Fenetres intempestive IE
Ulgart
-
lecristal Messages postés 961 Date d'inscription Statut Membre Dernière intervention -
lecristal Messages postés 961 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
Voila comme bcp j'ai des ouvertures de fenetres IE sans le demander ...
J'ai fait un nettoyage avec Ccleaner, adaware, spybot, et AVG anti spyware, mais rien n'y fait.
Si une bonne ame pouvait m'aider, merci d'avance ;)
Voici un rapport Hijackthis et Navilog:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:16:23, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Psion Teklogix\Mobile Control Center\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Psion Teklogix\Mobile Control Center\MCDeplSvr.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\msiexec.exe
C:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\abailly\Mes documents\Mes fichiers reçus\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.171.16:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 91.121.120.216 www.justneuf.com
O2 - BHO: (no name) - {0BF949A1-BFFB-469E-8FF5-6A021A47472C} - (no file)
O2 - BHO: (no name) - {149631E8-57C1-48EB-9AAC-4D568EA18266} - (no file)
O2 - BHO: (no name) - {29197D0A-3E19-4BB4-8F89-23BC2BCF4B50} - (no file)
O2 - BHO: (no name) - {3EBE93A7-D8CB-4690-88F1-BF53A829900D} - C:\WINDOWS\system32\rQHWqpQG.dll
O2 - BHO: {5b349b00-e353-dffb-9cb4-39af2ead26f4} - {4f62dae2-fa93-4bc9-bffd-353e00b943b5} - C:\WINDOWS\system32\fuvbce.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {728AAF16-F1AF-4C45-8B1E-45C0F8519A28} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA7424D8-AC83-4B51-B51D-0A77D4128DFB} - (no file)
O2 - BHO: (no name) - {c638dfef-0283-4f9c-b29f-818639fd74aa} - (no file)
O2 - BHO: (no name) - {C960A76E-50FC-4B65-AE8F-08C6647F25AA} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a00d4c8c] rundll32.exe "C:\WINDOWS\system32\nspfsffh.dll",b
O4 - HKLM\..\Run: [BMa33e7f10] Rundll32.exe "C:\WINDOWS\system32\kkwgerxd.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {02E58850-DBD8-40D9-8897-1F9F9471023C} (MOVEitUpDownWiz Class) - https://moveit-eu.psionteklogix.com/COM/MOVEitUploadWizard5.0.0.ocx
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2D913FCB-9551-4145-B751-7F927D750297} (ctSchedule Control 7.0) - http://apps.ptintranet.com/baseweb/fs/ctschedule.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {8891A790-9019-4604-986C-DB652D6B5DC9} (Tilly.TillyCtl) - http://fra-3wvxr2j:9080/VoiceConsole/activeX/Tilly.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.psion.com
O17 - HKLM\Software\..\Telephony: DomainName = ad.psion.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F56F9AF-BFF9-4BE8-BF97-0546DFABD02E}: NameServer = 10.204.1.3,10.208.1.97
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.psion.com
O20 - Winlogon Notify: iiFwVPHa - iiFwVPHa.dll (file missing)
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: UpgradeToolTFTPService (crmtftp) - Cisco Systems - C:\PROGRA~1\CISCOS~1\UPGRAD~1\crmtftp.exe
O23 - Service: DHCP Turbo - Weird Solutions, Inc. - C:\Program Files\DHCP Turbo\dhcpt.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Mobile Control Center Deployment Server (MCDPSRV) - Psion Teklogix. - C:\Program Files\Psion Teklogix\Mobile Control Center\MCDeplSvr.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VoiceConsole22 - Apache Software Foundation - C:\Program Files\Vocollect\VoiceConsole2.2\tools\apache-tomcat-5.5.15\bin\tomcat5.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 13218 bytes
Search Navipromo version 3.5.8 commencé le 01/07/2008 à 9:21:46,24
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "ABailly"
Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\abailly\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\abailly\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\pduhem\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\user\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\abailly\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\abailly\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\pduhem\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\user\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\abailly\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\abailly\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\pduhem\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\user\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\abailly\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\abailly\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\ddMWaIOq.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\GQpqWHQr.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\WGNUxGgh.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 01/07/2008 à 9:28:52,81 ***
Voila comme bcp j'ai des ouvertures de fenetres IE sans le demander ...
