Se connecter / S'enregistrer
Votre question

deux process "iexplore.exe" au démarage...

Tags :
  • Hijackthis
  • Sécurité
Dernière réponse : dans Sécurité et virus
10 Mars 2008 18:07:37

Bonjour,

j'ai des processus qui me prennent tout mon CPU..! Il s'agit de IEXPLOR.EXE qui apparait deux fois et que je ne peux pas tuer, sans quoi ils reviennent...

Est-ce que quelqu'un est d'accord pour s'occuper de mon cas? Suis-je infecté par un virus ?

Merci d'avance.
Baptiste

Autres pages sur : process iexplore exe demarage

10 Mars 2008 19:57:42

Bonsoir Angeldark, le forum,

voila voila mon rapport HijackThis :
Merci d'avance de ce que tu peux faire pour moi.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:22, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Atria\bin\cccredmgr.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\Program Files\Atria\bin\lockmgr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nsiolan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\msiexec.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [Funk Soap] D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1\Debugboltinfo.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - file://C:\Program Files\InterCAP\ActiveCGM\ActiveX\acgm.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atria Location Broker (Albd) - Unknown owner - C:\Program Files\Atria\bin\albd_server.exe
O23 - Service: Atria Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Atria\bin\cccredmgr.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - Unknown owner - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Hummingbird Export (HCLExport) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
O23 - Service: Hummingbird Exceed Display Management (HumDisplayServer) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: Atria Lock Manager (LockMgr) - Unknown owner - C:\Program Files\Atria\bin\lockmgr.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NSIoLan - Alcatel - C:\WINNT\system32\nsiolan.exe
O23 - Service: OracleOra_Clt_817ClientCache - Unknown owner - c:\Progra~1\clt817\BIN\ONRSD.EXE

--
End of file - 9243 bytes
Contenus similaires
a b 8 Sécurité
10 Mars 2008 21:24:59

Infection Lop :) 

Télécharge Lop S&D.exe sur ton Bureau.
  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
  • Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
    10 Mars 2008 21:46:23

    [OK]

    J'ai exécuté le programme et voila mon rapport :
    Merci. :) 


    -----------------------[ Lop S&D 4.0.5 XP/Vista ]----------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : bdufourq ] [ "C:\Lop SD" ]
    [ 10/03/2008 | 21:55:21,15 ] [ PC : FRORVN0F04253 ]
    [ MAJ : 09-03-2008 | 22:50 ]

    -------------[ Listing des dossiers dans Application Data ]------------














    ----------------[ Tâches planifiées dans C:\WINNT\tasks ]---------------

    [09/03/2008 15:55][--a------] C:\WINNT\tasks\Uniblue SpyEraser Nag.job
    [08/03/2008 16:15][--a------] C:\WINNT\tasks\Uniblue SpyEraser.job
    [10/03/2008 21:00][--ah-----] C:\WINNT\tasks\B16AB7C291293006.job
    [10/03/2008 21:25][--ah-----] C:\WINNT\tasks\SA.DAT
    [31/03/2003 12:00][-r-h-----] C:\WINNT\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [10/03/2008|18:23] C:\Program Files\.
    [10/03/2008|18:23] C:\Program Files\..
    [10/03/2008|17:28] C:\Program Files\Adobe
    [28/02/2008|12:08] C:\Program Files\Aladin
    [28/02/2008|10:38] C:\Program Files\Analog Devices
    [28/02/2008|11:34] C:\Program Files\AT&T Net Client
    [28/02/2008|12:08] C:\Program Files\Atria
    [28/02/2008|18:04] C:\Program Files\BitTorrent
    [02/03/2008|17:08] C:\Program Files\CCleaner
    [28/02/2008|11:39] C:\Program Files\Citrix
    [28/02/2008|11:50] C:\Program Files\clt817
    [10/03/2008|17:30] C:\Program Files\Common Files
    [28/02/2008|10:19] C:\Program Files\ComPlus Applications
    [28/02/2008|12:08] C:\Program Files\DATA
    [28/02/2008|10:34] C:\Program Files\DIFX
    [28/02/2008|18:04] C:\Program Files\DNA
    [28/02/2008|11:40] C:\Program Files\Epic
    [28/02/2008|11:07] C:\Program Files\FileZilla
    [28/02/2008|12:10] C:\Program Files\Filter 01.40.40
    [28/02/2008|15:36] C:\Program Files\Fingerprint Sensor
    [28/02/2008|12:10] C:\Program Files\Ghostgum
    [29/02/2008|11:11] C:\Program Files\glassfish-v2ur1
    [10/03/2008|18:23] C:\Program Files\Google
    [28/02/2008|11:52] C:\Program Files\gs
    [28/02/2008|11:07] C:\Program Files\HDI_20
    [28/02/2008|11:34] C:\Program Files\Hewlett-Packard
    [28/02/2008|11:42] C:\Program Files\Hummingbird
    [28/02/2008|11:07] C:\Program Files\initdhcp
    [28/02/2008|15:34] C:\Program Files\InstallShield Installation Information
    [28/02/2008|11:54] C:\Program Files\InterCAP
    [10/03/2008|19:47] C:\Program Files\Internet Explorer
    [28/02/2008|11:53] C:\Program Files\IVIEW2
    [29/02/2008|11:03] C:\Program Files\Java
    [28/02/2008|11:54] C:\Program Files\JavaSoft
    [28/02/2008|11:55] C:\Program Files\jdk1.1.8
    [28/02/2008|11:55] C:\Program Files\jdk1.3.0_01
    [08/03/2008|11:52] C:\Program Files\Lavasoft
    [28/02/2008|11:09] C:\Program Files\Lotus
    [28/02/2008|10:45] C:\Program Files\McAfee
    [28/02/2008|12:20] C:\Program Files\Microsoft ActiveSync
    [28/02/2008|10:25] C:\Program Files\microsoft frontpage
    [28/02/2008|12:20] C:\Program Files\Microsoft Office
    [03/03/2008|10:35] C:\Program Files\Microsoft Office Communicator
    [28/02/2008|11:36] C:\Program Files\Microsoft Visual Studio
    [28/02/2008|12:20] C:\Program Files\Microsoft.NET
    [28/02/2008|11:57] C:\Program Files\Morten's Cygwin X-Launcher
    [28/02/2008|10:19] C:\Program Files\Movie Maker
    [10/03/2008|21:32] C:\Program Files\Mozilla Firefox
    [28/02/2008|11:23] C:\Program Files\mozilla.org
    [10/03/2008|16:07] C:\Program Files\msn gaming zone
    [28/02/2008|12:13] C:\Program Files\MSXML 4.0
    [02/03/2008|19:45] C:\Program Files\MSXML 6.0
    [29/02/2008|15:01] C:\Program Files\NetBeans 6.0.1
    [28/02/2008|10:19] C:\Program Files\NetMeeting
    [28/02/2008|11:30] C:\Program Files\NetScreen
    [28/02/2008|11:34] C:\Program Files\Network Associates
    [28/02/2008|11:41] C:\Program Files\Omnimark 5
    [28/02/2008|10:19] C:\Program Files\Online Services
    [28/02/2008|11:48] C:\Program Files\Oracle
    [28/02/2008|11:43] C:\Program Files\OracleForArts
    [28/02/2008|10:19] C:\Program Files\Outlook Express
    [28/02/2008|11:21] C:\Program Files\Paint.NET
    [28/02/2008|11:21] C:\Program Files\PDFCreator
    [28/02/2008|11:54] C:\Program Files\Perl560
    [28/02/2008|11:27] C:\Program Files\Profile Light
    [28/02/2008|11:40] C:\Program Files\PSPad editor
    [28/02/2008|11:40] C:\Program Files\Putty
    [28/02/2008|11:22] C:\Program Files\QuickTime
    [28/02/2008|11:56] C:\Program Files\Raglsrv
    [28/02/2008|11:35] C:\Program Files\rasphone_PBK
    [28/02/2008|11:23] C:\Program Files\Real
    [08/03/2008|11:52] C:\Program Files\RegCleaner
    [28/02/2008|12:10] C:\Program Files\sea
    [28/02/2008|16:50] C:\Program Files\Setup Factory 7.0
    [28/02/2008|11:52] C:\Program Files\Snapshot Viewer
    [04/03/2008|14:04] C:\Program Files\SNEC Tool
    [02/03/2008|17:14] C:\Program Files\Spybot - Search & Destroy
    [28/02/2008|11:39] C:\Program Files\SQLLIB
    [29/02/2008|11:03] C:\Program Files\Sun
    [28/02/2008|11:57] C:\Program Files\Tactical Software
    [28/02/2008|11:41] C:\Program Files\TightVNC
    [10/03/2008|13:50] C:\Program Files\Trend Micro
    [28/02/2008|18:08] C:\Program Files\TrueUpdate 3.0
    [28/02/2008|11:43] C:\Program Files\UltraEdit
    [08/03/2008|14:32] C:\Program Files\Uniblue
    [28/02/2008|10:29] C:\Program Files\Uninstall Information
    [28/02/2008|11:06] C:\Program Files\UPHClean
    [28/02/2008|11:26] C:\Program Files\userguides
    [28/02/2008|11:53] C:\Program Files\Verilog
    [29/02/2008|21:51] C:\Program Files\VideoLAN
    [28/02/2008|18:08] C:\Program Files\Visual Patch 3.0
    [28/02/2008|11:43] C:\Program Files\vittam2d
    [28/02/2008|11:35] C:\Program Files\VPNLOGINSCRIPT
    [28/02/2008|12:08] C:\Program Files\WADS
    [08/03/2008|08:34] C:\Program Files\win'design
    [10/03/2008|10:29] C:\Program Files\Windows Live
    [28/02/2008|11:20] C:\Program Files\Windows Media Connect 2
    [28/02/2008|11:20] C:\Program Files\Windows Media Player
    [28/02/2008|10:25] C:\Program Files\Windows NT
    [28/02/2008|10:19] C:\Program Files\WindowsUpdate
    [28/02/2008|11:27] C:\Program Files\WINZIP
    [28/02/2008|10:25] C:\Program Files\xerox
    [28/02/2008|11:27] C:\Program Files\ZapNotes

