Log hijackthis infection... générale ???
Résolu
FABTOUR
Messages postés
9
Statut
Membre
-
g!rly Messages postés 18462 Statut Contributeur -
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
alors là, j'ai la totale... je crois
j'ai passé un coup de navilog, vu que le pc avait récupérer skinner (vu mon dernier message) mais ca n'a pas suffit....
Donc, je reprends depuis le début, avec un log hitjackthis...
Logfile of HijackThis v1.99.1
Scan saved at 22:16:00, on 30/11/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\test.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [SA] C:\Program Files\Logitech\QuickCam\SA3.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINNT\System32\LVComS.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
si qq'un peut me donner un coup de main,
Merci d'avance
alors là, j'ai la totale... je crois
j'ai passé un coup de navilog, vu que le pc avait récupérer skinner (vu mon dernier message) mais ca n'a pas suffit....
Donc, je reprends depuis le début, avec un log hitjackthis...
Logfile of HijackThis v1.99.1
Scan saved at 22:16:00, on 30/11/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\test.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [SA] C:\Program Files\Logitech\QuickCam\SA3.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINNT\System32\LVComS.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
si qq'un peut me donner un coup de main,
Merci d'avance
A voir également:
- Log hijackthis infection... générale ???
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Comment calculer une moyenne générale sur 20 - Guide
- Ti college plus log - Forum calculatrices
- Ping defaillance generale ✓ - Forum Réseau
- Problème de ping vmware - Forum Windows
8 réponses
salut,
tu as fais l´option deux avec navilog ?
post le rapport
puis fais ceci :
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
tu as fais l´option deux avec navilog ?
post le rapport
puis fais ceci :
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
j'ai effectivement fait l'option 1 et 2 de navilog
Ci dessous rapport combofix :
ComboFix 07-11-19.4C - Administrateur 2007-11-30 22:50:53.2 - NTFSx86 MINIMAL
Microsoft Windows 2000 Professionnel 5.0.2195.3.1252.1.1036.18.163 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Menu Démarrer\Programmes\MessengerSkinner\Conditions générales.lnk
.
---- Previous Run -------
.
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Menu Démarrer\Programmes\MessengerSkinner
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Menu Démarrer\Programmes\MessengerSkinner\Confidentialité.lnk
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Menu Démarrer\Programmes\MessengerSkinner\Website.lnk
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))))))))
.
2007-11-30 22:55 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_530.dat
2007-11-30 21:51 17,920 --a------ C:\WINNT\system32\reg.exe
2007-11-30 21:50 <DIR> d-------- C:\Program Files\Navilog1
2007-11-17 21:23 58,952 --a------ C:\WINNT\system32\MsgPlusLoader.dll
2007-11-07 20:39 <DIR> d-------- C:\Program Files\Spyware-Secure
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 20:57 --------- d-----w C:\Program Files\Google
2007-11-30 19:34 --------- d-----w C:\Program Files\Creative
2007-11-24 13:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-28 15:43 --------- d-----w C:\Program Files\eMule
2007-09-18 17:50 60,800 ----a-w C:\WINNT\system32\S32EVNT1.DLL
2007-09-03 15:30 1,868,944 ----a-w C:\WINNT\system32\RSA32_16.DLL
2007-08-27 15:13 537,992 ----a-w C:\WINNT\system32\SymNeti.dll
2007-08-27 15:13 161,160 ----a-w C:\WINNT\system32\SymRedir.dll
2006-02-11 16:12 271 ---h--w C:\Program Files\desktop.ini
2006-02-11 16:12 22,115 ---h--w C:\Program Files\folder.htt
2002-08-02 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [02-08-02 01:00 C:\WINNT\system32\internat.exe]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [07-09-04 22:40 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [02-08-02 01:00 C:\WINNT\system32\mobsync.exe]
"SoundMan"="SOUNDMAN.EXE" [06-01-17 19:47 C:\WINNT\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [02-08-02 01:00 C:\WINNT\system32\rundll32.exe]
"NeroCheck"="C:\WINNT\System32\NeroCheck.exe" [01-07-09 10:50 ]
"msnappau"="C:\Program Files\MSN Apps\Updater\[u]0[/u]1.03.0000.1005\fr\msnappau.exe" [04-08-13 17:41 ]
"SA"="C:\Program Files\Logitech\QuickCam\SA3.EXE" []
"DXM6Patch_981116"="C:\WINNT\p_981116.exe" [98-11-30 18:04 ]
"LVComs"="C:\WINNT\System32\LVComS.exe" [00-02-02 11:56 ]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [04-10-15 19:40 ]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [04-07-30 11:04 ]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [06-04-28 11:27 ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [06-03-24 19:30 ]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [07-02-22 12:08 ]
"SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [04-11-10 11:57 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 02:43 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"winsystems25"="winsystems.exe" []
"msconfig38"="mssvcc.exe" []
"secures23"="mssecure.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [02-08-02 01:00 C:\WINNT\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [02-08-02 01:00 ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll
*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-02 22:23:23 C:\WINNT\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Administrateur.job"
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 22:58:05
Windows 5.0.2195 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-30 23:04:00 - machine was rebooted
.
--- E O F ---
Merci de votre aide
Ci dessous rapport combofix :
ComboFix 07-11-19.4C - Administrateur 2007-11-30 22:50:53.2 - NTFSx86 MINIMAL
Microsoft Windows 2000 Professionnel 5.0.2195.3.1252.1.1036.18.163 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Menu Démarrer\Programmes\MessengerSkinner\Conditions générales.lnk
.
---- Previous Run -------
.
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Menu Démarrer\Programmes\MessengerSkinner
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Menu Démarrer\Programmes\MessengerSkinner\Confidentialité.lnk
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Menu Démarrer\Programmes\MessengerSkinner\Website.lnk
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))))))))
.
2007-11-30 22:55 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_530.dat
2007-11-30 21:51 17,920 --a------ C:\WINNT\system32\reg.exe
2007-11-30 21:50 <DIR> d-------- C:\Program Files\Navilog1
2007-11-17 21:23 58,952 --a------ C:\WINNT\system32\MsgPlusLoader.dll
2007-11-07 20:39 <DIR> d-------- C:\Program Files\Spyware-Secure
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 20:57 --------- d-----w C:\Program Files\Google
2007-11-30 19:34 --------- d-----w C:\Program Files\Creative
2007-11-24 13:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-28 15:43 --------- d-----w C:\Program Files\eMule
2007-09-18 17:50 60,800 ----a-w C:\WINNT\system32\S32EVNT1.DLL
2007-09-03 15:30 1,868,944 ----a-w C:\WINNT\system32\RSA32_16.DLL
2007-08-27 15:13 537,992 ----a-w C:\WINNT\system32\SymNeti.dll
2007-08-27 15:13 161,160 ----a-w C:\WINNT\system32\SymRedir.dll
2006-02-11 16:12 271 ---h--w C:\Program Files\desktop.ini
2006-02-11 16:12 22,115 ---h--w C:\Program Files\folder.htt
2002-08-02 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [02-08-02 01:00 C:\WINNT\system32\internat.exe]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [07-09-04 22:40 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [02-08-02 01:00 C:\WINNT\system32\mobsync.exe]
"SoundMan"="SOUNDMAN.EXE" [06-01-17 19:47 C:\WINNT\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [02-08-02 01:00 C:\WINNT\system32\rundll32.exe]
"NeroCheck"="C:\WINNT\System32\NeroCheck.exe" [01-07-09 10:50 ]
"msnappau"="C:\Program Files\MSN Apps\Updater\[u]0[/u]1.03.0000.1005\fr\msnappau.exe" [04-08-13 17:41 ]
"SA"="C:\Program Files\Logitech\QuickCam\SA3.EXE" []
"DXM6Patch_981116"="C:\WINNT\p_981116.exe" [98-11-30 18:04 ]
"LVComs"="C:\WINNT\System32\LVComS.exe" [00-02-02 11:56 ]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [04-10-15 19:40 ]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [04-07-30 11:04 ]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [06-04-28 11:27 ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [06-03-24 19:30 ]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [07-02-22 12:08 ]
"SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [04-11-10 11:57 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 02:43 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"winsystems25"="winsystems.exe" []
"msconfig38"="mssvcc.exe" []
"secures23"="mssecure.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [02-08-02 01:00 C:\WINNT\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [02-08-02 01:00 ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll
*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-02 22:23:23 C:\WINNT\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Administrateur.job"
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 22:58:05
Windows 5.0.2195 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-30 23:04:00 - machine was rebooted
.
