

denfert
Membres-
Compteur de contenus
5 -
Inscription
-
Dernière visite
denfert's Achievements

Junior Member (3/12)
0
Réputation sur la communauté
-
Voici la répons de Malwarebytes. Merci pour ton aide Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1400 Windows 5.1.2600 Service Pack 2 15/11/2008 21:46:08 mbam-log-2008-11-15 (21-46-02).txt Type de recherche: Examen rapide Eléments examinés: 57127 Temps écoulé: 3 minute(s), 9 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46d7049a-9db9-4aec-82b1-f101b9367cb1} (Trojan.Vundo) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\d2.exe (Trojan.TinyDownloader705) -> No action taken. C:\d3.exe (Trojan.TinyDownloader705) -> No action taken.
-
Infection récurrente à Trojan Vundo sur une machine protégée par NIS, en réseau. Outil spécifique Symantec utilisé à plusieurs reprises (FixVundo.exe), idem Trojan Remover en mode nomal ou en mode sans échec. Le virus est parfois retrouvé et éradiqué, mais détection ultérieure récurrente par NIS. J'ai fait une analyse par ComboFix dont voici le résultat : qu'en pensez vous ? Autre outil à me conseiller ? ComboFix 08-11-13.01 - Parents 2008-11-15 17:11:36.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1321 [GMT 1:00] Lancé depuis: c:\telechargementbis\ComboFix.exe * Un nouveau point de restauration a été créé . ADS - WINDOWS: deleted 24 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\d.exe c:\windows\IE4 Error Log.txt c:\windows\system32\jxifhlax.dll c:\windows\system32\synfel.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-15 au 2008-11-15 )))))))))))))))))))))))))))))))))))) . 2008-11-09 21:38 . 2008-11-09 21:38 <REP> d-------- c:\documents and settings\All Users\Application Data\SiComponents 2008-11-09 10:48 . 2008-11-09 10:49 <REP> d-------- c:\program files\mp3DirectCut 2008-11-01 10:51 . 2008-11-01 10:51 <REP> d-------- c:\program files\Fichiers communs\DVDVIDEOSOFT 2008-11-01 10:51 . 2008-11-01 10:51 <REP> d-------- c:\program files\DVDVIDEOSOFT 2008-11-01 10:51 . 2002-01-05 15:37 344,064 --a------ c:\windows\system32\msvcr70.dll 2008-11-01 10:36 . 2008-11-01 10:50 <REP> d-------- c:\program files\MediaCoder 2008-10-28 23:30 . 2008-11-15 15:54 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-10-28 23:29 . 2008-10-29 08:32 <REP> d-------- c:\program files\Trojan Remover 2008-10-28 23:29 . 2008-10-28 23:29 <REP> d-------- c:\documents and settings\Parents\Application Data\Simply Super Software 2008-10-28 23:29 . 2008-10-28 23:29 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2008-10-28 23:29 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll 2008-10-28 23:29 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll 2008-10-28 23:29 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll 2008-10-28 23:29 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll 2008-10-28 23:29 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll 2008-10-24 21:12 . 2008-10-24 21:12 552 --a------ c:\windows\system32\d3d8caps.dat 2008-10-20 21:58 . 2008-10-20 22:04 705 --a------ C:\d3.exe 2008-10-20 21:58 . 2008-10-20 22:04 705 --a------ C:\d2.exe 2008-10-20 21:57 . 2008-10-20 22:04 2 --a------ C:\-1599513958 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-15 16:16 --------- d-----w c:\program files\SPAMfighter 2008-11-15 16:13 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2008-11-15 16:03 --------- d-----w c:\program files\Winamp Remote 2008-11-15 10:35 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-10-25 17:59 --------- d-----w c:\documents and settings\Enfants\Application Data\DivX 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-12 18:07 --------- d-----w c:\documents and settings\All Users\Application Data\SlySoft 2008-10-12 18:05 --------- d-----w c:\program files\SlySoft 2008-09-20 10:44 99,648 ----a-w c:\windows\system32\drivers\AnyDVD.sys 2008-01-13 12:38 357,768 ----a-w c:\documents and settings\Parents\SymXPep2.dll 2001-03-28 10:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1211176] "Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616] "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 3628080] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-10-20 2177984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648] "DNS7reminder"="c:\program files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" [2005-04-11 729088] "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-24 217088] "Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376] "Ai Gear Help"="c:\program files\ASUS\AI Gear\GearHelp.exe" [2006-07-27 415744] "Ai Nap"="c:\program files\ASUS\AI Nap\AiNap.exe" [2006-11-30 1419776] "Launch PC Probe II"="c:\program files\ASUS\PC Probe II\Probe2.exe" [2007-01-05 2129920] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-27 185896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608] "ArianeLu"="c:\program files\Ariane\Lanceur\ArianeLU.exe" [2003-03-26 598016] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672] "nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Dragon NaturallySpeaking.lnk - c:\program files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe [2005-04-11 1994752] c:\documents and settings\Parents\Menu D‚marrer\Programmes\D‚marrage\ Palm Registration.lnk - c:\program files\Palm\register.exe [2008-01-06 2494464] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-18 110592] ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-10-10 995328] DataViz Inc Messenger.lnk - c:\program files\Fichiers communs\DataViz\DvzIncMsgr.exe [2007-10-21 28672] HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040] NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2005-02-10 178688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=synfel.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.LAGS"= lagarith.dll "VIDC.HFYU"= huffyuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 lpx;LPX Protocol;c:\windows\system32\DRIVERS\lpx.sys [2005-02-09 109184] R1 lfsfilt;Lean File Sharing;c:\windows\system32\DRIVERS\lfsfilt.sys [2005-02-09 120704] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968] R3 ndasbus;NDAS Bus Driver;c:\windows\system32\DRIVERS\ndasbus.sys [2005-02-09 38656] S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888] S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\DRIVERS\ndasscsi.sys [2005-02-09 90752] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2006-09-05 176128] S3 SjyPkt;SjyPkt;c:\windows\System32\Drivers\SjyPkt.sys [2006-06-23 13532] *Newly Created Service* - COMHOST . Contenu du dossier 'Tâches planifiées' 2008-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2008-11-03 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Administrateur.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 18:19] 2008-11-03 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Parents.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 18:19] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{8b60f761-c432-4388-ac53-bbe565464af6} - c:\windows\system32\synfel.dll . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\documents and settings\Parents\Application Data\Mozilla\Firefox\Profiles\5qne2x1q.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orange.fr/|http://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr:official FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-15 17:15:38 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Symantec Shared\ccProxy.exe c:\progra~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\windows\system32\gearsec.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\NDAS\System\ndassvc.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\windows\system32\rundll32.exe c:\program files\Ariane\Ariane\Ariane.exe c:\windows\system32\msiexec.exe c:\program files\ASUS\AASP\1.00.25\aaCenter.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Winamp Remote\bin\Orb.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2008-11-15 17:18:46 - La machine a redémarré ComboFix-quarantined-files.txt 2008-11-15 16:18:42 Avant-CF: 64 712 310 784 octets libres Après-CF: 68,928,057,344 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer 203 --- E O F --- 2008-11-12 23:34:59
-
Infection récurrente à Trojan Vundo sur une machine protégée par NIS, en réseau. Outil spécifique Symantec utilisé à plusieurs reprises (FixVundo.exe), idem Trojan Remover en mode nomal ou en mode sans échec. Le virus est parfois retrouvé et éradiqué, mais détection ultérieure récurrente par NIS. J'ai fait une analyse par ComboFix dont voici le résultat : qu'en pensez vous ? Autre outil à me conseiller ? ComboFix 08-11-13.01 - Parents 2008-11-15 17:11:36.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1321 [GMT 1:00] Lancé depuis: c:\telechargementbis\ComboFix.exe * Un nouveau point de restauration a été créé . ADS - WINDOWS: deleted 24 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\d.exe c:\windows\IE4 Error Log.txt c:\windows\system32\jxifhlax.dll c:\windows\system32\synfel.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-15 au 2008-11-15 )))))))))))))))))))))))))))))))))))) . 2008-11-09 21:38 . 2008-11-09 21:38 <REP> d-------- c:\documents and settings\All Users\Application Data\SiComponents 2008-11-09 10:48 . 2008-11-09 10:49 <REP> d-------- c:\program files\mp3DirectCut 2008-11-01 10:51 . 2008-11-01 10:51 <REP> d-------- c:\program files\Fichiers communs\DVDVIDEOSOFT 2008-11-01 10:51 . 2008-11-01 10:51 <REP> d-------- c:\program files\DVDVIDEOSOFT 2008-11-01 10:51 . 2002-01-05 15:37 344,064 --a------ c:\windows\system32\msvcr70.dll 2008-11-01 10:36 . 2008-11-01 10:50 <REP> d-------- c:\program files\MediaCoder 2008-10-28 23:30 . 2008-11-15 15:54 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-10-28 23:29 . 2008-10-29 08:32 <REP> d-------- c:\program files\Trojan Remover 2008-10-28 23:29 . 2008-10-28 23:29 <REP> d-------- c:\documents and settings\Parents\Application Data\Simply Super Software 2008-10-28 23:29 . 2008-10-28 23:29 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2008-10-28 23:29 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll 2008-10-28 23:29 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll 2008-10-28 23:29 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll 2008-10-28 23:29 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll 2008-10-28 23:29 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll 2008-10-24 21:12 . 2008-10-24 21:12 552 --a------ c:\windows\system32\d3d8caps.dat 2008-10-20 21:58 . 2008-10-20 22:04 705 --a------ C:\d3.exe 2008-10-20 21:58 . 2008-10-20 22:04 705 --a------ C:\d2.exe 2008-10-20 21:57 . 2008-10-20 22:04 2 --a------ C:\-1599513958 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-15 16:16 --------- d-----w c:\program files\SPAMfighter 2008-11-15 16:13 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2008-11-15 16:03 --------- d-----w c:\program files\Winamp Remote 2008-11-15 10:35 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-10-25 17:59 --------- d-----w c:\documents and settings\Enfants\Application Data\DivX 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-12 18:07 --------- d-----w c:\documents and settings\All Users\Application Data\SlySoft 2008-10-12 18:05 --------- d-----w c:\program files\SlySoft 2008-09-20 10:44 99,648 ----a-w c:\windows\system32\drivers\AnyDVD.sys 2008-01-13 12:38 357,768 ----a-w c:\documents and settings\Parents\SymXPep2.dll 2001-03-28 10:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1211176] "Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616] "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 3628080] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-10-20 2177984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648] "DNS7reminder"="c:\program files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" [2005-04-11 729088] "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-24 217088] "Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376] "Ai Gear Help"="c:\program files\ASUS\AI Gear\GearHelp.exe" [2006-07-27 415744] "Ai Nap"="c:\program files\ASUS\AI Nap\AiNap.exe" [2006-11-30 1419776] "Launch PC Probe II"="c:\program files\ASUS\PC Probe II\Probe2.exe" [2007-01-05 2129920] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-27 185896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608] "ArianeLu"="c:\program files\Ariane\Lanceur\ArianeLU.exe" [2003-03-26 598016] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672] "nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Dragon NaturallySpeaking.lnk - c:\program files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe [2005-04-11 1994752] c:\documents and settings\Parents\Menu D‚marrer\Programmes\D‚marrage\ Palm Registration.lnk - c:\program files\Palm\register.exe [2008-01-06 2494464] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-18 110592] ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-10-10 995328] DataViz Inc Messenger.lnk - c:\program files\Fichiers communs\DataViz\DvzIncMsgr.exe [2007-10-21 28672] HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040] NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2005-02-10 178688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=synfel.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.LAGS"= lagarith.dll "VIDC.HFYU"= huffyuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 lpx;LPX Protocol;c:\windows\system32\DRIVERS\lpx.sys [2005-02-09 109184] R1 lfsfilt;Lean File Sharing;c:\windows\system32\DRIVERS\lfsfilt.sys [2005-02-09 120704] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968] R3 ndasbus;NDAS Bus Driver;c:\windows\system32\DRIVERS\ndasbus.sys [2005-02-09 38656] S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888] S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\DRIVERS\ndasscsi.sys [2005-02-09 90752] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2006-09-05 176128] S3 SjyPkt;SjyPkt;c:\windows\System32\Drivers\SjyPkt.sys [2006-06-23 13532] *Newly Created Service* - COMHOST . Contenu du dossier 'Tâches planifiées' 2008-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2008-11-03 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Administrateur.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 18:19] 2008-11-03 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Parents.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 18:19] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{8b60f761-c432-4388-ac53-bbe565464af6} - c:\windows\system32\synfel.dll . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\documents and settings\Parents\Application Data\Mozilla\Firefox\Profiles\5qne2x1q.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orange.fr/|http://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr:official FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-15 17:15:38 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Symantec Shared\ccProxy.exe c:\progra~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\windows\system32\gearsec.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\NDAS\System\ndassvc.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\windows\system32\rundll32.exe c:\program files\Ariane\Ariane\Ariane.exe c:\windows\system32\msiexec.exe c:\program files\ASUS\AASP\1.00.25\aaCenter.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Winamp Remote\bin\Orb.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2008-11-15 17:18:46 - La machine a redémarré ComboFix-quarantined-files.txt 2008-11-15 16:18:42 Avant-CF: 64 712 310 784 octets libres Après-CF: 68,928,057,344 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer 203 --- E O F --- 2008-11-12 23:34:59
-
Bonsoir et merci pour ton aide rapide et efficace. Tout a l'air de marcher comme je le souhaitais.....pourvu que ça dure. Je te joins le nouveau log HiJack. Tu noteras que de nouvelles entrées de spyware sont apparues car j'ai réinstallé un codec divx vecteur de gain tricker. Celui ne me gêne pas ...je le garde. Merci encore et à une autre fois sur le forum. Logfile of HijackThis v1.99.1 Scan saved at 22:47:33, on 03/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWSX\System32\smss.exe D:\WINDOWSX\system32\winlogon.exe D:\WINDOWSX\system32\services.exe D:\WINDOWSX\system32\lsass.exe D:\WINDOWSX\System32\Ati2evxx.exe D:\WINDOWSX\system32\svchost.exe D:\WINDOWSX\System32\svchost.exe D:\WINDOWSX\system32\spoolsv.exe D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe D:\WINDOWSX\System32\CTSvcCDA.exe D:\PROGRA~1\Iomega\System32\AppServices.exe D:\Program Files\Norton AntiVirus\navapsvc.exe D:\Program Files\Norton Internet Security\NISUM.EXE D:\WINDOWSX\System32\svchost.exe D:\Program Files\Iomega\AutoDisk\ADService.exe D:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe D:\Program Files\Norton Internet Security\ccPxySvc.exe D:\WINDOWSX\system32\Ati2evxx.exe D:\WINDOWSX\Explorer.EXE D:\Program Files\Microsoft IntelliType Pro\type32.exe D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe D:\Program Files\Winamp\Winampa.exe D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe D:\Program Files\Iomega\AutoDisk\ADUserMon.exe D:\WINDOWSX\system32\CTHELPER.EXE D:\Program Files\Havas Medimedia\Communs\Vidal.exe D:\Program Files\Iomega\DriveIcons\ImgIcon.exe D:\Program Files\Logitech\MouseWare\system\em_exec.exe D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe D:\program files\divx\divx pro codec\gain_trickler_3202.exe D:\WINDOWSX\system32\ctfmon.exe D:\Program Files\Messenger\msmsgs.exe D:\WINDOWSX\System32\svchost.exe D:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe D:\Program Files\Iomega\Iomega Backup\dtsc.exe D:\Program Files\Intermute\SpySubstract\SpySub.exe D:\WINDOWSX\system32\wuauclt.exe D:\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWSX\System32\\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [CloneCDTray] D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [ADUserMon] D:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] D:\WINDOWSX\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [vdlDeamon] D:\Program Files\Havas Medimedia\Communs\Vidal.exe O4 - HKLM\..\Run: [iomega Drive Icons] D:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] D:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [Trickler] "d:\program files\divx\divx pro codec\gain_trickler_3202.