Bessard

Membres

Afficher le profil Afficher son activité

Compteur de contenus
125
Inscription
le 17 mars 2009
Dernière visite
le 18 mai 2021
Jours gagnés
1

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par Bessard

[Terminé] Impossible de scanner avec les antivirus

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

Vous aviez raison ! En suivant les liens donnés : Après un sfc /verifyonly il a bien corruption de fichiers système En mode console puis en mode sans échec j'ai lancé sfc /scannow .... résultat idem à 40% " La protection des ressources Windows n'a pas réussi à effectuer l'opération demandée" ..!! Grrrrrrrrr ..! Le CBS.log est très long et difficilement analysable par mes soins !! Puis-je vous l'envoyer ? Et que dois-je faire de plus ? Cordialement
- le 30 août 2012
- 23 réponses
[Terminé] Impossible de scanner avec les antivirus

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

Bonjour, Merci beaucoup pour votre réponse. Ai pu lancer RogueKiller sans problème Prescan OK Scan OK Rapport OK Où ça se corse c'est que chaque manip demande plus de 10 mn d'attente !! le disque dur tourne en permanence ! pour enfin me donner la main au bout de ces longues minutes ! C'est enfin terminé ! je vous joins ci-dessous 2 rapports significatifs. J'ai relancé MBAM en recherche minutieuse .... il s'est bloqué au bout de 2mn14 sur le fichier Program Files\Adobe\Reader9.0\Reader\pmd.cer Le PC est complètement bloqué, le HDD tourne, je n'ai plus la main .... obligé d'éteindre le PC RK Report : RogueKiller V8.0.1 [30/08/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/59) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 32 bits version Demarrage : Mode normal Utilisateur : personnel [Droits d'admin] Mode : Recherche -- Date : 30/08/2012 13:07:14 ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEVT-80A23T0 +++++ --- User --- [MBR] 54454208b7efa8d1779b706d915d20e2 [bSP] 2871b0cb4a20f4adcbfd66f245d395bf : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 102400 Mo 1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 209717248 | Size: 15360 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 241174528 | Size: 120694 Mo 3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 488355840 | Size: 20 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt RaccRAZ Report : RogueKiller V8.0.1 [30/08/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/59) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 32 bits version Demarrage : Mode normal Utilisateur : personnel [Droits d'admin] Mode : Raccourcis RAZ -- Date : 30/08/2012 13:35:13 ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Attributs de fichiers restaures: ¤¤¤ Bureau: Success 1 / Fail 0 Lancement rapide: Success 1 / Fail 0 Programmes: Success 7 / Fail 0 Menu demarrer: Success 0 / Fail 0 Dossier utilisateur: Success 44 / Fail 0 Mes documents: Success 0 / Fail 0 Mes favoris: Success 0 / Fail 0 Mes images: Success 0 / Fail 0 Ma musique: Success 0 / Fail 0 Mes videos: Success 0 / Fail 0 Disques locaux: Success 71 / Fail 0 Sauvegarde: [NOT FOUND] Lecteurs: [C:] \Device\HarddiskVolume1 -- 0x3 --> Restored [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored [E:] \Device\HarddiskVolume5 -- 0x2 --> Restored ¤¤¤ Infection : ¤¤¤ Termine : << RKreport[8].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt Que puis-je faire ??? Cordialement
- le 30 août 2012
- 23 réponses
[Terminé] Impossible de scanner avec les antivirus

Bessard a posté un sujet dans Analyses et éradication malwares

Bonsoir, Je viens de récupérer un notebook ASUS EeePC 1005 PX (sous windows 7) Ne pouvant plus prendre la main que ce soit en normale ou en mode sans echec, j'ai restauré le système mais reste très instable ! J'ai installé Avast et Malwarebytes .... que ce soit l'un ou l'autre le scan s'arrête et bloque le PC; Obligé d'éteindre le PC ...!! Idem en mode sans échec ...!! J'ai installé RSIT et HijackThis, donc 3 fichiers : log,info et HijackThisLog Ai aussi employer la méthode "Chaméleon" ... rien à faire ..!! Je ne sais plus quoi faire ! Pouvez-vous m'aider ? Par avance merci de votre réponse Cordialement Daniel
- le 29 août 2012
- 23 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

Bonsoir Falkra, Ci dessous le rapport HJT demandé Bonne réception Bien cordialement Bessard http://forum.zebulon.fr/style_emoticons/de.../icon_Super.gif Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:16:24, on 23/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\lxcycoms.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\totalcmd\TOTALCMD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://ppack.srv.france.rexel/ppack/proxy.htm:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file) O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Saldo Daniel\Application Data\Dealio\kb127\res\DealioSearch.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {AF4F850B-68FF-404C-8417-549F86B1E236} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.canalplay.com (HKLM) O15 - Trusted Zone: *.canalplusactive.com (HKLM) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_1.cab O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} - http://www.mophun.com/codebase/mophun.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{30B29BB8-7CC7-48F7-8220-3C93FD9C30C1}: NameServer = 192.168.0.1 O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 12818 bytes
- le 23 mars 2009
- 29 réponses
Une Équipe Formidable

Bessard a répondu à un(e) sujet de speck41 dans Analyses et éradication malwares

Avant de partir pour quelques jours, je tiens à remercier notamment Falkra pour sa compétence et sa ... patience. Les bêtes nous ont données du fil à retordre ..!! Je vais désinstaller mule et bit torrent qui n'apportent plus maintenant que vidéos pornos et virus, malwares and Co Restez comme vous êtes ne changez rien ! Je ne vous dit pas à bientôt car .... je ne suis pas maso ! Très cordialement Bessard
- le 20 mars 2009
- 3 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

Voilà qui est fait .... Je suis sacrement soulagé ....! Comment puis-je te remercier ? le rapport de combofix : ComboFix 09-03-18.01 - Daniel 2009-03-19 23:46:18.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3071.2492 [GMT 1:00] Lancé depuis: c:\documents and settings\Daniel\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Daniel\Bureau\CFscript.txt AV: Norton Internet Security *On-access scanning enabled* (Updated) FW: Norton Internet Security *enabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Daniel\Application Data\Search Settings c:\program files\Bonjour(2) c:\program files\Bonjour(2)\About Bonjour.rtf c:\program files\Bonjour(2)\mdnsNSP(2).dll c:\program files\Come2PlayK2P c:\program files\Come2PlayK2P\Come2PlayK2PToolbarHelper.exe c:\program files\Come2PlayK2P\INSTALL.LOG c:\program files\Come2PlayK2P\tbCom0.dll c:\program files\Come2PlayK2P\tbCom1.dll c:\program files\Come2PlayK2P\tbCome.dll c:\program files\Come2PlayK2P\toolbar.cfg c:\program files\Come2PlayK2P\UNWISE.EXE c:\program files\free-downloads.net c:\program files\free-downloads.net\free-downloads.netToolbarHelper.exe c:\program files\free-downloads.net\INSTALL.LOG c:\program files\free-downloads.net\tbfre1.dll c:\program files\free-downloads.net\tbfree.dll c:\program files\free-downloads.net\toolbar.cfg c:\program files\free-downloads.net\UNWISE.EXE c:\program files\Secured_eMule c:\program files\Secured_eMule\INSTALL.LOG c:\program files\Secured_eMule\tbSec1.dll c:\program files\Secured_eMule\tbSecu.dll c:\program files\Secured_eMule\toolbar.cfg c:\program files\Secured_eMule\UNWISE.EXE . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-19 au 2009-03-19 )))))))))))))))))))))))))))))))))))) . 2009-03-19 00:53 . 2009-03-19 00:53 <REP> d-------- C:\_OTMoveIt 2009-03-19 00:13 . 2009-03-19 00:48 <REP> d-------- C:\ToolBar SD 2009-03-18 23:28 . 2009-03-18 23:28 <REP> d-------- C:\rsit 2009-03-18 00:22 . 2009-03-18 01:13 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-18 00:22 . 2009-03-18 00:22 <REP> d-------- c:\documents and settings\Daniel\Application Data\Malwarebytes 2009-03-18 00:22 . 2009-03-18 00:22 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-18 00:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-18 00:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-17 23:02 . 2009-03-17 23:02 <REP> d-------- c:\program files\Trend Micro 2009-03-17 21:59 . 2009-03-17 21:59 357,768 --a------ c:\documents and settings\Daniel\SymXPep2.dll 2009-03-17 20:53 . 2009-03-17 20:53 <REP> d-------- c:\program files\Safer Networking 2009-03-17 20:53 . 2009-03-17 20:53 <REP> d-------- c:\documents and settings\Daniel\Application Data\Safer Networking 2009-03-16 23:09 . 2004-09-29 12:41 <REP> d--h----- c:\documents and settings\Administrateur.RAPIDE.002\Voisinage réseau 2009-03-16 23:09 . 2004-09-29 12:41 <REP> d--h----- c:\documents and settings\Administrateur.RAPIDE.002\Voisinage d'impression 2009-03-16 23:09 . 2004-09-29 10:45 <REP> d--h----- c:\documents and settings\Administrateur.RAPIDE.002\Modèles 2009-03-16 23:09 . 2004-09-29 12:41 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002\Mes documents 2009-03-16 23:09 . 2004-09-29 12:41 <REP> dr------- c:\documents and settings\Administrateur.RAPIDE.002\Menu Démarrer 2009-03-16 23:09 . 2004-09-29 12:41 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002\Favoris 2009-03-16 23:09 . 2004-09-29 12:41 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002\Bureau 2009-03-16 23:09 . 2007-11-26 20:02 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002\Application Data\Apple Computer 2009-03-16 23:09 . 2009-03-16 23:09 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002 2009-03-16 22:11 . 2009-03-16 22:11 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-03-16 22:09 . 2009-03-16 22:09 <REP> d-------- c:\windows\ERUNT 2009-03-16 21:59 . 2009-03-16 23:30 <REP> d-------- C:\SDFix 2009-03-16 14:52 . 2009-03-13 16:38 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-03-13 16:39 . 2009-03-13 16:38 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-03-13 16:36 . 2009-03-13 16:36 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-13 15:17 . 2009-03-13 15:33 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-03-08 19:50 . 2009-03-08 20:29 <REP> d-------- c:\documents and settings\Daniel\EurekaLog 2009-03-08 15:26 . 2009-03-08 15:58 <REP> d-------- c:\program files\IZArc 2009-03-07 15:53 . 2009-03-07 15:53 <REP> d-------- c:\program files\Alcohol Soft 2009-03-07 15:48 . 2009-03-07 15:48 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-03-07 15:27 . 2009-03-07 15:34 <REP> d-------- c:\program files\VirtualDub 2009-03-05 11:39 . 2009-03-09 19:57 <REP> d-------- c:\documents and settings\Daniel\Application Data\c2 2009-03-04 21:31 . 2009-03-04 21:31 <REP> d-------- c:\windows\system32\IOSUBSYS 2009-03-04 17:42 . 2009-03-04 23:49 <REP> d-------- c:\documents and settings\Daniel\Application Data\c1 2009-03-04 17:36 . 2009-03-19 00:55 162 --a------ c:\windows\ad1.htm 2009-03-04 16:39 . 2009-03-04 16:39 <REP> d-------- c:\program files\RozetUtil 2009-03-04 14:26 . 2009-03-04 14:26 <REP> d-------- c:\program files\VirtualDubMOD 2009-02-19 12:03 . 2009-02-19 12:03 579,464 --a------ c:\windows\system32\SymNeti.dll 2009-02-19 12:03 . 2009-02-19 12:03 207,240 --a------ c:\windows\system32\SymRedir.dll 2009-02-19 11:31 . 2009-02-19 11:31 184,496 --a------ c:\windows\system32\drivers\symtdi.sys 2009-02-19 11:31 . 2009-02-19 11:31 96,560 --a------ c:\windows\system32\drivers\symfw.sys 2009-02-19 11:31 . 2009-02-19 11:31 41,008 --a------ c:\windows\system32\drivers\symndisv.sys 2009-02-19 11:31 . 2009-02-19 11:31 38,576 --a------ c:\windows\system32\drivers\symids.sys 2009-02-19 11:31 . 