--- E O F ---
Merci de votre aide
re,
fais ceci
Copie le texte se situant dans le cadre ci-dessous :
File::
C:\WINNT\system32\reg.exe
C:\WINNT\system32\Perflib_Perfdata_530.dat
Folder::
C:\Program Files\Spyware-Secure
C:\Program Files\Navilog1
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
Télécharge HijackThis ici :
-> https://www.zebulon.fr/telechargements/securite/systeme/hijackthis.html
Tutoriel d´installation (images) :
-> http://pchelpbordeaux.free.fr/tuto.html
Tutoriel d´utilisation (video) :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Post le rapport généré ici stp...
fais ceci
Copie le texte se situant dans le cadre ci-dessous :
File::
C:\WINNT\system32\reg.exe
C:\WINNT\system32\Perflib_Perfdata_530.dat
Folder::
C:\Program Files\Spyware-Secure
C:\Program Files\Navilog1
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
Télécharge HijackThis ici :
-> https://www.zebulon.fr/telechargements/securite/systeme/hijackthis.html
Tutoriel d´installation (images) :
-> http://pchelpbordeaux.free.fr/tuto.html
Tutoriel d´utilisation (video) :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Post le rapport généré ici stp...
alors voilà, j'ai fait tout ce que tu m'as dit...
Les rapports sont ci-dessous :
Rapport combofix :
ComboFix 07-11-19.4C - Administrateur 30/11/2007 23:59:38.3 - NTFSx86
Microsoft Windows 2000 Professionnel 5.0.2195.3.1252.1.1036.18.94 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\CFScript.txt
FILE
C:\WINNT\system32\Perflib_Perfdata_530.dat
C:\WINNT\system32\reg.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Navilog1
C:\Program Files\Navilog1\Backupnavi\backup_registry.dat
C:\Program Files\Navilog1\Backupnavi\npwnbs.dat
C:\Program Files\Navilog1\Backupnavi\npwnbs.exe
C:\Program Files\Navilog1\Backupnavi\npwnbs_nav.dat
C:\Program Files\Navilog1\Backupnavi\npwnbs_navps.dat
C:\Program Files\Navilog1\Backupnavi\vomcuuikz.exe
C:\Program Files\Navilog1\Backupnavi\xjrwxv.dat
C:\Program Files\Navilog1\Backupnavi\xjrwxv_nav.dat
C:\Program Files\Navilog1\Backupnavi\xjrwxv_navps.dat
C:\Program Files\Navilog1\catchme.exe
C:\Program Files\Navilog1\GetPaths.exe
C:\Program Files\Navilog1\gnc.exe
C:\Program Files\Navilog1\navilog1.bat
C:\Program Files\Navilog1\Process.exe
C:\Program Files\Navilog1\reboot.exe
C:\Program Files\Navilog1\reg.exe
C:\Program Files\Navilog1\regnavi.reg
C:\Program Files\Navilog1\traite.bat
C:\Program Files\Navilog1\unins000.dat
C:\Program Files\Navilog1\unins000.exe
C:\Program Files\Spyware-Secure
C:\Program Files\Spyware-Secure\config.s3db
C:\Program Files\Spyware-Secure\Gfx_fr.bin
C:\Program Files\Spyware-Secure\guid
C:\Program Files\Spyware-Secure\help\help_Full_FR.zip
C:\Program Files\Spyware-Secure\help\help_Full_FR\explo_intro.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\explo_menu.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\file.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\folder.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\folder_f.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\folder_o.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\fleche.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\folder.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR\dowload-file-antispyware.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR\menu.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR\scstep2.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\key.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\menu.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\support.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\title-hepfile.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\index.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\menu3.js
C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\3differentscan.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\contactus.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\found-objects.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\lexic.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\navigtabs.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\quarantine.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\spy.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\trait_coud.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\trait_droit.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\trait_vert.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR.zip
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_intro.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_menu.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\file.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_f.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_o.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\fleche.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\folder.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\dowload-file-antispyware.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\menu.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\scstep2.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\key.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\menu.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\support.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\title-hepfile.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\index.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\menu3.js
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\3differentscan.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\contactus.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\found-objects.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\lexic.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\navigtabs.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\quarantine.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\register.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\spy.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_coud.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_droit.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_vert.gif
C:\Program Files\Spyware-Secure\language
C:\Program Files\Spyware-Secure\Launcher.exe
C:\Program Files\Spyware-Secure\nbmw
C:\Program Files\Spyware-Secure\quarantine.s3db
C:\Program Files\Spyware-Secure\resources\cookies_1-10.dat
C:\Program Files\Spyware-Secure\resources\filesDesc_1-10.dat
C:\Program Files\Spyware-Secure\resources\filesDesc_1-10.dic
C:\Program Files\Spyware-Secure\resources\filesExt_1-10.dat
C:\Program Files\Spyware-Secure\resources\filesMulti_1-10.idx
C:\Program Files\Spyware-Secure\resources\filesSimple_1-10.idx
C:\Program Files\Spyware-Secure\resources\malwaresDB_1-10
C:\Program Files\Spyware-Secure\resources\register_1-10.dat
C:\Program Files\Spyware-Secure\serial
C:\Program Files\Spyware-Secure\skin
C:\Program Files\Spyware-Secure\Spyware-Secure.url
C:\Program Files\Spyware-Secure\Spyware-Secure_repaironce.exe
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
C:\Program Files\Spyware-Secure\sqlite3.dll
C:\Program Files\Spyware-Secure\uninst.exe
C:\Program Files\Spyware-Secure\unrar.dll
C:\WINNT\system32\reg.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 21:23 58,952 --a------ C:\WINNT\system32\MsgPlusLoader.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 20:57 --------- d-----w C:\Program Files\Google
2007-11-30 19:34 --------- d-----w C:\Program Files\Creative
2007-11-24 13:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-28 15:43 --------- d-----w C:\Program Files\eMule
2007-09-18 17:50 60,800 ----a-w C:\WINNT\system32\S32EVNT1.DLL
2007-09-03 15:30 1,868,944 ----a-w C:\WINNT\system32\RSA32_16.DLL
2007-08-27 15:13 537,992 ----a-w C:\WINNT\system32\SymNeti.dll
2007-08-27 15:13 161,160 ----a-w C:\WINNT\system32\SymRedir.dll
2006-02-11 16:12 271 ---h--w C:\Program Files\desktop.ini
2006-02-11 16:12 22,115 ---h--w C:\Program Files\folder.htt
2002-08-02 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [02-08-02 01:00 C:\WINNT\system32\internat.exe]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [07-09-04 22:40 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [02-08-02 01:00 C:\WINNT\system32\mobsync.exe]
"SoundMan"="SOUNDMAN.EXE" [06-01-17 19:47 C:\WINNT\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [02-08-02 01:00 C:\WINNT\system32\rundll32.exe]
"NeroCheck"="C:\WINNT\System32\NeroCheck.exe" [01-07-09 10:50 ]
"msnappau"="C:\Program Files\MSN Apps\Updater\[u]0[/u]1.03.0000.1005\fr\msnappau.exe" [04-08-13 17:41 ]
"SA"="C:\Program Files\Logitech\QuickCam\SA3.EXE" []
"DXM6Patch_981116"="C:\WINNT\p_981116.exe" [98-11-30 18:04 ]
"LVComs"="C:\WINNT\System32\LVComS.exe" [00-02-02 11:56 ]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [04-10-15 19:40 ]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [04-07-30 11:04 ]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [06-04-28 11:27 ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [06-03-24 19:30 ]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [07-02-22 12:08 ]
"SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [04-11-10 11:57 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 02:43 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"winsystems25"="winsystems.exe" []
"msconfig38"="mssvcc.exe" []
"secures23"="mssecure.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [02-08-02 01:00 C:\WINNT\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [02-08-02 01:00 ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-02 22:23:23 C:\WINNT\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Administrateur.job"
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 00:10:31
Windows 5.0.2195 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-12-01 0:14:16 - machine was rebooted
C:\ComboFix2.txt ... 07-11-30 23:04
.
