Galère de spyware, de l'aide pour lire mon log hijack???

Galère de spyware, de l'aide pour lire mon log hijack??? - Sécurité - Windows & Software

Marsh Posté le 17-03-2005 à 00:10:56    

salut j'ai des spywares de partout je suis en galère, en plus j'ai une icone nommée clix qui s'est foutue sur mon disque dur et que je peux pas supprimer elle me lance une fenêtre noire de temps en temps sur le net... je viens d'enchainer spybot, adaware et spysubtract a la chaine et je peux naviguer potablement mais sa commence a revenir...  
 
Voila mon log merci déjà :  
 
 
Logfile of HijackThis v1.99.1  
Scan saved at 23:56:04, on 16/03/2005  
Platform: Windows XP SP1 (WinNT 5.01.2600)  
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)  
 
Running processes:  
C:\WINDOWS\System32\smss.exe  
C:\WINDOWS\system32\winlogon.exe  
C:\WINDOWS\system32\services.exe  
C:\WINDOWS\system32\lsass.exe  
C:\WINDOWS\system32\svchost.exe  
C:\WINDOWS\System32\svchost.exe  
C:\WINDOWS\system32\spoolsv.exe  
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe  
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE  
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe  
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE  
C:\WINDOWS\System32\nvsvc32.exe  
C:\WINDOWS\System32\snmp.exe  
C:\WINDOWS\System32\svchost.exe  
C:\WINDOWS\Explorer.EXE  
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe  
C:\PROGRA~1\Wanadoo\CnxMon.exe  
C:\Program Files\Wanadoo\taskbaricon.exe  
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe  
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe  
C:\WINDOWS\System32\RunDll32.exe  
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe  
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe  
C:\WINDOWS\System32\rr.exe  
C:\WINDOWS\System32\server05.exe  
C:\WINDOWS\System32\tasksetup.exe  
C:\WINDOWS\System32\adwareremover.exe  
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe  
C:\Program Files\Media Pass\MediaPassK.exe  
C:\WINDOWS\System32\ctfmon.exe  
C:\Program Files\MSN Messenger\msnmsgr.exe  
C:\Program Files\Media Pass\MediaPass.exe  
C:\Program Files\interMute\SpySubtract\SpySub.exe  
C:\WINDOWS\System32\msiexec.exe  
C:\Program Files\HJT\HijackThis.exe  
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/  
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr  
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Exploreur  
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens  
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)  
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)  
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup  
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install  
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon  
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe  
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe  
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe  
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe  
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe  
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot  
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd  
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe  
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe  
O4 - HKLM\..\Run: [FireWire Service] rr.exe  
O4 - HKLM\..\Run: [Server Backbone] server05.exe  
O4 - HKLM\..\Run: [TASK SETUP] tasksetup.exe  
O4 - HKLM\..\Run: [MS] adwareremover.exe  
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"  
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"  
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe  
O4 - HKLM\..\Run: [FQdPuPwV] C:\WINDOWS\rupcphl.exe  
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteopy32.exe  
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe  
O4 - HKLM\..\RunServices: [FireWire Service] rr.exe  
O4 - HKLM\..\RunServices: [Server Backbone] server05.exe  
O4 - HKLM\..\RunServices: [TASK SETUP] tasksetup.exe  
O4 - HKLM\..\RunServices: [MS] adwareremover.exe  
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe  
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background  
O4 - HKCU\..\Run: [TASK SETUP] tasksetup.exe  
O4 - HKCU\..\Run: [MS] adwareremover.exe  
O4 - HKCU\..\RunServices: [MS] adwareremover.exe  
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE  
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe  
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)  
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab  
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ [...] ge-c18.cab  
O16 - DPF: {1B3E3251-658E-4F03-8881-68302FE3CE9E} - file://C:\Documents and Settings\caroline lamamy\Local Settings\Temp\Friendtmp.xms  
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab  
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presen [...] Ephoto.cab  
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/12449/CD/MadameSalope.exe  
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab  
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab  
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab  
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe  
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe  
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE  
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe  
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE  
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe  
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe  
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe  

Reply

Marsh Posté le 17-03-2005 à 00:10:56   

Reply

Marsh Posté le 17-03-2005 à 01:29:18    

Après avoir fais quelques nettoyage et rescanner avec plusieurs logiciels, j'ai retrouver par adaware un truc windows-update ainsi que ebates...
 
Voila le nouveau scan! merci d'avance...
 
Logfile of HijackThis v1.99.1
Scan saved at 01:25:40, on 17/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\rr.exe
C:\WINDOWS\System32\server05.exe
C:\WINDOWS\System32\tasksetup.exe
C:\WINDOWS\System32\adwareremover.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\HJT\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Exploreur
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [FireWire Service] rr.exe
O4 - HKLM\..\Run: [Server Backbone] server05.exe
O4 - HKLM\..\Run: [TASK SETUP] tasksetup.exe
O4 - HKLM\..\Run: [MS] adwareremover.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [FQdPuPwV] C:\WINDOWS\rupcphl.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteopy32.exe
O4 - HKLM\..\RunServices: [FireWire Service] rr.exe
O4 - HKLM\..\RunServices: [Server Backbone] server05.exe
O4 - HKLM\..\RunServices: [TASK SETUP] tasksetup.exe
O4 - HKLM\..\RunServices: [MS] adwareremover.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TASK SETUP] tasksetup.exe
O4 - HKCU\..\Run: [MS] adwareremover.exe
O4 - HKCU\..\RunServices: [MS] adwareremover.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {1B3E3251-658E-4F03-8881-68302FE3CE9E} - file://C:\Documents and Settings\caroline lamamy\Local Settings\Temp\Friendtmp.xms
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presen [...] Ephoto.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
 

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed