[Virus] Suis-je infecté?
Tony1234
Messages postés
2
Statut
Membre
-
Tony1234 Messages postés 2 Statut Membre -
Tony1234 Messages postés 2 Statut Membre -
Salut,
J'ai changé d'antivirus il y a 2 semaine, passant d'AVG à Kaspersky, qui m'a trouvé le Trojan que je cherchais, mais il detecte des "suspicious activity", ce qui ne me plait guère.
Etant encore débutant en informatique, je me tourne vers vos lumières.
Kapersky me dit notamment:
detected: riskware Invader (loader) Running process: C:\WINDOWS\system32\rundll32.exe
02/01/2007 16:51:00 C:\WINDOWS\system32\svchost.exe Attempt to run process as a child of C:\WINDOWS\system32\services.exe (PID: 784).
02/01/2007 16:51:01 C:\WINDOWS\system32\alg.exe Attempt to run process as a child of C:\WINDOWS\system32\services.exe (PID: 784).
02/01/2007 16:51:46 C:\WINDOWS\system32\wuauclt.exe Attempt to run process as a child of C:\WINDOWS\System32\svchost.exe (PID: 1116).
02/01/2007 16:52:11 C:\WINDOWS\system32\rundll32.exe Attempt to run process as a child of C:\WINDOWS\system32\nvsvc32.exe (PID: 1980).
02/01/2007 16:52:15 C:\WINDOWS\system32\userinit.exe Attempt to run process as a child of \\?\C:\WINDOWS\system32\winlogon.exe (PID: 584).
02/01/2007 16:52:15 C:\WINDOWS\explorer.exe Attempt to run process as a child of C:\WINDOWS\system32\userinit.exe (PID: 608).
02/01/2007 16:52:18 C:\WINDOWS\system32\rundll32.exe Attempt to run process as a child of C:\WINDOWS\system32\nwiz.exe (PID: 1728).
02/01/2007 16:52:18 C:\WINDOWS\system32\rundll32.exe Attempt to load a new or modified module C:\WINDOWS\system32\keystone.exe into process.
02/01/2007 16:52:18 C:\WINDOWS\system32\rundll32.exe Action blocked.
02/01/2007 16:52:18 C:\WINDOWS\system32\rundll32.exe Attempt to load a new or modified module C:\WINDOWS\system32\keystone.exe into process.
02/01/2007 16:52:18 C:\WINDOWS\system32\rundll32.exe Action blocked.
02/01/2007 16:52:27 C:\WINDOWS\system32\rundll32.exe Attempt to load a new or modified module C:\WINDOWS\system32\keystone.exe into process.
02/01/2007 16:52:27 C:\WINDOWS\system32\rundll32.exe Action blocked.
cette dernière action étant répétée à de nombreuses reprises.
puis:
02/01/2007 16:52:27 C:\WINDOWS\system32\rundll32.exe Process is trying to inject module C:\WINDOWS\system32\nview.dll into all processes. This behaviour is typical of some malicious programs.
02/01/2007 16:52:27 C:\WINDOWS\system32\rundll32.exe Action blocked.
02/01/2007 16:52:30 C:\WINDOWS\explorer.exe Attempt to load a new or modified module C:\Program Files\MediaKey\VerRes.dll into process.
02/01/2007 16:52:30 C:\WINDOWS\explorer.exe Action blocked.
02/01/2007 16:52:31 C:\WINDOWS\system32\rundll32.exe Attempt to load a new or modified module C:\WINDOWS\system32\keystone.exe into process.
02/01/2007 16:52:31 C:\WINDOWS\system32\rundll32.exe Action blocked.
ensuite:
02/01/2007 16:53:27 C:\Program Files\MSN Messenger\msnmsgr.exe Attempt to load a new or modified module C:\Program Files\MSN Messenger\abssm.dll into process.
02/01/2007 16:53:27 C:\Program Files\MSN Messenger\msnmsgr.exe Action blocked.
02/01/2007 16:53:27 C:\Program Files\MSN Messenger\msnmsgr.exe Attempt to load a new or modified module C:\Program Files\MSN Messenger\abssm.dll into process.
02/01/2007 16:53:27 C:\Program Files\MSN Messenger\msnmsgr.exe Action blocked.
02/01/2007 16:56:09 C:\Program Files\Internet Explorer\iexplore.exe Attempt to load a new or modified module C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll into process.
02/01/2007 16:56:09 C:\Program Files\Internet Explorer\iexplore.exe Action blocked.
02/01/2007 16:56:09 C:\Program Files\Internet Explorer\iexplore.exe Attempt to load a new or modified module C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll into process.
02/01/2007 16:56:09 C:\Program Files\Internet Explorer\iexplore.exe Action blocked.
02/01/2007 16:56:09 C:\Program Files\Internet Explorer\iexplore.exe Attempt to load a new or modified module C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll into process.
02/01/2007 16:56:09 C:\Program Files\Internet Explorer\iexplore.exe Action blocked.
02/01/2007 17:05:47 C:\WINDOWS\system32\rundll32.exe Attempt to run process as a child of C:\WINDOWS\System32\svchost.exe (PID: 1116).
02/01/2007 17:06:56 C:\WINDOWS\explorer.exe Attempt to load a new or modified module C:\Documents and Settings\Administrateur\Bureau\securité\a2FreeSetup.exe into process.
02/01/2007 17:06:56 C:\WINDOWS\explorer.exe Action blocked.
02/01/2007 17:07:05 C:\WINDOWS\explorer.exe Attempt to load a new or modified module C:\Documents and Settings\Administrateur\Bureau\securité\a2FreeSetup.exe into process.
02/01/2007 17:07:05 C:\WINDOWS\explorer.exe Action blocked.
02/01/2007 17:07:39 C:\WINDOWS\system32\rundll32.exe Attempt to load a new or modified module C:\WINDOWS\system32\keystone.exe into process.
02/01/2007 17:07:39 C:\WINDOWS\system32\rundll32.exe Action blocked.
02/01/2007 17:07:39 C:\WINDOWS\system32\rundll32.exe Attempt to load a new or modified module C:\WINDOWS\system32\keystone.exe into process.
02/01/2007 17:07:39 C:\WINDOWS\system32\rundll32.exe Action blocked.
02/01/2007 17:07:48 C:\WINDOWS\system32\wuauclt.exe Attempt to run process as a child of C:\WINDOWS\System32\svchost.exe (PID: 1116).
et enfin:
02/01/2007 16:52:19 C:\WINDOWS\system32\dumprep.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KernelFaultCheck %systemroot%\system32\dumprep 0 -k Unicode null-terminated string (with environment variable references) Delete detected
02/01/2007 16:52:19 C:\WINDOWS\system32\dumprep.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KernelFaultCheck %systemroot%\system32\dumprep 0 -k Unicode null-terminated string (with environment variable references) Delete allowed
02/01/2007 16:52:30 C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCANDIS5 ImagePath \??\C:\WINDOWS\system32\PCANDIS5.SYS Unicode null-terminated string (with environment variable references) Create detected
02/01/2007 16:52:30 C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCANDIS5 ImagePath \??\C:\WINDOWS\system32\PCANDIS5.SYS Unicode null-terminated string (with environment variable references) Create blocked
02/01/2007 16:52:30 C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCANDIS5 ImagePath \??\C:\WINDOWS\system32\PCANDIS5.SYS Unicode null-terminated string (with environment variable references) Create detected
02/01/2007 16:52:30 C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCANDIS5 ImagePath \??\C:\WINDOWS\system32\PCANDIS5.SYS Unicode null-terminated string (with environment variable references) Create blocked
ce dernier message étant répété 2 fois par seconde!!
tout cela ne me dit rien qui vaille mais je ne trouve rien avec Kaspersky.
Merci de votre aide!
J'ai changé d'antivirus il y a 2 semaine, passant d'AVG à Kaspersky, qui m'a trouvé le Trojan que je cherchais, mais il detecte des "suspicious activity", ce qui ne me plait guère.
Etant encore débutant en informatique, je me tourne vers vos lumières.
Kapersky me dit notamment:
detected: riskware Invader (loader) Running process: C:\WINDOWS\system32\rundll32.exe
02/01/2007 16:51:00 C:\WINDOWS\system32\svchost.exe Attempt to run process as a child of C:\WINDOWS\system32\services.exe (PID: 784).
02/01/2007 16:51:01 C:\WINDOWS\system32\alg.exe Attempt to run process as a child of C:\WINDOWS\system32\services.exe (PID: 784).
02/01/2007 16:51:46 C:\WINDOWS\system32\wuauclt.exe Attempt to run process as a child of C:\WINDOWS\System32\svchost.exe (PID: 1116).
02/01/2007 16:52:11 C:\WINDOWS\system32\rundll32.exe Attempt to run process as a child of C:\WINDOWS\system32\nvsvc32.exe (PID: 1980).
02/01/2007 16:52:15 C:\WINDOWS\system32\userinit.exe Attempt to run process as a child of \\?\C:\WINDOWS\system32\winlogon.exe (PID: 584).
02/01/2007 16:52:15 C:\WINDOWS\explorer.exe Attempt to run process as a child of C:\WINDOWS\system32\userinit.exe (PID: 608).
02/01/2007 16:52:18 C:\WINDOWS\system32\rundll32.exe Attempt to run process as a child of C:\WINDOWS\system32\nwiz.exe (PID: 1728).
02/01/2007 16:52:18 C:\WINDOWS\system32\rundll32.exe Attempt to load a new or modified module C:\WINDOWS\system32\keystone.exe into process.
02/01/2007 16:52:18 C:\WINDOWS\system32\rundll32.exe Action blocked.
02/01/2007 16:52:18 C:\WINDOWS\system32\rundll32.exe Attempt to load a new or modified module C:\WINDOWS\system32\keystone.exe into process.
02/01/2007 16:52:18 C:\WINDOWS\system32\rundll32.exe Action blocked.
02/01/2007 16:52:27 C:\WINDOWS\system32\rundll32.exe Attempt to load a new or modified module C:\WINDOWS\system32\keystone.exe into process.
02/01/2007 16:52:27 C:\WINDOWS\system32\rundll32.exe Action blocked.
cette dernière action étant répétée à de nombreuses reprises.
puis:
02/01/2007 16:52:27 C:\WINDOWS\system32\rundll32.exe Process is trying to inject module C:\WINDOWS\system32\nview.dll into all processes. This behaviour is typical of some malicious programs.
02/01/2007 16:52:27 C:\WINDOWS\system32\rundll32.exe Action blocked.
02/01/2007 16:52:30 C:\WINDOWS\explorer.exe Attempt to load a new or modified module C:\Program Files\MediaKey\VerRes.dll into process.
02/01/2007 16:52:30 C:\WINDOWS\explorer.exe Action blocked.
02/01/2007 16:52:31 C:\WINDOWS\system32\rundll32.exe Attempt to load a new or modified module C:\WINDOWS\system32\keystone.exe into process.
02/01/2007 16:52:31 C:\WINDOWS\system32\rundll32.exe Action blocked.
ensuite:
02/01/2007 16:53:27 C:\Program Files\MSN Messenger\msnmsgr.exe Attempt to load a new or modified module C:\Program Files\MSN Messenger\abssm.dll into process.
02/01/2007 16:53:27 C:\Program Files\MSN Messenger\msnmsgr.exe Action blocked.
02/01/2007 16:53:27 C:\Program Files\MSN Messenger\msnmsgr.exe Attempt to load a new or modified module C:\Program Files\MSN Messenger\abssm.dll into process.
02/01/2007 16:53:27 C:\Program Files\MSN Messenger\msnmsgr.exe Action blocked.
02/01/2007 16:56:09 C:\Program Files\Internet Explorer\iexplore.exe Attempt to load a new or modified module C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll into process.
02/01/2007 16:56:09 C:\Program Files\Internet Explorer\iexplore.exe Action blocked.
02/01/2007 16:56:09 C:\Program Files\Internet Explorer\iexplore.exe Attempt to load a new or modified module C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll into process.
02/01/2007 16:56:09 C:\Program Files\Internet Explorer\iexplore.exe Action blocked.
02/01/2007 16:56:09 C:\Program Files\Internet Explorer\iexplore.exe Attempt to load a new or modified module C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll into process.
02/01/2007 16:56:09 C:\Program Files\Internet Explorer\iexplore.exe Action blocked.
02/01/2007 17:05:47 C:\WINDOWS\system32\rundll32.exe Attempt to run process as a child of C:\WINDOWS\System32\svchost.exe (PID: 1116).
02/01/2007 17:06:56 C:\WINDOWS\explorer.exe Attempt to load a new or modified module C:\Documents and Settings\Administrateur\Bureau\securité\a2FreeSetup.exe into process.
02/01/2007 17:06:56 C:\WINDOWS\explorer.exe Action blocked.
02/01/2007 17:07:05 C:\WINDOWS\explorer.exe Attempt to load a new or modified module C:\Documents and Settings\Administrateur\Bureau\securité\a2FreeSetup.exe into process.
02/01/2007 17:07:05 C:\WINDOWS\explorer.exe Action blocked.
02/01/2007 17:07:39 C:\WINDOWS\system32\rundll32.exe Attempt to load a new or modified module C:\WINDOWS\system32\keystone.exe into process.
02/01/2007 17:07:39 C:\WINDOWS\system32\rundll32.exe Action blocked.
02/01/2007 17:07:39 C:\WINDOWS\system32\rundll32.exe Attempt to load a new or modified module C:\WINDOWS\system32\keystone.exe into process.
02/01/2007 17:07:39 C:\WINDOWS\system32\rundll32.exe Action blocked.
02/01/2007 17:07:48 C:\WINDOWS\system32\wuauclt.exe Attempt to run process as a child of C:\WINDOWS\System32\svchost.exe (PID: 1116).
et enfin:
02/01/2007 16:52:19 C:\WINDOWS\system32\dumprep.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KernelFaultCheck %systemroot%\system32\dumprep 0 -k Unicode null-terminated string (with environment variable references) Delete detected
02/01/2007 16:52:19 C:\WINDOWS\system32\dumprep.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KernelFaultCheck %systemroot%\system32\dumprep 0 -k Unicode null-terminated string (with environment variable references) Delete allowed
02/01/2007 16:52:30 C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCANDIS5 ImagePath \??\C:\WINDOWS\system32\PCANDIS5.SYS Unicode null-terminated string (with environment variable references) Create detected
02/01/2007 16:52:30 C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCANDIS5 ImagePath \??\C:\WINDOWS\system32\PCANDIS5.SYS Unicode null-terminated string (with environment variable references) Create blocked
02/01/2007 16:52:30 C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCANDIS5 ImagePath \??\C:\WINDOWS\system32\PCANDIS5.SYS Unicode null-terminated string (with environment variable references) Create detected
02/01/2007 16:52:30 C:\WINDOWS\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCANDIS5 ImagePath \??\C:\WINDOWS\system32\PCANDIS5.SYS Unicode null-terminated string (with environment variable references) Create blocked
ce dernier message étant répété 2 fois par seconde!!
tout cela ne me dit rien qui vaille mais je ne trouve rien avec Kaspersky.
Merci de votre aide!
A voir également:
- [Virus] Suis-je infecté?
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
1 réponse
je vous rajoute mon rapport hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 21:29:13, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\MediaKey\Versato.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MediaKey\MePlayer.exe
C:\Program Files\MediaKey\OSD.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\securité\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O4 - Global Startup: Versato.lnk = C:\Program Files\MediaKey\Versato.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://www.france.tv/france-5/
O15 - Trusted Zone: https://www.pagesjaunes.fr/
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A3145BE-B57A-4E86-ACBE-77AA2077239C}: NameServer = 85.255.116.104,85.255.112.229
O17 - HKLM\System\CCS\Services\Tcpip\..\{9711BC05-AC72-4DCF-921A-0E3D53E221DC}: NameServer = 85.255.116.104,85.255.112.229
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF6F3504-95C4-4B39-BDF4-D329F455885F}: NameServer = 85.255.116.104,85.255.112.229
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.104 85.255.112.229
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.104 85.255.112.229
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.104 85.255.112.229
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Logfile of HijackThis v1.99.1
Scan saved at 21:29:13, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\MediaKey\Versato.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MediaKey\MePlayer.exe
C:\Program Files\MediaKey\OSD.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\securité\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O4 - Global Startup: Versato.lnk = C:\Program Files\MediaKey\Versato.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://www.france.tv/france-5/
O15 - Trusted Zone: https://www.pagesjaunes.fr/
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A3145BE-B57A-4E86-ACBE-77AA2077239C}: NameServer = 85.255.116.104,85.255.112.229
O17 - HKLM\System\CCS\Services\Tcpip\..\{9711BC05-AC72-4DCF-921A-0E3D53E221DC}: NameServer = 85.255.116.104,85.255.112.229
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF6F3504-95C4-4B39-BDF4-D329F455885F}: NameServer = 85.255.116.104,85.255.112.229
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.104 85.255.112.229
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.104 85.255.112.229
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.104 85.255.112.229
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
