icone Find Spyware Remover +Load Ultimate ...Résolu/Fermé

Question

Bonjour,

Depuis quelques jours, mon PC est ralenti, je perds parfois ma connection internet, ...

et le seul élément visible, ce sont 3 icones
          Find Spyware Remover
          Load Ultimate Cleaner 2007
          Go to Casino
qui se mettent sur mon bureau.

J'ai beau les supprimer, ils reviennent.
Et quand je les supprime, leur "reinstallation" ralentit encore plus mon PC.

Je ne vois absolument pas quoi faire.

Merci d'avance pour votre aide

jlpjlp · Answer

colle un rapport hijackthis 
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html 

	
manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html




_______________________

lance rogue remover 

http://www.libellules.ch/dotclear/index.php?2006/11/29/1518-rogue-remover

https://www.01net.com/telecharger/ 



______________________

smit fraud fix 

http://telechargement.zebulon.fr/smitfraudfix.html 



2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) 

3/ puis refaire comme en 2/ mais selectionne l'option 2 et appuyer sur entrée pour commencer la desinfection. lorsque le programme demande si tu veut nettoyer le registre metsoui en tapant 0 et entrée

________________________

ensuite: 

scan avec des antiespions (en mode sans échec): 

spybot : 

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html 

voir demo d utilisation (merci Balltrap)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm


--------------------- 
utilise aussi pour supprimer tes traces 

CCLEANER: (lance un nettoyage et répare erreurs) sans la barre yahoo 

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html



si tout c'est bien passé redémarre en mode normal et désactive la restauration système pour purger les virus qui seraient dedans puis réactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

_______________

 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr


scan en ligne firefox

https://www.trendmicro.com/fr_fr/business.html

jlpjlp · Answer

télécharger sur le bureau 
Navilog.zip 
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 

= Double-Clic navilog1.zip 
= Extraire tout sur le bureau 
= Double-Clic navilog1 qui est sur le bureau 
= Appuyer sur une touche jusqu' arriver aux options 
= Choisir option 1 

un rapport : fixnavi.txt dans C : va se creer 
le copier/coller dans ton prochain message.

guigol · Answer

Voila un scan Hijackthis, je suis censé attendre vos reponses avant de continuer ou je passe tout de suite a la suite -rogue remover)

En attendant ma question est conne, parce que maintenant que je l'ai posé, je suis obligé d'attendre votre reponse.

Je suis connecté de mon taf sur un pc portable pro.


Ah oui j'oubliais de vous dire aussi, lorsque j'eteins mon pc, j'ai un message qui me demande de terminer un programme qui semble etre la mise a jour de l'antivirus Mcafee.






Logfile of HijackThis v1.99.1
Scan saved at 12:31:54, on 17/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PRIMAVERA\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack	bmon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALCATE~1\LinkSetup\AlcatelMobilePhoneDetect.exe
D:\Documents and Settings\All Users\Application Data\gtuncnqj.exe
C:\WINNT\TEMP\win1A07.tmp.exe
C:\WINNT\mgrs.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\igfxsrvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aww.alcatel.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Alcatel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gnetcache.alcatel.fr:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D46FB99-84E0-4A6A-82A6-F512C2163E09} - C:\WINNT\system32
nnomjk.dll
O2 - BHO: (no name) - {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - C:\Program Files\Video AX Object\bpvol.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack	bmon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKLM\..\Run: [Phone Detect 4] C:\PROGRA~1\ALCATE~1\LinkSetup\PhoneDetectLaunch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Outlook2003_conf] C:\WINNT\Installer\{90E00409-6000-11D3-8CFE-0150048383C9}\cu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Install5G] E:\Install.exe /SI=30
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [gtuncnqj.exe] D:\Documents and Settings\All Users\Application Data\gtuncnqj.exe
O4 - HKLM\..\Run: [avp] C:\WINNT\TEMP\win1A07.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Alcatel 4980 Softphone.lnk = C:\Program Files\Alcatel\A4980\Alcatel 4980\CONFIG.EXE
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O14 - IERESET.INF: START_PAGE_URL=http://aww.alcatel.com
O16 - DPF: {00000005-0000-0000-0000-100009000004} - https://imputati.com/l/c437a981b522e1fd541e19c7d4d4c014_35.exe
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - https://www.miniclip.com/games/ricochet-lost-worlds/fr/ReflexiveWebGameLoader.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://vhshop.cmauto.com:8001/bl_camera.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: iifedda - iifedda.dll (file missing)
O20 - Winlogon Notify: nnnomjk - C:\WINNT\SYSTEM32
nnomjk.dll
O20 - Winlogon Notify: winmyy32 - C:\WINNT\SYSTEM32\winmyy32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - McAfee, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: Lotus Notes Single Logon - Unknown owner - C:\WINNT\system32
slsvice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

jlpjlp · Answer

commence la suite  mais au premier coup d'oiel il va y avoir du boulot

jlpjlp · Answer

C:\WINNT\mgrs.exe 
C:\WINNT\TEMP\win1A07.tmp.exe
C:\Program Files\UPHClean\uphclean.exe  
O2 - BHO: (no name) - {0D46FB99-84E0-4A6A-82A6-F512C2163E09} - C:\WINNT\system32
nnomjk.dll
O20 - Winlogon Notify: nnnomjk - C:\WINNT\SYSTEM32
nnomjk.dll
O20 - Winlogon Notify: winmyy32 - C:\WINNT\SYSTEM32\winmyy32.dll 


_____________________
vire les lignes suivantes avec hijackthis pour celles du haut je me les mets de coté pour la suite..

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm 
O2 - BHO: (no name) - {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - C:\Program Files\Video AX Object\bpvol.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O20 - Winlogon Notify: iifedda - iifedda.dll (file missing)

jlpjlp · Answer

recolle ensuite hijackthis

guigol · Answer

voila le resultat apres avoir coché puis "fixer" les 5 lignes que tu m'as indiqué.





Logfile of HijackThis v1.99.1
Scan saved at 14:22:13, on 17/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PRIMAVERA\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack	bmon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALCATE~1\LinkSetup\AlcatelMobilePhoneDetect.exe
D:\Documents and Settings\All Users\Application Data\gtuncnqj.exe
C:\WINNT\TEMP\win1A07.tmp.exe
C:\WINNT\mgrs.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\igfxsrvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aww.alcatel.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Alcatel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gnetcache.alcatel.fr:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D46FB99-84E0-4A6A-82A6-F512C2163E09} - C:\WINNT\system32
nnomjk.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack	bmon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKLM\..\Run: [Phone Detect 4] C:\PROGRA~1\ALCATE~1\LinkSetup\PhoneDetectLaunch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Outlook2003_conf] C:\WINNT\Installer\{90E00409-6000-11D3-8CFE-0150048383C9}\cu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Install5G] E:\Install.exe /SI=30
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [gtuncnqj.exe] D:\Documents and Settings\All Users\Application Data\gtuncnqj.exe
O4 - HKLM\..\Run: [avp] C:\WINNT\TEMP\win1A07.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Alcatel 4980 Softphone.lnk = C:\Program Files\Alcatel\A4980\Alcatel 4980\CONFIG.EXE
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O14 - IERESET.INF: START_PAGE_URL=http://aww.alcatel.com
O16 - DPF: {00000005-0000-0000-0000-100009000004} - https://imputati.com/l/c437a981b522e1fd541e19c7d4d4c014_35.exe
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - https://www.miniclip.com/games/ricochet-lost-worlds/fr/ReflexiveWebGameLoader.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://vhshop.cmauto.com:8001/bl_camera.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: nnnomjk - C:\WINNT\SYSTEM32
nnomjk.dll
O20 - Winlogon Notify: winmyy32 - C:\WINNT\SYSTEM32\winmyy32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - McAfee, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: Lotus Notes Single Logon - Unknown owner - C:\WINNT\system32
slsvice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

guigol · Answer

J'ai fait tourner Rogue remover, et il ne m'indique aucun probleme.

guigol · Answer

je viens de faire tourner SmitFraudFix.
Les 2 étapes en mode normal, je ne peux pas me connecter (à l'entrée de windows ) lorsque je suis en mode sans echec.









SmitFraudFix v2.204

Rapport fait à 14:41:45,69, 17/07/2007
Executé à partir de D:\Documents and Settings\grat\Desktop\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINNT\mgrs.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetXtreme Gigabit Ethernet - Deterministic Network Enhancer Miniport
DNS Server Search Order: 139.54.61.1
DNS Server Search Order: 139.54.61.2
DNS Server Search Order: 139.54.85.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4ED71C72-9E40-4FB8-8421-0B66FCDB9B86}: DhcpNameServer=139.54.61.1 139.54.61.2 139.54.85.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4ED71C72-9E40-4FB8-8421-0B66FCDB9B86}: DhcpNameServer=139.54.61.1 139.54.61.2 139.54.85.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4ED71C72-9E40-4FB8-8421-0B66FCDB9B86}: DhcpNameServer=139.54.61.1 139.54.61.2 139.54.85.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=139.54.61.1 139.54.61.2 139.54.85.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=139.54.61.1 139.54.61.2 139.54.85.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=139.54.61.1 139.54.61.2 139.54.85.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

jlpjlp · Answer

colle moi ca puis fait le reste svp




télécharger sur le bureau
Navilog.zip
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1

un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.

guigol · Answer

Voici
J'ai fait ccleaner. 450Mo de supprimé.
par contre impossible de lancer spybot parce qu'a mon taf. impossible de faire la mise a jour, et le logicil ne veut pas se lancer sans la mise a jour.








Search Navipromo version 2.0.5 commencé le 17/07/2007 à 17:49:16,05
 
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files
avilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes *** 

 


*** Recherche dossiers dans C:\WINNT ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans D:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans D:\Documents and Settings\grat\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 07/17/07 at 17:49:21.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ........................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 07/17/07 at 17:58:30 (return code = 0).


*** Recherche fichiers *** 




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] 
 
 

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] 
 
 

Recherche Clé Magic Control 
 
 
 
*** Module de Recherche complémentaire *** 
(Recherche fichiers spécifiques) 
 
1)Recherche fichiers connus:


2)Recherche Heuristique :
* 
** 
*** 
**** 
***** 
****** 
******* 
******** 
C:\WINNT\system32\syswin.exe trouvé !

3)Recherche Certificats :


*** Analyse Terminé le 17/07/2007 à 17:59:11,67 ***

jlpjlp · Answer

Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valide.

Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaitre

PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.

merci regis 59




recolle un rapport hijackthis a la fin apres le scan en ligne

guigol · Answer

Clean Navipromo version 2.0.5 commencé le 18/07/2007 à  0:20:03,07

Fix lancé depuis C:\Program Files
avilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Mode suppression automatique avec prise en charge résultats Blacklight


 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)
 

*** Suppression dossiers dans C:\WINNT ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans D:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans D:\Documents and Settings\grat\Application Data ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINNT\Temp effectué !
Nettoyage contenu D:\Documents and Settings\grat\Local Settings\Temp effectué !

 
*** Sauvegarde du registre vers dossier Backupnavi*** 
 
 
sauvegarde du registre réalise avec succes !


*** Nettoyage registre ***


Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche et Suppression Heuristique :

* 
** 
*** 
**** 
***** 
****** 
******* 
******** 
C:\WINNT\System32\syswin.exe trouvé !
Copie C:\WINNT\system32\syswin.exe réalise avec succes !
C:\WINNT\system32\syswin.exe supprimé !


3)Contrôle présence clés Rootkit dans le registre :

Aucune autre clés présente dans le registre !

4)Certificats :


*** Nettoyage termine le 18/07/2007 à  0:23:01,79 ***

guigol · Answer

BitDefender Online Scanner
  
  
 
Rapport d'analyse généré à: Wed, Jul 18, 2007 - 02:07:44
 
 
  
  
 
Voie d'analyse: C:\;D:\;E:\;
  
  
 
 
  
  
 
Statistiques
 
Temps
 01:39:54
 
Fichiers
 591525
 
Directoires
 7515
 
Secteurs de boot
 3
 
Archives
 2840
 
Paquets programmes
 11101
 
  
  
 
Résultats
 
Virus identifiés
 6
 
Fichiers infectés
 7
 
Fichiers suspects
 0
 
Avertissements
 0
 
Désinfectés
 0
 
Fichiers effacés
 6
 
  
  
 
Info sur les moteurs
 
Définition virus
 672631
 
Version des moteurs
 AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
 
Analyse des plugins
 14
 
Archive des plugins
 38
 
Unpack des plugins
 6
 
E-mail plugins
 6
 
Système plugins
 1
 
  
  
 
Paramètres d'analyse
 
Première action
 Désinfecté
 
Seconde Action
 Supprimé
 
Heuristique
 Oui
 
Acceptez les avertissements
 Oui
 
Extensions analysées
 *;
 
Excludez les extensions
  
 
Analyse d'emails
 Oui
 
Analyse des Archives
 Oui
 
Analyser paquets programmes
 Oui
 
Analyse des fichiers
 Oui
 
Analyse de boot
 Oui
 
  
  
 
  Fichier analysé
  Statut
 
C:\Program Files\Alcatel Mobile Phones PC Suite 4\Installer\Installer.exe=>wise0083
 Infecté par: DeepScan:Generic.Malware.SP!.BFD9C68F
 
C:\Program Files\Alcatel Mobile Phones PC Suite 4\Installer\Installer.exe=>wise0083
 Echec de la désinfection
 
C:\Program Files\Alcatel Mobile Phones PC Suite 4\Installer\Installer.exe=>wise0083
 Supprimé
 
C:\Program Files\Alcatel Mobile Phones PC Suite 4\Installer\Installer.exe
 Echec de la mise à jour
 
C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe
 Infecté par: Generic.Adw.SaveNow.F5FEB660
 
C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe
 Echec de la désinfection
 
C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe
 Supprimé
 
C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)
 Echec de la mise à jour
 
C:\WINNT\mgrs.exe
 Infecté par: Trojan.Downloader.Alphabet.AV
 
C:\WINNT\mgrs.exe
 Echec de la désinfection
 
C:\WINNT\mgrs.exe
 Supprimé
 
C:\WINNT\system32\opnljjj.dll
 Détecté avec: Adware.Virtumonde.GFQ
 
C:\WINNT\system32\opnljjj.dll
 Echec de la désinfection
 
C:\WINNT\system32\opnljjj.dll
 Supprimé
 
C:\WINNT\system32\winmyy32.dll
 Infecté par: Trojan.Dialer.QN
 
C:\WINNT\system32\winmyy32.dll
 Echec de la désinfection
 
C:\WINNT\system32\winmyy32.dll
 Echec de la suppression
 
D:\Documents and Settings\All Users\Application Data\gtuncnqj.exe
 Infecté par: Trojan.Pws.Onlinegames.ES
 
D:\Documents and Settings\All Users\Application Data\gtuncnqj.exe
 Echec de la désinfection
 
D:\Documents and Settings\All Users\Application Data\gtuncnqj.exe
 Supprimé
 
D:\System Volume Information\_restore{626DE426-E91F-44F9-BE86-332D0B8A2D49}\RP352\A0080273.exe
 Infecté par: Trojan.Pws.Onlinegames.ES
 
D:\System Volume Information\_restore{626DE426-E91F-44F9-BE86-332D0B8A2D49}\RP352\A0080273.exe
 Echec de la désinfection
 
D:\System Volume Information\_restore{626DE426-E91F-44F9-BE86-332D0B8A2D49}\RP352\A0080273.exe
 Supprimé

guigol · Answer

Logfile of HijackThis v1.99.1
Scan saved at 02:19:02, on 18/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PRIMAVERA\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Alcatel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gnetcache.alcatel.fr:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D46FB99-84E0-4A6A-82A6-F512C2163E09} - C:\WINNT\system32
nnomjk.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack	bmon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKLM\..\Run: [Phone Detect 4] C:\PROGRA~1\ALCATE~1\LinkSetup\PhoneDetectLaunch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Outlook2003_conf] C:\WINNT\Installer\{90E00409-6000-11D3-8CFE-0150048383C9}\cu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Install5G] E:\Install.exe /SI=30
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [gtuncnqj.exe] D:\Documents and Settings\All Users\Application Data\gtuncnqj.exe
O4 - HKLM\..\Run: [avp] C:\WINNT\TEMP\win1A07.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Alcatel 4980 Softphone.lnk = C:\Program Files\Alcatel\A4980\Alcatel 4980\CONFIG.EXE
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O14 - IERESET.INF: START_PAGE_URL=http://aww.alcatel.com
O16 - DPF: {00000005-0000-0000-0000-100009000004} - https://imputati.com/l/c437a981b522e1fd541e19c7d4d4c014_35.exe
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - https://www.miniclip.com/games/ricochet-lost-worlds/fr/ReflexiveWebGameLoader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://vhshop.cmauto.com:8001/bl_camera.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: nnnomjk - C:\WINNT\SYSTEM32
nnomjk.dll
O20 - Winlogon Notify: winmyy32 - C:\WINNT\SYSTEM32\winmyy32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - McAfee, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: Lotus Notes Single Logon - Unknown owner - C:\WINNT\system32
slsvice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

jlpjlp · Answer

O20 - Winlogon Notify: nnnomjk - C:\WINNT\SYSTEM32
nnomjk.dll
O20 - Winlogon Notify: winmyy32 - C:\WINNT\SYSTEM32\winmyy32.dll 





_______________________


scan avec vundo

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.


puis :




virtumondebegone

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe


puis Symantec Vundo Remove Tool

https://www.broadcom.com/support/security-center


et 


https://www.broadcom.com/support/security-center

_____________________________________

AVG antispyxare

https://www.01net.com/telecharger/

Tuto : 
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html 

->Relance AVG AS -> "Analyse" ->"Paramètres" 

Sous la question "Comment réagir ?" : 

-> clique sur "Actions recommandées" et choisis "Quarantaines" 
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système" 

Si un fichier est infecté en fin d'analyse 

->Clique sur "Appliquer toutes les actions " 

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous". 

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

______________________

refait un scan en ligne  et recolle hijackthis

guigol · Answer

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	12:52:40 18/07/2007

 + Résultat de l'analyse:	



HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-1220945662-796845957-725345543-96398\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F0993251-2512-4710-AF6E-0A13EA199D02} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-1220945662-796845957-725345543-96398\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-1220945662-796845957-725345543-96398\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINNT\Temp\win53.tmp.exe -> Downloader.PurityScan.eg : Nettoyé et sauvegardé (mise en quarantaine).
D:\Documents and Settings\grat\Cookies\grat@brightcove.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
D:\Documents and Settings\grat\Cookies\grat@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
D:\Documents and Settings\grat\Cookies\grat@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
D:\Documents and Settings\grat\Cookies\grat@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
D:\Documents and Settings\grat\Cookies\grat@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
D:\Documents and Settings\grat\Cookies\grat@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
D:\Documents and Settings\grat\Cookies\grat@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
D:\Documents and Settings\grat\Cookies\grat@search.live[1].txt -> TrackingCookie.Live : Nettoyé.
D:\Documents and Settings\grat\Cookies\grat@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
D:\Documents and Settings\grat\Cookies\grat@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
D:\Documents and Settings\grat\Cookies\grat@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
D:\Documents and Settings\grat\Cookies\grat@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
D:\Documents and Settings\grat\Cookies\grat@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
D:\Documents and Settings\grat\Cookies\grat@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
D:\Documents and Settings\grat\Cookies\grat@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\WINNT\Temp\win51.tmp.exe -> Trojan.Agent.qt : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport

guigol · Answer

scan en ligne

BitDefender Online Scanner
  
  
 
Rapport d'analyse généré à: Wed, Jul 18, 2007 - 14:20:43
 
 
  
  
 
Voie d'analyse: C:\;D:\;E:\;H:\;I:\;
  
  
 
 
  
  
 
Statistiques
 
Temps
 01:26:24
 
Fichiers
 595306
 
Directoires
 7897
 
Secteurs de boot
 6
 
Archives
 2928
 
Paquets programmes
 11354
 
  
  
 
Résultats
 
Virus identifiés
 5
 
Fichiers infectés
 7
 
Fichiers suspects
 0
 
Avertissements
 0
 
Désinfectés
 0
 
Fichiers effacés
 5
 
  
  
 
Info sur les moteurs
 
Définition virus
 672631
 
Version des moteurs
 AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
 
Analyse des plugins
 14
 
Archive des plugins
 38
 
Unpack des plugins
 6
 
E-mail plugins
 6
 
Système plugins
 1
 
  
  
 
Paramètres d'analyse
 
Première action
 Désinfecté
 
Seconde Action
 Supprimé
 
Heuristique
 Oui
 
Acceptez les avertissements
 Oui
 
Extensions analysées
 *;
 
Excludez les extensions
  
 
Analyse d'emails
 Oui
 
Analyse des Archives
 Oui
 
Analyser paquets programmes
 Oui
 
Analyse des fichiers
 Oui
 
Analyse de boot
 Oui
 
  
  
 
  Fichier analysé
  Statut
 
C:\Program Files\Alcatel Mobile Phones PC Suite 4\Installer\Installer.exe=>wise0083
 Infecté par: DeepScan:Generic.Malware.SP!.BFD9C68F
 
C:\Program Files\Alcatel Mobile Phones PC Suite 4\Installer\Installer.exe=>wise0083
 Echec de la désinfection
 
C:\Program Files\Alcatel Mobile Phones PC Suite 4\Installer\Installer.exe=>wise0083
 Supprimé
 
C:\Program Files\Alcatel Mobile Phones PC Suite 4\Installer\Installer.exe
 Echec de la mise à jour
 
C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe
 Infecté par: Generic.Adw.SaveNow.F5FEB660
 
C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe
 Echec de la désinfection
 
C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe
 Supprimé
 
C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)
 Echec de la mise à jour
 
C:\System Volume Information\_restore{626DE426-E91F-44F9-BE86-332D0B8A2D49}\RP352\A0080271.exe
 Infecté par: Trojan.Downloader.Alphabet.AV
 
C:\System Volume Information\_restore{626DE426-E91F-44F9-BE86-332D0B8A2D49}\RP352\A0080271.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{626DE426-E91F-44F9-BE86-332D0B8A2D49}\RP352\A0080271.exe
 Supprimé
 
C:\System Volume Information\_restore{626DE426-E91F-44F9-BE86-332D0B8A2D49}\RP352\A0080272.dll
 Détecté avec: Adware.Virtumonde.GFQ
 
C:\System Volume Information\_restore{626DE426-E91F-44F9-BE86-332D0B8A2D49}\RP352\A0080272.dll
 Echec de la désinfection
 
C:\System Volume Information\_restore{626DE426-E91F-44F9-BE86-332D0B8A2D49}\RP352\A0080272.dll
 Supprimé
 
C:\WINNT\mgrs.exe
 Infecté par: Trojan.Downloader.Alphabet.AV
 
C:\WINNT\mgrs.exe
 Echec de la désinfection
 
C:\WINNT\mgrs.exe
 Echec de la suppression
 
C:\WINNT\system32\rqropol.dll
 Détecté avec: Adware.Virtumonde.GFQ
 
C:\WINNT\system32\rqropol.dll
 Echec de la désinfection
 
C:\WINNT\system32\rqropol.dll
 Supprimé
 
C:\WINNT\system32\winmyy32.dll
 Infecté par: Trojan.Dialer.QN
 
C:\WINNT\system32\winmyy32.dll
 Echec de la désinfection
 
C:\WINNT\system32\winmyy32.dll
 Echec de la suppression

guigol · Answer

Hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 14:43:54, on 18/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PRIMAVERA\Binn\sqlservr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINNT\system32\igfxsrvc.exe
C:\Program Files\Common Files\Network Associates\TalkBack	bmon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALCATE~1\LinkSetup\AlcatelMobilePhoneDetect.exe
C:\WINNT\TEMP\win4B.tmp.exe
C:\WINNT\mgrs.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\PROGRA~1\Alcatel\A4980\ALCATE~1\a4980.exe
C:\PROGRA~1\Alcatel\A4980\ALCATE~1\ocrrecog.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Alcatel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gnetcache.alcatel.fr:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack	bmon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKLM\..\Run: [Phone Detect 4] C:\PROGRA~1\ALCATE~1\LinkSetup\PhoneDetectLaunch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Outlook2003_conf] C:\WINNT\Installer\{90E00409-6000-11D3-8CFE-0150048383C9}\cu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Install5G] E:\Install.exe /SI=30
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [gtuncnqj.exe] D:\Documents and Settings\All Users\Application Data\gtuncnqj.exe
O4 - HKLM\..\Run: [avp] C:\WINNT\TEMP\win4B.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Alcatel 4980 Softphone.lnk = C:\Program Files\Alcatel\A4980\Alcatel 4980\CONFIG.EXE
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O14 - IERESET.INF: START_PAGE_URL=http://aww.alcatel.com
O16 - DPF: {00000005-0000-0000-0000-100009000004} - https://imputati.com/l/c437a981b522e1fd541e19c7d4d4c014_35.exe
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - https://www.miniclip.com/games/ricochet-lost-worlds/fr/ReflexiveWebGameLoader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://vhshop.cmauto.com:8001/bl_camera.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: winmyy32 - C:\WINNT\SYSTEM32\winmyy32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - McAfee, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: Lotus Notes Single Logon - Unknown owner - C:\WINNT\system32
slsvice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

jlpjlp · Answer

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. 
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici : 
• Redémarre ton ordinateur 
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde). 
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître. 
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée". 
• Choisis ton compte. 
Déroule la liste des instructions ci-dessous : 
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script. 
• Appuie sur Y pour commencer le processus de nettoyage. 
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
• Appuie sur une touche pour redémarrer le PC. 
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
_______________________________________

combofix  (colle le rapport)

http://mickael.barroux.free.fr/securite/combofix.php





------------------------------------------------------



Cleanzip  (colle le rapport)



Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

·  Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean 
·  Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec 
·  Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

http://kerio.probb.fr/tuto-Clean-h37.html

____________________

lance ccleaner et repare les erreurs et nettoie

----------------------------

recolle hijackthis

guigol · Answer

Le lien de SDFix est mort. j'essaye combofix et cleanzip des maintenant

jlpjlp · Answer

ah bon essaye sur le lien suivant (moi ca marche!)

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

guigol · Answer

"grat" - 2007-07-18 16:35:47 - ComboFix 07-07-14.6 - Service Pack 2 NTFS (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINNT\system32\winmyy32.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe C:\WINNT\mgrs.exe C:\WINNT\system32\W007T32W.DLL ((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 ))))))))))))))))))))))))))))))) 2007-07-18 16:34 51,200 --a------ C:\WINNT ircmd.exe 2007-07-18 11:50 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys 2007-07-18 10:41 d-------- C:\VundoFix Backups 2007-07-17 17:48 d-------- C:\Program Files\Navilog1 2007-07-17 15:19 d-------- C:\WINNT\BDOSCAN8 2007-07-17 15:09 d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-07-17 15:09 d-------- C:\Program Files\CCleaner 2007-07-17 14:25 d-------- C:\Program Files\RogueRemover 2007-07-17 12:29 d-------- C:\hijackthis 2007-07-16 01:20 d-------- C:\Program Files\Virtools 2007-06-21 17:21 d-------- D:\DOCUME~1\grat\APPLIC~1\Zen Puzzle Garden (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-18 10:32:54 -------- d-----w D:\DOCUME~1\grat\APPLIC~1\NOTES 2007-07-18 00:47:08 4,712 ----a-w C:\WINNT\system32 mp.reg 2007-06-25 09:22:20 -------- d-----w D:\DOCUME~1\grat\APPLIC~1\bang 2007-06-15 13:23:33 -------- d-----w D:\DOCUME~1\grat\APPLIC~1\gtk-2.0 2007-06-15 10:40:52 -------- d-----w C:\Program Files\Gimp 2007-06-12 13:30:03 106 ----a-w C:\WINNT ames.exe 2007-06-10 02:38:49 -------- d-----w C:\Program Files\Viewpoint 2007-06-10 01:53:32 -------- d-----w C:\Program Files\Common Files\Viewpoint 2007-06-07 18:16:13 -------- d-----w C:\Program Files\Common Files\Cheewoo 2007-06-07 18:16:09 -------- d-----w C:\Program Files\Cheewoo 2007-06-07 09:42:11 -------- d-----w C:\Program Files\Virtual Earth 3D 2007-06-06 13:07:19 -------- d-----w C:\Program Files\MSN Messenger 2007-06-06 00:18:02 -------- d-----w C:\Program Files\DivX 2007-06-05 16:51:41 -------- d-----w C:\Program Files\Virtual Dub 2007-06-04 15:22:38 -------- d-----w C:\Program Files\Openfire 2007-06-01 18:10:49 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-05-31 06:45:07 524,288 ----a-w C:\WINNT\system32\DivXsm.exe 2007-05-31 06:44:55 823,296 ----a-w C:\WINNT\system32\divx_xx07.dll 2007-05-31 06:44:54 823,296 ----a-w C:\WINNT\system32\divx_xx0c.dll 2007-05-31 06:44:54 802,816 ----a-w C:\WINNT\system32\divx_xx11.dll 2007-05-31 06:44:54 740,442 ----a-w C:\WINNT\system32\DivX.dll 2007-05-27 01:17:45 -------- d-----w D:\DOCUME~1\grat\APPLIC~1\vlc 2007-05-25 01:46:16 -------- d-----w C:\Program Files\AC3Filter 2007-05-08 02:15:48 1,152 ----a-w C:\WINNT\system32\windrv.sys 2007-05-04 00:48:39 108,144 ----a-w C:\WINNT\system32\CmdLineExt.dll 2007-05-01 13:21:13 81,920 ----a-w C:\WINNT\system32\W32N50.dll 2007-05-01 13:21:13 17,134 ----a-w C:\WINNT\system32\PCANDIS5.sys 2007-04-23 00:15:29 3,596,288 ----a-w C:\WINNT\system32\qt-dx331.dll 2007-04-23 00:15:18 200,704 ----a-w C:\WINNT\system32\ssldivx.dll 2007-04-23 00:15:18 1,044,480 ----a-w C:\WINNT\system32\libdivx.dll 2007-04-23 00:02:34 73,728 ----a-w C:\WINNT\system32\dpl100.dll 2007-04-23 00:02:34 196,608 ----a-w C:\WINNT\system32\dtu100.dll 2007-04-23 00:02:33 53,248 ----a-w C:\WINNT\system32\dpuGUI10.dll 2007-04-23 00:02:31 593,920 ----a-w C:\WINNT\system32\dpuGUI11.dll 2007-04-23 00:02:31 57,344 ----a-w C:\WINNT\system32\dpv11.dll 2007-04-23 00:02:31 344,064 ----a-w C:\WINNT\system32\dpus11.dll 2007-04-23 00:02:31 294,912 ----a-w C:\WINNT\system32\dpu11.dll 2007-04-23 00:02:31 294,912 ----a-w C:\WINNT\system32\dpu10.dll 2007-04-23 00:01:47 12,288 ----a-w C:\WINNT\system32\DivXWMPExtType.dll 2007-04-23 00:01:46 124,472 ----a-w C:\WINNT\system32\DivXCodecUpdateChecker.exe 2004-08-03 23:56:58 73,728 --sha-w C:\WINNT\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 01:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}] 2007-07-18 10:36 5645104 --a------ C:\Program Files\Siber Systems\AI RoboForm oboform.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 10:12 C:\WINNT\AGRSMMSG.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2006-10-04 15:55] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 09:00] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack bmon.exe" [2003-10-07 10:48] "McAfeeFireTray"="C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe" [2006-01-13 10:08] "Phone Detect 4"="C:\PROGRA~1\ALCATE~1\LinkSetup\PhoneDetectLaunch.exe" [2005-08-29 13:38] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB ealsched.exe" [2005-09-16 08:56] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "Install5G"="E:\Install.exe" [] "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [] "gtuncnqj.exe"="D:\Documents and Settings\All Users\Application Data\gtuncnqj.exe" [] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29] "ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 01:56] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-07-18 10:36] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoToolbarCustomize"=0 (0x0) "NoBandCustomize"=0 (0x0) "NoSMConfigurePrograms"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1220945662-796845957-725345543-64127\Scripts\Logoff\0\0] "Script"=KEYBOARD.CMD [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1220945662-796845957-725345543-64127\Scripts\Logoff\0\1] "Script"=C:\Program Files\Profile Light\Logoff.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1220945662-796845957-725345543-96398\Scripts\Logoff\0\0] "Script"=KEYBOARD.CMD [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1220945662-796845957-725345543-96398\Scripts\Logoff\0\1] "Script"=C:\Program Files\Profile Light\Logoff.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1677128483-682003330-500\Scripts\Logoff\0\0] "Script"=KEYBOARD.CMD [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1677128483-682003330-500\Scripts\Logoff\0\1] "Script"=C:\Program Files\Profile Light\Logoff.bat [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] *Newly Created Service* - AVGASCLN HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MSOutlook_2003 C:\WINNT\Installer\{90E00409-6000-11D3-8CFE-0150048383C9}\cu.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\NetscreenVPNClient_1071b10_menu regedit -s "C:\Program Files\NetScreen\NetScreen-Remote\menu_order.reg" HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Netscreen_1071b10 regedit -s "C:\Program Files\NetScreen\NetScreen-Remote\safenet_proxy.reg" HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\QuickTime_715 D:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTime\cu.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\REALPLAYER_1058 C:\Program Files\Real\RealPlayer\cu.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Shockwave C:\WINNT\INSTALLER\MACROMEDIA\cu.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\WMP_USER C:\Program Files\Windows Media Player\cu.exe ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-18 16:42:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-18 16:47:15 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-18 16:47 --- E O F ---

guigol · Answer

C'est normal que maintenant quand il redemarre mon pc essaye d'installer Real player?
Evidemment, il ne trouve as le cd d'install...


bizarre




SDFix: Version 1.92

Run by grat on 2007-07-18 at 16:54

Microsoft Windows XP [version 5.1.2600]

Running From: D:\DOCUME~1\grat\Desktop\sdfix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File 
Restoring Missing SharedAccess Service 

Rebooting...


Normal Mode:
Checking Files: 

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINNT
No streams found. 

C:\WINNT\system32
No streams found. 

C:\WINNT\system32\svchost.exe
No streams found.
 
C:\WINNT\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe"="C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe:*:Enabled:IreIke"
"C:\Program Files\NetScreen\NetScreen-Remote\ViewLog.exe"="C:\Program Files\NetScreen\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
"C:\Program Files\NetScreen\NetScreen-Remote\CmonApp.exe"="C:\Program Files\NetScreen\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
"C:\Program Files\NetScreen\NetScreen-Remote\vpn.exe"="C:\Program Files\NetScreen\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe"="C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe:*:Enabled:IreIke"
"C:\Program Files\NetScreen\NetScreen-Remote\ViewLog.exe"="C:\Program Files\NetScreen\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
"C:\Program Files\NetScreen\NetScreen-Remote\CmonApp.exe"="C:\Program Files\NetScreen\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
"C:\Program Files\NetScreen\NetScreen-Remote\vpn.exe"="C:\Program Files\NetScreen\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\WINNT\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe

                                 Finished

jlpjlp · Answer

supprime real du demarrage dasn  DEMARRER puis EXECUTER et tape     msconfig    puis dans l'onglet demarrer decoche real


desinstalle real player dans DEMARRER puis PANNEAU DE CONFIGURATION puis AJOUT / SUPPRESSION DE PROG

reinstalle le la si besoin

https://www.01net.com/404/

guigol · Answer

Cleanzip effectué, j'ai nettoyé un certain viewpoint.

CCLEANER : ok. rien a supprimer.






Logfile of HijackThis v1.99.1
Scan saved at 17:11, on 2007-07-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\Explorer.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gnetcache.alcatel.fr:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack	bmon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKLM\..\Run: [Phone Detect 4] C:\PROGRA~1\ALCATE~1\LinkSetup\PhoneDetectLaunch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Install5G] E:\Install.exe /SI=30
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [gtuncnqj.exe] D:\Documents and Settings\All Users\Application Data\gtuncnqj.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Alcatel 4980 Softphone.lnk = C:\Program Files\Alcatel\A4980\Alcatel 4980\CONFIG.EXE
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://aww.alcatel.com
O16 - DPF: {00000005-0000-0000-0000-100009000004} - https://imputati.com/l/c437a981b522e1fd541e19c7d4d4c014_35.exe
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - https://www.miniclip.com/games/ricochet-lost-worlds/fr/ReflexiveWebGameLoader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://vhshop.cmauto.com:8001/bl_camera.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - McAfee, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: Lotus Notes Single Logon - Unknown owner - C:\WINNT\system32
slsvice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

jlpjlp · Answer

colle un rapport hijackthis  comme indiqué là

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html


____________________

tu as quel antivirus et quel parefeu?


____________________

encore des pbs ?  des pbs?

guigol · Answer

a priori plus de probleme.

Firewall : McAfee
Anti-virus : McAfee


question : tu m'as fait tourné avg anti-spyware qui maintenant se lance automatiquement au demarrage.
Je le laisse? je desinstalle?
J'installe autre chose de plus performant.








Logfile of HijackThis v1.99.1
Scan saved at 17:21, on 2007-07-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PRIMAVERA\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack	bmon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALCATE~1\LinkSetup\AlcatelMobilePhoneDetect.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\PROGRA~1\Alcatel\A4980\ALCATE~1\a4980.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\msiexec.exe
C:\PROGRA~1\Alcatel\A4980\ALCATE~1\ocrrecog.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://aww.alcatel.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gnetcache.alcatel.fr:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack	bmon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKLM\..\Run: [Phone Detect 4] C:\PROGRA~1\ALCATE~1\LinkSetup\PhoneDetectLaunch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Install5G] E:\Install.exe /SI=30
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [gtuncnqj.exe] D:\Documents and Settings\All Users\Application Data\gtuncnqj.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Alcatel 4980 Softphone.lnk = C:\Program Files\Alcatel\A4980\Alcatel 4980\CONFIG.EXE
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://aww.alcatel.com
O16 - DPF: {00000005-0000-0000-0000-100009000004} - https://imputati.com/l/c437a981b522e1fd541e19c7d4d4c014_35.exe
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - https://www.miniclip.com/games/ricochet-lost-worlds/fr/ReflexiveWebGameLoader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://vhshop.cmauto.com:8001/bl_camera.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\Software\..\Telephony: DomainName = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad2.ad.alcatel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,vx.cit.alcatel.fr,vz.cit.alcatel.fr,ln.cit.alcatel.fr,or.cit.alcatel.fr,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - McAfee, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: Lotus Notes Single Logon - Unknown owner - C:\WINNT\system32
slsvice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

jlpjlp · Answer

ok
vire avg car la suite maafee a un antiespion en temps reel




pour protéger  ton ordi  en se basant sur mac afee que tu as

securite


1/
antivirus   mcafee

-------------
des anti-espions:

AD AWARE + SPYBOT   (a mettre a jour et scanner avec une fois par mois)

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation  : il suffit de faire "update" pour mettre à jour tous les mois  et ensuite" enable all protection" pour immuniser)...


--------
un pare feu :  mcafee


-----------

CCLEANER pour effacer les traces de surf

____________


surf de preference avec  firefox  ou opéra  moins touché par les infections

https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/29641.html




bonne continuation


si pb tu dis!

guigol · Answer

merci pour tout.

je ne pensais pas que ca prendrait autant de temps. merci d'y avoir consacré tant de temps.

Guigol

Icone Find Spyware Remover +Load Ultimate ...

30 réponses

Discussions similaires

Newsletters