Analyse HIjackThis

eric_engelman -  
eric_engelman Messages postés 40 Statut Membre -
Bonjour, j'ai des problèmes d'affichage de fenetres, c'est regulier

https://imageshack.com/

http://img134.imageshack.us/img134/6112/pb2oe1.jpg

mais quand j'ai plusieurs taches/fenetres d'ouverte d'un seul coup je change de fenetre sans mon accord !

Voici mon rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:30, on 07/01/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\nfsclnt.exe
C:\Program Files\SQLLIB\bin\db2jds.exe
C:\Program Files\SQLLIB\bin\db2sec.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\program files\notes\ntmulti.exe
C:\WINNT\system32\svchost.exe
C:\SFU\Mapper\mapsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\DWRCST.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\WINNT\tppaldr.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\IBM\IMNNQ\HTTPDL.exe
C:\PROGRA~1\IBM\IMNNQ\imnsvdem.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\akitel\akitel2.exe
D:\worldlinebar\WorldlineBAR.exe
C:\Program Files\Notes\NLNOTES.EXE
C:\Program Files\Notes\NCDaemon.exe
C:\Program Files\Notes\ntaskldr.EXE
C:\Program Files\Notes\nxpcdmn.EXE
C:\db2log\HijackThis.exe
C:\Program Files\Opera\Opera.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxyconf.localnet/awl.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.elisa.net;cra.mm.fr.atosorigin.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Lanceur FinePrint v5] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: akitel.lnk = C:\Program Files\akitel\akitel2.exe
O4 - Startup: Raccourci vers WorldlineBAR.lnk = D:\worldlinebar\WorldlineBAR.exe
O4 - Global Startup: Démarrage du serveur de recherche HTML.lnk = C:\Program Files\SQLLIB\bin\db2nq.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: pcnfsd.burotik.cmd
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=www.atosworldline.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr01.awl.atosorigin.net
O17 - HKLM\Software\..\Telephony: DomainName = fr01.awl.atosorigin.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{DED957DC-E183-492F-A52C-A7E11A14AFDB}: Domain = fr01.awl.atosorigin.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr01.awl.atosorigin.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fr01.awl.atosorigin.net,awl.atosorigin.net,priv.atos.fr,elisa.net,dev.atos.fr,segin.com,axime.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fr01.awl.atosorigin.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = fr01.awl.atosorigin.net,awl.atosorigin.net,priv.atos.fr,elisa.net,dev.atos.fr,segin.com,axime.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fr01.awl.atosorigin.net,awl.atosorigin.net,priv.atos.fr,elisa.net,dev.atos.fr,segin.com,axime.com
O21 - SSODL: bvtqfvx - {D23BD6D0-94B1-4948-8FFC-D3E6412225D9} - C:\WINNT\bvtqfvx.dll
O21 - SSODL: alxvdvm - {5412579E-B681-49CF-B343-62CDEC10B137} - C:\WINNT\alxvdvm.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DB2 JDBC Applet Server - Control Center (DB2ControlCenterServer) - Unknown owner - C:\Program Files\SQLLIB\bin\db2ccs.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\program files\notes\ntmulti.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINNT\privacy_danger\index.htm

--
End of file - 8447 bytes
Configuration: Windows XP
Opera 8.50

20 réponses

  1. eric_engelman Messages postés 40 Statut Membre
     
    a l'aide !
    0
  2. Pi_Xi Messages postés 2274 Statut Membre 149
     
    Bonjour,

    1) Télécharge et utilise ce kit de désinfection:

    http://www.commentcamarche.net/faq/sujet 2618 virus kit de desinfection pour eradiquer w32 netsky

    2) Fais une analyse BitDefender à partir d'IE: https://www.bitdefender.fr/

    et poste le rapport stp.
    0
  3. eric_engelman Messages postés 40 Statut Membre
     
    ce fut long mais le voici :

    BitDefender Online Scanner - Rapport virus en temps réel

    Généré à: Tue, Jan 08, 2008 - 15:15:24

    --------------------------------------------------------------------------------

    Info d'analyse

    Fichiers scannés
    515071

    Infectés Fichiers
    10

    Virus Détectés

    Trojan.Zlob.CBB
    6

    Adware.Navipromo.BYT
    2

    Generic.Adw.SaveNow.F5FEB660
    1

    Dropped:Trojan.FakeAlert.PG
    1
    0
    1. Pi_Xi Messages postés 2274 Statut Membre 149
       
      C'est quoi ce rapport !? Tu as bien cliqué sur le bouton "BitDefender scan online" en bas de la colonne gauche ?

      Tous les rapports BitDefender que j'ai vus jusqu'à présent étaient plus complets ...

      ++

      EDIT: reste avec ^^Marie^^ sur l'autre post, j'avais oublié que c'était un doublon ... (et c'est très mal!)
      0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. eric_engelman Messages postés 40 Statut Membre
     
    oui je n'ai rien d'autre !

    je relance l'analyse !

    mais ça commence à bien faire ce virus
    0
  6. eric_engelman Messages postés 40 Statut Membre
     
    je lance l'analyse ce soir pour être tranquille
    0
  7. eric_engelman Messages postés 40 Statut Membre
     
    Voici le rapport

    BitDefender Online Scanner

    Rapport d'analyse généré à: Tue, Jan 08, 2008 - 23:21:18

    Voie d'analyse: C:\;D:\;

    Statistiques

    Temps
    04:48:29

    Fichiers
    505830

    Directoires
    9326

    Secteurs de boot
    3

    Archives
    12982

    Paquets programmes
    33877

    Résultats

    Virus identifiés
    2

    Fichiers infectés
    3

    Fichiers suspects
    0

    Avertissements
    0

    Désinfectés
    0

    Fichiers effacés
    3

    Info sur les moteurs

    Définition virus
    886525

    Version des moteurs
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Analyse des plugins
    14

    Archive des plugins
    38

    Unpack des plugins
    7

    E-mail plugins
    6

    Système plugins
    1

    Paramètres d'analyse

    Première action
    Désinfecté

    Seconde Action
    Supprimé

    Heuristique
    Oui

    Acceptez les avertissements
    Oui

    Extensions analysées
    *;

    Excludez les extensions

    Analyse d'emails
    Oui

    Analyse des Archives
    Oui

    Analyser paquets programmes
    Oui

    Analyse des fichiers
    Oui

    Analyse de boot
    Oui

    Fichier analysé
    Statut

    C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe
    Infecté par: Generic.Adw.SaveNow.F5FEB660

    C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe
    Echec de la désinfection

    C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe
    Supprimé

    C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)
    Echec de la mise à jour

    C:\System Volume Information\_restore{038D1B8C-0944-4C4E-A861-266AD47DA565}\RP378\A0109302.dll
    Infecté par: Trojan.Zlob.CBB

    C:\System Volume Information\_restore{038D1B8C-0944-4C4E-A861-266AD47DA565}\RP378\A0109302.dll
    Echec de la désinfection

    C:\System Volume Information\_restore{038D1B8C-0944-4C4E-A861-266AD47DA565}\RP378\A0109302.dll
    Supprimé

    C:\System Volume Information\_restore{038D1B8C-0944-4C4E-A861-266AD47DA565}\RP378\A0109303.exe
    Infecté par: Trojan.Zlob.CBB

    C:\System Volume Information\_restore{038D1B8C-0944-4C4E-A861-266AD47DA565}\RP378\A0109303.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{038D1B8C-0944-4C4E-A861-266AD47DA565}\RP378\A0109303.exe
    Supprimé
    0
    1. Pi_Xi Messages postés 2274 Statut Membre 149
       
      Bonjour,

      il a bien travaillé ^^

      Tu avais utilisé le kit de désinfection auparavant ?

      Poste un nouveau rapport HiJackThis stp, il y a qq lignes à fixer...

      ++
      0
  8. eric_engelman Messages postés 40 Statut Membre
     
    j'ai effectivement passé le kit de desinfection comme cité au dessus mais il n'a rien detecté.

    je suis toujours infecté car le rapport bitdefender me l'a signalé !

    c'est l'horreur

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:13:35, on 09/01/08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINNT\system32\nfsclnt.exe
    C:\Program Files\SQLLIB\bin\db2jds.exe
    C:\Program Files\SQLLIB\bin\db2sec.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\program files\notes\ntmulti.exe
    C:\WINNT\system32\svchost.exe
    C:\SFU\Mapper\mapsvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\hkcmd.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
    C:\WINNT\tppaldr.exe
    C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
    C:\Program Files\Network Associates\Common Framework\McTray.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\IBM\IMNNQ\HTTPDL.exe
    C:\PROGRA~1\IBM\IMNNQ\imnsvdem.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\akitel\akitel2.exe
    D:\worldlinebar\WorldlineBAR.exe
    C:\Program Files\Notes\NLNOTES.EXE
    C:\Program Files\Notes\NCDaemon.exe
    C:\Program Files\Notes\ntaskldr.EXE
    C:\Program Files\Notes\nxpcdmn.EXE
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\Program Files\Opera\Opera.exe
    C:\db2log\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxyconf.localnet/awl.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.elisa.net;cra.mm.fr.atosorigin.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Lanceur FinePrint v5] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: akitel.lnk = C:\Program Files\akitel\akitel2.exe
    O4 - Startup: Raccourci vers WorldlineBAR.lnk = D:\worldlinebar\WorldlineBAR.exe
    O4 - Global Startup: Démarrage du serveur de recherche HTML.lnk = C:\Program Files\SQLLIB\bin\db2nq.exe
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: pcnfsd.burotik.cmd
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=www.atosworldline.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr01.awl.atosorigin.net
    O17 - HKLM\Software\..\Telephony: DomainName = fr01.awl.atosorigin.net
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DED957DC-E183-492F-A52C-A7E11A14AFDB}: Domain = fr01.awl.atosorigin.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr01.awl.atosorigin.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fr01.awl.atosorigin.net,awl.atosorigin.net,priv.atos.fr,elisa.net,dev.atos.fr,segin.com,axime.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fr01.awl.atosorigin.net
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = fr01.awl.atosorigin.net,awl.atosorigin.net,priv.atos.fr,elisa.net,dev.atos.fr,segin.com,axime.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fr01.awl.atosorigin.net,awl.atosorigin.net,priv.atos.fr,elisa.net,dev.atos.fr,segin.com,axime.com
    O21 - SSODL: bvtqfvx - {D23BD6D0-94B1-4948-8FFC-D3E6412225D9} - C:\WINNT\bvtqfvx.dll
    O21 - SSODL: alxvdvm - {5412579E-B681-49CF-B343-62CDEC10B137} - C:\WINNT\alxvdvm.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DB2 JDBC Applet Server - Control Center (DB2ControlCenterServer) - Unknown owner - C:\Program Files\SQLLIB\bin\db2ccs.exe
    O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
    O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe
    O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\program files\notes\ntmulti.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINNT\privacy_danger\index.htm
    0
  9. Pi_Xi Messages postés 2274 Statut Membre 149
     
    1) Télécharge Combofix.exe sur ton Bureau: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Déconnecte-toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.

    * Double clique sur Combofix.exe
    * Mets le en langue française F
    * Tape sur la touche 1 (Yes) pour démarrer le scan
    * Lorsque le scan sera terminé, un rapport apparaîtra
    * Poste le rapport qui se se trouve là: C:\Combofix.txt

    2) Télécharge sur ton bureau: http://www.malekal.com/download/clean.zip

    * Une fois sur le bureau, clic droit sur ton fichier clean.zip << extraire tout ou extraire ici. Cela va créer un dossier clean
    * Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers
    * Double-clic sur clean. Cela va ouvrir une fenêtre noire
    * Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier. Clean va travailler...

    Un rapport va etre généré (C:/rapport_clean.txt), colle le contenu ici

    3) Ainsi qu'un nouveau log HiJackThis stp.
    0
  10. eric_engelman Messages postés 40 Statut Membre
     
    Rapport combofix
    ComboFix 08-01-09.2 - fr17764 2008-01-09 13:48:53.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.361 [GMT 1:00]
    Running from: C:\db2log\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\MediaVideoCodec
    C:\Program Files\MediaVideoCodec\install.ico
    C:\WINNT\alxvdvm.dll
    C:\WINNT\bvtqfvx.dll
    C:\WINNT\dat.txt
    C:\WINNT\rs.txt
    C:\WINNT\search_res.txt
    C:\WINNT\system32\oledb32.dll
    D:\Documents and Settings\FR17764\Bureau\Error Cleaner.url
    D:\Documents and Settings\FR17764\Bureau\Privacy Protector.url
    D:\Documents and Settings\FR17764\Bureau\Spyware&Malware Protection.url
    D:\Documents and Settings\FR17764\Favoris\Error Cleaner.url
    D:\Documents and Settings\FR17764\Favoris\Privacy Protector.url
    D:\Documents and Settings\FR17764\Favoris\Spyware&Malware Protection.url

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-09 13:42 . 2000-08-31 08:00 51,200 --a------ C:\WINNT\NirCmd.exe
    2008-01-08 11:04 . 2008-01-08 18:29 <REP> d-------- C:\WINNT\BDOSCAN8
    2008-01-04 10:54 . 2007-09-05 23:22 289,144 --a------ C:\WINNT\system32\VCCLSID.exe
    2008-01-04 10:54 . 2006-04-27 16:49 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
    2008-01-04 10:54 . 2007-12-20 23:11 81,920 --a------ C:\WINNT\system32\IEDFix.exe
    2008-01-04 10:54 . 2003-06-05 20:13 53,248 --a------ C:\WINNT\system32\Process.exe
    2008-01-04 10:54 . 2004-07-31 17:50 51,200 --a------ C:\WINNT\system32\dumphive.exe
    2008-01-04 10:54 . 2007-10-03 23:36 25,600 --a------ C:\WINNT\system32\WS2Fix.exe
    2008-01-03 15:39 . 2008-01-03 15:39 44,032 --a------ C:\WINNT\system32\DWRCST.exe
    2008-01-02 11:49 . 2008-01-03 14:38 <REP> d-------- D:\Documents and Settings\admin_dsk\Mes documents
    2008-01-02 10:52 . 2008-01-02 10:52 <REP> d-------- C:\Program Files\Panda Security
    2008-01-02 10:17 . 2008-01-02 10:17 <REP> d-------- C:\WINNT\system32\Kaspersky Lab
    2008-01-02 08:44 . 2008-01-02 08:44 <REP> d-------- D:\Documents and Settings\LocalService.AUTORITE NT.001\Application DataPDFcreator
    2007-12-31 14:36 . 2008-01-04 12:12 2,854 --a------ C:\WINNT\system32\tmp.reg
    2007-12-31 11:06 . 2007-12-31 11:07 <REP> d-------- C:\Program Files\CCleaner
    2007-12-31 10:14 . 2007-12-31 10:14 <REP> d-------- D:\Documents and Settings\FR17764\Application Data\Grisoft
    2007-12-31 10:14 . 2007-12-31 10:14 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-31 10:14 . 2007-05-30 13:10 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
    2007-12-24 14:38 . 2007-12-24 14:38 5,690,368 --a------ C:\Présentation2.pps
    2007-12-24 14:34 . 2007-12-24 14:36 24 ---hs---- C:\WINNT\SD80BC5D7.tmp
    2007-12-10 12:39 . 2007-12-10 12:39 <REP> d-------- C:\Program Files\DVD Shrink

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-09 06:33 --------- d-----w C:\Program Files\Web Radio Player 3.6
    2007-12-31 13:35 --------- d-----w C:\Program Files\Opera
    2007-12-31 12:28 --------- d-----w C:\Program Files\Google
    2007-12-31 10:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-31 10:15 --------- d-----w C:\Program Files\CyberLink
    2007-12-31 10:09 --------- d-----w C:\Program Files\GetRight
    2007-12-31 10:06 --------- d-----w C:\Program Files\Yahoo!
    2007-12-24 13:47 --------- d-----w C:\Program Files\SlySoft
    2007-12-24 11:59 --------- d-----w D:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-11-13 09:17 --------- d-----w C:\Program Files\ZGuideTV
    2006-06-16 13:59 56 -csh--r C:\WINNT\system32\6AA02B9D35.sys
    2006-06-16 13:59 2,516 -csha-w C:\WINNT\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [2004-08-20 14:51 118784]
    "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00 94208]
    "Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48 147514]
    "TPP Auto Loader"="C:\WINNT\tppaldr.exe" [2002-06-24 11:20 118784]
    "NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2006-11-17 03:06 136768]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 13:42 1404928]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
    "Lanceur FinePrint v5"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2006-06-19 20:09 499712]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINNT\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "TSClientMSIUninstaller"="cmd.exe" [2004-08-05 13:00 400896 C:\WINNT\system32\cmd.exe]

    D:\Documents and Settings\FR17764\Menu D‚marrer\Programmes\D‚marrage\
    akitel.lnk - C:\Program Files\akitel\akitel2.exe [2007-04-05 16:37:36]
    Raccourci vers WorldlineBAR.lnk - D:\worldlinebar\WorldlineBAR.exe [2005-02-24 15:59:52]

    D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    D‚marrage du serveur de recherche HTML.lnk - C:\Program Files\SQLLIB\bin\db2nq.exe [2006-02-21 17:08:13]
    GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [2005-12-27 13:53:43]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]
    pcnfsd.burotik.cmd [2005-09-28 13:37:33]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0[/u]\[u]0[/u]]
    "Script"=disableDNSRegistration.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\[u]0[/u]]
    "Script"=\\fr01.awl.atosorigin.net\SysVol\fr01.awl.atosorigin.net\scripts\RegId.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\2\[u]0[/u]]
    "Script"=\\fr01.awl.atosorigin.net\SysVol\fr01.awl.atosorigin.net\scripts\RegKobil.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-812780242-3449912065-677842238-6150\Scripts\Logon\[u]0[/u]\[u]0[/u]]
    "Script"=\\fr01.awl.atosorigin.net\SysVol\fr01.awl.atosorigin.net\scripts\Add_local_Grp.bat

    R2 Client for NFS;Client for NFS;C:\WINNT\system32\nfsclnt.exe [2003-11-08 13:42]
    R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINNT\system32\DRIVERS\DLPortIO.SYS [1999-01-10 12:00]
    R2 Mapsvc;User Name Mapping;C:\SFU\Mapper\mapsvc.exe [2003-11-08 13:42]
    R3 NfsRdr;NfsRdr;C:\WINNT\system32\drivers\nfsrdr.sys [2003-11-08 13:42]
    R3 Portmap;Portmap;C:\WINNT\system32\drivers\portmap.sys [2003-11-08 13:42]
    R3 RpcXdr;RpcXdr;C:\WINNT\system32\drivers\rpcxdr.sys [2003-11-08 13:42]
    S0 PowerSwitch;PowerSwitch;C:\WINNT\system32\drivers\psdvr.sys []
    S3 DB2ControlCenterServer;DB2 JDBC Applet Server - Control Center;"C:\Program Files\SQLLIB\bin\db2ccs.exe" [2000-05-11 08:16]
    S3 TPP200;USB Storage Adapter V2 (TPP);C:\WINNT\system32\DRIVERS\TPP200.SYS [2002-06-24 11:20]
    S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-05-03 12:40]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d18fb804-2c47-11da-a707-00123f62c85e}]
    \Shell\AutoRun\command - G:\run.bat
    \Shell\wizard\command - G:\run.bat
    \Shell\X2\command - G:\X.bat 2
    \Shell\X3\command - G:\X.bat 3

    *Newly Created Service* - PROCEXP90
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-09 13:54:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-09 13:55:26
    ComboFix-quarantined-files.txt 2008-01-09 12:55:09
    0
  11. eric_engelman Messages postés 40 Statut Membre
     
    Raport clean

    2008-01-09 a 13:57:36.95

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINNT\

    *** Recherche des fichiers dans C:\WINNT\system32

    *** Recherche des fichiers dans C:\Program Files
    *** Fin du rapport !
    0
  12. eric_engelman Messages postés 40 Statut Membre
     
    Raport hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:00, on 2008-01-09
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINNT\system32\nfsclnt.exe
    C:\Program Files\SQLLIB\bin\db2jds.exe
    C:\Program Files\SQLLIB\bin\db2sec.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\program files\notes\ntmulti.exe
    C:\WINNT\system32\svchost.exe
    C:\SFU\Mapper\mapsvc.exe
    C:\WINNT\system32\hkcmd.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
    C:\WINNT\tppaldr.exe
    C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
    C:\Program Files\Network Associates\Common Framework\McTray.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\IBM\IMNNQ\HTTPDL.exe
    C:\PROGRA~1\IBM\IMNNQ\imnsvdem.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\akitel\akitel2.exe
    C:\Program Files\Notes\NLNOTES.EXE
    C:\Program Files\Notes\NCDaemon.exe
    C:\Program Files\Notes\ntaskldr.EXE
    C:\Program Files\Notes\nxpcdmn.EXE
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\WINNT\explorer.exe
    C:\WINNT\system32\notepad.exe
    C:\Program Files\Opera\Opera.exe
    C:\WINNT\system32\cmd.exe
    C:\WINNT\system32\ntvdm.exe
    C:\WINNT\system32\notepad.exe
    C:\db2log\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxyconf.localnet/awl.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.elisa.net;cra.mm.fr.atosorigin.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Lanceur FinePrint v5] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: akitel.lnk = C:\Program Files\akitel\akitel2.exe
    O4 - Startup: Raccourci vers WorldlineBAR.lnk = D:\worldlinebar\WorldlineBAR.exe
    O4 - Global Startup: Démarrage du serveur de recherche HTML.lnk = C:\Program Files\SQLLIB\bin\db2nq.exe
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: pcnfsd.burotik.cmd
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=www.atosworldline.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr01.awl.atosorigin.net
    O17 - HKLM\Software\..\Telephony: DomainName = fr01.awl.atosorigin.net
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DED957DC-E183-492F-A52C-A7E11A14AFDB}: Domain = fr01.awl.atosorigin.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr01.awl.atosorigin.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fr01.awl.atosorigin.net,awl.atosorigin.net,priv.atos.fr,elisa.net,dev.atos.fr,segin.com,axime.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fr01.awl.atosorigin.net
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = fr01.awl.atosorigin.net,awl.atosorigin.net,priv.atos.fr,elisa.net,dev.atos.fr,segin.com,axime.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fr01.awl.atosorigin.net,awl.atosorigin.net,priv.atos.fr,elisa.net,dev.atos.fr,segin.com,axime.com
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DB2 JDBC Applet Server - Control Center (DB2ControlCenterServer) - Unknown owner - C:\Program Files\SQLLIB\bin\db2ccs.exe
    O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
    O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe
    O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\program files\notes\ntmulti.exe
    0
  13. eric_engelman Messages postés 40 Statut Membre
     
    ça va mieux en tout cas pour l'instant
    0
  14. Pi_Xi Messages postés 2274 Statut Membre 149
     
    * Ouvre Hijackthis, choisis "do a scan only"

    Coche la case devant les lignes:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    O4 - Startup: akitel.lnk = C:\Program Files\akitel\akitel2.exe
    O4 - Startup: Raccourci vers WorldlineBAR.lnk = D:\worldlinebar\WorldlineBAR.exe
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: pcnfsd.burotik.cmd
    Ferme toutes les autres fenêtres actives et clique sur "Fix checked"

    * Tu sais ce que c'est WorldlineBAR ?