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWSX\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: Scheduler d'Iomega Backup.lnk = D:\Program Files\Iomega\Iomega Backup\dtsc.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: SpySubtract.lnk = D:\Program Files\Intermute\SpySubstract\SpySub.exe O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Pages liées - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061....trendmicro.com /housecall/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWSX\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWSX\System32\CTSvcCDA.exe O23 - Service: Iomega App Services - Iomega Corporation - D:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - D:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - D:\Program Files\Iomega\AutoDisk\ADService.exe
-
Bonjour Infecté par searchmiracle j'ai fait unscan hijack après avoir scanné à l'antivirus, avec a², adware, spysummd, cwschredder, et après avoir vidé les fichiers temporaires. Voici le log de hijack: que dois je faire sauter. D'avance merci. Denfert Logfile of HijackThis v1.99.1 Scan saved at 01:46:45, on 01/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWSX\System32\smss.exe D:\WINDOWSX\system32\winlogon.exe D:\WINDOWSX\system32\services.exe D:\WINDOWSX\system32\lsass.exe D:\WINDOWSX\System32\Ati2evxx.exe D:\WINDOWSX\system32\svchost.exe D:\WINDOWSX\System32\svchost.exe D:\WINDOWSX\system32\spoolsv.exe D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe D:\WINDOWSX\System32\CTSvcCDA.exe D:\PROGRA~1\Iomega\System32\AppServices.exe D:\Program Files\Norton AntiVirus\navapsvc.exe D:\Program Files\Norton Internet Security\NISUM.EXE D:\WINDOWSX\System32\svchost.exe D:\Program Files\Iomega\AutoDisk\ADService.exe D:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe D:\Program Files\Norton Internet Security\ccPxySvc.exe D:\WINDOWSX\System32\svchost.exe D:\WINDOWSX\system32\Ati2evxx.exe D:\WINDOWSX\Explorer.EXE D:\Program Files\Microsoft IntelliType Pro\type32.exe D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe D:\Program Files\Winamp\Winampa.exe D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe D:\Program Files\Iomega\AutoDisk\ADUserMon.exe D:\WINDOWSX\system32\CTHELPER.EXE D:\Program Files\Havas Medimedia\Communs\Vidal.exe D:\Program Files\Iomega\DriveIcons\ImgIcon.exe D:\Program Files\Logitech\MouseWare\system\em_exec.exe D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe D:\WINDOWSX\system32\ctfmon.exe D:\Program Files\Messenger\msmsgs.exe D:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe D:\Program Files\Iomega\Iomega Backup\dtsc.exe D:\Program Files\Intermute\SpySubstract\SpySub.exe D:\Telechargement\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWSX\System32\\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [CloneCDTray] D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [ADUserMon] D:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] D:\WINDOWSX\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [vdlDeamon] D:\Program Files\Havas Medimedia\Communs\Vidal.exe O4 - HKLM\..\Run: [iomega Drive Icons] D:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] D:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [ASDPLUGIN] D:\WINDOWSX\system32\france.exe -N O4 - HKLM\..\Run: [HELPER] D:\WINDOWSX\system32\sweden.exe -N O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWSX\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: MS Office - Démarrage accéléré.lnk = D:\Applications\office95\Office\FASTBOOT.EXE O4 - Global Startup: Microsoft Office.lnk = D:\Applications\office2000\Office\OSA9.EXE O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: Scheduler d'Iomega Backup.lnk = D:\Program Files\Iomega\Iomega Backup\dtsc.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: SpySubtract.lnk = D:\Program Files\Intermute\SpySubstract\SpySub.exe O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142XXUS O8 - Extra context menu item: Pages liées - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...mileyCentralIni tialSetup1.0.0.8.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.axilog.fr/inetcomp/iftwclix.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...trendmicro.com/ housecall/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWSX\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWSX\System32\CTSvcCDA.exe O23 - Service: Iomega App Services - Iomega Corporation - D:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - D:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - D:\Program Files\Iomega\AutoDisk\ADService.exe