J'ai récupére une image suspecte sur mon bureau il y a qql jours.
Après recherches et vérifications d'usage, il apparait que cette image indésirable révèle une infection probable de mon PC.
J'ai donc créée une log Hijack que voici.
Devant mon incompétance notoire à analyser ce résultat abstrut, merci de me venir en aide ...
<<<
Logfile of HijackThis v1.99.1
Scan saved at 10:58:56, on 04/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
G:\WINDOWS\System32\inetsrv\inetinfo.exe
G:\PROGRA~1\Iomega\System32\AppServices.exe
G:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
G:\Program Files\No-IP\DUC20.exe
G:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
G:\Program Files\Serv-U\ServUDaemon.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\tcpsvcs.exe
G:\WINDOWS\System32\snmp.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Iomega\AutoDisk\ADService.exe
G:\WINDOWS\system32\fxssvc.exe
G:\WINDOWS\System32\mqsvc.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\Program Files\Iomega\DriveIcons\ImgIcon.exe
G:\WINDOWS\System32\mqtgsvc.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
G:\WINDOWS\System32\svchost.exe
P:\Fabrice\HijackThis.exe
G:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O2 - BHO: Saristar - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50} - G:\WINDOWS\system32\saristar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [Iomega Drive Icons] G:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] G:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Watch] __G:\PROGRA~1\Minitel\Watch.exe__
O4 - HKLM\..\Run: [NeroFilterCheck] __G:\WINDOWS\system32\NeroCheck.exe__
O4 - HKLM\..\Run: [InCD] __G:\Program Files\Ahead\InCD\InCD.exe__
O4 - HKLM\..\Run: [msnappau] ___G:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe___
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ZoneAlarm.lnk = G:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MI699F~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://g:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://g:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://g:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MI699F~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9E1089BC-1AE8-4685-8D77-6721E5C318A8} (loader2 Class) - http://217.73.66.16/comload.dll
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://217.73.66.1/minidialler/mdd [...] honhh_.exe
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/downlo [...] tup144.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - G:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: NavLogon - G:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - G:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - G:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - G:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - G:\Program Files\No-IP\DUC20.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - G:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - G:\Program Files\Serv-U\ServUDaemon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - G:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - G:\Program Files\Iomega\AutoDisk\ADService.exe
>>>