Spyware ou pas

Spyware ou pas - Virus/Spywares - Windows & Software

Marsh Posté le 24-09-2008 à 21:42:34    

Bonjour,
 
Depuis quelques jours, j'ai des popups qui s'ouvrent automatiquement ... ces popups sont d'origine divers et variés ...
En regardant sur le net, j'ai téléchargé HiJackThis et scruté son rapport en regardant sur les divers forums si le même problème a été déjà trouvé par un internaute.
 
Voici la ligne incrimée (enfin celle qui me parait louche au 1er abord)  
 
Extrait du fichier hijackthis.log :
O4 - HKCU\..\Run: [goayo] "c:\documents and settings\philippe\local settings\application data\goayo.exe" goayo
 
Quelqu'un connait-il ce programme goayo.exe ?
 
Merci.

Reply

Marsh Posté le 24-09-2008 à 21:42:34   

Reply

Marsh Posté le 25-09-2008 à 08:03:38    

Bonjour,
 
Apparement, personne n'a d'informations sur ce programme ... Ci-joint mon fichier de log ...
 
Merci d'avance pour votre aide
 

Code :
  1. Logfile of Trend Micro HijackThis v2.0.2
  2. Scan saved at 08:02:44, on 25/09/2008
  3. Platform: Windows XP SP2 (WinNT 5.01.2600)
  4. MSIE: Internet Explorer v7.00 (7.00.6000.16705)
  5. Boot mode: Normal
  7. Running processes:
  8. C:\WINDOWS\System32\smss.exe
  9. C:\WINDOWS\system32\winlogon.exe
  10. C:\WINDOWS\system32\services.exe
  11. C:\WINDOWS\system32\lsass.exe
  12. C:\WINDOWS\system32\Ati2evxx.exe
  13. C:\WINDOWS\system32\svchost.exe
  14. C:\WINDOWS\System32\svchost.exe
  15. C:\WINDOWS\system32\Ati2evxx.exe
  16. C:\WINDOWS\system32\spoolsv.exe
  17. C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  18. C:\Program Files\Bonjour\mDNSResponder.exe
  19. C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  20. C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
  21. C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
  22. C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
  23. C:\WINDOWS\system32\svchost.exe
  24. C:\WINDOWS\Explorer.EXE
  25. C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
  26. C:\WINDOWS\system32\wscntfy.exe
  27. C:\Program Files\Microsoft IntelliType Pro\itype.exe
  28. C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
  29. C:\WINDOWS\SOUNDMAN.EXE
  30. C:\Program Files\Microsoft Hardware\Mouse\point32.exe
  31. C:\Program Files\Winamp\winampa.exe
  32. C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
  33. C:\WINDOWS\system32\WgaTray.exe
  34. C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
  35. C:\Program Files\Logitech\QuickCam\Quickcam.exe
  36. C:\Program Files\iTunes\iTunesHelper.exe
  37. C:\WINDOWS\system32\ctfmon.exe
  38. C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
  39. C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  40. F:\Applications\FreeRAM XP Pro\FreeRAM XP Pro.exe
  41. C:\documents and settings\philippe\local settings\application data\goayo.exe
  42. C:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe
  43. C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
  44. C:\Program Files\iPod\bin\iPodService.exe
  45. C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
  46. C:\Program Files\freeBrowser\vlc\vlc.exe
  47. C:\Program Files\Windows Live\Messenger\msnmsgr.exe
  48. C:\Program Files\Windows Live\Messenger\msnmsgr.exe
  49. C:\Program Files\Windows Live\Messenger\usnsvc.exe
  50. C:\Program Files\RegCleaner\RegCleanr.exe
  51. C:\Program Files\Internet Explorer\iexplore.exe
  52. C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
  53. C:\Documents and Settings\Philippe\Bureau\HiJackThis.exe
  55. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
  56. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  57. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  58. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  59. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  60. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  61. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
  62. O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  63. O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
  64. O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
  65. O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  66. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  67. O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  68. O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  69. O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
  70. O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  71. O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
  72. O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
  73. O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
  74. O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  75. O4 - HKLM\..\Run: [POINTER] point32.exe
  76. O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
  77. O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  78. O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
  79. O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  80. O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
  81. O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
  82. O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  83. O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
  84. O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  85. O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  86. O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  87. O4 - HKCU\..\Run: [FreeRAM XP] "F:\Applications\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
  88. O4 - HKCU\..\Run: [VPbubble] "C:\Program Files\Nosibay\VPbubble\launcher.exe"
  89. O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
  90. O4 - HKCU\..\Run: [goayo] "c:\documents and settings\philippe\local settings\application data\goayo.exe" goayo
  91. O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
  92. O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
  93. O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  94. O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  95. O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
  96. O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
  97. O4 - Global Startup: freeBrowser.lnk = C:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe
  98. O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  99. O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
  100. O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
  101. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  102. O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  103. O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
  104. O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  105. O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  106. O15 - Trusted Zone: http://forum.hardware.fr
  107. O15 - Trusted Zone: http://www.kaspersky.com
  108. O15 - Trusted Zone: http://www.yahoo.fr
  109. O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
  110. O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr [...] NPUpld.cab
  111. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2948204406
  112. O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _0_2_0.cab
  113. O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
  114. O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
  115. O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  116. O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  117. O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  118. O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  119. O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe (file missing)
  120. O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
  121. O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe
  122. O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe
  123. O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  124. O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  125. O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
  126. O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  127. O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
  128. O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
  129. O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
  130. O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
  131. O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
  133. --
  134. End of file - 11076 bytes


Message édité par phdenis le 25-09-2008 à 08:05:37
Reply

Marsh Posté le 25-09-2008 à 09:45:21    

Logs hijackthis interdits.

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed