worm, hijackthis, malwares KEZAKO

[delphine05]

Mon cher megataupe

 

j'ai effectivement les onglets sauf : Fonctionnalite WEB qui est rem[lace par "contenu" et quand j'ouvre cet onglet, il n'y a pas ce donc tu me parle...

 

Par contre, es ce normal que Firefox soit lent a ouvrir ?

J;ai egalement toujours les 2 messages de norton pour infection par w32. explet et celui du spybot.... que fois faire.

 

J;ai egalement refais un scan avec ewido qu m'a encore trouve 55 malwares .... es ce nornal ?

dois je refaure un scan hijackthis ?

 

Pas des malwares mais des spywares (coockies ) sorry

 

 

Nouveau Probleme....

 

un message de window disant que j;ai un conflit avec une autre adresse IP ?????

 

Au secours

 

PS : une question : si en ouvrant yahoo messenger on a un message comme quoi on est deja connecte sur un autre PC et que la secion va etre faermer... es ce que cela veut dire que la connection est Hijacked ??? car c'es ce qui arrive a mon pere en france (et lui ne connait absolunent rine en informatique !!! encore moins que moi....)

[megataupe]

Bonjour Delphine, salut Jack . Pour ce qui se connecte sur ton PC, tu

vas charger ce soft : CurrPorts

 

CurrPorts

 

le lancer puis, tu vas dans Edition/sélectionner tout, ensuite tu vas dans

fichier : enregistrer les éléments sélectionnés, dans la fenêtre enregistrer dans :

tu choisis bureau et tu donnes un nom à ce fichier (rapport Currports).

Ensuite, tu ouvres ce fichier rapport Currports, tu copies tout ce qu'il y a

dedans et tu l'envoies avec ton prochain message.

 

Pour le reste (rapport Ewido), pas grave si ce n'est que des cookies mais,

envoie quand même un rapport HijackThis.

 

edit: pour Firefox, dans l'onglet contenu tu dois avoir coché ce qui suit :

prévenir lorsque des sites désirent installer des extensions

ou des thèmes. Tu décoches pour pouvoir installer tes extensions

et tu recoches quand tu auras terminé.

Modifié le 7 décembre 2005 par megataupe

[delphine05]

bonsoir Jack et bonsoir Megataupe,

 

voici donc le rapport Currports :

 

alg.exe 1788 TCP 3002 127.0.0.1 0.0.0.0 Listening C:\WINDOWS\System32\alg.exe Microsoft® Windows® Operating System Application Layer Gateway Service 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:28:00 PM ALG

ccApp.exe 216 TCP 3010 127.0.0.1 0.0.0.0 Listening C:\Program Files\Common Files\Symantec Shared\ccApp.exe Common Client Common Client User Session 2.2.0.577 Symantec Corporation 12/7/2005 7:28:05 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 3118 0.0.0.0 0.0.0.0 Listening C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 3168 0.0.0.0 0.0.0.0 Listening C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 3168 10.100.204.212 80 http 64.233.163.99 Established C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 3117 127.0.0.1 0.0.0.0 Listening C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 3117 127.0.0.1 3118 127.0.0.1 localhost Established C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 3118 127.0.0.1 3117 127.0.0.1 localhost Established C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

lsass.exe 576 UDP 500 isakmp 0.0.0.0 C:\WINDOWS\system32\lsass.exe Microsoft® Windows® Operating System LSA Shell (Export Version) 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:48 PM NT AUTHORITY\SYSTEM PolicyAgent, ProtectedStorage, SamSs

MsnMsgr.Exe 960 TCP 3173 0.0.0.0 0.0.0.0 Listening C:\Program Files\MSN Messenger\MsnMsgr.Exe MSN Messenger MSN Messenger 7.5.0311 Microsoft Corporation 12/7/2005 7:28:17 PM PENTIUM4\Delphine A

MsnMsgr.Exe 960 TCP 3176 0.0.0.0 0.0.0.0 Listening C:\Program Files\MSN Messenger\MsnMsgr.Exe MSN Messenger MSN Messenger 7.5.0311 Microsoft Corporation 12/7/2005 7:28:17 PM PENTIUM4\Delphine A

MsnMsgr.Exe 960 TCP 3173 10.100.204.212 1863 207.46.6.93 baym-cs301.msgr.hotmail.com Established C:\Program Files\MSN Messenger\MsnMsgr.Exe MSN Messenger MSN Messenger 7.5.0311 Microsoft Corporation 12/7/2005 7:28:17 PM PENTIUM4\Delphine A

MsnMsgr.Exe 960 TCP 3176 10.100.204.212 8080 82.198.15.242 proxy.fastnetonline.com Established C:\Program Files\MSN Messenger\MsnMsgr.Exe MSN Messenger MSN Messenger 7.5.0311 Microsoft Corporation 12/7/2005 7:28:17 PM PENTIUM4\Delphine A

MsnMsgr.Exe 960 UDP 1027 127.0.0.1 C:\Program Files\MSN Messenger\MsnMsgr.Exe MSN Messenger MSN Messenger 7.5.0311 Microsoft Corporation 12/7/2005 7:28:17 PM PENTIUM4\Delphine A

svchost.exe 740 TCP 135 epmap 0.0.0.0 0.0.0.0 Listening C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM RpcSs

svchost.exe 792 TCP 1025 0.0.0.0 0.0.0.0 Listening C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 980 TCP 5000 0.0.0.0 0.0.0.0 Listening C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM LmHosts, RemoteRegistry, SSDPSRV, WebClient

svchost.exe 792 TCP 3003 127.0.0.1 0.0.0.0 Listening C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 792 TCP 3004 127.0.0.1 0.0.0.0 Listening C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 740 TCP 135 epmap 192.168.0.112 1281 192.168.0.106 Established C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM RpcSs

svchost.exe 740 UDP 135 epmap 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM RpcSs

svchost.exe 792 UDP 1026 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 892 UDP 1028 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM Dnscache

svchost.exe 892 UDP 1030 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM Dnscache

svchost.exe 892 UDP 3001 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM Dnscache

svchost.exe 892 UDP 3160 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM Dnscache

svchost.exe 892 UDP 3161 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM Dnscache

svchost.exe 892 UDP 3162 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM Dnscache

svchost.exe 892 UDP 3163 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM Dnscache

svchost.exe 892 UDP 3164 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM Dnscache

svchost.exe 792 UDP 123 ntp 10.100.204.212 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 980 UDP 1900 10.100.204.212 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM LmHosts, RemoteRegistry, SSDPSRV, WebClient

svchost.exe 792 UDP 2234 10.100.204.212 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 792 UDP 123 ntp 127.0.0.1 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 980 UDP 1900 127.0.0.1 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM LmHosts, RemoteRegistry, SSDPSRV, WebClient

svchost.exe 792 UDP 2234 127.0.0.1 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 792 UDP 3008 127.0.0.1 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 792 UDP 123 ntp 192.168.0.112 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 980 UDP 1900 192.168.0.112 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM LmHosts, RemoteRegistry, SSDPSRV, WebClient

System 4 TCP 445 microsoft-ds 0.0.0.0 0.0.0.0 Listening N/A

System 4 TCP 1029 0.0.0.0 0.0.0.0 Listening N/A

System 4 TCP 139 netbios-ssn 192.168.0.112 0.0.0.0 Listening N/A

System 4 UDP 445 microsoft-ds 0.0.0.0 N/A

System 4 UDP 137 netbios-ns 192.168.0.112 N/A

System 4 UDP 138 netbios-dgm 192.168.0.112 N/A

ypager.exe 1032 TCP 3171 0.0.0.0 0.0.0.0 Listening C:\Program Files\Yahoo!\Messenger\ypager.exe 12/7/2005 8:19:32 PM PENTIUM4\Delphine A

ypager.exe 1032 TCP 5101 0.0.0.0 0.0.0.0 Listening C:\Program Files\Yahoo!\Messenger\ypager.exe 12/7/2005 8:19:32 PM PENTIUM4\Delphine A

ypager.exe 1032 TCP 3171 10.100.204.212 5050 216.155.193.181 cs54.msg.dcn.yahoo.com Established C:\Program Files\Yahoo!\Messenger\ypager.exe 12/7/2005 8:19:32 PM PENTIUM4\Delphine A

ypager.exe 1032 UDP 3175 0.0.0.0 C:\Program Files\Yahoo!\Messenger\ypager.exe 12/7/2005 8:19:32 PM PENTIUM4\Delphine A

 

 

 

 

 

ainsi que le rapport Hijakthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 19:26:02, on 07/12/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

C:\Documents and Settings\Delphine\My Documents\DELPHINE\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.fastnetonline.com:8080

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1133664264154

O17 - HKLM\System\CCS\Services\Tcpip\..\{25CD001B-45BD-44F3-9683-9B606019D49F}: NameServer = 190.102.1.1

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

merci beaucoup

[megataupe]

Bon, je te prépare de quoi t'occuper et je vais donc éditer ce

message d'ici quelques minutes. Rien de suspect sur le rapport

HijackThis mais ton système n'est toujours pas mis à jour

 

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Me revoilou

 

Tu vas d'abord fermer les ports à risques avec ZebProtect

 

Télécharger ZebProtect

 

Ensuite, tu vas sur le site de Tesgaz et tu paramétres les

services selon l'utilisation de ton PC (PC avec ou sans réseau)

 

Les services par Tesgaz

 

(Pour accéder aux services de Windows, il suffit d'aller sur le menu "Démarrer"

"Exécuter" et de taper "services.msc" (sans les guillemets) puis OK.)

 

NB : Sur le rapport de Currports, je n'ai pas vu de tentative de

détournement de ta connexion mais des ports critiques en écoute

que tu vas donc fermer avec ZebProtect.

Modifié le 7 décembre 2005 par megataupe

[delphine05]

Bon, je te prépare de quoi t'occuper et je vais donc éditer ce

message d'ici quelques minutes. Rien de suspect sur le rapport

HijackThis mais ton système n'est toujours pas mis à jour

 

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Me revoilou

 

Tu vas d'abord fermer les ports à risques avec ZebProtect

 

Télécharger ZebProtect

 

Ensuite, tu vas sur le site de Tesgaz et tu paramétres les

services selon l'utilisation de ton PC (PC avec ou sans réseau)

 

Les services par Tesgaz

 

(Pour accéder aux services de Windows, il suffit d'aller sur le menu "Démarrer"

"Exécuter" et de taper "services.msc" (sans les guillemets) puis OK.)

 

NB : Sur le rapport de Currports, je n'ai pas vu de tentative de

détournement de ta connexion mais des ports critiques en écoute

que tu vas donc fermer avec ZebProtect.

 

 

Mon tres cher Megataupe,

 

Avant de te facher tout rouge contre moi LOL je dois te dire que (en bonne blonde que je suis !!) je t'ai mis le rapport hijakthis fait avant la mise a jour de windows..... j;i honte vraiment honte....

donc je pense que qu'il me faut donc fermer ma cession et te remettre le dernier rapport..

 

je ferais ca demain il est tard au Liban et ma famille me prie de lacher mon pc LOL

 

A demain donc, si cela ne te derange pas.

Bonne soiree

[megataupe]

Entendu. Bonne nuit à toutes et tous nos ami(e)s libanais .

[delphine05]

Entendu. Bonne nuit à toutes et tous nos ami(e)s libanais .

 

 

bonjour me revoilou....sorry probleme de mere... enfants malades etc qui m'a empechee de m'occuper du pc !! lol quand on vieilli les priorites changent .

donc voici le rapport au momen t du ip conflict

 

Rapport Cports au moment du IP conflict

 

 

alg.exe 1788 TCP 3002 127.0.0.1 0.0.0.0 Listening C:\WINDOWS\System32\alg.exe Microsoft® Windows® Operating System Application Layer Gateway Service 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:28:00 PM ALG

ccApp.exe 216 TCP 3010 127.0.0.1 0.0.0.0 Listening C:\Program Files\Common Files\Symantec Shared\ccApp.exe Common Client Common Client User Session 2.2.0.577 Symantec Corporation 12/7/2005 7:28:05 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 3118 0.0.0.0 0.0.0.0 Listening C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 4275 0.0.0.0 0.0.0.0 Listening C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 4636 0.0.0.0 0.0.0.0 Listening C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 4690 0.0.0.0 0.0.0.0 Listening C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 4755 0.0.0.0 0.0.0.0 Listening C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 4756 0.0.0.0 0.0.0.0 Listening C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 4275 10.100.204.212 80 http 84.53.142.9 Established C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 4636 10.100.204.212 80 http 84.53.142.9 Established C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 4690 10.100.204.212 80 http 84.53.142.9 Established C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 4755 10.100.204.212 80 http 195.154.195.181 fradvip2.doubleclick.net Established C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 4756 10.100.204.212 80 http 62.23.26.6 host.6.26.23.62.rev.coltfrance.com Last Ack C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 3117 127.0.0.1 0.0.0.0 Listening C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 3117 127.0.0.1 3118 127.0.0.1 localhost Established C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

firefox.exe 3732 TCP 3118 127.0.0.1 3117 127.0.0.1 localhost Established C:\Program Files\Mozilla Firefox\firefox.exe Firefox Firefox 1.8: 2005111116 Mozilla Corporation 12/7/2005 8:13:09 PM PENTIUM4\Delphine A

lsass.exe 576 UDP 500 isakmp 0.0.0.0 C:\WINDOWS\system32\lsass.exe Microsoft® Windows® Operating System LSA Shell (Export Version) 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:48 PM NT AUTHORITY\SYSTEM PolicyAgent, ProtectedStorage, SamSs

MsnMsgr.Exe 960 UDP 1027 127.0.0.1 C:\Program Files\MSN Messenger\MsnMsgr.Exe MSN Messenger MSN Messenger 7.5.0311 Microsoft Corporation 12/7/2005 7:28:17 PM PENTIUM4\Delphine A

svchost.exe 740 TCP 135 epmap 0.0.0.0 0.0.0.0 Listening C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM RpcSs

svchost.exe 792 TCP 1025 0.0.0.0 0.0.0.0 Listening C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 980 TCP 5000 0.0.0.0 0.0.0.0 Listening C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM LmHosts, RemoteRegistry, SSDPSRV, WebClient

svchost.exe 792 TCP 3003 127.0.0.1 0.0.0.0 Listening C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 792 TCP 3004 127.0.0.1 0.0.0.0 Listening C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 740 UDP 135 epmap 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM RpcSs

svchost.exe 792 UDP 1026 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 892 UDP 1028 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM Dnscache

svchost.exe 892 UDP 1030 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM Dnscache

svchost.exe 892 UDP 3001 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM Dnscache

svchost.exe 892 UDP 3160 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM Dnscache

svchost.exe 892 UDP 3161 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM Dnscache

svchost.exe 892 UDP 3162 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM Dnscache

svchost.exe 892 UDP 3163 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM Dnscache

svchost.exe 892 UDP 3164 0.0.0.0 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM Dnscache

svchost.exe 792 UDP 123 ntp 10.100.204.212 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 980 UDP 1900 10.100.204.212 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM LmHosts, RemoteRegistry, SSDPSRV, WebClient

svchost.exe 792 UDP 2234 10.100.204.212 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 792 UDP 123 ntp 127.0.0.1 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 980 UDP 1900 127.0.0.1 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM LmHosts, RemoteRegistry, SSDPSRV, WebClient

svchost.exe 792 UDP 2234 127.0.0.1 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 792 UDP 3008 127.0.0.1 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 792 UDP 123 ntp 192.168.0.112 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:50 PM NT AUTHORITY\SYSTEM AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasAuto

svchost.exe 980 UDP 1900 192.168.0.112 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation 12/7/2005 7:27:51 PM LmHosts, RemoteRegistry, SSDPSRV, WebClient

System 4 TCP 445 microsoft-ds 0.0.0.0 0.0.0.0 Listening N/A

System 4 TCP 1029 0.0.0.0 0.0.0.0 Listening N/A

System 4 TCP 139 netbios-ssn 192.168.0.112 0.0.0.0 Listening N/A

System 4 UDP 445 microsoft-ds 0.0.0.0 N/A

System 4 UDP 137 netbios-ns 192.168.0.112 N/A

System 4 UDP 138 netbios-dgm 192.168.0.112 N/A

Unknown 0 TCP 4753 10.100.204.212 80 http 195.154.195.181 fradvip2.doubleclick.net Time Wait N/A

Unknown 0 TCP 4758 10.100.204.212 80 http 12.130.12.31 Time Wait N/A

Unknown 0 TCP 4759 10.100.204.212 80 http 62.23.26.6 host.6.26.23.62.rev.coltfrance.com Time Wait N/A

ypager.exe 1032 TCP 3171 0.0.0.0 0.0.0.0 Listening C:\Program Files\Yahoo!\Messenger\ypager.exe 12/7/2005 8:19:32 PM PENTIUM4\Delphine A

ypager.exe 1032 TCP 3179 0.0.0.0 0.0.0.0 Listening C:\Program Files\Yahoo!\Messenger\ypager.exe 12/7/2005 8:19:32 PM PENTIUM4\Delphine A

ypager.exe 1032 TCP 5101 0.0.0.0 0.0.0.0 Listening C:\Program Files\Yahoo!\Messenger\ypager.exe 12/7/2005 8:19:32 PM PENTIUM4\Delphine A

ypager.exe 1032 TCP 3171 10.100.204.212 5050 216.155.193.181 cs54.msg.dcn.yahoo.com Established C:\Program Files\Yahoo!\Messenger\ypager.exe 12/7/2005 8:19:32 PM PENTIUM4\Delphine A

ypager.exe 1032 TCP 3179 10.100.204.212 443 https 68.142.233.161 sip16.voice.re2.yahoo.com Established C:\Program Files\Yahoo!\Messenger\ypager.exe 12/7/2005 8:19:32 PM PENTIUM4\Delphine A

