egoteabs

Membres

Afficher le profil Afficher son activité

Compteur de contenus
65
Inscription
le 4 février 2009
Dernière visite
le 27 janvier 2014

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par egoteabs

pc lent, puis redevenu "normal"? [résolu]

egoteabs a répondu à un(e) sujet de egoteabs dans Analyses et éradication malwares

je reposte: [ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\Combofix.txt: trouvé ! C:\fixnavi.txt: trouvé ! C:\cleannavi.txt: trouvé ! C:\TB.txt: trouvé ! C:\Qoobox: trouvé ! C:\Toolbar SD: trouvé ! C:\Documents and Settings\WENZEL\Bureau\ComboFix.exe: trouvé ! C:\Documents and Settings\WENZEL\Bureau\HijackThis.exe: trouvé ! C:\Documents and Settings\WENZEL\Bureau\ToolBarSD.exe: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\WENZEL\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !! C:\Documents and Settings\WENZEL\Bureau\HijackThis.exe: supprimé ! C:\Documents and Settings\WENZEL\Bureau\ToolBarSD.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\fixnavi.txt: supprimé ! C:\cleannavi.txt: supprimé ! C:\TB.txt: supprimé ! C:\Qoobox: supprimé ! C:\Toolbar SD: supprimé !
- le 6 février 2009
- 39 réponses
pc lent, puis redevenu "normal"? [résolu]

egoteabs a répondu à un(e) sujet de egoteabs dans Analyses et éradication malwares

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:49:31, on 06/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\Program Files\convertisseurs de fichiers\MusicBoxTool_setup\AudioTranscoder\updtr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\wt\updater\wcmdmgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Pando Networks\Pando\Pando.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\SpamPal\spampal.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Fenêtre d'état Canon LBP-800.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.ceget...FAutoConfig.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134995772328 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CDF20E3E-4764-408C-AC9D-978D812AEC71}: NameServer = 86.64.145.146 84.103.237.146 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Digital Music Software: Audio Transcoder update permissions manager. 1543. - Unknown owner - C:\Program Files\convertisseurs de fichiers\MusicBoxTool_setup\AudioTranscoder\updtr.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 9605 bytes ouf, c'est fini? il reste tjs Vbs.reg, Malwarebytes, Combofix sur le bureau...
- le 6 février 2009
- 39 réponses
pc lent, puis redevenu "normal"? [résolu]

egoteabs a répondu à un(e) sujet de egoteabs dans Analyses et éradication malwares

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\Combofix.txt: trouvé ! C:\fixnavi.txt: trouvé ! C:\cleannavi.txt: trouvé ! C:\TB.txt: trouvé ! C:\Qoobox: trouvé ! C:\Toolbar SD: trouvé ! C:\Documents and Settings\WENZEL\Bureau\ComboFix.exe: trouvé ! C:\Documents and Settings\WENZEL\Bureau\HijackThis.exe: trouvé ! C:\Documents and Settings\WENZEL\Bureau\ToolBarSD.exe: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\WENZEL\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !! C:\Documents and Settings\WENZEL\Bureau\HijackThis.exe: supprimé ! C:\Documents and Settings\WENZEL\Bureau\ToolBarSD.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\fixnavi.txt: supprimé ! C:\cleannavi.txt: supprimé ! C:\TB.txt: supprimé ! C:\Qoobox: supprimé ! C:\Toolbar SD: supprimé ! hijackthis in a minute! )
- le 6 février 2009
- 39 réponses
pc lent, puis redevenu "normal"? [résolu]

egoteabs a répondu à un(e) sujet de egoteabs dans Analyses et éradication malwares

et voilà le travail: ComboFix 09-02-05.04 - WENZEL 2009-02-06 18:50:49.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.147 [GMT 1:00] Lancé depuis: c:\documents and settings\WENZEL\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\WENZEL\Bureau\CFScript.txt AV: Norton AntiVirus *On-access scanning disabled* (Updated) FW: Norton AntiVirus *enabled* * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: c:\program files\Bonjour\mDNSResponder.exe c:\program files\eurobarre\eb.exe c:\program files\eurobarre_setup.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Bonjour\mDNSResponder.exe c:\program files\eurobarre_setup.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-06 au 2009-02-06 )))))))))))))))))))))))))))))))))))) . 2009-02-05 21:47 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-02-05 21:47 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-02-05 21:47 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-05 21:47 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-02-05 21:47 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys 2009-02-05 21:47 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-02-05 21:47 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys 2009-02-05 21:46 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2009-02-05 21:46 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-02-05 19:49 . 2009-02-05 19:49 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-05 19:49 . 2009-02-05 19:49 <REP> d-------- c:\documents and settings\WENZEL\Application Data\Malwarebytes 2009-02-05 19:49 . 2009-02-05 19:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-05 19:49 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-05 19:49 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-05 19:15 . 2009-02-05 19:15 <REP> d-------- c:\program files\Cegetel 2009-02-05 19:15 . 1997-03-05 08:53 48,128 --a------ c:\windows\system32\SMMSCRPT.DLL 2009-02-05 19:15 . 1996-10-15 08:40 9,728 --a------ c:\windows\system32\RNAPH.DLL 2009-02-05 19:14 . 2009-02-05 19:14 <REP> d-------- c:\windows\Cegetel 2009-02-05 15:41 . 2009-02-05 18:27 <REP> d-------- C:\ToolBar SD 2009-01-24 17:09 . 2009-01-24 17:09 29 --a------ c:\windows\softy.ini 2009-01-06 16:39 . 2009-01-06 17:00 <REP> d-------- c:\documents and settings\WENZEL\Application Data\AudioTranscoder 2009-01-06 15:18 . 2009-01-06 15:23 <REP> d-------- c:\windows\SxsCaPendDel . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-06 18:01 --------- d-----w c:\documents and settings\WENZEL\Application Data\Skype 2009-02-06 17:51 --------- d-----w c:\program files\Bonjour 2009-02-06 15:02 --------- d-----w c:\documents and settings\WENZEL\Application Data\skypePM 2009-02-05 18:15 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-31 08:16 --------- d-----w c:\program files\convertisseurs de fichiers 2009-01-31 08:15 --------- d-----w c:\documents and settings\WENZEL\Application Data\foobar2000 2009-01-30 11:42 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2009-01-26 10:14 --------- d-----w c:\program files\Photocopier 2 2009-01-19 16:52 --------- d-----w c:\program files\eMule 2009-01-18 18:58 --------- d-----w c:\program files\Fichiers communs\Real 2009-01-06 14:12 --------- d-----w c:\program files\OpenOffice.org 3 2009-01-06 09:16 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-01-06 09:16 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-01-06 09:16 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-06 09:16 --------- d-----w c:\program files\Symantec 2008-12-29 18:08 1,851,544 ----a-w c:\program files\install_flash_player.exe 2008-12-21 16:51 --------- d-----w c:\program files\Pando Networks 2008-12-17 10:04 --------- d-----w c:\program files\Adobe CS3 2008-12-11 15:36 --------- d-----w c:\program files\RadioWeb 2008-12-11 15:15 --------- d-----w c:\program files\Fichiers communs\BOONTY Shared 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-07 21:31 --------- d-----w c:\program files\Fichiers communs\PACE Anti-Piracy 2008-12-07 21:31 --------- d-----w c:\documents and settings\WENZEL\Application Data\PACE Anti-Piracy 2008-12-07 21:31 --------- d-----w c:\documents and settings\All Users\Application Data\PACE Anti-Piracy 2008-12-07 19:52 --------- d-----w c:\program files\DxO Labs 2008-12-07 19:01 --------- d-----w c:\program files\MSBuild 2008-12-07 18:45 --------- d-----w c:\program files\Reference Assemblies 2008-11-14 22:39 2,160,115 -c--a-w c:\program files\NeatSetup.exe 2008-11-12 15:41 74,752 ----a-w c:\windows\ST6UNST.EXE 2008-11-12 15:41 266,240 ------w c:\windows\Setup1.exe 2008-10-15 09:57 58,136 -c--a-w c:\documents and settings\WENZEL\Application Data\GDIPFONTCACHEV1.DAT 2008-04-07 17:00 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2008-02-01 22:52 13,413,048 -c--a-w c:\program files\Google_Earth_BZXD.exe 2007-06-01 17:44 4,787 -c--a-w c:\program files\legitcheck.hta 2007-02-09 22:17 2,599,088 -c--a-w c:\program files\Shockwave_Installer_Slim.exe 2006-11-27 12:22 927,528 -c--a-w c:\program files\IRiverFirmwareUpdater.exe 2006-02-04 13:14 11,817,800 -c--a-w c:\program files\GoogleEarth.exe 2008-09-28 23:24 16,384 -csha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2008-09-28 23:24 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092920080930\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-18 68856] "Pando"="c:\program files\Pando Networks\Pando\Pando.exe" [2008-11-20 3647304] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-06 21898024] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 115816] "Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2001-01-25 20480] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-12-20 962661] Fenˆtre d'‚tat Canon LBP-800.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2005-12-22 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "vidc.ffds"= c:\progra~1\CONVER~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2005-12-19 9344] R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2005-12-19 389504] R2 Digital Music Software: Audio Transcoder update permissions manager. 1543.;Digital Music Software: Audio Transcoder update permissions manager. 1543.;c:\program files\convertisseurs de fichiers\MusicBoxTool_setup\AudioTranscoder\updtr.exe -PermissionManagerRun --> c:\program files\convertisseurs de fichiers\MusicBoxTool_setup\AudioTranscoder\updtr.exe -PermissionManagerRun [?] R2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [2005-12-22 23008] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-12 99376] . Contenu du dossier 'Tâches planifiées' 2009-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-02-06 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2009-01-30 c:\windows\Tasks\Norton AntiVirus - Analyse système complète - WENZEL.job - c:\progra~1\NORTON~1\Navw32.exe [2006-09-06 22:38] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.cegetel.net mWindow Title = IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} - hxxps://ssl-tb.sitadelle.com/selfcare.cegetel.net/templates/static/ocx/AFAutoConfig.ocx FF - ProfilePath - c:\documents and settings\WENZEL\Application Data\Mozilla\Firefox\Profiles\drq0kg5p.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr-FR:official . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-06 18:59:05 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... ************************************************************************** "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Digital Music Software: Audio Transcoder update permissions manager. 1543.] . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(552) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Fichiers communs\Symantec Shared\ccSvcHst.exe c:\program files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe c:\windows\system32\CAPRPCSK.EXE c:\program files\convertisseurs de fichiers\MusicBoxTool_setup\AudioTranscoder\updtr.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\fxssvc.exe c:\windows\wt\updater\wcmdmgr.exe c:\program files\SpamPal\spampal.exe . ************************************************************************** . Heure de fin: 2009-02-06 19:09:54 - La machine a redémarré [WENZEL] ComboFix-quarantined-files.txt 2009-02-06 18:08:31 ComboFix2.txt 2009-02-06 16:45:49 Avant-CF: 37,576,962,048 octets libres Après-CF: 37,576,642,560 octets libres 186 --- E O F --- 2009-02-05 22:52:23
- le 6 février 2009
- 39 réponses
pc lent, puis redevenu "normal"? [résolu]

egoteabs a répondu à un(e) sujet de egoteabs dans Analyses et éradication malwares

voilà la première partie: ComboFix 09-02-05.04 - WENZEL 2009-02-06 17:23:29.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.119 [GMT 1:00] Lancé depuis: c:\documents and settings\WENZEL\Bureau\ComboFix.exe AV: Norton AntiVirus *On-access scanning disabled* (Updated) FW: Norton AntiVirus *enabled* * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\WENZEL\Application Data\EurekaLog c:\windows\IE4 Error Log.txt c:\windows\system32\kdqjw.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-06 au 2009-02-06 )))))))))))))))))))))))))))))))))))) . 2009-02-05 21:47 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-02-05 21:47 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-02-05 21:47 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-05 21:47 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-02-05 21:47 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys 2009-02-05 21:47 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-02-05 21:47 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys 2009-02-05 21:46 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2009-02-05 21:46 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-02-05 19:49 . 2009-02-05 19:49 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-05 19:49 . 2009-02-05 19:49 <REP> d-------- c:\documents and settings\WENZEL\Application Data\Malwarebytes 2009-02-05 19:49 . 2009-02-05 19:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-05 19:49 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-05 19:49 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-05 19:15 . 2009-02-05 19:15 <REP> d-------- c:\program files\Cegetel 2009-02-05 19:15 . 1997-03-05 08:53 48,128 --a------ c:\windows\system32\SMMSCRPT.DLL 2009-02-05 19:15 . 1996-10-15 08:40 9,728 --a------ c:\windows\system32\RNAPH.DLL 2009-02-05 19:14 . 2009-02-05 19:14 <REP> d-------- c:\windows\Cegetel 2009-02-05 15:41 . 2009-02-05 18:27 <REP> d-------- C:\ToolBar SD 2009-01-24 17:09 . 2009-01-24 17:09 29 --a------ c:\windows\softy.ini 2009-01-06 16:39 . 2009-01-06 17:00 <REP> d-------- c:\documents and settings\WENZEL\Application Data\AudioTranscoder 2009-01-06 15:18 . 2009-01-06 15:23 <REP> d-------- c:\windows\SxsCaPendDel . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-06 16:37 --------- d-----w c:\documents and settings\WENZEL\Application Data\Skype 2009-02-06 15:02 --------- d-----w c:\documents and settings\WENZEL\Application Data\skypePM 2009-02-05 18:15 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-31 08:16 --------- d-----w c:\program files\convertisseurs de fichiers 2009-01-31 08:15 --------- d-----w c:\documents and settings\WENZEL\Application Data\foobar2000 2009-01-30 11:42 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2009-01-26 10:14 --------- d-----w c:\program files\Photocopier 2 2009-01-19 16:52 --------- d-----w c:\program files\eMule 2009-01-18 18:58 --------- d-----w c:\program files\Fichiers communs\Real 2009-01-06 14:12 --------- d-----w c:\program files\OpenOffice.org 3 2009-01-06 09:16 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-01-06 09:16 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-01-06 09:16 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-06 09:16 --------- d-----w c:\program files\Symantec 2008-12-29 18:08 1,851,544 ----a-w c:\program files\install_flash_player.exe 2008-12-21 16:51 --------- d-----w c:\program files\Pando Networks 2008-12-17 10:04 --------- d-----w c:\program files\Adobe CS3 2008-12-11 15:36 --------- d-----w c:\program files\RadioWeb 2008-12-11 15:15 --------- d-----w c:\program files\Fichiers communs\BOONTY Shared 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-07 21:31 --------- d-----w c:\program files\Fichiers communs\PACE Anti-Piracy 2008-12-07 21:31 --------- d-----w c:\documents and settings\WENZEL\Application Data\PACE Anti-Piracy 2008-12-07 21:31 --------- d-----w c:\documents and settings\All Users\Application Data\PACE Anti-Piracy 2008-12-07 19:52 --------- d-----w c:\program files\DxO Labs 2008-12-07 19:01 --------- d-----w c:\program files\MSBuild 2008-12-07 18:45 --------- d-----w c:\program files\Reference Assemblies 2008-11-14 22:39 2,160,115 -c--a-w c:\program files\NeatSetup.exe 2008-11-12 15:41 74,752 ----a-w c:\windows\ST6UNST.EXE 2008-11-12 15:41 266,240 ------w c:\windows\Setup1.exe 2008-10-15 09:57 58,136 -c--a-w c:\documents and settings\WENZEL\Application Data\GDIPFONTCACHEV1.DAT 2008-04-07 17:00 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2008-02-01 22:52 13,413,048 -c--a-w c:\program files\Google_Earth_BZXD.exe 2007-06-01 17:44 4,787 -c--a-w c:\program files\legitcheck.hta 2007-05-31 09:32 49,152 -c--a-w c:\program files\eurobarre_setup.exe 2007-02-09 22:17 2,599,088 -c--a-w c:\program files\Shockwave_Installer_Slim.exe 2006-11-27 12:22 927,528 -c--a-w c:\program files\IRiverFirmwareUpdater.exe 2006-02-04 13:14 11,817,800 -c--a-w c:\program files\GoogleEarth.exe 2008-09-28 23:24 16,384 -csha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2008-09-28 23:24 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092920080930\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-18 68856] "Pando"="c:\program files\Pando Networks\Pando\Pando.exe" [2008-11-20 3647304] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-06 21898024] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 115816] "Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2001-01-25 20480] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "vidc.ffds"= c:\progra~1\CONVER~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2005-12-19 9344] R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2005-12-19 389504] R2 Digital Music Software: Audio Transcoder update permissions manager. 1543.;Digital Music Software: Audio Transcoder update permissions manager. 1543.;c:\program files\convertisseurs de fichiers\MusicBoxTool_setup\AudioTranscoder\updtr.exe -PermissionManagerRun --> c:\program files\convertisseurs de fichiers\MusicBoxTool_setup\AudioTranscoder\updtr.exe -PermissionManagerRun [?] R2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [2005-12-22 23008] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-12 99376] . Contenu du dossier 'Tâches planifiées' 2009-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-02-06 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Democracy Player - c:\program files\Participatory Culture Foundation\Democracy Player\Democracy.exe HKLM-Run-2131743181 - d:\ureg\Pentax_Win_GM_10042005.exe HKLM-Run-EoEngine - (no file) suite et fin: ------- Examen supplémentaire ------- . uStart Page = hxxp://www.cegetel.net mWindow Title = IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} - hxxps://ssl-tb.sitadelle.com/selfcare.cegetel.net/templates/static/ocx/AFAutoConfig.ocx FF - ProfilePath - c:\documents and settings\WENZEL\Application Data\Mozilla\Firefox\Profiles\drq0kg5p.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr-FR:official FF - plugin: c:\program files\QuickTime\DivX\DivX Web Player\npdivx32.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-06 17:34:29 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... ************************************************************************** "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Digital Music Software: Audio Transcoder update permissions manager. 1543.] . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(564) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Fichiers communs\Symantec Shared\ccSvcHst.exe c:\windows\system32\ati2evxx.exe c:\program files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\convertisseurs de fichiers\MusicBoxTool_setup\AudioTranscoder\updtr.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\fxssvc.exe c:\windows\system32\CAPRPCSK.EXE c:\windows\wt\updater\wcmdmgr.exe c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe c:\program files\SpamPal\spampal.exe c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE . ************************************************************************** . Heure de fin: 2009-02-06 17:45:45 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-06 16:44:22 Avant-CF: 37ÿ427ÿ503ÿ104 octets libres AprÞs-CF: 37,574,971,392 octets libres 197 --- E O F --- 2009-02-05 22:52:23
- le 6 février 2009
- 39 réponses
pc lent, puis redevenu "normal"? [résolu]