--- E O F ---
Rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16:20, on 01/12/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
C:\WINNT\System32\LVComS.exe
C:\PROGRA~1\Sygate\SPF\smc.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\HijackThis.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [SA] C:\Program Files\Logitech\QuickCam\SA3.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINNT\System32\LVComS.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
Les rapports sont ci-dessous :
Rapport combofix :
ComboFix 07-11-19.4C - Administrateur 30/11/2007 23:59:38.3 - NTFSx86
Microsoft Windows 2000 Professionnel 5.0.2195.3.1252.1.1036.18.94 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\CFScript.txt
FILE
C:\WINNT\system32\Perflib_Perfdata_530.dat
C:\WINNT\system32\reg.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Navilog1
C:\Program Files\Navilog1\Backupnavi\backup_registry.dat
C:\Program Files\Navilog1\Backupnavi\npwnbs.dat
C:\Program Files\Navilog1\Backupnavi\npwnbs.exe
C:\Program Files\Navilog1\Backupnavi\npwnbs_nav.dat
C:\Program Files\Navilog1\Backupnavi\npwnbs_navps.dat
C:\Program Files\Navilog1\Backupnavi\vomcuuikz.exe
C:\Program Files\Navilog1\Backupnavi\xjrwxv.dat
C:\Program Files\Navilog1\Backupnavi\xjrwxv_nav.dat
C:\Program Files\Navilog1\Backupnavi\xjrwxv_navps.dat
C:\Program Files\Navilog1\catchme.exe
C:\Program Files\Navilog1\GetPaths.exe
C:\Program Files\Navilog1\gnc.exe
C:\Program Files\Navilog1\navilog1.bat
C:\Program Files\Navilog1\Process.exe
C:\Program Files\Navilog1\reboot.exe
C:\Program Files\Navilog1\reg.exe
C:\Program Files\Navilog1\regnavi.reg
C:\Program Files\Navilog1\traite.bat
C:\Program Files\Navilog1\unins000.dat
C:\Program Files\Navilog1\unins000.exe
C:\Program Files\Spyware-Secure
C:\Program Files\Spyware-Secure\config.s3db
C:\Program Files\Spyware-Secure\Gfx_fr.bin
C:\Program Files\Spyware-Secure\guid
C:\Program Files\Spyware-Secure\help\help_Full_FR.zip
C:\Program Files\Spyware-Secure\help\help_Full_FR\explo_intro.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\explo_menu.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\file.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\folder.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\folder_f.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\folder_o.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\fleche.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\folder.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR\dowload-file-antispyware.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR\menu.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR\scstep2.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\key.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\menu.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\support.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\images\title-hepfile.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\index.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\menu3.js
C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\3differentscan.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\contactus.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\found-objects.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\lexic.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\navigtabs.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\quarantine.htm
C:\Program Files\Spyware-Secure\help\help_Full_FR\spy.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\trait_coud.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\trait_droit.gif
C:\Program Files\Spyware-Secure\help\help_Full_FR\trait_vert.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR.zip
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_intro.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_menu.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\file.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_f.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_o.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\fleche.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\folder.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\dowload-file-antispyware.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\menu.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\scstep2.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\key.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\menu.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\support.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\title-hepfile.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\index.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\menu3.js
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\3differentscan.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\contactus.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\found-objects.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\lexic.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\navigtabs.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\quarantine.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\register.htm
C:\Program Files\Spyware-Secure\help\help_Trial_FR\spy.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_coud.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_droit.gif
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_vert.gif
C:\Program Files\Spyware-Secure\language
C:\Program Files\Spyware-Secure\Launcher.exe
C:\Program Files\Spyware-Secure\nbmw
C:\Program Files\Spyware-Secure\quarantine.s3db
C:\Program Files\Spyware-Secure\resources\cookies_1-10.dat
C:\Program Files\Spyware-Secure\resources\filesDesc_1-10.dat
C:\Program Files\Spyware-Secure\resources\filesDesc_1-10.dic
C:\Program Files\Spyware-Secure\resources\filesExt_1-10.dat
C:\Program Files\Spyware-Secure\resources\filesMulti_1-10.idx
C:\Program Files\Spyware-Secure\resources\filesSimple_1-10.idx
C:\Program Files\Spyware-Secure\resources\malwaresDB_1-10
C:\Program Files\Spyware-Secure\resources\register_1-10.dat
C:\Program Files\Spyware-Secure\serial
C:\Program Files\Spyware-Secure\skin
C:\Program Files\Spyware-Secure\Spyware-Secure.url
C:\Program Files\Spyware-Secure\Spyware-Secure_repaironce.exe
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
C:\Program Files\Spyware-Secure\sqlite3.dll
C:\Program Files\Spyware-Secure\uninst.exe
C:\Program Files\Spyware-Secure\unrar.dll
C:\WINNT\system32\reg.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 21:23 58,952 --a------ C:\WINNT\system32\MsgPlusLoader.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 20:57 --------- d-----w C:\Program Files\Google
2007-11-30 19:34 --------- d-----w C:\Program Files\Creative
2007-11-24 13:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-28 15:43 --------- d-----w C:\Program Files\eMule
2007-09-18 17:50 60,800 ----a-w C:\WINNT\system32\S32EVNT1.DLL
2007-09-03 15:30 1,868,944 ----a-w C:\WINNT\system32\RSA32_16.DLL
2007-08-27 15:13 537,992 ----a-w C:\WINNT\system32\SymNeti.dll
2007-08-27 15:13 161,160 ----a-w C:\WINNT\system32\SymRedir.dll
2006-02-11 16:12 271 ---h--w C:\Program Files\desktop.ini
2006-02-11 16:12 22,115 ---h--w C:\Program Files\folder.htt
2002-08-02 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [02-08-02 01:00 C:\WINNT\system32\internat.exe]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [07-09-04 22:40 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [02-08-02 01:00 C:\WINNT\system32\mobsync.exe]
"SoundMan"="SOUNDMAN.EXE" [06-01-17 19:47 C:\WINNT\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [02-08-02 01:00 C:\WINNT\system32\rundll32.exe]
"NeroCheck"="C:\WINNT\System32\NeroCheck.exe" [01-07-09 10:50 ]
"msnappau"="C:\Program Files\MSN Apps\Updater\[u]0[/u]1.03.0000.1005\fr\msnappau.exe" [04-08-13 17:41 ]
"SA"="C:\Program Files\Logitech\QuickCam\SA3.EXE" []
"DXM6Patch_981116"="C:\WINNT\p_981116.exe" [98-11-30 18:04 ]
"LVComs"="C:\WINNT\System32\LVComS.exe" [00-02-02 11:56 ]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [04-10-15 19:40 ]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [04-07-30 11:04 ]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [06-04-28 11:27 ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [06-03-24 19:30 ]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [07-02-22 12:08 ]
"SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [04-11-10 11:57 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 02:43 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"winsystems25"="winsystems.exe" []
"msconfig38"="mssvcc.exe" []
"secures23"="mssecure.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [02-08-02 01:00 C:\WINNT\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [02-08-02 01:00 ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-02 22:23:23 C:\WINNT\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Administrateur.job"
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 00:10:31
Windows 5.0.2195 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-12-01 0:14:16 - machine was rebooted
C:\ComboFix2.txt ... 07-11-30 23:04
.
--- E O F ---
Rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16:20, on 01/12/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
C:\WINNT\System32\LVComS.exe
C:\PROGRA~1\Sygate\SPF\smc.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\HijackThis.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [SA] C:\Program Files\Logitech\QuickCam\SA3.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINNT\System32\LVComS.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
les erreures tu les as depuis quand?
as tu installé messenger plus avec le sponssor?
Copie le texte se situant dans le cadre ci-dessous :
File::
C:\WINNT\system32\winsystems.exe
C:\WINNT\system32\mssvcc.exe
C:\WINNT\system32\mssecure.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"winsystems25"=-
"msconfig38"=-
"secures23"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
as tu installé messenger plus avec le sponssor?
Copie le texte se situant dans le cadre ci-dessous :
File::
C:\WINNT\system32\winsystems.exe
C:\WINNT\system32\mssvcc.exe
C:\WINNT\system32\mssecure.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"winsystems25"=-
"msconfig38"=-
"secures23"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
re,
alors les messages, je les ai depuis un p'tit moment...
Quant à messenger, pas moi qui l'ai installer, j'peux pas te répondre comme ça (Si tu as une mainip pour trouver la réponse, give me it, et je le ferai)
Autrement, les derniers rapports en date : ...
combofix :
ComboFix 07-11-19.4C - Administrateur 01/12/2007 0:55:37.4 - NTFSx86
Microsoft Windows 2000 Professionnel 5.0.2195.3.1252.1.1036.18.71 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\ComboFix.exe
Command switches used :: F:\CFScript.txt
FILE
C:\WINNT\system32\mssecure.exe
C:\WINNT\system32\mssvcc.exe
C:\WINNT\system32\winsystems.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 21:23 58,952 --a------ C:\WINNT\system32\MsgPlusLoader.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 20:57 --------- d-----w C:\Program Files\Google
2007-11-30 19:34 --------- d-----w C:\Program Files\Creative
2007-11-24 13:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-28 15:43 --------- d-----w C:\Program Files\eMule
2007-09-18 17:50 60,800 ----a-w C:\WINNT\system32\S32EVNT1.DLL
2007-09-03 15:30 1,868,944 ----a-w C:\WINNT\system32\RSA32_16.DLL
2007-08-27 15:13 537,992 ----a-w C:\WINNT\system32\SymNeti.dll
2007-08-27 15:13 161,160 ----a-w C:\WINNT\system32\SymRedir.dll
2006-02-11 16:12 271 ---h--w C:\Program Files\desktop.ini
2006-02-11 16:12 22,115 ---h--w C:\Program Files\folder.htt
2002-08-02 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((( snapshot@ven. 2007-11-30_22.59.48.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 23:55:44 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_45c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [02/08/02 01:00 C:\WINNT\system32\internat.exe]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [04/09/07 22:40 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [02/08/02 01:00 C:\WINNT\system32\mobsync.exe]
"SoundMan"="SOUNDMAN.EXE" [17/01/06 19:47 C:\WINNT\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [02/08/02 01:00 C:\WINNT\system32\rundll32.exe]
"NeroCheck"="C:\WINNT\System32\NeroCheck.exe" [09/07/01 10:50 ]
"msnappau"="C:\Program Files\MSN Apps\Updater\[u]0[/u]1.03.0000.1005\fr\msnappau.exe" [13/08/04 17:41 ]
"SA"="C:\Program Files\Logitech\QuickCam\SA3.EXE" []
"DXM6Patch_981116"="C:\WINNT\p_981116.exe" [30/11/98 18:04 ]
"LVComs"="C:\WINNT\System32\LVComS.exe" [02/02/00 11:56 ]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [15/10/04 19:40 ]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [30/07/04 11:04 ]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [28/04/06 11:27 ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [24/03/06 19:30 ]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [22/02/07 12:08 ]
"SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [10/11/04 11:57 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14/03/07 02:43 ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [02/08/02 01:00 C:\WINNT\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [02/08/02 01:00 ]
C:\Documents and Settings\All Users.WINNT\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2006-02-12 15:11:56]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-04-09 11:52:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll
R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);C:\WINNT\system32\drivers\e10kx2k.sys
S1 NetPT;NetBIOS Protection;C:\WINNT\system32\DRIVERS\netpt.sys
S3 LVCam;Logitech QuickCam Express;C:\WINNT\system32\DRIVERS\LVCD.sys
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINNT\system32\DRIVERS\usbiad.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S3 V0090VID;Creative WebCam Vista Plus;C:\WINNT\system32\DRIVERS\V0090Vid.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-02 22:23:23 C:\WINNT\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Administrateur.job"
- C:\PROGRA~1\NORTON~1\Navw32.exen/TASK:
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 01:01:13
Windows 5.0.2195 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 01/12/2007 1:02:19
C:\ComboFix2.txt ... 01/12/07 00:14
C:\ComboFix3.txt ... 30/11/07 23:04
.
--- E O F ---
hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:02:55, on 01/12/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
C:\WINNT\System32\LVComS.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [SA] C:\Program Files\Logitech\QuickCam\SA3.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINNT\System32\LVComS.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
alors les messages, je les ai depuis un p'tit moment...
Quant à messenger, pas moi qui l'ai installer, j'peux pas te répondre comme ça (Si tu as une mainip pour trouver la réponse, give me it, et je le ferai)
Autrement, les derniers rapports en date : ...
combofix :
ComboFix 07-11-19.4C - Administrateur 01/12/2007 0:55:37.4 - NTFSx86
Microsoft Windows 2000 Professionnel 5.0.2195.3.1252.1.1036.18.71 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\ComboFix.exe
Command switches used :: F:\CFScript.txt
FILE
C:\WINNT\system32\mssecure.exe
C:\WINNT\system32\mssvcc.exe
C:\WINNT\system32\winsystems.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 21:23 58,952 --a------ C:\WINNT\system32\MsgPlusLoader.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 20:57 --------- d-----w C:\Program Files\Google
2007-11-30 19:34 --------- d-----w C:\Program Files\Creative
2007-11-24 13:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-28 15:43 --------- d-----w C:\Program Files\eMule
2007-09-18 17:50 60,800 ----a-w C:\WINNT\system32\S32EVNT1.DLL
2007-09-03 15:30 1,868,944 ----a-w C:\WINNT\system32\RSA32_16.DLL
2007-08-27 15:13 537,992 ----a-w C:\WINNT\system32\SymNeti.dll
2007-08-27 15:13 161,160 ----a-w C:\WINNT\system32\SymRedir.dll
2006-02-11 16:12 271 ---h--w C:\Program Files\desktop.ini
2006-02-11 16:12 22,115 ---h--w C:\Program Files\folder.htt
2002-08-02 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((( snapshot@ven. 2007-11-30_22.59.48.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 23:55:44 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_45c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [02/08/02 01:00 C:\WINNT\system32\internat.exe]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [04/09/07 22:40 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [02/08/02 01:00 C:\WINNT\system32\mobsync.exe]
"SoundMan"="SOUNDMAN.EXE" [17/01/06 19:47 C:\WINNT\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [02/08/02 01:00 C:\WINNT\system32\rundll32.exe]
"NeroCheck"="C:\WINNT\System32\NeroCheck.exe" [09/07/01 10:50 ]
"msnappau"="C:\Program Files\MSN Apps\Updater\[u]0[/u]1.03.0000.1005\fr\msnappau.exe" [13/08/04 17:41 ]
"SA"="C:\Program Files\Logitech\QuickCam\SA3.EXE" []
"DXM6Patch_981116"="C:\WINNT\p_981116.exe" [30/11/98 18:04 ]
"LVComs"="C:\WINNT\System32\LVComS.exe" [02/02/00 11:56 ]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [15/10/04 19:40 ]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [30/07/04 11:04 ]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [28/04/06 11:27 ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [24/03/06 19:30 ]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [22/02/07 12:08 ]
"SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [10/11/04 11:57 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14/03/07 02:43 ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [02/08/02 01:00 C:\WINNT\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [02/08/02 01:00 ]
C:\Documents and Settings\All Users.WINNT\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2006-02-12 15:11:56]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-04-09 11:52:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll
R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);C:\WINNT\system32\drivers\e10kx2k.sys
S1 NetPT;NetBIOS Protection;C:\WINNT\system32\DRIVERS\netpt.sys
S3 LVCam;Logitech QuickCam Express;C:\WINNT\system32\DRIVERS\LVCD.sys
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINNT\system32\DRIVERS\usbiad.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S3 V0090VID;Creative WebCam Vista Plus;C:\WINNT\system32\DRIVERS\V0090Vid.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-02 22:23:23 C:\WINNT\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Administrateur.job"
- C:\PROGRA~1\NORTON~1\Navw32.exen/TASK:
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 01:01:13
Windows 5.0.2195 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 01/12/2007 1:02:19
C:\ComboFix2.txt ... 01/12/07 00:14
C:\ComboFix3.txt ... 30/11/07 23:04
.
--- E O F ---
hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:02:55, on 01/12/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
C:\WINNT\System32\LVComS.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [SA] C:\Program Files\Logitech\QuickCam\SA3.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINNT\System32\LVComS.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
