deux process "iexplore.exe" au démarage...
Dernière réponse : dans Sécurité
Bonjour,
j'ai des processus qui me prennent tout mon CPU..! Il s'agit de IEXPLOR.EXE qui apparait deux fois et que je ne peux pas tuer, sans quoi ils reviennent...
Est-ce que quelqu'un est d'accord pour s'occuper de mon cas? Suis-je infecté par un virus ?
Merci d'avance.
Baptiste
j'ai des processus qui me prennent tout mon CPU..! Il s'agit de IEXPLOR.EXE qui apparait deux fois et que je ne peux pas tuer, sans quoi ils reviennent...
Est-ce que quelqu'un est d'accord pour s'occuper de mon cas? Suis-je infecté par un virus ?
Merci d'avance.
Baptiste
Autres pages sur : process iexplore exe demarage
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Bonsoir Angeldark, le forum,
voila voila mon rapport HijackThis :
Merci d'avance de ce que tu peux faire pour moi.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:22, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Atria\bin\cccredmgr.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\Program Files\Atria\bin\lockmgr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nsiolan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\msiexec.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [Funk Soap] D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1\Debugboltinfo.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - file://C:\Program Files\InterCAP\ActiveCGM\ActiveX\acgm.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atria Location Broker (Albd) - Unknown owner - C:\Program Files\Atria\bin\albd_server.exe
O23 - Service: Atria Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Atria\bin\cccredmgr.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - Unknown owner - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Hummingbird Export (HCLExport) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
O23 - Service: Hummingbird Exceed Display Management (HumDisplayServer) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: Atria Lock Manager (LockMgr) - Unknown owner - C:\Program Files\Atria\bin\lockmgr.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NSIoLan - Alcatel - C:\WINNT\system32\nsiolan.exe
O23 - Service: OracleOra_Clt_817ClientCache - Unknown owner - c:\Progra~1\clt817\BIN\ONRSD.EXE
--
End of file - 9243 bytes
voila voila mon rapport HijackThis :
Merci d'avance de ce que tu peux faire pour moi.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:22, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Atria\bin\cccredmgr.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\Program Files\Atria\bin\lockmgr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nsiolan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\msiexec.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [Funk Soap] D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1\Debugboltinfo.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - file://C:\Program Files\InterCAP\ActiveCGM\ActiveX\acgm.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atria Location Broker (Albd) - Unknown owner - C:\Program Files\Atria\bin\albd_server.exe
O23 - Service: Atria Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Atria\bin\cccredmgr.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - Unknown owner - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Hummingbird Export (HCLExport) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
O23 - Service: Hummingbird Exceed Display Management (HumDisplayServer) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: Atria Lock Manager (LockMgr) - Unknown owner - C:\Program Files\Atria\bin\lockmgr.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NSIoLan - Alcatel - C:\WINNT\system32\nsiolan.exe
O23 - Service: OracleOra_Clt_817ClientCache - Unknown owner - c:\Progra~1\clt817\BIN\ONRSD.EXE
--
End of file - 9243 bytes
Infection Lop ![:)]( ":)")
Télécharge Lop S&D.exe sur ton Bureau.
Double-clique dessus pour lancer l'installation
Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
Patiente jusqu'à la fin du scan
Poste le rapport généré (C:\lopR.txt)
(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Télécharge Lop S&D.exe sur ton Bureau.
(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
[OK]
J'ai exécuté le programme et voila mon rapport :
Merci.![:)]( ":)")
-----------------------[ Lop S&D 4.0.5 XP/Vista ]----------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : bdufourq ] [ "C:\Lop SD" ]
[ 10/03/2008 | 21:55:21,15 ] [ PC : FRORVN0F04253 ]
[ MAJ : 09-03-2008 | 22:50 ]
-------------[ Listing des dossiers dans Application Data ]------------
----------------[ Tâches planifiées dans C:\WINNT\tasks ]---------------
[09/03/2008 15:55][--a------] C:\WINNT\tasks\Uniblue SpyEraser Nag.job
[08/03/2008 16:15][--a------] C:\WINNT\tasks\Uniblue SpyEraser.job
[10/03/2008 21:00][--ah-----] C:\WINNT\tasks\B16AB7C291293006.job
[10/03/2008 21:25][--ah-----] C:\WINNT\tasks\SA.DAT
[31/03/2003 12:00][-r-h-----] C:\WINNT\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[10/03/2008|18:23] C:\Program Files\.
[10/03/2008|18:23] C:\Program Files\..
[10/03/2008|17:28] C:\Program Files\Adobe
[28/02/2008|12:08] C:\Program Files\Aladin
[28/02/2008|10:38] C:\Program Files\Analog Devices
[28/02/2008|11:34] C:\Program Files\AT&T Net Client
[28/02/2008|12:08] C:\Program Files\Atria
[28/02/2008|18:04] C:\Program Files\BitTorrent
[02/03/2008|17:08] C:\Program Files\CCleaner
[28/02/2008|11:39] C:\Program Files\Citrix
[28/02/2008|11:50] C:\Program Files\clt817
[10/03/2008|17:30] C:\Program Files\Common Files
[28/02/2008|10:19] C:\Program Files\ComPlus Applications
[28/02/2008|12:08] C:\Program Files\DATA
[28/02/2008|10:34] C:\Program Files\DIFX
[28/02/2008|18:04] C:\Program Files\DNA
[28/02/2008|11:40] C:\Program Files\Epic
[28/02/2008|11:07] C:\Program Files\FileZilla
[28/02/2008|12:10] C:\Program Files\Filter 01.40.40
[28/02/2008|15:36] C:\Program Files\Fingerprint Sensor
[28/02/2008|12:10] C:\Program Files\Ghostgum
[29/02/2008|11:11] C:\Program Files\glassfish-v2ur1
[10/03/2008|18:23] C:\Program Files\Google
[28/02/2008|11:52] C:\Program Files\gs
[28/02/2008|11:07] C:\Program Files\HDI_20
[28/02/2008|11:34] C:\Program Files\Hewlett-Packard
[28/02/2008|11:42] C:\Program Files\Hummingbird
[28/02/2008|11:07] C:\Program Files\initdhcp
[28/02/2008|15:34] C:\Program Files\InstallShield Installation Information
[28/02/2008|11:54] C:\Program Files\InterCAP
[10/03/2008|19:47] C:\Program Files\Internet Explorer
[28/02/2008|11:53] C:\Program Files\IVIEW2
[29/02/2008|11:03] C:\Program Files\Java
[28/02/2008|11:54] C:\Program Files\JavaSoft
[28/02/2008|11:55] C:\Program Files\jdk1.1.8
[28/02/2008|11:55] C:\Program Files\jdk1.3.0_01
[08/03/2008|11:52] C:\Program Files\Lavasoft
[28/02/2008|11:09] C:\Program Files\Lotus
[28/02/2008|10:45] C:\Program Files\McAfee
[28/02/2008|12:20] C:\Program Files\Microsoft ActiveSync
[28/02/2008|10:25] C:\Program Files\microsoft frontpage
[28/02/2008|12:20] C:\Program Files\Microsoft Office
[03/03/2008|10:35] C:\Program Files\Microsoft Office Communicator
[28/02/2008|11:36] C:\Program Files\Microsoft Visual Studio
[28/02/2008|12:20] C:\Program Files\Microsoft.NET
[28/02/2008|11:57] C:\Program Files\Morten's Cygwin X-Launcher
[28/02/2008|10:19] C:\Program Files\Movie Maker
[10/03/2008|21:32] C:\Program Files\Mozilla Firefox
[28/02/2008|11:23] C:\Program Files\mozilla.org
[10/03/2008|16:07] C:\Program Files\msn gaming zone
[28/02/2008|12:13] C:\Program Files\MSXML 4.0
[02/03/2008|19:45] C:\Program Files\MSXML 6.0
[29/02/2008|15:01] C:\Program Files\NetBeans 6.0.1
[28/02/2008|10:19] C:\Program Files\NetMeeting
[28/02/2008|11:30] C:\Program Files\NetScreen
[28/02/2008|11:34] C:\Program Files\Network Associates
[28/02/2008|11:41] C:\Program Files\Omnimark 5
[28/02/2008|10:19] C:\Program Files\Online Services
[28/02/2008|11:48] C:\Program Files\Oracle
[28/02/2008|11:43] C:\Program Files\OracleForArts
[28/02/2008|10:19] C:\Program Files\Outlook Express
[28/02/2008|11:21] C:\Program Files\Paint.NET
[28/02/2008|11:21] C:\Program Files\PDFCreator
[28/02/2008|11:54] C:\Program Files\Perl560
[28/02/2008|11:27] C:\Program Files\Profile Light
[28/02/2008|11:40] C:\Program Files\PSPad editor
[28/02/2008|11:40] C:\Program Files\Putty
[28/02/2008|11:22] C:\Program Files\QuickTime
[28/02/2008|11:56] C:\Program Files\Raglsrv
[28/02/2008|11:35] C:\Program Files\rasphone_PBK
[28/02/2008|11:23] C:\Program Files\Real
[08/03/2008|11:52] C:\Program Files\RegCleaner
[28/02/2008|12:10] C:\Program Files\sea
[28/02/2008|16:50] C:\Program Files\Setup Factory 7.0
[28/02/2008|11:52] C:\Program Files\Snapshot Viewer
[04/03/2008|14:04] C:\Program Files\SNEC Tool
[02/03/2008|17:14] C:\Program Files\Spybot - Search & Destroy
[28/02/2008|11:39] C:\Program Files\SQLLIB
[29/02/2008|11:03] C:\Program Files\Sun
[28/02/2008|11:57] C:\Program Files\Tactical Software
[28/02/2008|11:41] C:\Program Files\TightVNC
[10/03/2008|13:50] C:\Program Files\Trend Micro
[28/02/2008|18:08] C:\Program Files\TrueUpdate 3.0
[28/02/2008|11:43] C:\Program Files\UltraEdit
[08/03/2008|14:32] C:\Program Files\Uniblue
[28/02/2008|10:29] C:\Program Files\Uninstall Information
[28/02/2008|11:06] C:\Program Files\UPHClean
[28/02/2008|11:26] C:\Program Files\userguides
[28/02/2008|11:53] C:\Program Files\Verilog
[29/02/2008|21:51] C:\Program Files\VideoLAN
[28/02/2008|18:08] C:\Program Files\Visual Patch 3.0
[28/02/2008|11:43] C:\Program Files\vittam2d
[28/02/2008|11:35] C:\Program Files\VPNLOGINSCRIPT
[28/02/2008|12:08] C:\Program Files\WADS
[08/03/2008|08:34] C:\Program Files\win'design
[10/03/2008|10:29] C:\Program Files\Windows Live
[28/02/2008|11:20] C:\Program Files\Windows Media Connect 2
[28/02/2008|11:20] C:\Program Files\Windows Media Player
[28/02/2008|10:25] C:\Program Files\Windows NT
[28/02/2008|10:19] C:\Program Files\WindowsUpdate
[28/02/2008|11:27] C:\Program Files\WINZIP
[28/02/2008|10:25] C:\Program Files\xerox
[28/02/2008|11:27] C:\Program Files\ZapNotes
------[ Listing des dossiers dans C:\Program Files\Common Files ]------
[10/03/2008|17:30] C:\Program Files\Common Files\.
[10/03/2008|17:30] C:\Program Files\Common Files\..
[10/03/2008|17:30] C:\Program Files\Common Files\Adobe
[28/02/2008|10:45] C:\Program Files\Common Files\Cisco Systems
[28/02/2008|11:36] C:\Program Files\Common Files\Designer
[28/02/2008|11:30] C:\Program Files\Common Files\Deterministic Networks
[28/02/2008|11:29] C:\Program Files\Common Files\InstallShield
[28/02/2008|11:07] C:\Program Files\Common Files\Java
[28/02/2008|12:20] C:\Program Files\Common Files\L&H
[28/02/2008|10:45] C:\Program Files\Common Files\McAfee
[28/02/2008|12:26] C:\Program Files\Common Files\Microsoft Shared
[28/02/2008|10:19] C:\Program Files\Common Files\MSSoap
[28/02/2008|11:34] C:\Program Files\Common Files\Network Associates
[28/02/2008|11:16] C:\Program Files\Common Files\ODBC
[28/02/2008|11:23] C:\Program Files\Common Files\Real
[28/02/2008|10:19] C:\Program Files\Common Files\Services
[28/02/2008|11:16] C:\Program Files\Common Files\SpeechEngines
[28/02/2008|12:20] C:\Program Files\Common Files\System
[10/03/2008|10:30] C:\Program Files\Common Files\WindowsLiveInstaller
[08/03/2008|11:52] C:\Program Files\Common Files\Wise Installation Wizard
[28/02/2008|11:23] C:\Program Files\Common Files\xing shared
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\WINNT\Tasks\B16AB7C291293006.job
----------------------[ Verification du Registre ]----------------------
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 21:56:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
/!\ [Fich:52][Doss:17] D:\DOCUME~1\bdufourq\LOCALS~1\Temp
/!\ [Fich:1][Doss:0] D:\DOCUME~1\bdufourq\Cookies
/!\ [Fich:13][Doss:4] D:\DOCUME~1\bdufourq\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 21:56:48,64 ]----------------------
J'ai exécuté le programme et voila mon rapport :
Merci.