egoteabs a répondu à un(e) sujet de egoteabs dans Analyses et éradication malwares

voilà: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:31:03, on 06/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\convertisseurs de fichiers\MusicBoxTool_setup\AudioTranscoder\updtr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\wt\updater\wcmdmgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Pando Networks\Pando\Pando.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\SpamPal\spampal.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\WENZEL\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [2131743181] D:\Ureg\Pentax_Win_GM_10042005.exe /r "D:\Ureg\Pentax_Win_GM_10042005.rpd" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Democracy Player] C:\Program Files\Participatory Culture Foundation\Democracy Player\Democracy.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Fenêtre d'état Canon LBP-800.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.ceget...FAutoConfig.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134995772328 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CDF20E3E-4764-408C-AC9D-978D812AEC71}: NameServer = 84.103.237.145 86.64.145.145 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Digital Music Software: Audio Transcoder update permissions manager. 1543. - Unknown owner - C:\Program Files\convertisseurs de fichiers\MusicBoxTool_setup\AudioTranscoder\updtr.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 10307 bytes Question 1: pourquoi pas guérison complète? Question 2: que fais-je avec Vbs.reg, Malwarebytes, Toolbar DS, Hijack This, que j'ai sur le bureau? Je peux faire le ménage?
- le 6 février 2009
- 39 réponses
pc lent, puis redevenu "normal"? [résolu]

egoteabs a répondu à un(e) sujet de egoteabs dans Analyses et éradication malwares