    ------[ Listing des dossiers dans C:\Program Files\Common Files ]------

    [10/03/2008|17:30] C:\Program Files\Common Files\.
    [10/03/2008|17:30] C:\Program Files\Common Files\..
    [10/03/2008|17:30] C:\Program Files\Common Files\Adobe
    [28/02/2008|10:45] C:\Program Files\Common Files\Cisco Systems
    [28/02/2008|11:36] C:\Program Files\Common Files\Designer
    [28/02/2008|11:30] C:\Program Files\Common Files\Deterministic Networks
    [28/02/2008|11:29] C:\Program Files\Common Files\InstallShield
    [28/02/2008|11:07] C:\Program Files\Common Files\Java
    [28/02/2008|12:20] C:\Program Files\Common Files\L&H
    [28/02/2008|10:45] C:\Program Files\Common Files\McAfee
    [28/02/2008|12:26] C:\Program Files\Common Files\Microsoft Shared
    [28/02/2008|10:19] C:\Program Files\Common Files\MSSoap
    [28/02/2008|11:34] C:\Program Files\Common Files\Network Associates
    [28/02/2008|11:16] C:\Program Files\Common Files\ODBC
    [28/02/2008|11:23] C:\Program Files\Common Files\Real
    [28/02/2008|10:19] C:\Program Files\Common Files\Services
    [28/02/2008|11:16] C:\Program Files\Common Files\SpeechEngines
    [28/02/2008|12:20] C:\Program Files\Common Files\System
    [10/03/2008|10:30] C:\Program Files\Common Files\WindowsLiveInstaller
    [08/03/2008|11:52] C:\Program Files\Common Files\Wise Installation Wizard
    [28/02/2008|11:23] C:\Program Files\Common Files\xing shared

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\WINNT\Tasks\B16AB7C291293006.job

    ----------------------[ Verification du Registre ]----------------------


    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-10 21:56:32
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    /!\ [Fich:52][Doss:17] D:\DOCUME~1\bdufourq\LOCALS~1\Temp
    /!\ [Fich:1][Doss:0] D:\DOCUME~1\bdufourq\Cookies
    /!\ [Fich:13][Doss:4] D:\DOCUME~1\bdufourq\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 21:56:48,64 ]----------------------
    a b 8 Sécurité
    11 Mars 2008 12:26:41

    Re,

    Fix le ligne dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

    O4 - HKCU\..\Run: [Funk Soap] D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1\Debugboltinfo.exe


    Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
    Sélectionne tous les emplacements dans le cadre ci-dessous :

    D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1
    C:\WINNT\Tasks\B16AB7C291293006.job

    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur [#ff0000]MoveIt![/#f]

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    ->Informations sur le logiciel<-
    11 Mars 2008 13:09:28

    Bonjour Angeldark,

    voila le rapport que tu me demandais :
    Merci pour tout.

    Baptiste

    Citation :
    D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1 moved successfully.
    C:\WINNT\Tasks\B16AB7C291293006.job moved successfully.

    OTMoveIt2 v1.0.21 log created on 03112008_130732

    a b 8 Sécurité
    11 Mars 2008 13:16:08

    Reposte un rapport Hijackthis.
    11 Mars 2008 13:18:03

    voila voila :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:17:37, on 11/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
    C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Atria\bin\cccredmgr.exe
    C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
    C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
    C:\Program Files\Atria\bin\lockmgr.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\nsiolan.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINNT\system32\CCM\CcmExec.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Microsoft Office Communicator\Communicator.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\NetBeans 6.0.1\bin\netbeans.exe
    C:\Program Files\NetBeans 6.0.1\platform7\lib\nbexec.exe
    C:\Program Files\NetBeans 6.0.1\platform7\lib\nbexec.exe
    C:\Program Files\Java\jdk1.6.0_04\jre\bin\java.exe
    D:\Documents and Settings\bdufourq\Desktop\OTMoveIt2.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://gautoconf.alcatel.fr/proxy.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
    O4 - HKCU\..\Run: [Funk Soap] D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1\Debugboltinfo.exe
    O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
    O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - file://C:\Program Files\InterCAP\ActiveCGM\ActiveX\acgm.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
    O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Atria Location Broker (Albd) - Unknown owner - C:\Program Files\Atria\bin\albd_server.exe
    O23 - Service: Atria Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Atria\bin\cccredmgr.exe
    O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
    O23 - Service: DB2 Security Server (DB2NTSECSERVER) - Unknown owner - C:\Program Files\SQLLIB\bin\db2sec.exe
    O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    O23 - Service: Hummingbird Export (HCLExport) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
    O23 - Service: Hummingbird Exceed Display Management (HumDisplayServer) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
    O23 - Service: Atria Lock Manager (LockMgr) - Unknown owner - C:\Program Files\Atria\bin\lockmgr.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    O23 - Service: NSIoLan - Alcatel - C:\WINNT\system32\nsiolan.exe
    O23 - Service: OracleOra_Clt_817ClientCache - Unknown owner - c:\Progra~1\clt817\BIN\ONRSD.EXE

    --
    End of file - 9813 bytes
    a b 8 Sécurité
    11 Mars 2008 13:26:07

    Tu as bien fixé la ligne avec Hijackthis :) 
    11 Mars 2008 13:33:02

    Re,

    je pensais l'avoir fait... mais aparamment non :non:  désolé..!
    Voila qui est fait maintenant et voici mon rapport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:30:58, on 11/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
    C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Atria\bin\cccredmgr.exe
    C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
    C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
    C:\Program Files\Atria\bin\lockmgr.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\nsiolan.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINNT\system32\CCM\CcmExec.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Microsoft Office Communicator\Communicator.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\NetBeans 6.0.1\bin\netbeans.exe
    C:\Program Files\NetBeans 6.0.1\platform7\lib\nbexec.exe
    C:\Program Files\NetBeans 6.0.1\platform7\lib\nbexec.exe
    C:\Program Files\Java\jdk1.6.0_04\jre\bin\java.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://gautoconf.alcatel.fr/proxy.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
    O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - file://C:\Program Files\InterCAP\ActiveCGM\ActiveX\acgm.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
    O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Atria Location Broker (Albd) - Unknown owner - C:\Program Files\Atria\bin\albd_server.exe
    O23 - Service: Atria Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Atria\bin\cccredmgr.exe
    O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
    O23 - Service: DB2 Security Server (DB2NTSECSERVER) - Unknown owner - C:\Program Files\SQLLIB\bin\db2sec.exe
    O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    O23 - Service: Hummingbird Export (HCLExport) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
    O23 - Service: Hummingbird Exceed Display Management (HumDisplayServer) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
    O23 - Service: Atria Lock Manager (LockMgr) - Unknown owner - C:\Program Files\Atria\bin\lockmgr.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    O23 - Service: NSIoLan - Alcatel - C:\WINNT\system32\nsiolan.exe
    O23 - Service: OracleOra_Clt_817ClientCache - Unknown owner - c:\Progra~1\clt817\BIN\ONRSD.EXE

    --
    End of file - 9667 bytes
    11 Mars 2008 13:45:00

    Angeldark,

    j'ai beau fixer la ligne suivante, elle revient si je relance HijackThis.... ! :??: 

    Citation :
    O4 - HKCU\..\Run: [Funk Soap] D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1\Debugboltinfo.exe


    et le dossier associé réapparait aussi car voila mon rapport avec OTMoveIt :

    Citation :
    D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1 moved successfully.
    File/Folder C:\WINNT\Tasks\B16AB7C291293006.job not found.

