\system32\ws59179.dll moved successfully.

DllUnregisterServer procedure not found in c:\windows\system32\syorkx.dll

c:\windows\system32\syorkx.dll NOT unregistered.

c:\windows\system32\syorkx.dll moved successfully.

DllUnregisterServer procedure not found in c:\windows\system32\iyebnffv.dll

c:\windows\system32\iyebnffv.dll NOT unregistered.

c:\windows\system32\iyebnffv.dll moved successfully.

C:\Program Files\Trend Micro\HijackThis\backups moved successfully.

========== COMMANDS ==========

Explorer started successfully

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_4GQNa36a9VYMDcGdZ9zV scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF5663.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF56D9.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF6736.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF6743.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_8b0.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\w8sds7n9.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\w8sds7n9.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\w8sds7n9.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\w8sds7n9.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\w8sds7n9.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\w8sds7n9.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

 

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01082009_095746

 

Files moved on Reboot...

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_4GQNa36a9VYMDcGdZ9zV not found!

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF5663.tmp not found!

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF56D9.tmp not found!

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF6736.tmp not found!

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF6743.tmp not found!

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

File C:\WINDOWS\temp\Perflib_Perfdata_8b0.dat not found!

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\w8sds7n9.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\w8sds7n9.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\w8sds7n9.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\w8sds7n9.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\w8sds7n9.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\w8sds7n9.default\XUL.mfl moved successfully.

[angelique]

ok le rapport MBAM maintenant

[getrogibbs]

Malwarebytes' Anti-Malware 1.32

Version de la base de données: 1630

Windows 5.1.2600 Service Pack 3

 

08/01/2009 10:14:50

mbam-log-2009-01-08 (10-14-50).txt

 

Type de recherche: Examen rapide

Eléments examinés: 60992

Temps écoulé: 4 minute(s), 40 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 8

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\shellex.tbho (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{18e4cdd5-23e9-3c2b-9ea7-7a5d489f4356} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{107a1d63-2eaa-4694-8aba-ec209c630d83} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{61181f3a-b7b4-3f2d-bc24-5dc5deab99c0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\srcss.exe (Rogue.SpyProtector) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\Spy Protector (Rogue.SpyProtector) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Spy Protector (Rogue.SpyProtector) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SpyProtector (Rogue.SpyProtector) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{107a1d63-2eaa-4694-8aba-ec209c630d83} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

[getrogibbs]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:23:52, on 08/01/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\vVX3000.exe

C:\AddOn\Fujitsu\PSUtility\TrayManager.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Lexmark 1400 Series\lxdjamon.exe

C:\Program Files\AGI\common\win32\PythonService.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

c:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxdjcoms.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

c:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS\system32\UStorSrv.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN

O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

O4 - HKLM\..\Run: [PSUtility] C:\AddOn\Fujitsu\PSUtility\TrayManager.exe

O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"

O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"

O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.mygsf.net

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207328735203

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_5.cab

O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobtv.f..._instmodule.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

 

--

End of file - 10865 bytes

[angelique]

• vide la quarantine d'MBAM

 

• ton rapport HJT est ok

 

corrige\Fixchecked juste cette ligne:

R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)

 

et supprime le dossier backups là: C:\Program Files\Trend Micro\HijackThis\backups

 

• Finir le nettoyage :

- Nettoye ton ordinateur avec ATFCeaner:

 

telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

Patiente le temp du nettoyage

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

Le prochain démarrage du PC sera un peu plus long , le prefetch ayant été vidé.

 

- Désactive puis réactive la restauration du système :

- Mode d'emploi Windows XP: http://service1.symantec.com/SUPPORT/INTER...020830101856924

[getrogibbs]

bon voilà, j'ai tout fait comme tu as dit, j'espère que ça ira et que j'arriverais à obtenir les codes pour symantec...

Je te remercie pour ton aide très efficace.

[angelique]

Oui faut de depecher d'obtenir l'update de Symantec aupres de tes administrateurs , et ne pas surfer non protégé actuellement!!!tant que Symantec n'est pas à jour!!!

 

Bye \o_

 

j'edite ton sujet comme [resolu]