me voilà de retour! les rapports navilog: Search Navipromo version 3.7.1 commencé le 06/02/2009 à 15:16:29,56 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.20GHz ) BIOS : )Phoenix - Award WorkstationBIOS v6.00PG USER : WENZEL ( Administrator ) BOOT : Fail-safe boot Antivirus : Norton AntiVirus 2007 (Activated) Firewall : Norton AntiVirus 2007 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:68 Go (Free:34 Go) D:\ (CD or DVD) E:\ (CD or DVD) F:\ (Local Disk) - NTFS - Total:7 Go (Free:7 Go) G:\ (Local Disk) - FAT32 - Total:12 Go (Free:7 Go) H:\ (Local Disk) - FAT32 - Total:465 Go (Free:392 Go) I:\ (USB) - FAT - Total:126 Mo (Free:0 Go) Recherche executé en mode sans échec *** Recherche Programmes installés *** Favorit *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** ...\InternetGameBox trouvé ! *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\WENZEL\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\WENZEL\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\WENZEL\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\WENZEL\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** !! Les clés trouvées ne sont pas forcément infectées !! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\WENZEL\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat Montorgueil absent ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche autres dossiers et fichiers connus : *** Analyse terminée le 06/02/2009 à 15:37:08,71 *** Clean Navipromo version 3.7.1 commencé le 06/02/2009 à 15:49:44,75 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.20GHz ) BIOS : )Phoenix - Award WorkstationBIOS v6.00PG USER : WENZEL ( Administrator ) BOOT : Normal boot Antivirus : Norton AntiVirus 2007 (Activated) Firewall : Norton AntiVirus 2007 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:68 Go (Free:34 Go) D:\ (CD or DVD) E:\ (CD or DVD) F:\ (Local Disk) - NTFS - Total:7 Go (Free:7 Go) G:\ (Local Disk) - FAT32 - Total:12 Go (Free:7 Go) H:\ (Local Disk) - FAT32 - Total:465 Go (Free:392 Go) I:\ (USB) - FAT - Total:126 Mo (Free:0 Go) Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * * Suppression dans "C:\Documents and Settings\WENZEL\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** ...\InternetGamebox ...suppression... ...\InternetGamebox supprimé ! *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\WENZEL\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\WENZEL\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\WENZEL\menudm~1\progra~1" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\WENZEL\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * * Dans "C:\Documents and Settings\WENZEL\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! Certificat Electronic-Group supprimé ! Certificat Montorgueil absent ! Certificat OOO-Favorit supprimé ! Certificat Sunny-Day-Design-Ltdt absent ! *** Recherche autres dossiers et fichiers connus *** *** Nettoyage terminé le 06/02/2009 à 15:59:46,90 *** Alors, çà va, Docteur? )
- le 6 février 2009
- 39 réponses
pc lent, puis redevenu "normal"? [résolu]

egoteabs a répondu à un(e) sujet de egoteabs dans Analyses et éradication malwares

aie...concernant Navilog1, je n'arrive pas à cocher la case " cette option peut vous autoriser exécuter..." malgré mes efforts pour suivre les instructions...je n'ose pas passer outre... j'arrête là pour ce soir! bonne nuit! )
- le 5 février 2009
- 39 réponses
pc lent, puis redevenu "normal"? [résolu]

egoteabs a répondu à un(e) sujet de egoteabs dans Analyses et éradication malwares

rapport malewares: c'est assez long, mais si c'est efficace... : Malwarebytes' Anti-Malware 1.33 Version de la base de données: 1731 Windows 5.1.2600 Service Pack 3 05/02/2009 23:10:12 mbam-log-2009-02-05 (23-10-12).txt Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Eléments examinés: 191771 Temps écoulé: 3 hour(s), 15 minute(s), 45 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 21 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iwsmoiw (Adware.Navipromo.H) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.94 85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{09f55a75-8663-46e3-85f6-fb7e637d3a38}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2e2faa45-186f-4fab-a7ee-2df1b7412ca9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2e2faa45-186f-4fab-a7ee-2df1b7412ca9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a376bccc-0bd2-4661-99da-122e38c33d8b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bd24a3f1-28ec-4c37-9057-1bd5aeb86adc}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bd24a3f1-28ec-4c37-9057-1bd5aeb86adc}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.94 85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{09f55a75-8663-46e3-85f6-fb7e637d3a38}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2e2faa45-186f-4fab-a7ee-2df1b7412ca9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2e2faa45-186f-4fab-a7ee-2df1b7412ca9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a376bccc-0bd2-4661-99da-122e38c33d8b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bd24a3f1-28ec-4c37-9057-1bd5aeb86adc}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bd24a3f1-28ec-4c37-9057-1bd5aeb86adc}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.94 85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{09f55a75-8663-46e3-85f6-fb7e637d3a38}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2e2faa45-186f-4fab-a7ee-2df1b7412ca9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2e2faa45-186f-4fab-a7ee-2df1b7412ca9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a376bccc-0bd2-4661-99da-122e38c33d8b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{bd24a3f1-28ec-4c37-9057-1bd5aeb86adc}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{bd24a3f1-28ec-4c37-9057-1bd5aeb86adc}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.94,85.255.112.88 -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\WENZEL\Local Settings\Application Data\iwsmoiw_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\WENZEL\Local Settings\Application Data\iwsmoiw_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\WENZEL\Local Settings\Application Data\iwsmoiw.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\WENZEL\Local Settings\Application Data\iwsmoiw.exe (Adware.Navipromo.H) -> Delete on reboot. C:\System Volume Information\_restore{4452CCD4-1A10-4E2F-B643-489F7BC42CC9}\RP1115\A0049688.dll (Adware.Shopper) -> Quarantined and deleted successfully. C:\ToolBar SD\Backup-TB\Program Files\Multi_Media\tbMul1.dll (Adware.Shopper) -> Quarantined and deleted successfully. et je continue, encore et encore... en tout cas,...j'aime beaucoup ce que vous faites...)
- le 5 février 2009
- 39 réponses
pc lent, puis redevenu "normal"? [résolu]

egoteabs a répondu à un(e) sujet de egoteabs dans Analyses et éradication malwares

voilà le rapport n°2, avec un peu de retard, suite à pb de connexion, résolu avec l'aimable collaboration de cegetel: -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.20GHz ) BIOS : )Phoenix - Award WorkstationBIOS v6.00PG USER : WENZEL ( Administrator ) BOOT : Fail-safe boot Antivirus : Norton AntiVirus 2007 (Activated) Firewall : Norton AntiVirus 2007 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:68 Go (Free:35 Go) D:\ (CD or DVD) E:\ (CD or DVD) F:\ (Local Disk) - NTFS - Total:7 Go (Free:7 Go) G:\ (Local Disk) - FAT32 - Total:12 Go (Free:7 Go) H:\ (Local Disk) - FAT32 - Total:465 Go (Free:392 Go) I:\ (USB) - FAT - Total:126 Mo (Free:0 Go) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 05/02/2009|18:23 ) -----------\\ SUPPRESSION Supprime! - C:\Program Files\Multi_Media\INSTALL.LOG Supprime! - C:\Program Files\Multi_Media\tbMul0.dll Supprime! - C:\Program Files\Multi_Media\tbMul1.dll Supprime! - C:\Program Files\Multi_Media\tbMult.dll Supprime! - C:\Program Files\Multi_Media\toolbar.cfg Supprime! - C:\Program Files\Multi_Media\UNWISE.EXE Supprime! - C:\DOCUME~1\WENZEL\APPLIC~1\ShoppingReport\cs Supprime! - C:\Program Files\ShoppingReport\Bin Supprime! - C:\Program Files\ShoppingReport\cs Supprime! - C:\Program Files\Multi_Media Supprime! - C:\DOCUME~1\WENZEL\APPLIC~1\ShoppingReport Supprime! - C:\Program Files\ShoppingReport -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (WENZEL) - {11483926-db67-4190-91b1-ef20fcec5f33} => fxif (WENZEL) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (WENZEL) - {AE37D527-6604-461c-8102-975CF8053A2F} => bbcode (WENZEL) - {e4a8a97b-f2ed-450b-b12d-ee082ba24781} => greasemonkey -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="about:blank" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Conditions g‚n‚rales.url C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Confidentialit‚.url C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\D‚sinstaller.lnk C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\InternetGameBox.lnk C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Website.url C:\DOCUME~1\WENZEL\LOCALS~1\APPLIC~1\iwsmoiw.dat C:\DOCUME~1\WENZEL\LOCALS~1\APPLIC~1\iwsmoiw.exe C:\DOCUME~1\WENZEL\LOCALS~1\APPLIC~1\iwsmoiw_nav.dat C:\DOCUME~1\WENZEL\LOCALS~1\APPLIC~1\iwsmoiw_navps.dat ==> EGDACCESS <== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.116.94 85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.116.94 85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.116.94 85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{09F55A75-8663-46E3-85F6-FB7E637D3A38}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{2E2FAA45-186F-4FAB-A7EE-2DF1B7412CA9}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{2E2FAA45-186F-4FAB-A7EE-2DF1B7412CA9}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{A376BCCC-0BD2-4661-99DA-122E38C33D8B}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{BD24A3F1-28EC-4C37-9057-1BD5AEB86ADC}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{BD24A3F1-28EC-4C37-9057-1BD5AEB86ADC}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{09F55A75-8663-46E3-85F6-FB7E637D3A38}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{2E2FAA45-186F-4FAB-A7EE-2DF1B7412CA9}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{2E2FAA45-186F-4FAB-A7EE-2DF1B7412CA9}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{A376BCCC-0BD2-4661-99DA-122E38C33D8B}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{BD24A3F1-28EC-4C37-9057-1BD5AEB86ADC}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{BD24A3F1-28EC-4C37-9057-1BD5AEB86ADC}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{09F55A75-8663-46E3-85F6-FB7E637D3A38}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{2E2FAA45-186F-4FAB-A7EE-2DF1B7412CA9}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{2E2FAA45-186F-4FAB-A7EE-2DF1B7412CA9}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{A376BCCC-0BD2-4661-99DA-122E38C33D8B}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{BD24A3F1-28EC-4C37-9057-1BD5AEB86ADC}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{BD24A3F1-28EC-4C37-9057-1BD5AEB86ADC}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 ==> WAREOUT <== 1 - "C:\ToolBar SD\TB_1.txt" - 05/02/2009|17:22 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 05/02/2009|18:27 - Option : [2] -----------\\ Fin du rapport a 18:27:45,57 je m'occupe de malwarebytes bonne soirée si trop tard, à demain?
- le 5 février 2009
- 39 réponses
pc lent, puis redevenu "normal"? [résolu]