 

 

je vais maintenant lancer un rapport hijackthis et je te l'enverrai

@ plus

[megataupe]

Bonjour Delphine05. Il reste quelques ports sensibles à fermer

(mouchards de Windows).

 

Tu vas charger ZebProtect et fermer les services et ports

à risques :

 

Zebprotect

 

Ensuite, tu envoies un nouveau rapport de CurrPorts.

[delphine05]

VOILA

JE VOUS ENVOIS UN PEU DE SOLEIL... vu que apparement ca caille en france

 

Logfile of HijackThis v1.99.1

Scan saved at 10:21:37, on 15/12/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Yahoo!\Messenger\ypager.exe

C:\PROGRA~1\INTERN~2\KBOSDCtl.EXE

C:\PROGRA~1\INTERN~2\KCodeMsg.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\ViaVoice\Bin\engine.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Delphine\My Documents\DELPHINE\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.fastnetonline.com:8080

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1133664264154

O17 - HKLM\System\CCS\Services\Tcpip\..\{25CD001B-45BD-44F3-9683-9B606019D49F}: NameServer = 190.102.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{5F443BDA-896E-4564-98C0-FCD928390CAB}: NameServer = 82.198.15.242 82.198.15.242

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[Jack_Burton]

Bonjour a tous,

 

Je ne fais que passer!

J ai de gros doutes sur les lignes 017 de ce rapport :

O17 - HKLM\System\CCS\Services\Tcpip\..\{5F443BDA-896E-4564-98C0-FCD928390CAB}: NameServer = 82.198.15.242 82.198.15.242

Location: Russian Federation (high)

 

ARIN says that this IP belongs to RIPE; I'm looking it up there.

 

 

Using 15 day old cached answer (or, you can get fresh results).

Hiding E-mail address (you can get results with the E-mail address).

 

% This is the RIPE Whois query server #2.

% The objects are in RPSL format.

%

% Note: the default output of the RIPE Whois server

% is changed. Your tools may need to be adjusted. See

% http://www.ripe.net/db/news/abuse-proposal-20050331.html

% for more details.

%

% Rights restricted by copyright.

% See http://www.ripe.net/db/copyright.html

 

% Information related to '82.198.8.0 - 82.198.15.255'

 

inetnum: 82.198.8.0 - 82.198.15.255

netname: SATELLITE-TV-SERVICES

descr: SATELLITE-TV-SERVICES

country: RU

status: ASSIGNED PA

admin-c: LKV2000-RIPE

tech-c: LKV2000-RIPE

tech-c: EVE7-RIPE

tech-c: SO519-RIPE

tech-c: MPK8-RIPE

mnt-by: SATGATE-MNT

changed: ******@satgate.net 20040505

notify: ******@satgate.net

source: RIPE

 

person: Kirill V Lupandin

address: SatGate LLC

address: 942 Windemere Dr. NW

address: OR 82001 Salem

address: USA

phone: +7 0112 573 073

fax-no: +7 0112 573 071

e-mail: ******@satgatellc.com

nic-hdl: LKV2000-RIPE

notify: ******@satgatellc.com

mnt-by: SATGATE-MNT

source: RIPE

changed: ******@satgatellc.com 20051027

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{25CD001B-45BD-44F3-9683-9B606019D49F}: NameServer = 190.102.1.1

Location: [unknown]

 

ARIN says that this IP belongs to LACNIC; I'm looking it up there.

 

 

Using 30+ day old [sTALE - being deleted now] cached answer (or, you can get fresh results).

Hiding E-mail address (you can get results with the E-mail address).

 

 

% Joint Whois - whois.lacnic.net

% This server accepts single ASN, IPv4 or IPv6 queries

 

 

Unallocated resource: 190.102.1.1

 

delphine05, tu es sur quel Fournisseur d Acces a Internet? Dans quel pays es tu? Ce pc est connecté a un réseau d entreprise ou est ce un pc personnel?