bonjour tout le monde...
récemment connecté via la freebox, et déjà des virus persistants...
Elitebar notemment...
J'utilise a² free et spybot....
je viens d'y passer toute la nuit...
voici mon log:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\nvsc32.exe
C:\WINDOWS\System32\ndis.exe
C:\WINDOWS\System32\sysrestore.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Trust\302KS\Mouse\mouse32a.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Trust\302KS\Keyboard\KbdAp32A.exe
C:\WINDOWS\System32\mssupdate.exe
C:\WINDOWS\System32\windrv.exe
C:\WINDOWS\System32\systerm.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\msgrsv32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\LEGUAY\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.free.fr/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Trust\302KS\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Trust\302KS\Keyboard\MMKEYBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Microsoft Windows Security] spvsper.exe
O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe
O4 - HKLM\..\Run: [hXhGARU] C:\WINDOWS\dtckkko.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [NDIS Adapter] ndis.exe
O4 - HKLM\..\Run: [Start Uppings] mssupdate.exe
O4 - HKLM\..\Run: [[Ephemeral 2.4] by TreeHugger, ] C:\DOCUME~1\LEGUAY\LOCALS~1\Temp\8.tmp.exe
O4 - HKLM\..\Run: [] windrv.exe
O4 - HKLM\..\Run: [svshost32] C:\WINDOWS\System32\msgrsv32.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvgex32.exe
O4 - HKLM\..\Run: [System32 TCP Manager] systerm.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Starting up] wvsvc.exe
O4 - HKLM\..\Run: [Registry Server] regsrv32.exe
O4 - HKLM\..\Run: [MS SyS Restore] sysrestore.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\RunServices: [Microsoft Windows Security] spvsper.exe
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKLM\..\RunServices: [] windrv.exe
O4 - HKLM\..\RunServices: [System32 TCP Manager] systerm.exe
O4 - HKLM\..\RunServices: [Starting up] wvsvc.exe
O4 - HKLM\..\RunServices: [Registry Server] regsrv32.exe
O4 - HKLM\..\RunServices: [MS SyS Restore] sysrestore.exe
O4 - HKLM\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunOnce: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunOnce: [MS SyS Restore] sysrestore.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Microsoft Windows Security] spvsper.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [NDIS Adapter] ndis.exe
O4 - HKCU\..\Run: [Start Uppings] mssupdate.exe
O4 - HKCU\..\Run: [System32 TCP Manager] systerm.exe
O4 - HKCU\..\Run: [Starting up] wvsvc.exe
O4 - HKCU\..\Run: [Registry Server] regsrv32.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MS SyS Restore] sysrestore.exe
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKCU\..\RunServices: [Registry Server] regsrv32.exe
O4 - HKCU\..\RunOnce: [MS SyS Restore] sysrestore.exe
O4 - HKCU\..\RunOnce: [NDIS Adapter] ndis.exe
O4 - HKCU\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O14 - IERESET.INF: START_PAGE_URL=
http://home.free.fr/
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_file.php?bt=ie&p=d20fa8d5f4264b86bbb8e647a63708b6c99b4579b01e03cf6596be4b6ccd5f834c226e187f514a57146a2f401658b6ded26faaa420e61eff2d0f04872c2d4e34f5:95ec69cd9832ce7118a329d3cca17b9b
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
http://static.topconverting.com/activex/loader2.ocx
de plus, je voulais savoir si c'est normal que svchost.exe veulent se connecter constemment sur le web...
Merci par avance de toute l'aide que vous pourrez m'apporter...
Afficher la suite