egoteabs a répondu à un(e) sujet de egoteabs dans Analyses et éradication malwares

voilà le rapport après"recherche" en mode sas échec: -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.20GHz ) BIOS : )Phoenix - Award WorkstationBIOS v6.00PG USER : WENZEL ( Administrator ) BOOT : Fail-safe boot Antivirus : Norton AntiVirus 2007 (Activated) Firewall : Norton AntiVirus 2007 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:68 Go (Free:35 Go) D:\ (CD or DVD) E:\ (CD or DVD) F:\ (Local Disk) - NTFS - Total:7 Go (Free:7 Go) G:\ (Local Disk) - FAT32 - Total:12 Go (Free:7 Go) H:\ (Local Disk) - FAT32 - Total:465 Go (Free:392 Go) I:\ (USB) - FAT - Total:126 Mo (Free:0 Go) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 05/02/2009|17:19 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\Multi_Media C:\Program Files\Multi_Media\INSTALL.LOG C:\Program Files\Multi_Media\tbMul0.dll C:\Program Files\Multi_Media\tbMul1.dll C:\Program Files\Multi_Media\tbMult.dll C:\Program Files\Multi_Media\toolbar.cfg C:\Program Files\Multi_Media\UNWISE.EXE C:\DOCUME~1\WENZEL\APPLIC~1\ShoppingReport C:\DOCUME~1\WENZEL\APPLIC~1\ShoppingReport\cs C:\DOCUME~1\WENZEL\APPLIC~1\ShoppingReport\cs\Config.xml C:\DOCUME~1\WENZEL\APPLIC~1\ShoppingReport\cs\db C:\DOCUME~1\WENZEL\APPLIC~1\ShoppingReport\cs\dwld C:\DOCUME~1\WENZEL\APPLIC~1\ShoppingReport\cs\report C:\DOCUME~1\WENZEL\APPLIC~1\ShoppingReport\cs\res1 C:\DOCUME~1\WENZEL\APPLIC~1\ShoppingReport\cs\db\Aliases.dbs C:\DOCUME~1\WENZEL\APPLIC~1\ShoppingReport\cs\db\Sites.dbs C:\DOCUME~1\WENZEL\APPLIC~1\ShoppingReport\cs\dwld\WhiteList.xip C:\DOCUME~1\WENZEL\APPLIC~1\ShoppingReport\cs\report\aggr_storage.xml C:\DOCUME~1\WENZEL\APPLIC~1\ShoppingReport\cs\report\send_storage.xml C:\DOCUME~1\WENZEL\APPLIC~1\ShoppingReport\cs\res1\WhiteList.dbs C:\Program Files\ShoppingReport C:\Program Files\ShoppingReport\Bin C:\Program Files\ShoppingReport\cs C:\Program Files\ShoppingReport\Bin\2.0.24 C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll -----------\\ Extensions (WENZEL) - {11483926-db67-4190-91b1-ef20fcec5f33} => fxif (WENZEL) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (WENZEL) - {AE37D527-6604-461c-8102-975CF8053A2F} => bbcode (WENZEL) - {e4a8a97b-f2ed-450b-b12d-ee082ba24781} => greasemonkey -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="about:blank" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" --------------------\\ Recherche d'autres infections C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Conditions g‚n‚rales.url C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Confidentialit‚.url C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\D‚sinstaller.lnk C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\InternetGameBox.lnk C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Website.url C:\DOCUME~1\WENZEL\LOCALS~1\APPLIC~1\iwsmoiw.dat C:\DOCUME~1\WENZEL\LOCALS~1\APPLIC~1\iwsmoiw.exe C:\DOCUME~1\WENZEL\LOCALS~1\APPLIC~1\iwsmoiw_nav.dat C:\DOCUME~1\WENZEL\LOCALS~1\APPLIC~1\iwsmoiw_navps.dat ==> EGDACCESS <== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.116.94 85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.116.94 85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.116.94 85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{09F55A75-8663-46E3-85F6-FB7E637D3A38}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{2E2FAA45-186F-4FAB-A7EE-2DF1B7412CA9}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{2E2FAA45-186F-4FAB-A7EE-2DF1B7412CA9}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{A376BCCC-0BD2-4661-99DA-122E38C33D8B}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{BD24A3F1-28EC-4C37-9057-1BD5AEB86ADC}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{BD24A3F1-28EC-4C37-9057-1BD5AEB86ADC}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{09F55A75-8663-46E3-85F6-FB7E637D3A38}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{2E2FAA45-186F-4FAB-A7EE-2DF1B7412CA9}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{2E2FAA45-186F-4FAB-A7EE-2DF1B7412CA9}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{A376BCCC-0BD2-4661-99DA-122E38C33D8B}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{BD24A3F1-28EC-4C37-9057-1BD5AEB86ADC}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{BD24A3F1-28EC-4C37-9057-1BD5AEB86ADC}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{09F55A75-8663-46E3-85F6-FB7E637D3A38}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{2E2FAA45-186F-4FAB-A7EE-2DF1B7412CA9}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{2E2FAA45-186F-4FAB-A7EE-2DF1B7412CA9}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{A376BCCC-0BD2-4661-99DA-122E38C33D8B}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{BD24A3F1-28EC-4C37-9057-1BD5AEB86ADC}] NameServer REG_SZ 85.255.116.94,85.255.112.88 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{BD24A3F1-28EC-4C37-9057-1BD5AEB86ADC}] DhcpNameServer REG_SZ 85.255.116.94,85.255.112.88 ==> WAREOUT <== 1 - "C:\ToolBar SD\TB_1.txt" - 05/02/2009|17:22 - Option : [1] -----------\\ Fin du rapport a 17:22:11,14 vous me dites de retourner en toolbar SD pour actionner l'option 2; ok mais en quel mode, normal ou sans échec? merci!
- le 5 février 2009
- 39 réponses
pc lent, puis redevenu "normal"? [résolu]