-----------------------[ Lop S&D 4.0.5 XP/Vista ]----------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : bdufourq ] [ "C:\Lop SD" ]
[ 10/03/2008 | 21:55:21,15 ] [ PC : FRORVN0F04253 ]
[ MAJ : 09-03-2008 | 22:50 ]
-------------[ Listing des dossiers dans Application Data ]------------
----------------[ Tâches planifiées dans C:\WINNT\tasks ]---------------
[09/03/2008 15:55][--a------] C:\WINNT\tasks\Uniblue SpyEraser Nag.job
[08/03/2008 16:15][--a------] C:\WINNT\tasks\Uniblue SpyEraser.job
[10/03/2008 21:00][--ah-----] C:\WINNT\tasks\B16AB7C291293006.job
[10/03/2008 21:25][--ah-----] C:\WINNT\tasks\SA.DAT
[31/03/2003 12:00][-r-h-----] C:\WINNT\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[10/03/2008|18:23] C:\Program Files\.
[10/03/2008|18:23] C:\Program Files\..
[10/03/2008|17:28] C:\Program Files\Adobe
[28/02/2008|12:08] C:\Program Files\Aladin
[28/02/2008|10:38] C:\Program Files\Analog Devices
[28/02/2008|11:34] C:\Program Files\AT&T Net Client
[28/02/2008|12:08] C:\Program Files\Atria
[28/02/2008|18:04] C:\Program Files\BitTorrent
[02/03/2008|17:08] C:\Program Files\CCleaner
[28/02/2008|11:39] C:\Program Files\Citrix
[28/02/2008|11:50] C:\Program Files\clt817
[10/03/2008|17:30] C:\Program Files\Common Files
[28/02/2008|10:19] C:\Program Files\ComPlus Applications
[28/02/2008|12:08] C:\Program Files\DATA
[28/02/2008|10:34] C:\Program Files\DIFX
[28/02/2008|18:04] C:\Program Files\DNA
[28/02/2008|11:40] C:\Program Files\Epic
[28/02/2008|11:07] C:\Program Files\FileZilla
[28/02/2008|12:10] C:\Program Files\Filter 01.40.40
[28/02/2008|15:36] C:\Program Files\Fingerprint Sensor
[28/02/2008|12:10] C:\Program Files\Ghostgum
[29/02/2008|11:11] C:\Program Files\glassfish-v2ur1
[10/03/2008|18:23] C:\Program Files\Google
[28/02/2008|11:52] C:\Program Files\gs
[28/02/2008|11:07] C:\Program Files\HDI_20
[28/02/2008|11:34] C:\Program Files\Hewlett-Packard
[28/02/2008|11:42] C:\Program Files\Hummingbird
[28/02/2008|11:07] C:\Program Files\initdhcp
[28/02/2008|15:34] C:\Program Files\InstallShield Installation Information
[28/02/2008|11:54] C:\Program Files\InterCAP
[10/03/2008|19:47] C:\Program Files\Internet Explorer
[28/02/2008|11:53] C:\Program Files\IVIEW2
[29/02/2008|11:03] C:\Program Files\Java
[28/02/2008|11:54] C:\Program Files\JavaSoft
[28/02/2008|11:55] C:\Program Files\jdk1.1.8
[28/02/2008|11:55] C:\Program Files\jdk1.3.0_01
[08/03/2008|11:52] C:\Program Files\Lavasoft
[28/02/2008|11:09] C:\Program Files\Lotus
[28/02/2008|10:45] C:\Program Files\McAfee
[28/02/2008|12:20] C:\Program Files\Microsoft ActiveSync
[28/02/2008|10:25] C:\Program Files\microsoft frontpage
[28/02/2008|12:20] C:\Program Files\Microsoft Office
[03/03/2008|10:35] C:\Program Files\Microsoft Office Communicator
[28/02/2008|11:36] C:\Program Files\Microsoft Visual Studio
[28/02/2008|12:20] C:\Program Files\Microsoft.NET
[28/02/2008|11:57] C:\Program Files\Morten's Cygwin X-Launcher
[28/02/2008|10:19] C:\Program Files\Movie Maker
[10/03/2008|21:32] C:\Program Files\Mozilla Firefox
[28/02/2008|11:23] C:\Program Files\mozilla.org
[10/03/2008|16:07] C:\Program Files\msn gaming zone
[28/02/2008|12:13] C:\Program Files\MSXML 4.0
[02/03/2008|19:45] C:\Program Files\MSXML 6.0
[29/02/2008|15:01] C:\Program Files\NetBeans 6.0.1
[28/02/2008|10:19] C:\Program Files\NetMeeting
[28/02/2008|11:30] C:\Program Files\NetScreen
[28/02/2008|11:34] C:\Program Files\Network Associates
[28/02/2008|11:41] C:\Program Files\Omnimark 5
[28/02/2008|10:19] C:\Program Files\Online Services
[28/02/2008|11:48] C:\Program Files\Oracle
[28/02/2008|11:43] C:\Program Files\OracleForArts
[28/02/2008|10:19] C:\Program Files\Outlook Express
[28/02/2008|11:21] C:\Program Files\Paint.NET
[28/02/2008|11:21] C:\Program Files\PDFCreator
[28/02/2008|11:54] C:\Program Files\Perl560
[28/02/2008|11:27] C:\Program Files\Profile Light
[28/02/2008|11:40] C:\Program Files\PSPad editor
[28/02/2008|11:40] C:\Program Files\Putty
[28/02/2008|11:22] C:\Program Files\QuickTime
[28/02/2008|11:56] C:\Program Files\Raglsrv
[28/02/2008|11:35] C:\Program Files\rasphone_PBK
[28/02/2008|11:23] C:\Program Files\Real
[08/03/2008|11:52] C:\Program Files\RegCleaner
[28/02/2008|12:10] C:\Program Files\sea
[28/02/2008|16:50] C:\Program Files\Setup Factory 7.0
[28/02/2008|11:52] C:\Program Files\Snapshot Viewer
[04/03/2008|14:04] C:\Program Files\SNEC Tool
[02/03/2008|17:14] C:\Program Files\Spybot - Search & Destroy
[28/02/2008|11:39] C:\Program Files\SQLLIB
[29/02/2008|11:03] C:\Program Files\Sun
[28/02/2008|11:57] C:\Program Files\Tactical Software
[28/02/2008|11:41] C:\Program Files\TightVNC
[10/03/2008|13:50] C:\Program Files\Trend Micro
[28/02/2008|18:08] C:\Program Files\TrueUpdate 3.0
[28/02/2008|11:43] C:\Program Files\UltraEdit
[08/03/2008|14:32] C:\Program Files\Uniblue
[28/02/2008|10:29] C:\Program Files\Uninstall Information
[28/02/2008|11:06] C:\Program Files\UPHClean
[28/02/2008|11:26] C:\Program Files\userguides
[28/02/2008|11:53] C:\Program Files\Verilog
[29/02/2008|21:51] C:\Program Files\VideoLAN
[28/02/2008|18:08] C:\Program Files\Visual Patch 3.0
[28/02/2008|11:43] C:\Program Files\vittam2d
[28/02/2008|11:35] C:\Program Files\VPNLOGINSCRIPT
[28/02/2008|12:08] C:\Program Files\WADS
[08/03/2008|08:34] C:\Program Files\win'design
[10/03/2008|10:29] C:\Program Files\Windows Live
[28/02/2008|11:20] C:\Program Files\Windows Media Connect 2
[28/02/2008|11:20] C:\Program Files\Windows Media Player
[28/02/2008|10:25] C:\Program Files\Windows NT
[28/02/2008|10:19] C:\Program Files\WindowsUpdate
[28/02/2008|11:27] C:\Program Files\WINZIP
[28/02/2008|10:25] C:\Program Files\xerox
[28/02/2008|11:27] C:\Program Files\ZapNotes
------[ Listing des dossiers dans C:\Program Files\Common Files ]------
[10/03/2008|17:30] C:\Program Files\Common Files\.
[10/03/2008|17:30] C:\Program Files\Common Files\..
[10/03/2008|17:30] C:\Program Files\Common Files\Adobe
[28/02/2008|10:45] C:\Program Files\Common Files\Cisco Systems
[28/02/2008|11:36] C:\Program Files\Common Files\Designer
[28/02/2008|11:30] C:\Program Files\Common Files\Deterministic Networks
[28/02/2008|11:29] C:\Program Files\Common Files\InstallShield
[28/02/2008|11:07] C:\Program Files\Common Files\Java
[28/02/2008|12:20] C:\Program Files\Common Files\L&H
[28/02/2008|10:45] C:\Program Files\Common Files\McAfee
[28/02/2008|12:26] C:\Program Files\Common Files\Microsoft Shared
[28/02/2008|10:19] C:\Program Files\Common Files\MSSoap
[28/02/2008|11:34] C:\Program Files\Common Files\Network Associates
[28/02/2008|11:16] C:\Program Files\Common Files\ODBC
[28/02/2008|11:23] C:\Program Files\Common Files\Real
[28/02/2008|10:19] C:\Program Files\Common Files\Services
[28/02/2008|11:16] C:\Program Files\Common Files\SpeechEngines
[28/02/2008|12:20] C:\Program Files\Common Files\System
[10/03/2008|10:30] C:\Program Files\Common Files\WindowsLiveInstaller
[08/03/2008|11:52] C:\Program Files\Common Files\Wise Installation Wizard
[28/02/2008|11:23] C:\Program Files\Common Files\xing shared
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\WINNT\Tasks\B16AB7C291293006.job
----------------------[ Verification du Registre ]----------------------
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 21:56:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
/!\ [Fich:52][Doss:17] D:\DOCUME~1\bdufourq\LOCALS~1\Temp
/!\ [Fich:1][Doss:0] D:\DOCUME~1\bdufourq\Cookies
/!\ [Fich:13][Doss:4] D:\DOCUME~1\bdufourq\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 21:56:48,64 ]----------------------
Re,
Fix le ligne dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne tous les emplacements dans le cadre ci-dessous :
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
Fix le ligne dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES
O4 - HKCU\..\Run: [Funk Soap] D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1\Debugboltinfo.exe
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne tous les emplacements dans le cadre ci-dessous :
D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1
C:\WINNT\Tasks\B16AB7C291293006.job
C:\WINNT\Tasks\B16AB7C291293006.job
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
voila voila :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:37, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Atria\bin\cccredmgr.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\Program Files\Atria\bin\lockmgr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nsiolan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NetBeans 6.0.1\bin\netbeans.exe
C:\Program Files\NetBeans 6.0.1\platform7\lib\nbexec.exe
C:\Program Files\NetBeans 6.0.1\platform7\lib\nbexec.exe
C:\Program Files\Java\jdk1.6.0_04\jre\bin\java.exe
D:\Documents and Settings\bdufourq\Desktop\OTMoveIt2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://gautoconf.alcatel.fr/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [Funk Soap] D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1\Debugboltinfo.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - file://C:\Program Files\InterCAP\ActiveCGM\ActiveX\acgm.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atria Location Broker (Albd) - Unknown owner - C:\Program Files\Atria\bin\albd_server.exe
O23 - Service: Atria Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Atria\bin\cccredmgr.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - Unknown owner - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Hummingbird Export (HCLExport) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
O23 - Service: Hummingbird Exceed Display Management (HumDisplayServer) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: Atria Lock Manager (LockMgr) - Unknown owner - C:\Program Files\Atria\bin\lockmgr.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NSIoLan - Alcatel - C:\WINNT\system32\nsiolan.exe
O23 - Service: OracleOra_Clt_817ClientCache - Unknown owner - c:\Progra~1\clt817\BIN\ONRSD.EXE
--
End of file - 9813 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:37, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Atria\bin\cccredmgr.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\Program Files\Atria\bin\lockmgr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nsiolan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NetBeans 6.0.1\bin\netbeans.exe
C:\Program Files\NetBeans 6.0.1\platform7\lib\nbexec.exe
C:\Program Files\NetBeans 6.0.1\platform7\lib\nbexec.exe
C:\Program Files\Java\jdk1.6.0_04\jre\bin\java.exe
D:\Documents and Settings\bdufourq\Desktop\OTMoveIt2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://gautoconf.alcatel.fr/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [Funk Soap] D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1\Debugboltinfo.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - file://C:\Program Files\InterCAP\ActiveCGM\ActiveX\acgm.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atria Location Broker (Albd) - Unknown owner - C:\Program Files\Atria\bin\albd_server.exe
O23 - Service: Atria Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Atria\bin\cccredmgr.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - Unknown owner - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Hummingbird Export (HCLExport) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
O23 - Service: Hummingbird Exceed Display Management (HumDisplayServer) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: Atria Lock Manager (LockMgr) - Unknown owner - C:\Program Files\Atria\bin\lockmgr.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NSIoLan - Alcatel - C:\WINNT\system32\nsiolan.exe
O23 - Service: OracleOra_Clt_817ClientCache - Unknown owner - c:\Progra~1\clt817\BIN\ONRSD.EXE
--
End of file - 9813 bytes
Re,
je pensais l'avoir fait... mais aparamment non![:non:]( ":non:")
désolé..!