J'ai fait un nettoyage avec Ccleaner, adaware, spybot, et AVG anti spyware, mais rien n'y fait.
Si une bonne ame pouvait m'aider, merci d'avance ;)
Voici un rapport Hijackthis et Navilog:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:16:23, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Psion Teklogix\Mobile Control Center\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Psion Teklogix\Mobile Control Center\MCDeplSvr.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\msiexec.exe
C:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\abailly\Mes documents\Mes fichiers reçus\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.171.16:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 91.121.120.216 www.justneuf.com
O2 - BHO: (no name) - {0BF949A1-BFFB-469E-8FF5-6A021A47472C} - (no file)
O2 - BHO: (no name) - {149631E8-57C1-48EB-9AAC-4D568EA18266} - (no file)
O2 - BHO: (no name) - {29197D0A-3E19-4BB4-8F89-23BC2BCF4B50} - (no file)
O2 - BHO: (no name) - {3EBE93A7-D8CB-4690-88F1-BF53A829900D} - C:\WINDOWS\system32\rQHWqpQG.dll
O2 - BHO: {5b349b00-e353-dffb-9cb4-39af2ead26f4} - {4f62dae2-fa93-4bc9-bffd-353e00b943b5} - C:\WINDOWS\system32\fuvbce.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {728AAF16-F1AF-4C45-8B1E-45C0F8519A28} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA7424D8-AC83-4B51-B51D-0A77D4128DFB} - (no file)
O2 - BHO: (no name) - {c638dfef-0283-4f9c-b29f-818639fd74aa} - (no file)
O2 - BHO: (no name) - {C960A76E-50FC-4B65-AE8F-08C6647F25AA} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a00d4c8c] rundll32.exe "C:\WINDOWS\system32\nspfsffh.dll",b
O4 - HKLM\..\Run: [BMa33e7f10] Rundll32.exe "C:\WINDOWS\system32\kkwgerxd.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {02E58850-DBD8-40D9-8897-1F9F9471023C} (MOVEitUpDownWiz Class) - https://moveit-eu.psionteklogix.com/COM/MOVEitUploadWizard5.0.0.ocx
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2D913FCB-9551-4145-B751-7F927D750297} (ctSchedule Control 7.0) - http://apps.ptintranet.com/baseweb/fs/ctschedule.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {8891A790-9019-4604-986C-DB652D6B5DC9} (Tilly.TillyCtl) - http://fra-3wvxr2j:9080/VoiceConsole/activeX/Tilly.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.psion.com
O17 - HKLM\Software\..\Telephony: DomainName = ad.psion.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F56F9AF-BFF9-4BE8-BF97-0546DFABD02E}: NameServer = 10.204.1.3,10.208.1.97
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.psion.com
O20 - Winlogon Notify: iiFwVPHa - iiFwVPHa.dll (file missing)
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: UpgradeToolTFTPService (crmtftp) - Cisco Systems - C:\PROGRA~1\CISCOS~1\UPGRAD~1\crmtftp.exe
O23 - Service: DHCP Turbo - Weird Solutions, Inc. - C:\Program Files\DHCP Turbo\dhcpt.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Mobile Control Center Deployment Server (MCDPSRV) - Psion Teklogix. - C:\Program Files\Psion Teklogix\Mobile Control Center\MCDeplSvr.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VoiceConsole22 - Apache Software Foundation - C:\Program Files\Vocollect\VoiceConsole2.2\tools\apache-tomcat-5.5.15\bin\tomcat5.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 13218 bytes
Search Navipromo version 3.5.8 commencé le 01/07/2008 à 9:21:46,24
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "ABailly"
Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\abailly\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\abailly\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\pduhem\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\user\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\abailly\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\abailly\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\pduhem\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\user\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\abailly\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\abailly\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\pduhem\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\user\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\abailly\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\abailly\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\ddMWaIOq.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\GQpqWHQr.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\WGNUxGgh.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 01/07/2008 à 9:28:52,81 ***
Configuration: Windows XP Internet Explorer 7.0
A voir également:
- Fenetres intempestive IE
- Ie tab - Télécharger - Outils pour navigateurs
- Mcafee fenetre intempestive - Accueil - Piratage
- Ie 8 - Télécharger - Navigateurs
- Ie tester - Télécharger - Divers Web & Internet
- Fermer toutes les fenetres windows - Guide
11 réponses
O2 - BHO: (no name) - {0BF949A1-BFFB-469E-8FF5-6A021A47472C} - (no file)
O2 - BHO: (no name) - {149631E8-57C1-48EB-9AAC-4D568EA18266} - (no file)
O2 - BHO: (no name) - {29197D0A-3E19-4BB4-8F89-23BC2BCF4B50} - (no file
A fixer
O2 - BHO: {5b349b00-e353-dffb-9cb4-39af2ead26f4} - {4f62dae2-fa93-4bc9-bffd-353e00b943b5} - C:\WINDOWS\system32\fuvbce.dll
A fixer
La j’ai un doute
O2 - BHO: (no name) - {728AAF16-F1AF-4C45-8B1E-45C0F8519A28} - (no file)
A fixer
O2 - BHO: (no name) - {AA7424D8-AC83-4B51-B51D-0A77D4128DFB} - (no file)
O2 - BHO: (no name) - {c638dfef-0283-4f9c-b29f-818639fd74aa} - (no file)
O2 - BHO: (no name) - {C960A76E-50FC-4B65-AE8F-08C6647F25AA} - (no file)
A fixer
O4 - HKLM\..\Run: [a00d4c8c] rundll32.exe "C:\WINDOWS\system32\nspfsffh.dll",b
J’ai aussi un doute
O2 - BHO: (no name) - {149631E8-57C1-48EB-9AAC-4D568EA18266} - (no file)
O2 - BHO: (no name) - {29197D0A-3E19-4BB4-8F89-23BC2BCF4B50} - (no file
A fixer
O2 - BHO: {5b349b00-e353-dffb-9cb4-39af2ead26f4} - {4f62dae2-fa93-4bc9-bffd-353e00b943b5} - C:\WINDOWS\system32\fuvbce.dll
A fixer
La j’ai un doute
O2 - BHO: (no name) - {728AAF16-F1AF-4C45-8B1E-45C0F8519A28} - (no file)
A fixer
O2 - BHO: (no name) - {AA7424D8-AC83-4B51-B51D-0A77D4128DFB} - (no file)
O2 - BHO: (no name) - {c638dfef-0283-4f9c-b29f-818639fd74aa} - (no file)
O2 - BHO: (no name) - {C960A76E-50FC-4B65-AE8F-08C6647F25AA} - (no file)
A fixer
O4 - HKLM\..\Run: [a00d4c8c] rundll32.exe "C:\WINDOWS\system32\nspfsffh.dll",b
J’ai aussi un doute
http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/anti-malware-sujet_197382_1.htm
regarde cela
et pose le
fait la desinfection
prens aussi spybot
et ad aware
et reviens nous voir
regarde cela
et pose le
fait la desinfection
prens aussi spybot
et ad aware
et reviens nous voir
Bien j'ai fait un premier netoyage ou il m'a supprimé pas mal de truc dont Vundo.
J'ai refait un passage dont voici le log:
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 910
Windows 5.1.2600 Service Pack 2
14:23:44 01/07/2008
mbam-log-7-1-2008 (14-23-44).txt
Type de recherche: Examen rapide
Eléments examinés: 48081
Temps écoulé: 9 minute(s), 17 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Le prob persiste à priori.
J'ai refait un passage dont voici le log:
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 910
Windows 5.1.2600 Service Pack 2
14:23:44 01/07/2008
mbam-log-7-1-2008 (14-23-44).txt
Type de recherche: Examen rapide
Eléments examinés: 48081
Temps écoulé: 9 minute(s), 17 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Le prob persiste à priori.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:00, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Psion Teklogix\Mobile Control Center\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Psion Teklogix\Mobile Control Center\MCDeplSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\progra~1\micros~2\office11\outlook.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\abailly\Mes documents\Mes fichiers reçus\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.171.16:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 91.121.120.216 www.justneuf.com
O2 - BHO: {66fdabfe-2770-c029-1534-3d7646ad0194} - {4910da64-67d3-4351-920c-0772efbadf66} - C:\WINDOWS\system32\zqbwyd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {02E58850-DBD8-40D9-8897-1F9F9471023C} (MOVEitUpDownWiz Class) - https://moveit-eu.psionteklogix.com/COM/MOVEitUploadWizard5.0.0.ocx
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2D913FCB-9551-4145-B751-7F927D750297} (ctSchedule Control 7.0) - http://apps.ptintranet.com/baseweb/fs/ctschedule.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {8891A790-9019-4604-986C-DB652D6B5DC9} (Tilly.TillyCtl) - http://fra-3wvxr2j:9080/VoiceConsole/activeX/Tilly.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.psion.com
O17 - HKLM\Software\..\Telephony: DomainName = ad.psion.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F56F9AF-BFF9-4BE8-BF97-0546DFABD02E}: NameServer = 10.204.1.3,10.208.1.97
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.psion.com
O20 - Winlogon Notify: iiFwVPHa - iiFwVPHa.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: UpgradeToolTFTPService (crmtftp) - Cisco Systems - C:\PROGRA~1\CISCOS~1\UPGRAD~1\crmtftp.exe
O23 - Service: DHCP Turbo - Weird Solutions, Inc. - C:\Program Files\DHCP Turbo\dhcpt.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Mobile Control Center Deployment Server (MCDPSRV) - Psion Teklogix. - C:\Program Files\Psion Teklogix\Mobile Control Center\MCDeplSvr.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VoiceConsole22 - Apache Software Foundation - C:\Program Files\Vocollect\VoiceConsole2.2\tools\apache-tomcat-5.5.15\bin\tomcat5.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Scan saved at 16:05:00, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Psion Teklogix\Mobile Control Center\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Psion Teklogix\Mobile Control Center\MCDeplSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\progra~1\micros~2\office11\outlook.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\abailly\Mes documents\Mes fichiers reçus\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.171.16:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 91.121.120.216 www.justneuf.com
O2 - BHO: {66fdabfe-2770-c029-1534-3d7646ad0194} - {4910da64-67d3-4351-920c-0772efbadf66} - C:\WINDOWS\system32\zqbwyd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {02E58850-DBD8-40D9-8897-1F9F9471023C} (MOVEitUpDownWiz Class) - https://moveit-eu.psionteklogix.com/COM/MOVEitUploadWizard5.0.0.ocx
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2D913FCB-9551-4145-B751-7F927D750297} (ctSchedule Control 7.0) - http://apps.ptintranet.com/baseweb/fs/ctschedule.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {8891A790-9019-4604-986C-DB652D6B5DC9} (Tilly.TillyCtl) - http://fra-3wvxr2j:9080/VoiceConsole/activeX/Tilly.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.psion.com
O17 - HKLM\Software\..\Telephony: DomainName = ad.psion.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F56F9AF-BFF9-4BE8-BF97-0546DFABD02E}: NameServer = 10.204.1.3,10.208.1.97
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.psion.com
O20 - Winlogon Notify: iiFwVPHa - iiFwVPHa.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: UpgradeToolTFTPService (crmtftp) - Cisco Systems - C:\PROGRA~1\CISCOS~1\UPGRAD~1\crmtftp.exe
O23 - Service: DHCP Turbo - Weird Solutions, Inc. - C:\Program Files\DHCP Turbo\dhcpt.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Mobile Control Center Deployment Server (MCDPSRV) - Psion Teklogix. - C:\Program Files\Psion Teklogix\Mobile Control Center\MCDeplSvr.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VoiceConsole22 - Apache Software Foundation - C:\Program Files\Vocollect\VoiceConsole2.2\tools\apache-tomcat-5.5.15\bin\tomcat5.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
bon
Malwarebytes
http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/anti-malware-sujet_197382_1.htm
tu peux nous faire cela
merci
Malwarebytes
http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/anti-malware-sujet_197382_1.htm
tu peux nous faire cela
merci
Je l'avais deja fait, mais je l'ai refait par acquis de conscience.
Voici le resultat du test complet :
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 911
Windows 5.1.2600 Service Pack 2
18:22:40 01/07/2008
mbam-log-7-1-2008 (18-22-40).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 117671
Temps écoulé: 1 hour(s), 10 minute(s), 50 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Voici le resultat du test complet :
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 911
Windows 5.1.2600 Service Pack 2
18:22:40 01/07/2008
mbam-log-7-1-2008 (18-22-40).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 117671
Temps écoulé: 1 hour(s), 10 minute(s), 50 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