egoteabs a répondu à un(e) sujet de egoteabs dans Analyses et éradication malwares

Ouais, un bon gros boulet, quoi! ok je copie dans le bloc-note...j'ouvre "enregistrer sou" et là, comment j'enregistre sous Vbs.reg ? ...J'aurai prévenu... )
- le 5 février 2009
- 39 réponses
pc lent, puis redevenu "normal"? [résolu]

egoteabs a répondu à un(e) sujet de egoteabs dans Analyses et éradication malwares

merci de prendre mn cas en charge...je suis très angoissé à l'idée d'intervenir de la sorte! bon pour commencer j'ai téléchargé Toolbar S&D sur le bureau: vous me dites de lancer l'installation: j'ai une fenêtre qui s'ouvre avec les lagues à sélectionner, je fais F et valide: message violent:l'accès à windows Script Host est désactivé sur cette machine...! aie! que fais-je?
- le 5 février 2009
- 39 réponses
pc lent, puis redevenu "normal"? [résolu]

egoteabs a posté un sujet dans Analyses et éradication malwares

Bonjour, mon pc s'est soudain mis à ralentir, norton antivirus n'agissait pas, les apllications mettaient plusieurs minutes à s'ouvrir. j'ai posté dans la section windows, on m'a indiqué "hijack this". j'ai éteint et rallumé la machine et au troisième essai, tout s'est remis à fonctionner "normalement'... ci-joint scan hijack this pour savoir si tout et ok! pourquoi tout serait-il redevenu normal aussi soudainement que tout était devenu très lent? Merci de répondre, bonne journée! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:00:22, on 04/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\convertisseurs de fichiers\MusicBoxTool_setup\AudioTranscoder\updtr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Pando Networks\Pando\Pando.exe C:\WINDOWS\wt\updater\wcmdmgr.exe C:\documents and settings\wenzel\local settings\application data\iwsmoiw.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\SpamPal\spampal.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\WENZEL\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [2131743181] D:\Ureg\Pentax_Win_GM_10042005.exe /r "D:\Ureg\Pentax_Win_GM_10042005.rpd" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Democracy Player] C:\Program Files\Participatory Culture Foundation\Democracy Player\Democracy.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [iwsmoiw] "c:\documents and settings\wenzel\local settings\application data\iwsmoiw.exe" iwsmoiw O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Fenêtre d'état Canon LBP-800.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.ceget...FAutoConfig.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134995772328 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2E2FAA45-186F-4FAB-A7EE-2DF1B7412CA9}: NameServer = 85.255.116.94,85.255.112.88 O17 - HKLM\System\CCS\Services\Tcpip\..\{A376BCCC-0BD2-4661-99DA-122E38C33D8B}: NameServer = 85.255.116.94,85.255.112.88 O17 - HKLM\System\CCS\Services\Tcpip\..\{BD24A3F1-28EC-4C37-9057-1BD5AEB86ADC}: NameServer = 85.255.116.94,85.255.112.88 O17 - HKLM\System\CCS\Services\Tcpip\..\{CDF20E3E-4764-408C-AC9D-978D812AEC71}: NameServer = 85.255.116.94 85.255.112.88 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.94 85.255.112.88 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.94 85.255.112.88 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Digital Music Software: Audio Transcoder update permissions manager. 1543. - Unknown owner - C:\Program Files\convertisseurs de fichiers\MusicBoxTool_setup\AudioTranscoder\updtr.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 11711 bytes
- le 5 février 2009
- 39 réponses

Connexion

egoteabs

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par egoteabs

pc lent, puis redevenu "normal"? [résolu]

pc lent, puis redevenu "normal"? [résolu]

pc lent, puis redevenu "normal"? [résolu]

pc lent, puis redevenu "normal"? [résolu]

pc lent, puis redevenu "normal"? [résolu]

pc lent, puis redevenu "normal"? [résolu]

pc lent, puis redevenu "normal"? [résolu]

pc lent, puis redevenu "normal"? [résolu]

pc lent, puis redevenu "normal"? [résolu]

pc lent, puis redevenu "normal"? [résolu]

pc lent, puis redevenu "normal"? [résolu]

pc lent, puis redevenu "normal"? [résolu]

pc lent, puis redevenu "normal"? [résolu]

pc lent, puis redevenu "normal"? [résolu]

Zebulon

Outils en ligne

Naviguer