Voila qui est fait maintenant et voici mon rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:58, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Atria\bin\cccredmgr.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\Program Files\Atria\bin\lockmgr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nsiolan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NetBeans 6.0.1\bin\netbeans.exe
C:\Program Files\NetBeans 6.0.1\platform7\lib\nbexec.exe
C:\Program Files\NetBeans 6.0.1\platform7\lib\nbexec.exe
C:\Program Files\Java\jdk1.6.0_04\jre\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://gautoconf.alcatel.fr/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - file://C:\Program Files\InterCAP\ActiveCGM\ActiveX\acgm.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atria Location Broker (Albd) - Unknown owner - C:\Program Files\Atria\bin\albd_server.exe
O23 - Service: Atria Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Atria\bin\cccredmgr.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - Unknown owner - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Hummingbird Export (HCLExport) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
O23 - Service: Hummingbird Exceed Display Management (HumDisplayServer) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: Atria Lock Manager (LockMgr) - Unknown owner - C:\Program Files\Atria\bin\lockmgr.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NSIoLan - Alcatel - C:\WINNT\system32\nsiolan.exe
O23 - Service: OracleOra_Clt_817ClientCache - Unknown owner - c:\Progra~1\clt817\BIN\ONRSD.EXE
--
End of file - 9667 bytes
je pensais l'avoir fait... mais aparamment non
désolé..! Voila qui est fait maintenant et voici mon rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:58, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Atria\bin\cccredmgr.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\Program Files\Atria\bin\lockmgr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nsiolan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NetBeans 6.0.1\bin\netbeans.exe
C:\Program Files\NetBeans 6.0.1\platform7\lib\nbexec.exe
C:\Program Files\NetBeans 6.0.1\platform7\lib\nbexec.exe
C:\Program Files\Java\jdk1.6.0_04\jre\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://gautoconf.alcatel.fr/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - file://C:\Program Files\InterCAP\ActiveCGM\ActiveX\acgm.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atria Location Broker (Albd) - Unknown owner - C:\Program Files\Atria\bin\albd_server.exe
O23 - Service: Atria Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Atria\bin\cccredmgr.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - Unknown owner - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Hummingbird Export (HCLExport) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
O23 - Service: Hummingbird Exceed Display Management (HumDisplayServer) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: Atria Lock Manager (LockMgr) - Unknown owner - C:\Program Files\Atria\bin\lockmgr.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NSIoLan - Alcatel - C:\WINNT\system32\nsiolan.exe
O23 - Service: OracleOra_Clt_817ClientCache - Unknown owner - c:\Progra~1\clt817\BIN\ONRSD.EXE
--
End of file - 9667 bytes
Angeldark,
j'ai beau fixer la ligne suivante, elle revient si je relance HijackThis.... !![:??:]( ":??:")
et le dossier associé réapparait aussi car voila mon rapport avec OTMoveIt :
File/Folder C:\WINNT\Tasks\B16AB7C291293006.job not found.
OTMoveIt2 v1.0.21 log created on 03112008_134729
j'ai beau fixer la ligne suivante, elle revient si je relance HijackThis.... !
Citation :
O4 - HKCU\..\Run: [Funk Soap] D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1\Debugboltinfo.exeet le dossier associé réapparait aussi car voila mon rapport avec OTMoveIt :
Citation :
D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1 moved successfully.File/Folder C:\WINNT\Tasks\B16AB7C291293006.job not found.
OTMoveIt2 v1.0.21 log created on 03112008_134729
mais elle est revenue... ![:(]( ":(")
Quand je la fixe, elle revient.... et j ai toujours mes deux processus iexplore.exe qui prennent mon CPU !
Merci d avance,
Baptiste
Voila mon rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:20, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Atria\bin\cccredmgr.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\Program Files\Atria\bin\lockmgr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nsiolan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\system32\msiexec.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://gautoconf.alcatel.fr/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [Funk Soap] D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1\Debugboltinfo.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - file://C:\Program Files\InterCAP\ActiveCGM\ActiveX\acgm.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atria Location Broker (Albd) - Unknown owner - C:\Program Files\Atria\bin\albd_server.exe
O23 - Service: Atria Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Atria\bin\cccredmgr.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - Unknown owner - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Hummingbird Export (HCLExport) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
O23 - Service: Hummingbird Exceed Display Management (HumDisplayServer) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: Atria Lock Manager (LockMgr) - Unknown owner - C:\Program Files\Atria\bin\lockmgr.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NSIoLan - Alcatel - C:\WINNT\system32\nsiolan.exe
O23 - Service: OracleOra_Clt_817ClientCache - Unknown owner - c:\Progra~1\clt817\BIN\ONRSD.EXE
--
End of file - 9234 bytes
Quand je la fixe, elle revient.... et j ai toujours mes deux processus iexplore.exe qui prennent mon CPU !
Merci d avance,
Baptiste
Voila mon rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:20, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Atria\bin\cccredmgr.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\Program Files\Atria\bin\lockmgr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nsiolan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\system32\msiexec.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://gautoconf.alcatel.fr/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [Funk Soap] D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1\Debugboltinfo.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - file://C:\Program Files\InterCAP\ActiveCGM\ActiveX\acgm.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atria Location Broker (Albd) - Unknown owner - C:\Program Files\Atria\bin\albd_server.exe
O23 - Service: Atria Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Atria\bin\cccredmgr.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - Unknown owner - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Hummingbird Export (HCLExport) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
O23 - Service: Hummingbird Exceed Display Management (HumDisplayServer) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: Atria Lock Manager (LockMgr) - Unknown owner - C:\Program Files\Atria\bin\lockmgr.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NSIoLan - Alcatel - C:\WINNT\system32\nsiolan.exe
O23 - Service: OracleOra_Clt_817ClientCache - Unknown owner - c:\Progra~1\clt817\BIN\ONRSD.EXE
--
End of file - 9234 bytes
Bizarre.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
voila où j'en suis dans l'investigation :
Je n'arrive pas à utiliser Combofix et les processus iexplore sont toujours présents.
J'ai repris les étapes précédentes :
1 - fix de la ligne :
O4 - HKCU\..\Run: [Funk Soap] D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1\Debugboltinfo.exe
2 - utilisation de OTMoveIt.exe et j'ai bougé les dossiers trouvés
3 - après les avoir bougés et trouvés dans le répertoire C:\_OTMoveIt\MovedFiles\, j'ai supprimé ce répertoire et depuis les processus ont disparus.... miracle j'ai l'impression ! Il ne semblent pas revenir...?
Comment être sûr que je n'ai plus d'infection?
Merci d'avance pour ce que tu fais.
Baptiste
Je n'arrive pas à utiliser Combofix et les processus iexplore sont toujours présents.
J'ai repris les étapes précédentes :
1 - fix de la ligne :
O4 - HKCU\..\Run: [Funk Soap] D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1\Debugboltinfo.exe
2 - utilisation de OTMoveIt.exe et j'ai bougé les dossiers trouvés
3 - après les avoir bougés et trouvés dans le répertoire C:\_OTMoveIt\MovedFiles\, j'ai supprimé ce répertoire et depuis les processus ont disparus.... miracle j'ai l'impression ! Il ne semblent pas revenir...?
Comment être sûr que je n'ai plus d'infection?
Merci d'avance pour ce que tu fais.
Baptiste
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumIexplore .exe doit fermer
- solutionsIexplore exe erreur application
- ForumProcess exe
- ForumXp process avec .exe
- ForumListe process démarage windows
- ForumComparer deux fichier exe
- ForumFusionner deux fichiers .exe en un seul
- ForumComparer deux fichiers exe
- ForumDeux processus iexplore
- ForumIexplore deux fois
- Voir plus