    OTMoveIt2 v1.0.21 log created on 03112008_134729
    a b 8 Sécurité
    11 Mars 2008 19:35:46

    Elle est plus là :/ 
    11 Mars 2008 20:07:35

    mais elle est revenue... :( 
    Quand je la fixe, elle revient.... et j ai toujours mes deux processus iexplore.exe qui prennent mon CPU !

    Merci d avance,
    Baptiste


    Voila mon rapport :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:00:20, on 11/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
    C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Atria\bin\cccredmgr.exe
    C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
    C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
    C:\Program Files\Atria\bin\lockmgr.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\nsiolan.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINNT\system32\CCM\CcmExec.exe
    C:\WINNT\system32\msiexec.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
    C:\Program Files\Microsoft Office Communicator\Communicator.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://gautoconf.alcatel.fr/proxy.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
    O4 - HKCU\..\Run: [Funk Soap] D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1\Debugboltinfo.exe
    O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - file://C:\Program Files\InterCAP\ActiveCGM\ActiveX\acgm.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
    O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,or.cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr,ln.cit.alcatel.fr,om.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,emea.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,dc-m.alcatel-lucent.com
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Atria Location Broker (Albd) - Unknown owner - C:\Program Files\Atria\bin\albd_server.exe
    O23 - Service: Atria Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Atria\bin\cccredmgr.exe
    O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
    O23 - Service: DB2 Security Server (DB2NTSECSERVER) - Unknown owner - C:\Program Files\SQLLIB\bin\db2sec.exe
    O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    O23 - Service: Hummingbird Export (HCLExport) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\9.00\NFSClient\expserv.exe
    O23 - Service: Hummingbird Exceed Display Management (HumDisplayServer) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
    O23 - Service: Atria Lock Manager (LockMgr) - Unknown owner - C:\Program Files\Atria\bin\lockmgr.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    O23 - Service: NSIoLan - Alcatel - C:\WINNT\system32\nsiolan.exe
    O23 - Service: OracleOra_Clt_817ClientCache - Unknown owner - c:\Progra~1\clt817\BIN\ONRSD.EXE

    --
    End of file - 9234 bytes
    a b 8 Sécurité
    11 Mars 2008 21:42:33

    Bizarre.

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    11 Mars 2008 22:00:29

    Bonsoir,

    je viens d'essayer Combofix et voila le msg que j'obtiens :

    'swreg' is not recognized as an
    operable program or batch file.
    '"C:\\nircmd.com"' is not recogn
    operable program or batch file.
    C:\ComboFix.exe
    C:\pagefile.sys
    C:\ptdebug.txt
    The batch file cannot be found.
    a b 8 Sécurité
    11 Mars 2008 22:18:20

    Tu peux essayé en sans échec ?
    11 Mars 2008 22:25:36

    voila où j'en suis dans l'investigation :

    Je n'arrive pas à utiliser Combofix et les processus iexplore sont toujours présents.
    J'ai repris les étapes précédentes :

    1 - fix de la ligne :
    O4 - HKCU\..\Run: [Funk Soap] D:\DOCUME~1\bdufourq\APPLIC~1\FLAGAT~1\Debugboltinfo.exe

    2 - utilisation de OTMoveIt.exe et j'ai bougé les dossiers trouvés

    3 - après les avoir bougés et trouvés dans le répertoire C:\_OTMoveIt\MovedFiles\, j'ai supprimé ce répertoire et depuis les processus ont disparus.... miracle j'ai l'impression ! Il ne semblent pas revenir...?

    Comment être sûr que je n'ai plus d'infection?
    Merci d'avance pour ce que tu fais.

    Baptiste
    a b 8 Sécurité
    11 Mars 2008 22:26:48

    Tu as le même problème avec l'explorer ?
    12 Mars 2008 10:16:25

    Aïe aïe aïe, j'ai voulu redémarrer en Mode Sans Echec et je ne peux plus démarrer : "NTLDR is missing"..... je suis un peu coincé maintenant !!
    a b 8 Sécurité
    12 Mars 2008 13:31:47

    Tu peux pas démarrer, même en mode normal ?
    12 Mars 2008 16:16:10

    hé non ! Je ne peux plus rien faire... alors j'ai demandé une re-masterisation de mon portable... Je ne comprends pas ce qui a pu se passer !
    Merci quand même pour le coup de main et l'investigation de mon problème.

    Bonne fin de journée, baptiste
    a b 8 Sécurité
    12 Mars 2008 16:30:48

    Tu as formaté ? Tu peux toujours essayer la réparation !
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS