Virus qui aime communiquer

Rodpod

17/10/2006 à 07:31

as tu la possibilité de faire une restauration Windows XP ?

NyC

17/10/2006 à 08:15

"BigPat" a écrit dans le message de news:
45340b67$0$21146$

Bonjour à tous,
J'ai un virus sur mon PC.
Celui-ci envoie des mails à tour de bras dont le sujet est VmIAGRA.
Mon FAI semble les bloquer, enfin c'est ce que me dit Norton (Analyseur
de messagerie Symantec), car mon PC est en théorie protégé par Norton
Internet Security 2006 (qui est bien entendu à jour).
Visiblement celui-ci est inefficace sur ce coup-là.
Les Analyseurs de messagerie symantec s'accumulent dans la barre des
taches

J'ai donc utilisé des antivirus en ligne:
- PANDA Soft
- TrendMicro
- Secuser

Ils trouvent des virus et les suppriment.
Mais à chaque fois que je relance la machine, le virus revient et
envoie de nouveau des mails indéfiniment, jusqu'à ce que j'utilise un
des antivirus en ligne.
Je souhaiterai me débarrasser définitivement de ce virus, pourriez-vous
m'aider ?
A la prochaine infection, je noterai le nom de ce vilain virus.
Merci pour votre aide

__________

Salut, envoie donc ici un rapport HiJackThis, on fera le tri et l'on te
debarrassera du truc.

Cordialement,

--
NyC -nocomprendo-
return adress valid

Happiness limits the amount of suffering.

NyC

17/10/2006 à 08:56

Haaattention...

Il *FAUT* installer HijackThis dans un dossier :

exemple program files nouveau dossier >>> Hijack/ il doit être installé
là....

http://www.spywareinfo.com/~merijn/programs.php

Hasta luego

BigPat

17/10/2006 à 09:02

Comme prévu, les virus sont revenus, voici le rapport de Panda:
Incident Statut Analyse

Virus:Trj/Rizalof.KS Désinfecté C:Documents and
SettingsBigPatLocalSettingsTemp18exhdd.d.exe
Virus:Trj/Rizalof.LH Désinfecté
C:DocumentsandSettingsBigPatLocalSettingsTemp37exmodul32e.f.exe
Virus:Trj/Rizalof.LH Désinfecté
C:DocumentsandSettingsBigPatLocalSettingsTemp41exmodul32e.f.exe
Virus:Trj/Spammer.BL Désinfecté
C:DocumentsandSettingsBigPatLocalSettingsTemp61exssd32.b.exe
Virus:Trj/Spammer.BL Désinfecté
C:DocumentsandSettingsBigPatLocalSettingsTemp62exssd32.b.exe
Virus:Trj/Rizalof.KS Désinfecté C:Documents and SettingsBigPatLocal
SettingsTemp73exhdd.d.exe

Et surtout voici le rapport Hijackthis (merci pour votre aide)
Logfile of HijackThis v1.99.1
Scan saved at 08:52:45, on 17/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
C:Program FilesFichiers communsSymantec SharedccProxy.exe
C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
C:Program FilesFichiers communsSymantec SharedSPBBCSPBBCSvc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesFichiers communsAcronisSchedule2schedul2.exe
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesFichiers communsEPSONEBAPISAgent2.exe
C:Program FilesTOSHIBATOSHIBA RAIDServicekraidsvc.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32oodag.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesSigmaTelC-Major AudioWDMstacsv.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSsystem320THotkey.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSsystem32TFNF5.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesTOSHIBATouchEDTouchED.Exe
C:WINDOWSAGRSMMSG.exe
C:Program FilesTOSHIBAWireless HotkeyTosHKCW.exe
C:Program FilesTOSHIBACommandes TOSHIBATFncKy.exe
C:Program FilesTOSHIBATOSHIBA RAIDConsoleKraidman.exe
C:WINDOWSSystem32DLADLACTRLW.EXE
C:Program FilesFichiers communsSymantec SharedccApp.exe
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:WINDOWSsystem32TPSBattM.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:Program FilesAcronisTrueImageTrueImageMonitor.exe
C:Program FilesAcronisTrueImageTimounterMonitor.exe
C:Program FilesFichiers communsAcronisSchedule2schedhlp.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32ctfmon.exe
C:PROGRA~1IntelWirelessBinDot1XCfg.exe
C:WINDOWSsystem32dllhost.exe
C:Program FilesFichiers communsSymantec SharedSecurity
ConsoleNSCSRVCE.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesWindows Live Safety CenterwlscUploader.exe
C:WINDOWSsystem32defrag.exe
C:WINDOWSsystem32DfrgNtfs.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesMessengermsmsgs.exe
C:Documents and SettingsBigPatMes documentsHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat
7.0ActiveXAcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:WINDOWSSystem32DLADLASHX_W.DLL
O2 - BHO: Norton Internet Security 2006 -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program
FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} -
C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [00THotkey] C:WINDOWSsystem320THotkey.exe
O4 - HKLM..Run: [000StTHK] 000StTHK.exe
O4 - HKLM..Run: [TFNF5] TFNF5.exe
O4 - HKLM..Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [TouchED] C:Program FilesTOSHIBATouchEDTouchED.Exe
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [TosHKCW.exe] "C:Program FilesTOSHIBAWireless
HotkeyTosHKCW.exe"
O4 - HKLM..Run: [TPSMain] TPSMain.exe
O4 - HKLM..Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM..Run: [TFncKy] TFncKy.exe
O4 - HKLM..Run: [Kraidman] C:Program FilesTOSHIBATOSHIBA
RAIDConsoleKraidman.exe
O4 - HKLM..Run: [DLA] C:WINDOWSSystem32DLADLACTRLW.EXE
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers communsSymantec
SharedccApp.exe"
O4 - HKLM..Run: [IntelZeroConfig] "C:Program
FilesIntelWirelessbinZCfgSvc.exe"
O4 - HKLM..Run: [IntelWireless] "C:Program
FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [TrueImageMonitor.exe] C:Program
FilesAcronisTrueImageTrueImageMonitor.exe
O4 - HKLM..Run: [AcronisTimounterMonitor] C:Program
FilesAcronisTrueImageTimounterMonitor.exe
O4 - HKLM..Run: [Acronis Scheduler2 Service] "C:Program FilesFichiers
communsAcronisSchedule2schedhlp.exe"
O4 - HKLM..Run: [.nvsvc] C:WINDOWSsystemsmss.exe /w
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe"
/background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection
Control) - http://drivers1.free.fr/telecharger.php?id=2&version O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester
Class) -
https://motive.club-internet.fr:8080/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis -
C:Program FilesFichiers communsAcronisSchedule2schedul2.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) -
Symantec Corporation - C:Program FilesNorton Internet
SecurityccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION -
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:Program
FilesNorton Internet SecuritycomHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON
CORPORATION - C:Program FilesFichiers communsEPSONEBAPISAgent2.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel
Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:Program FilesFichiers
communsInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation -
C:Program FilesTOSHIBATOSHIBA RAIDServicekraidsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec
Corporation - C:Program FilesNorton Internet SecurityNorton
AntiVirusnavapsvc.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero
BackItUpNBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedSecurity
ConsoleNSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:WINDOWSsystem32nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH -
C:WINDOWSsystem32oodag.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation -
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel
Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel
Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:Program
FilesSigmaTelC-Major AudioWDMstacsv.exe
O23 - Service: Windows Log - Unknown owner - C:WINDOWSsystem32nvsvcd.exe

Vous avez filtré cet utilisateur ! Consultez son message

Comme prévu, les virus sont revenus, voici le rapport de Panda:
Incident Statut Analyse

Virus:Trj/Rizalof.KS Désinfecté C:Documents and
SettingsBigPatLocalSettingsTemp18exhdd.d.exe
Virus:Trj/Rizalof.LH Désinfecté
C:DocumentsandSettingsBigPatLocalSettingsTemp37exmodul32e.f.exe
Virus:Trj/Rizalof.LH Désinfecté
C:DocumentsandSettingsBigPatLocalSettingsTemp41exmodul32e.f.exe
Virus:Trj/Spammer.BL Désinfecté
C:DocumentsandSettingsBigPatLocalSettingsTemp61exssd32.b.exe
Virus:Trj/Spammer.BL Désinfecté
C:DocumentsandSettingsBigPatLocalSettingsTemp62exssd32.b.exe
Virus:Trj/Rizalof.KS Désinfecté C:Documents and SettingsBigPatLocal
SettingsTemp73exhdd.d.exe

Et surtout voici le rapport Hijackthis (merci pour votre aide)
Logfile of HijackThis v1.99.1
Scan saved at 08:52:45, on 17/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
C:Program FilesFichiers communsSymantec SharedccProxy.exe
C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
C:Program FilesFichiers communsSymantec SharedSPBBCSPBBCSvc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesFichiers communsAcronisSchedule2schedul2.exe
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesFichiers communsEPSONEBAPISAgent2.exe
C:Program FilesTOSHIBATOSHIBA RAIDServicekraidsvc.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32oodag.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesSigmaTelC-Major AudioWDMstacsv.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSsystem320THotkey.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSsystem32TFNF5.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesTOSHIBATouchEDTouchED.Exe
C:WINDOWSAGRSMMSG.exe
C:Program FilesTOSHIBAWireless HotkeyTosHKCW.exe
C:Program FilesTOSHIBACommandes TOSHIBATFncKy.exe
C:Program FilesTOSHIBATOSHIBA RAIDConsoleKraidman.exe
C:WINDOWSSystem32DLADLACTRLW.EXE
C:Program FilesFichiers communsSymantec SharedccApp.exe
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:WINDOWSsystem32TPSBattM.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:Program FilesAcronisTrueImageTrueImageMonitor.exe
C:Program FilesAcronisTrueImageTimounterMonitor.exe
C:Program FilesFichiers communsAcronisSchedule2schedhlp.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32ctfmon.exe
C:PROGRA~1IntelWirelessBinDot1XCfg.exe
C:WINDOWSsystem32dllhost.exe
C:Program FilesFichiers communsSymantec SharedSecurity
ConsoleNSCSRVCE.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesWindows Live Safety CenterwlscUploader.exe
C:WINDOWSsystem32defrag.exe
C:WINDOWSsystem32DfrgNtfs.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesMessengermsmsgs.exe
C:Documents and SettingsBigPatMes documentsHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat
7.0ActiveXAcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:WINDOWSSystem32DLADLASHX_W.DLL
O2 - BHO: Norton Internet Security 2006 -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program
FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} -
C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [00THotkey] C:WINDOWSsystem320THotkey.exe
O4 - HKLM..Run: [000StTHK] 000StTHK.exe
O4 - HKLM..Run: [TFNF5] TFNF5.exe
O4 - HKLM..Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [TouchED] C:Program FilesTOSHIBATouchEDTouchED.Exe
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [TosHKCW.exe] "C:Program FilesTOSHIBAWireless
HotkeyTosHKCW.exe"
O4 - HKLM..Run: [TPSMain] TPSMain.exe
O4 - HKLM..Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM..Run: [TFncKy] TFncKy.exe
O4 - HKLM..Run: [Kraidman] C:Program FilesTOSHIBATOSHIBA
RAIDConsoleKraidman.exe
O4 - HKLM..Run: [DLA] C:WINDOWSSystem32DLADLACTRLW.EXE
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers communsSymantec
SharedccApp.exe"
O4 - HKLM..Run: [IntelZeroConfig] "C:Program
FilesIntelWirelessbinZCfgSvc.exe"
O4 - HKLM..Run: [IntelWireless] "C:Program
FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [TrueImageMonitor.exe] C:Program
FilesAcronisTrueImageTrueImageMonitor.exe
O4 - HKLM..Run: [AcronisTimounterMonitor] C:Program
FilesAcronisTrueImageTimounterMonitor.exe
O4 - HKLM..Run: [Acronis Scheduler2 Service] "C:Program FilesFichiers
communsAcronisSchedule2schedhlp.exe"
O4 - HKLM..Run: [.nvsvc] C:WINDOWSsystemsmss.exe /w
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe"
/background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection
Control) - http://drivers1.free.fr/telecharger.php?id=2&version O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester
Class) -
https://motive.club-internet.fr:8080/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis -
C:Program FilesFichiers communsAcronisSchedule2schedul2.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) -
Symantec Corporation - C:Program FilesNorton Internet
SecurityccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION -
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:Program
FilesNorton Internet SecuritycomHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON
CORPORATION - C:Program FilesFichiers communsEPSONEBAPISAgent2.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel
Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:Program FilesFichiers
communsInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation -
C:Program FilesTOSHIBATOSHIBA RAIDServicekraidsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec
Corporation - C:Program FilesNorton Internet SecurityNorton
AntiVirusnavapsvc.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero
BackItUpNBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedSecurity
ConsoleNSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:WINDOWSsystem32nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH -
C:WINDOWSsystem32oodag.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation -
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel
Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel
Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:Program
FilesSigmaTelC-Major AudioWDMstacsv.exe
O23 - Service: Windows Log - Unknown owner - C:WINDOWSsystem32nvsvcd.exe

NyC

17/10/2006 à 09:08

hello BigPat you wrote

Comme prévu, les virus sont revenus, voici le rapport de Panda:
Incident Statut Analyse

________

Oui, il y a du monde déjà avec Anna Lyse de sang robotisée:

http://www.hijackthis.de/logfiles/9cd31a1a2d9a3b81e5608172b4bf5379.html

Trojan déjà..

Je m' y penche e't je reviens...

A+ y'a du boulot...

;o)

NyC

17/10/2006 à 09:17

hello BigPat you wrote

Tiens, mon post est parti ou ?

Voilà déjà l'analyse robotisée,

Y'a du monde...

http://www.hijackthis.de/logfiles/9d83b12c1c72ab1327f4b1197ce087f2.html

J'etudie et je reviens...

Trojan dans l'air...

A+

--
NyC -nocomprendo-
return adress valid

Happiness limits the amount of suffering.

Nina Popravka

17/10/2006 à 12:16

On Tue, 17 Oct 2006 00:44:55 +0200, "BigPat"
wrote:

Celui-ci envoie des mails à tour de bras dont le sujet est VmIAGRA.
Ah c'est toi ? Je vois que celui là en ce moment dans les logs anti

spam des serveurs de mail dont je m'occupe.

Mon FAI semble les bloquer, enfin c'est ce que me dit Norton (Analyseur de
messagerie Symantec), car mon PC est en théorie protégé par Norton Internet
Security 2006 (qui est bien entendu à jour).
Ca a l'air bien, ce truc... :->>>>>>

--
Nina

NyC

18/10/2006 à 14:21

hello BigPat you wrote

Hach Zut, entre-temps je t'ai oublié , je suis tombé amoureux d'un
herisson...

Qui boit le lait de mon chat...

Bein, fix déjà les 2 en rouge...

Cdlmnt,
--
NyC -nocomprendo-
return adress valid

Happiness limits the amount of suffering.

BigPat

18/10/2006 à 15:12

Ca s'arrange pas du tout mais alors pas du tout, je vous refais une copie de
Hijack
Merci de vous pencher sur mon cas

Logfile of HijackThis v1.99.1
Scan saved at 15:10:14, on 18/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
C:Program FilesFichiers communsSymantec SharedccProxy.exe
C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
C:Program FilesFichiers communsSymantec SharedSPBBCSPBBCSvc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesFichiers communsEPSONEBAPISAgent2.exe
C:Program FilesTOSHIBATOSHIBA RAIDServicekraidsvc.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32oodag.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesSigmaTelC-Major AudioWDMstacsv.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSsystem320THotkey.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSsystem32TFNF5.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesTOSHIBATouchEDTouchED.Exe
C:WINDOWSAGRSMMSG.exe
C:Program FilesTOSHIBAWireless HotkeyTosHKCW.exe
C:Program FilesTOSHIBACommandes TOSHIBATFncKy.exe
C:Program FilesTOSHIBATOSHIBA RAIDConsoleKraidman.exe
C:WINDOWSSystem32DLADLACTRLW.EXE
C:Program FilesFichiers communsSymantec SharedccApp.exe
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:WINDOWSsystem32TPSBattM.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:PROGRA~1IntelWirelessBinDot1XCfg.exe
C:Program FilesFichiers communsSymantec SharedSecurity
ConsoleNSCSRVCE.EXE
C:Program FilesOutlook Expressmsimn.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashSimpl.exe
C:Documents and SettingsBigPatMes documentsHijackThis.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMessengermsmsgs.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat
7.0ActiveXAcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:WINDOWSSystem32DLADLASHX_W.DLL
O2 - BHO: Norton Internet Security 2006 -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program
FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} -
C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [00THotkey] C:WINDOWSsystem320THotkey.exe
O4 - HKLM..Run: [000StTHK] 000StTHK.exe
O4 - HKLM..Run: [TFNF5] TFNF5.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [TouchED] C:Program FilesTOSHIBATouchEDTouchED.Exe
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [TosHKCW.exe] "C:Program FilesTOSHIBAWireless
HotkeyTosHKCW.exe"
O4 - HKLM..Run: [TPSMain] TPSMain.exe
O4 - HKLM..Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM..Run: [TFncKy] TFncKy.exe
O4 - HKLM..Run: [Kraidman] C:Program FilesTOSHIBATOSHIBA
RAIDConsoleKraidman.exe
O4 - HKLM..Run: [DLA] C:WINDOWSSystem32DLADLACTRLW.EXE
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers communsSymantec
SharedccApp.exe"
O4 - HKLM..Run: [IntelZeroConfig] "C:Program
FilesIntelWirelessbinZCfgSvc.exe"
O4 - HKLM..Run: [IntelWireless] "C:Program
FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe"
/background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection
Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection
Control) - http://drivers1.free.fr/telecharger.php?id=2&version O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner -
C:Program FilesFichiers communsAcronisSchedule2schedul2.exe (file
missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) -
Symantec Corporation - C:Program FilesNorton Internet
SecurityccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION -
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:Program
FilesNorton Internet SecuritycomHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON
CORPORATION - C:Program FilesFichiers communsEPSONEBAPISAgent2.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel
Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:Program FilesFichiers
communsInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation -
C:Program FilesTOSHIBATOSHIBA RAIDServicekraidsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec
Corporation - C:Program FilesNorton Internet SecurityNorton
AntiVirusnavapsvc.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero
BackItUpNBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedSecurity
ConsoleNSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:WINDOWSsystem32nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH -
C:WINDOWSsystem32oodag.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation -
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel
Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel
Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:Program
FilesSigmaTelC-Major AudioWDMstacsv.exe

Vous avez filtré cet utilisateur ! Consultez son message

Ca s'arrange pas du tout mais alors pas du tout, je vous refais une copie de
Hijack
Merci de vous pencher sur mon cas

Logfile of HijackThis v1.99.1
Scan saved at 15:10:14, on 18/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
C:Program FilesFichiers communsSymantec SharedccProxy.exe
C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
C:Program FilesFichiers communsSymantec SharedSPBBCSPBBCSvc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesFichiers communsEPSONEBAPISAgent2.exe
C:Program FilesTOSHIBATOSHIBA RAIDServicekraidsvc.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32oodag.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesSigmaTelC-Major AudioWDMstacsv.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSsystem320THotkey.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSsystem32TFNF5.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesTOSHIBATouchEDTouchED.Exe
C:WINDOWSAGRSMMSG.exe
C:Program FilesTOSHIBAWireless HotkeyTosHKCW.exe
C:Program FilesTOSHIBACommandes TOSHIBATFncKy.exe
C:Program FilesTOSHIBATOSHIBA RAIDConsoleKraidman.exe
C:WINDOWSSystem32DLADLACTRLW.EXE
C:Program FilesFichiers communsSymantec SharedccApp.exe
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:WINDOWSsystem32TPSBattM.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:PROGRA~1IntelWirelessBinDot1XCfg.exe
C:Program FilesFichiers communsSymantec SharedSecurity
ConsoleNSCSRVCE.EXE
C:Program FilesOutlook Expressmsimn.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashSimpl.exe
C:Documents and SettingsBigPatMes documentsHijackThis.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMessengermsmsgs.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat
7.0ActiveXAcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:WINDOWSSystem32DLADLASHX_W.DLL
O2 - BHO: Norton Internet Security 2006 -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program
FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} -
C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [00THotkey] C:WINDOWSsystem320THotkey.exe
O4 - HKLM..Run: [000StTHK] 000StTHK.exe
O4 - HKLM..Run: [TFNF5] TFNF5.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [TouchED] C:Program FilesTOSHIBATouchEDTouchED.Exe
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [TosHKCW.exe] "C:Program FilesTOSHIBAWireless
HotkeyTosHKCW.exe"
O4 - HKLM..Run: [TPSMain] TPSMain.exe
O4 - HKLM..Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM..Run: [TFncKy] TFncKy.exe
O4 - HKLM..Run: [Kraidman] C:Program FilesTOSHIBATOSHIBA
RAIDConsoleKraidman.exe
O4 - HKLM..Run: [DLA] C:WINDOWSSystem32DLADLACTRLW.EXE
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers communsSymantec
SharedccApp.exe"
O4 - HKLM..Run: [IntelZeroConfig] "C:Program
FilesIntelWirelessbinZCfgSvc.exe"
O4 - HKLM..Run: [IntelWireless] "C:Program
FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe"
/background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection
Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection
Control) - http://drivers1.free.fr/telecharger.php?id=2&version O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner -
C:Program FilesFichiers communsAcronisSchedule2schedul2.exe (file
missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) -
Symantec Corporation - C:Program FilesNorton Internet
SecurityccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION -
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:Program
FilesNorton Internet SecuritycomHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON
CORPORATION - C:Program FilesFichiers communsEPSONEBAPISAgent2.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel
Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:Program FilesFichiers
communsInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation -
C:Program FilesTOSHIBATOSHIBA RAIDServicekraidsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec
Corporation - C:Program FilesNorton Internet SecurityNorton
AntiVirusnavapsvc.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero
BackItUpNBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedSecurity
ConsoleNSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:WINDOWSsystem32nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH -
C:WINDOWSsystem32oodag.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation -
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel
Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel
Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:Program
FilesSigmaTelC-Major AudioWDMstacsv.exe

Jamb\ OnnO

18/10/2006 à 15:38

BigPat wrote:

Comme prévu, les virus sont revenus, voici le rapport de Panda:
Incident Statut Analyse

Virus:Trj/Rizalof.KS Désinfecté C:Documents and
SettingsBigPatLocalSettingsTemp18exhdd.d.exe
Virus:Trj/Rizalof.LH Désinfecté
C:DocumentsandSettingsBigPatLocalSettingsTemp37exmodul32e.f.exe
Virus:Trj/Rizalof.LH Désinfecté
C:DocumentsandSettingsBigPatLocalSettingsTemp41exmodul32e.f.exe
Virus:Trj/Spammer.BL Désinfecté
C:DocumentsandSettingsBigPatLocalSettingsTemp61exssd32.b.exe
Virus:Trj/Spammer.BL Désinfecté
C:DocumentsandSettingsBigPatLocalSettingsTemp62exssd32.b.exe
Virus:Trj/Rizalof.KS Désinfecté C:Documents and
SettingsBigPatLocal SettingsTemp73exhdd.d.exe

sont peut-être restés dans restore ? désactiver la restauration système
ATTENTION
cet action supprimera touts tes points de sauvegarde !!!
si tu ne sais pas, reposte ici.

soit tu vides le dossier temp
soit tu les recherches (démarrer < rechercher) manuellement
et tu les supprimes

je vois aussi une entrée avast ? a virer

--
sldicnn

Virus qui aime communiquer

10 réponses

Veuillez sélectionner un problème