 | a priori trojan ou spyware type drivecleaner (mais d'autres aussi) |
» Liste des Forums » Virus, troyens, etc... » Discussion |
- Logfile of HijackThis v1.99.1
- Scan saved at 14:49:48, on 09/03/2007
- Platform: Windows XP SP2 (WinNT 5.01.2600)
- MSIE: Internet Explorer v7.00 (7.00.6000.16414)
- Running processes:
- C:\WINDOWS\System32\smss.exe
- C:\WINDOWS\system32\winlogon.exe
- C:\WINDOWS\system32\services.exe
- C:\WINDOWS\system32\lsass.exe
- C:\WINDOWS\system32\Ati2evxx.exe
- C:\WINDOWS\system32\svchost.exe
- C:\WINDOWS\System32\svchost.exe
- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
- C:\WINDOWS\system32\Ati2evxx.exe
- C:\WINDOWS\Explorer.EXE
- C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
- C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
- C:\WINDOWS\system32\spoolsv.exe
- C:\WINDOWS\SOUNDMAN.EXE
- C:\WINDOWS\ALCWZRD.EXE
- C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
- C:\WINDOWS\system32\rundll32.exe
- C:\Program Files\iTunes\iTunesHelper.exe
- C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
- C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
- C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
- C:\WINDOWS\System32\spool\DRIVERS\W32X86\E_FATIBVE.EXE
- C:\Program Files\Spamihilator\spamihilator.exe
- C:\Program Files\Messenger\msmsgs.exe
- C:\WINDOWS\system32\ctfmon.exe
- C:\WINDOWS\system32\svchost.exe
- C:\Program Files\iPod\bin\iPodService.exe
- C:\Program Files\MSN Messenger\usnsvc.exe
- C:\Program Files\Mozilla Firefox\firefox.exe
- C:\WINDOWS\system32\wuauclt.exe
- C:\Documents and Settings\Ninou\Bureau\HijackThis.exe
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
- R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
- R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
- R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
- O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
- O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
- O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser.0\NppBho.dll
- O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
- O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
- O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
- O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser.0\UIBHO.dll
- O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
- O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
- O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
- O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
- O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
- O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
- O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
- O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
- O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
- O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
- O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
- O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
- O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
- O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
- O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
- O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S94.tmp" /EF "HKLM"
- O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
- O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
- O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
- O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
- O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
- O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
- O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
- O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
- O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
- O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
- O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
- O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
- O11 - Options group: [INTERNATIONAL] International*
- O15 - Trusted Zone: *.canalplay.com
- O15 - Trusted Zone: *.canalplusactive.com
- O15 - Trusted Zone: http://safety.live.com
- O15 - Trusted Zone: *.canalplay.com (HKLM)
- O15 - Trusted Zone: *.canalplusactive.com (HKLM)
- O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
- O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
- O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117524694665
- O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162968343015
- O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
- O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
- O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - http://www.canalplay.com/cabs/msway44.cab
- O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
- O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
- O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
- O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
- O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
- O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
- O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
- O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
- O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
- O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
- O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
- O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
- O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
- O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
- O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
- O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
- O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
- O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
- O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
- O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
- Search Navipromo version 1.0.6 commencé le 10/03/2007 à 2:20:21,75
- !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
- !!! Poster ce rapport sur le forum pour le faire analyser !!!
- !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
- Fix lancé depuis C:\Documents and Settings\Ninou\Bureau\navilog
- Mise a jour le 08.03.2007 a 14h00 by IL-MAFIOSO
- Executé en mode normal
- *** Recherche Programmes installes ***
- *** Recherche dossiers dans C:\WINDOWS ***
- *** Recherche dossiers dans C:\Program Files ***
- *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
- *** Recherche dossiers dans C:\Documents and Settings\Ninou\Application Data ***
- *** Recherche avec BlackLight Engine/F-secure ***
- BlackLight Engine est un produit de F-secure, pour + d'infos :
- http://www.f-secure.com/blacklight/blacklight_help.html
- Fichier(s) caché(s) dans C:\WINDOWS\system32 :
- c:\Windows\system32\eukfmbay.dat
- c:\Windows\system32\eukfmbay_nav.dat
- c:\Windows\system32\eukfmbay_navps.dat
- Processus caché(s) dans C:\WINDOWS\system32 :
- *** Recherche fichiers ***
- C:\WINDOWS\pack.epk trouvé !
- C:\WINDOWS\system32\nvs2.inf trouvé !
- *** Recherche cles registre ***
- Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
- Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
- Recherche Clé Magic Control
- HKEY_CURRENT_USER\Software\Lanconfig trouvé !
- *** Module de recherche complémentaire ***
- (recherche fichiers spécifiques)
- 1)Recherche nouveaux fichiers connus:
- 2)Recherche Heuristique :
- *
- C:\WINDOWS\system32\eukfmbay.dat
- **
- C:\WINDOWS\system32\eukfmbay.dat
- ***
- ****
- C:\WINDOWS\system32\eukfmbay_navps.dat
- *** Analyse Terminé le 10/03/2007 à 2:24:39,26 ***
15 ans.