    * Tu connais ce site: fr01.awl.atosorigin.net ?
    0
  15. eric_engelman Messages postés 40 Statut Membre
     
    Worldlinebar, fr01.awl.atosorigin.net et akitel2 sont des logiciels que j'utilise dans le cadre de mon travail

    donc je ne les ai pas coché pour faire le "fix checked"

    pour le reste c'est fait
    0
    1. Pi_Xi Messages postés 2274 Statut Membre 149
       
      ok.

      Les fixer ne les supprime pas mais évite de les lancer au démarrage.

      Je suppose que tu veux conserver leur lancement automatique, donc tu as bien fait ^^
      0
  16. eric_engelman Messages postés 40 Statut Membre
     
    il n'y a plus rien à faire?
    0
  17. Pi_Xi Messages postés 2274 Statut Membre 149
     
    Poste un dernier rapport HiJackThis stp.
    0
  18. eric_engelman Messages postés 40 Statut Membre
     
    Et voila

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:21, on 2008-01-10
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINNT\system32\nfsclnt.exe
    C:\Program Files\SQLLIB\bin\db2jds.exe
    C:\Program Files\SQLLIB\bin\db2sec.exe
    C:\WINNT\SYSTEM32\DWRCS.EXE
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\program files\notes\ntmulti.exe
    C:\WINNT\system32\svchost.exe
    C:\SFU\Mapper\mapsvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\SYSTEM32\DWRCST.exe
    C:\WINNT\system32\hkcmd.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
    C:\WINNT\tppaldr.exe
    C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Network Associates\Common Framework\McTray.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\IBM\IMNNQ\HTTPDL.exe
    C:\PROGRA~1\IBM\IMNNQ\imnsvdem.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\akitel\akitel2.exe
    D:\worldlinebar\WorldlineBAR.exe
    C:\Program Files\Notes\NLNOTES.EXE
    C:\Program Files\Notes\NCDaemon.exe
    C:\Program Files\Notes\ntaskldr.EXE
    C:\Program Files\Notes\nxpcdmn.EXE
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Opera\Opera.exe
    C:\db2log\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxyconf.localnet/awl.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.elisa.net;cra.mm.fr.atosorigin.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Lanceur FinePrint v5] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: akitel.lnk = C:\Program Files\akitel\akitel2.exe
    O4 - Startup: Raccourci vers WorldlineBAR.lnk = D:\worldlinebar\WorldlineBAR.exe
    O4 - Global Startup: Démarrage du serveur de recherche HTML.lnk = C:\Program Files\SQLLIB\bin\db2nq.exe
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    O4 - Global Startup: pcnfsd.burotik.cmd
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=www.atosworldline.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr01.awl.atosorigin.net
    O17 - HKLM\Software\..\Telephony: DomainName = fr01.awl.atosorigin.net
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DED957DC-E183-492F-A52C-A7E11A14AFDB}: Domain = fr01.awl.atosorigin.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr01.awl.atosorigin.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fr01.awl.atosorigin.net,awl.atosorigin.net,priv.atos.fr,elisa.net,dev.atos.fr,segin.com,axime.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fr01.awl.atosorigin.net
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = fr01.awl.atosorigin.net,awl.atosorigin.net,priv.atos.fr,elisa.net,dev.atos.fr,segin.com,axime.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fr01.awl.atosorigin.net,awl.atosorigin.net,priv.atos.fr,elisa.net,dev.atos.fr,segin.com,axime.com
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DB2 JDBC Applet Server - Control Center (DB2ControlCenterServer) - Unknown owner - C:\Program Files\SQLLIB\bin\db2ccs.exe
    O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
    O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe
    O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\program files\notes\ntmulti.exe
    0
  19. eric_engelman Messages postés 40 Statut Membre
     
    1) je suis sous un proxy donc cela doit etre fait en amont

    2)Merci merci merci c'est trop sympa

    3) je désinstalle tout pas de probleme

    Je n'ai plus aucun souci pour l'instant

    Merci encore pour ton efficacité !
    0