2009-02-19 11:31 37,424 --a------ c:\windows\system32\drivers\symndis.sys 2009-02-19 11:31 . 2009-02-19 11:31 31,280 --a------ c:\windows\system32\drivers\SymIM.sys 2009-02-19 11:31 . 2009-02-19 11:31 22,320 --a------ c:\windows\system32\drivers\symredrv.sys 2009-02-19 11:31 . 2009-02-19 11:31 13,616 --a------ c:\windows\system32\drivers\symdns.sys 2009-02-19 11:31 . 2009-02-19 11:31 9,844 --a------ c:\windows\system32\drivers\SymRedir.cat 2009-02-19 11:31 . 2009-02-19 11:31 1,611 --a------ c:\windows\system32\drivers\SymRedir.inf . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-19 22:50 --------- d-----w c:\program files\lx_cats 2009-03-19 21:39 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-03-19 21:25 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2009-03-17 20:14 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-16 15:14 --------- d-----w c:\program files\Norton Internet Security 2009-03-16 14:44 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-13 15:36 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2009-03-10 22:07 --------- d-----w c:\program files\TuneUp Utilities 2008 2009-03-08 15:49 --------- d-----w c:\documents and settings\Daniel\Application Data\dvdcss 2009-03-05 20:50 --------- d-----w c:\program files\Elaborate Bytes 2009-03-05 20:47 --------- d-----w c:\program files\eMule 2009-03-05 10:34 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-04 20:31 --------- d-----w c:\program files\Google 2009-02-27 09:27 --------- d-----w c:\program files\Azureus 2009-02-19 19:55 --------- d-----w c:\program files\Common Files 2009-02-17 18:12 --------- d-----w c:\program files\Fichiers communs\Adobe 2009-02-16 21:30 --------- d-----w c:\program files\Microsoft Bootvis 2009-02-16 20:55 --------- d-----w c:\program files\QuickTime 2009-02-16 20:55 --------- d-----w c:\program files\iTunes(2) 2009-02-16 20:55 --------- d-----w c:\program files\iTunes 2009-02-16 20:54 --------- d-----w c:\program files\ma-config.com 2009-02-16 20:54 --------- d-----w c:\program files\Apple Software Update 2009-02-16 20:54 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2009-02-11 18:35 --------- d-----w c:\program files\iPod 2009-02-11 18:35 --------- d-----w c:\program files\Fichiers communs\Apple 2009-02-03 14:38 --------- d-----w c:\program files\Zeb-Utility 2009-02-03 14:19 --------- d-----w c:\program files\Virtual Magnifying Glass 2009-01-31 12:47 --------- d-----w c:\program files\proDAD 2009-01-31 11:55 --------- d-----w c:\program files\Spamihilator 2009-01-31 11:30 --------- d-----w c:\program files\Conduit 2009-01-31 11:26 --------- d-----w c:\documents and settings\Daniel\Application Data\Babylon 2009-01-31 11:26 --------- d-----w c:\documents and settings\All Users\Application Data\Babylon 2009-01-26 11:03 --------- d-----w c:\program files\Lexmark Toolbar 2009-01-26 10:53 --------- d-----w c:\program files\Lexmark 3400 Series 2009-01-24 15:51 --------- d-----w c:\documents and settings\Daniel\Application Data\Viewpoint 2009-01-23 17:28 57,344 ----a-w c:\documents and settings\Daniel\lametritonus.dll 2009-01-23 17:28 162,304 ----a-w c:\documents and settings\Daniel\lame_enc.dll 2006-10-26 17:47 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe 2002-07-26 16:02 153,088 ----a-w c:\program files\UNWISE.EXE 2007-08-24 19:52 300,400 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll . ((((((((((((((((((((((((((((( SnapShot@2009-03-19_22.26.15.87 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-19 13:01:01 99,120 ----a-w c:\windows\system32\perfc009.dat + 2009-03-19 21:28:01 99,120 ----a-w c:\windows\system32\perfc009.dat - 2009-03-19 13:01:01 114,870 ----a-w c:\windows\system32\perfc00C.dat + 2009-03-19 21:28:01 114,870 ----a-w c:\windows\system32\perfc00C.dat - 2009-03-19 13:01:01 514,312 ----a-w c:\windows\system32\perfh009.dat + 2009-03-19 21:28:01 514,312 ----a-w c:\windows\system32\perfh009.dat - 2009-03-19 13:01:01 588,856 ----a-w c:\windows\system32\perfh00C.dat + 2009-03-19 21:28:01 588,856 ----a-w c:\windows\system32\perfh00C.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 68856] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-17 51048] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-13 515416] "LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 65536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll "vidc.X264"= x264vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe "High Definition Audio Property Page Shortcut"=HDAudPropShortcut.exe "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd "USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" "USB2Check"=RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController "ccApp"=c:\program files\Fichiers communs\Symantec Shared\ccApp.exe "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" "EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" "lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MUTE\\fileSharingMUTE.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\TribalWeb.net\\tribalweb.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\AOL 9.0a\\waol.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"= "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"= "c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force V-Bar.exe"= "c:\\Program Files\\AOL 9.0b\\waol.exe"= "c:\\Program Files\\Fichiers communs\\AOL\\1163715249\\ee\\aolsoftware.exe"= "c:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2004-09-29 24971] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-13 64160] R0 ub1394;Unibrain 1394 Class Driver;c:\windows\system32\drivers\UB1394.sys [2004-06-01 115200] R0 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2004-06-01 11776] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Fichiers communs\Symantec Shared\CCSVCHST.EXE [2007-08-24 149352] R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2004-06-01 29440] R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2004-09-29 1475712] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936] R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?] R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2004-06-01 70528] R3 ubsbp2;Unibrain SBP2 Bus Driver;c:\windows\system32\drivers\ubsbp2.sys [2004-06-01 31872] R3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [2004-09-29 258560] S2 Ca533av;USB PC Camera;c:\windows\system32\drivers\Ca533av.sys [2004-11-07 516021] S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS --> c:\windows\system32\ASNDIS5.SYS [?] S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-02-23 20608] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-29 23888] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 191656] S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [2008-04-10 434176] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-01-04 98488] S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2008-03-26 26624] S3 USBCamera;DIGITAL CAMERA;c:\windows\system32\drivers\Bulk533.sys [2004-11-07 10986] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - COMHOST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29836bc1-7ab9-11dd-ba70-00112f266405}] \Shell\AutoRun\command - I:\EmDesk.exe \Shell\EmDesk\command - I:\EmDesk.exe . Contenu du dossier 'Tâches planifiées' 2009-03-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-13 16:38] 2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2009-03-19 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23] 2008-03-11 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 17:08] 2009-03-09 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Saldo Daniel.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 18:19] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyServer = hxxp://ppack.srv.france.rexel/ppack/proxy.htm:8080 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html IE: &Télécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddLink.html IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Compare Prices with &Dealio - c:\documents and settings\Saldo Daniel\Application Data\Dealio\kb127\res\DealioSearch.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html IE: { - notepad.exe IE: {{AF4F850B-68FF-404C-8417-549F86B1E236} Trusted Zone: canalplay.com Trusted Zone: canalplusactive.com TCP: {30B29BB8-7CC7-48F7-8220-3C93FD9C30C1} = 192.168.0.1 DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} - hxxp://www.mophun.com/codebase/mophun.cab FF - ProfilePath - c:\documents and settings\Saldo Daniel\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=3&q= FF - prefs.js: browser.search.selectedEngine - TorrentReactor.Net Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=2&q= FF - component: c:\documents and settings\Saldo Daniel\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\documents and settings\Saldo Daniel\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFAlert.dll FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- PARAMETRES FIREFOX ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-19 23:50:42 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-583907252-343818398-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,ae,0e,7d,0c,29, 33,dc,e0,e2,63,26,f1,3f,c8,ff,68,44,df,8f,27,24,0e,70,22,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,20,c6,5d,ee,11, c9,ae,c5,6a,9c,d6,61,af,45,84,18,a9,75,eb,68,b8,63,bc,92,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,59,a1,26,04,10, 77,a1,fd,ff,7c,85,e0,43,d4,0e,fe,41,54,7e,8a,0a,0e,3a,4e,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,6f,8a,69,10,b3, b4,48,2b,86,8c,21,01,be,91,eb,e7,a6,96,1e,95,e4,a4,b3,45,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,82,9a,0f,9f,59, 59,4b,93,f5,1d,4d,73,a8,13,5c,05,a9,20,bc,f1,95,d8,ed,d8,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,7e,cf,f3,81,6d, 0b,0b,38,df,20,58,62,78,6b,cf,c8,2a,7a,14,ba,b9,32,c0,dd,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,7a,e3,dc,17,86, c8,b8,c2,fb,a7,78,e6,12,2f,9a,ea,ed,8b,0f,af,05,8f,1b,7b,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,4b,54,39,d1,45, 08,7f,e8,01,3a,48,fc,e8,04,4a,f1,69,f0,b5,36,0e,8c,ff,94,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,1a,e1,02,0c,22, 43,cc,12,f6,0f,4e,58,98,5b,89,c9,5b,4e,1d,7b,da,1f,63,f1,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,85,bb,f4,be,30, ef,93,99,3d,ce,ea,26,2d,45,aa,78,0f,26,e1,ce,7a,74,a2,20,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,3e,13,17,b9,a8, 2e,78,a9,2a,b7,cc,b5,b9,7f,41,e7,69,42,18,2c,95,84,94,95,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,95,06,d2,bb,37, 2a,6d,94,6c,43,2d,1e,aa,22,2f,9c,21,ad,7b,4e,dd,74,c6,9a,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ñw*] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1836) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Executive Software\Diskeeper\DkService.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe c:\windows\wanmpsvc.exe c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe c:\windows\system32\lxcycoms.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Heure de fin: 2009-03-19 23:53:38 - La machine a redémarré ComboFix-quarantined-files.txt 2009-03-19 22:53:35 Avant-CF: 28 177 231 872 octets libres Après-CF: 28,198,723,584 octets libres 411 --- E O F --- 2008-03-04 19:50:39 ENCORE MERCI Daniel
- le 19 mars 2009
- 29 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

Ci dessous le rapport Combofix J'ai retrouvé le gestionnaire ....... super ! Par quelle s.... ai-je donc été infecté ? as-tu une réponse ? Ta patience m'a été d'un grand secours, mais j'aimerais bien savoir ! Le rapport : ComboFix 09-03-18.01 - 2009-03-19 22:19:29.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3071.2422 [GMT 1:00] Lancé depuis: c:\documents and settings\Daniel\Bureau\ComboFix.exe AV: Norton Internet Security *On-access scanning enabled* (Updated) FW: Norton Internet Security *enabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\pthreadGC2.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_OREANS32 -------\Service_oreans32 ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-19 au 2009-03-19 )))))))))))))))))))))))))))))))))))) . 2009-03-19 22:19 . 2009-03-19 22:19 6,736 --a------ c:\windows\system32\drivers\PROCEXP90.SYS 2009-03-19 14:10 . 2009-03-19 20:57 <REP> d-------- c:\documents and settings\Daniel\Application Data\Search Settings 2009-03-19 00:53 . 2009-03-19 00:53 <REP> d-------- C:\_OTMoveIt 2009-03-19 00:13 . 2009-03-19 00:48 <REP> d-------- C:\ToolBar SD 2009-03-18 23:28 . 2009-03-18 23:28 <REP> d-------- C:\rsit 2009-03-18 00:22 . 2009-03-18 01:13 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-18 00:22 . 2009-03-18 00:22 <REP> d-------- c:\documents and settings\Daniel\Application Data\Malwarebytes 2009-03-18 00:22 . 2009-03-18 00:22 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-18 00:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-18 00:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-17 23:02 . 2009-03-17 23:02 <REP> d-------- c:\program files\Trend Micro 2009-03-17 21:59 . 2009-03-17 21:59 357,768 --a------ c:\documents and settings\Daniel\SymXPep2.dll 2009-03-17 20:53 . 2009-03-17 20:53 <REP> d-------- c:\program files\Safer Networking 2009-03-17 20:53 . 2009-03-17 20:53 <REP> d-------- c:\documents and settings\Daniel\Application Data\Safer Networking 2009-03-16 23:09 . 2004-09-29 12:41 <REP> d--h----- c:\documents and settings\Administrateur.RAPIDE.002\Voisinage réseau 2009-03-16 23:09 . 2004-09-29 12:41 <REP> d--h----- c:\documents and settings\Administrateur.RAPIDE.002\Voisinage d'impression 2009-03-16 23:09 . 2004-09-29 10:45 <REP> d--h----- c:\documents and settings\Administrateur.RAPIDE.002\Modèles 2009-03-16 23:09 . 2004-09-29 12:41 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002\Mes documents 2009-03-16 23:09 . 2004-09-29 12:41 <REP> dr------- c:\documents and settings\Administrateur.RAPIDE.002\Menu Démarrer 2009-03-16 23:09 . 2004-09-29 12:41 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002\Favoris 2009-03-16 23:09 . 2004-09-29 12:41 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002\Bureau 2009-03-16 23:09 . 2007-11-26 20:02 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002\Application Data\Apple Computer 2009-03-16 23:09 . 2009-03-16 23:09 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002 2009-03-16 22:11 . 2009-03-16 22:11 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-03-16 22:09 . 2009-03-16 22:09 <REP> d-------- c:\windows\ERUNT 2009-03-16 21:59 . 2009-03-16 23:30 <REP> d-------- C:\SDFix 2009-03-16 14:52 . 2009-03-13 16:38 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-03-13 16:39 . 2009-03-13 16:38 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-03-13 16:36 . 2009-03-13 16:36 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-13 15:17 . 2009-03-13 15:33 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-03-08 19:50 . 2009-03-08 20:29 <REP> d-------- c:\documents and settings\Daniel\EurekaLog 2009-03-08 15:26 . 2009-03-08 15:58 <REP> d-------- c:\program files\IZArc 2009-03-07 15:54 . 2009-03-07 16:52 <REP> d-------- c:\program files\free-downloads.net 2009-03-07 15:53 . 2009-03-07 15:53 <REP> d-------- c:\program files\Alcohol Soft 2009-03-07 15:48 . 2009-03-07 15:48 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-03-07 15:27 . 2009-03-07 15:34 <REP> d-------- c:\program files\VirtualDub 2009-03-05 11:39 . 2009-03-09 19:57 <REP> d-------- c:\documents and settings\Daniel\Application Data\c2 2009-03-04 21:31 . 2009-03-04 21:31 <REP> d-------- c:\windows\system32\IOSUBSYS 2009-03-04 17:42 . 2009-03-04 23:49 <REP> d-------- c:\documents and settings\Daniel\Application Data\c1 2009-03-04 17:36 . 2009-03-19 00:55 162 --a------ c:\windows\ad1.htm 2009-03-04 16:39 . 2009-03-04 16:39 <REP> d-------- c:\program files\RozetUtil 2009-03-04 14:26 . 2009-03-04 14:26 <REP> d-------- c:\program files\VirtualDubMOD 2009-02-19 12:03 . 2009-02-19 12:03 579,464 --a------ c:\windows\system32\SymNeti.dll 2009-02-19 12:03 . 2009-02-19 12:03 207,240 --a------ c:\windows\system32\SymRedir.dll 2009-02-19 11:31 . 2009-02-19 11:31 184,496 --a------ c:\windows\system32\drivers\symtdi.sys 2009-02-19 11:31 . 2009-02-19 11:31 96,560 --a------ c:\windows\system32\drivers\symfw.sys 2009-02-19 11:31 . 2009-02-19 11:31 41,008 --a------ c:\windows\system32\drivers\symndisv.sys 2009-02-19 11:31 . 2009-02-19 11:31 38,576 --a------ c:\windows\system32\drivers\symids.sys 2009-02-19 11:31 . 2009-02-19 11:31 37,424 --a------ c:\windows\system32\drivers\symndis.sys 2009-02-19 11:31 . 2009-02-19 11:31 31,280 --a------ c:\windows\system32\drivers\SymIM.sys 2009-02-19 11:31 . 2009-02-19 11:31 22,320 --a------ c:\windows\system32\drivers\symredrv.sys 2009-02-19 11:31 . 2009-02-19 11:31 13,616 --a------ c:\windows\system32\drivers\symdns.sys 2009-02-19 11:31 . 2009-02-19 11:31 9,844 --a------ c:\windows\system32\drivers\SymRedir.cat 2009-02-19 11:31 . 2009-02-19 11:31 1,611 --a------ c:\windows\system32\drivers\SymRedir.inf . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-19 21:24 --------- d-----w c:\program files\lx_cats 2009-03-19 21:20 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2009-03-19 16:04 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-03-17 20:14 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-16 20:52 --------- d-----w c:\program files\Come2PlayK2P 2009-03-16 15:14 --------- d-----w c:\program files\Norton Internet Security 2009-03-16 14:44 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-13 15:36 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2009-03-10 22:07 --------- d-----w c:\program files\TuneUp Utilities 2008 2009-03-08 15:49 --------- d-----w c:\documents and settings\Daniel\Application Data\dvdcss 2009-03-05 20:50 --------- d-----w c:\program files\Elaborate Bytes 2009-03-05 20:47 --------- d-----w c:\program files\eMule 2009-03-05 10:34 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-04 20:31 --------- d-----w c:\program files\Google 2009-02-27 09:27 --------- d-----w c:\program files\Azureus 2009-02-19 19:55 --------- d-----w c:\program files\Common Files 2009-02-17 18:12 --------- d-----w c:\program files\Fichiers communs\Adobe 2009-02-16 21:30 --------- d-----w c:\program files\Microsoft Bootvis 2009-02-16 20:55 --------- d-----w c:\program files\QuickTime 2009-02-16 20:55 --------- d-----w c:\program files\iTunes(2) 2009-02-16 20:55 --------- d-----w c:\program files\iTunes 2009-02-16 20:54 --------- d-----w c:\program files\ma-config.com 2009-02-16 20:54 --------- d-----w c:\program files\Bonjour(2) 2009-02-16 20:54 --------- d-----w c:\program files\Apple Software Update 2009-02-16 20:54 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2009-02-11 18:35 --------- d-----w c:\program files\iPod 2009-02-11 18:35 --------- d-----w c:\program files\Fichiers communs\Apple 2009-02-03 14:38 --------- d-----w c:\program files\Zeb-Utility 2009-02-03 14:19 --------- d-----w c:\program files\Virtual Magnifying Glass 2009-01-31 12:47 --------- d-----w c:\program files\proDAD 2009-01-31 11:55 --------- d-----w c:\program files\Spamihilator 2009-01-31 11:30 --------- d-----w c:\program files\Conduit 2009-01-31 11:26 --------- d-----w c:\documents and settings\Daniel\Application Data\Babylon 2009-01-31 11:26 --------- d-----w c:\documents and settings\All Users\Application Data\Babylon 2009-01-26 11:03 --------- d-----w c:\program files\Lexmark Toolbar 2009-01-26 10:53 --------- d-----w c:\program files\Lexmark 3400 Series 2009-01-24 15:51 --------- d-----w c:\documents and settings\Daniel\Application Data\Viewpoint 2009-01-23 17:28 57,344 ----a-w c:\documents and settings\Daniel\lametritonus.dll 2009-01-23 17:28 162,304 ----a-w c:\documents and settings\Daniel\lame_enc.dll 2006-10-26 17:47 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe 2002-07-26 16:02 153,088 ----a-w c:\program files\UNWISE.EXE 2007-08-24 19:52 300,400 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992] "{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104] "{b8a5b62c-517f-42a5-85ae-29b5497fb15f}"= "c:\program files\Come2PlayK2P\tbCom0.dll" [2009-03-16 1883672] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2009-03-07 1883672] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_CLASSES_ROOT\clsid\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] 2007-05-27 13:17 1326104 --a------ c:\program files\Secured_eMule\tbSecu.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}] 2009-03-16 21:53 1883672 --a------ c:\program files\Come2PlayK2P\tbCom0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2009-03-07 16:53 1883672 --a------ c:\program files\free-downloads.net\tbfre1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104] "{b8a5b62c-517f-42a5-85ae-29b5497fb15f}"= "c:\program files\Come2PlayK2P\tbCom0.dll" [2009-03-16 1883672] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2009-03-07 1883672] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_CLASSES_ROOT\clsid\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104] "{B8A5B62C-517F-42A5-85AE-29B5497FB15F}"= "c:\program files\Come2PlayK2P\tbCom0.dll" [2009-03-16 1883672] "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2009-03-07 1883672] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_CLASSES_ROOT\clsid\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 68856] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-17 51048] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-13 515416] "LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 65536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll "vidc.X264"= x264vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe "High Definition Audio Property Page Shortcut"=HDAudPropShortcut.exe "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd "USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" "USB2Check"=RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController "ccApp"=c:\program files\Fichiers communs\Symantec Shared\ccApp.exe "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" "EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" "lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MUTE\\fileSharingMUTE.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\TribalWeb.net\\tribalweb.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\AOL 9.0a\\waol.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"= "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"= "c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force V-Bar.exe"= "c:\\Program Files\\AOL 9.0b\\waol.exe"= "c:\\Program Files\\Fichiers communs\\AOL\\1163715249\\ee\\aolsoftware.exe"= "c:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2004-09-29 24971] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-13 64160] R0 ub1394;Unibrain 1394 Class Driver;c:\windows\system32\drivers\UB1394.sys [2004-06-01 115200] R0 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2004-06-01 11776] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Fichiers communs\Symantec Shared\CCSVCHST.EXE [2007-08-24 149352] R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2004-06-01 29440] R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2004-09-29 1475712] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936] R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?] R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2004-06-01 70528] R3 ubsbp2;Unibrain SBP2 Bus Driver;c:\windows\system32\drivers\ubsbp2.sys [2004-06-01 31872] R3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [2004-09-29 258560] S2 Ca533av;USB PC Camera;c:\windows\system32\drivers\Ca533av.sys [2004-11-07 516021] S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS --> c:\windows\system32\ASNDIS5.SYS [?] S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-02-23 20608] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-29 23888] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 191656] S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [2008-04-10 434176] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-01-04 98488] S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2008-03-26 26624] S3 USBCamera;DIGITAL CAMERA;c:\windows\system32\drivers\Bulk533.sys [2004-11-07 10986] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - COMHOST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29836bc1-7ab9-11dd-ba70-00112f266405}] \Shell\AutoRun\command - I:\EmDesk.exe \Shell\EmDesk\command - I:\EmDesk.exe . Contenu du dossier 'Tâches planifiées' 2009-03-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-13 16:38] 2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2009-03-19 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23] 2008-03-11 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 17:08] 2009-03-09 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Saldo Daniel.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 18:19] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-Microsoft appswitch - c:\windows\system32\jwt32.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyServer = hxxp://ppack.srv.france.rexel/ppack/proxy.htm:8080 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html IE: &Télécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddLink.html IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Compare Prices with &Dealio - c:\documents and settings\Daniel\Application Data\Dealio\kb127\res\DealioSearch.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html IE: { - notepad.exe IE: {{AF4F850B-68FF-404C-8417-549F86B1E236} Trusted Zone: canalplay.com Trusted Zone: canalplusactive.com TCP: {30B29BB8-7CC7-48F7-8220-3C93FD9C30C1} = 192.168.0.1 DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} - hxxp://www.mophun.com/codebase/mophun.cab FF - ProfilePath - c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=3&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=2&q= FF - component: c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFAlert.dll FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- PARAMETRES FIREFOX ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-19 22:24:17 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-583907252-343818398-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,ae,0e,7d,0c,29, 33,dc,e0,e2,63,26,f1,3f,c8,ff,68,44,df,8f,27,24,0e,70,22,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,20,c6,5d,ee,11, c9,ae,c5,6a,9c,d6,61,af,45,84,18,a9,75,eb,68,b8,63,bc,92,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,59,a1,26,04,10, 77,a1,fd,ff,7c,85,e0,43,d4,0e,fe,41,54,7e,8a,0a,0e,3a,4e,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,6f,8a,69,10,b3, b4,48,2b,86,8c,21,01,be,91,eb,e7,a6,96,1e,95,e4,a4,b3,45,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,82,9a,0f,9f,59, 59,4b,93,f5,1d,4d,73,a8,13,5c,05,a9,20,bc,f1,95,d8,ed,d8,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,7e,cf,f3,81,6d, 0b,0b,38,df,20,58,62,78,6b,cf,c8,2a,7a,14,ba,b9,32,c0,dd,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,7a,e3,dc,17,86, c8,b8,c2,fb,a7,78,e6,12,2f,9a,ea,ed,8b,0f,af,05,8f,1b,7b,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,4b,54,39,d1,45, 08,7f,e8,01,3a,48,fc,e8,04,4a,f1,69,f0,b5,36,0e,8c,ff,94,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,1a,e1,02,0c,22, 43,cc,12,f6,0f,4e,58,98,5b,89,c9,5b,4e,1d,7b,da,1f,63,f1,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,85,bb,f4,be,30, ef,93,99,3d,ce,ea,26,2d,45,aa,78,0f,26,e1,ce,7a,74,a2,20,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,3e,13,17,b9,a8, 2e,78,a9,2a,b7,cc,b5,b9,7f,41,e7,69,42,18,2c,95,84,94,95,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,95,06,d2,bb,37, 2a,6d,94,6c,43,2d,1e,aa,22,2f,9c,21,ad,7b,4e,dd,74,c6,9a,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ñw*] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1840) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Executive Software\Diskeeper\DkService.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe c:\windows\wanmpsvc.exe c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe c:\windows\system32\lxcycoms.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Heure de fin: 2009-03-19 22:27:39 - La machine a redémarré ComboFix-quarantined-files.txt 2009-03-19 21:27:36 Avant-CF: 28 287 918 080 octets libres Après-CF: 28,127,580,160 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect 425 --- E O F --- 2008-03-04 19:50:39 Y at-il d'autres manip à faire ?? Que me conseilles tu à la place de spybot ? et Adaware qui n'a pas l'air d'être très efficace Au plaisir de te lire Bessard
- le 19 mars 2009
- 29 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

Tu m'avais décocher teatimer hier donc c'est ok J'ai cocher les trois lignes demandées et fix cheked ok toujours pas de gestionnaire ...! Je te renvoie un rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:03:07, on 19/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\system32\lxcycoms.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://ppack.srv.france.rexel/ppack/proxy.htm:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll R3 - URLSearchHook: Secured_eMule toolbar - {1D1B60FD-B21F-4B9A-8A5F-64E8544828D7} - C:\Program Files\Secured_eMule\tbSecu.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll R3 - URLSearchHook: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing) R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Phishing Agent - {B34E20E5-96B2-46AC-9D68-C6B2CD293C2C} - (no file) O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing) O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file) O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Microsoft appswitch] C:\WINDOWS\system32\jwt32.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Saldo Daniel\Application Data\Dealio\kb127\res\DealioSearch.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {AF4F850B-68FF-404C-8417-549F86B1E236} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.canalplay.com (HKLM) O15 - Trusted Zone: *.canalplusactive.com (HKLM) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_1.cab O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} - http://www.mophun.com/codebase/mophun.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{30B29BB8-7CC7-48F7-8220-3C93FD9C30C1}: NameServer = 192.168.0.1 O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 14143 bytes
- le 19 mars 2009
- 29 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

OK voici le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:39:58, on 19/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\system32\lxcycoms.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://ppack.srv.france.rexel/ppack/proxy.htm:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll R3 - URLSearchHook: Secured_eMule toolbar - {1D1B60FD-B21F-4B9A-8A5F-64E8544828D7} - C:\Program Files\Secured_eMule\tbSecu.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll R3 - URLSearchHook: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing) R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Phishing Agent - {B34E20E5-96B2-46AC-9D68-C6B2CD293C2C} - (no file) O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing) O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file) O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Microsoft appswitch] C:\WINDOWS\system32\jwt32.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Saldo Daniel\Application Data\Dealio\kb127\res\DealioSearch.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {AF4F850B-68FF-404C-8417-549F86B1E236} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.canalplay.com (HKLM) O15 - Trusted Zone: *.canalplusactive.com (HKLM) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_1.cab O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} - http://www.mophun.com/codebase/mophun.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{30B29BB8-7CC7-48F7-8220-3C93FD9C30C1}: NameServer = 192.168.0.1 O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 14528 bytes
- le 19 mars 2009
- 29 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

Falkra bonsoir, Après mise à jour MBAM ... tout est clean .. youpi ! merci. Il me suffit de relancer regedit si ok alors c'est clean ! Seul me reste le gestionnaire de taches qui ne veut pas s'ouvrir ... et RSIT qui ne veut pas se lancer ! Et maintenant ce "Search settings Installer 1.2" qui cherche à s'installer, à priori au démarrage ou lorsque je veux me servir d'IE bouh ! que de problèmes ... vais-je m'en sortir ? Merci de ton aide Bessard
- le 19 mars 2009
- 29 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

RSIT ne veut pas se lancer ... Il m'affiche rapidement une erreur "AutoIT error Line-1 error: subscript used with non array-variable" et se ferme ...!! Que faire ? Bessard
- le 19 mars 2009
- 29 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

Effectivement impossible lancer RSIT qui s'arrête au bout de 5 à 6 secondes en me balançant une erreur "AutoIT error Line-1 error: subscript used with non array-variable" OK et se ferme ...!! Que fais-je ? Bessard
- le 19 mars 2009
- 29 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

Falkra bonjour, Le soleil est avec nous ... après analyse avec malwrebytes ... plus de trojan .. j'ai retrouvé regedit ... je n'ose le dire trop fort. Au démarrage et après lancement nouveau script la recherche de search setting.msi c'est renouvelée puis stoppée après 2 ou 3 annulations ..! Ci dessous le rapport OtMOveIT d'aujourd'hui : ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings moved successfully. ========== COMMANDS ========== Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03192009_141011 Je vais pouvoir m'attaquer au gestionnaire de tâches, si RSIT veut bien s'ouvrir ... à suivre Merci pour ton aide efficace Bien cordialement Bessard
- le 19 mars 2009
- 29 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

Je te communique les 2 rapports ... à noter que j'ai une demande de fichier "SearchSettings.msi" que je ne trouve pas !! c'est quoi ce programme demandé juste aprés que j'ai fini les analyses demandées ? Rapport ToolBar 2 : -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.40GHz ) BIOS : BIOS Date: 04/26/05 20:54:36 Ver: 08.00.10 USER : Saldo Daniel ( Administrator ) BOOT : Normal boot Antivirus : Norton Internet Security 15.0.0.60 (Activated) Firewall : Norton Internet Security 15.0.0.60 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:68 Go (Free:26 Go) D:\ (CD or DVD) E:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go) F:\ (Local Disk) - NTFS - Total:45 Go (Free:29 Go) G:\ (Local Disk) - NTFS - Total:66 Go (Free:39 Go) H:\ (CD or DVD) I:\ (CD or DVD) J:\ (USB) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 19/03/2009| 0:47 ) -----------\\ SUPPRESSION Supprime! - C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\dinstallhelper.DC295621FCCE456E86BB35F5409239FF.dll Supprime! - C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127 Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio Supprime! - C:\Program Files\Multi_Media\INSTALL.LOG Supprime! - C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings\kb127 Supprime! - C:\Program Files\Search Settings\kb127 Supprime! - C:\Program Files\Search Settings\SearchSettings.exe Supprime! - C:\DOCUME~1\SALDOD~1\Favoris\Torrent Portal - BitTorrent Search Index.url Supprime! - C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio Supprime! - C:\Program Files\Multi_Media Echec ! - C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings Supprime! - C:\Program Files\Search Settings -----------\\ DEUXIEME PASSAGE Echec ! - C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings -----------\\ Recherche de Fichiers / Dossiers ... C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings -----------\\ Extensions (Saldo Daniel) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar (Saldo Daniel) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (Saldo Daniel) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar (Saldo Daniel) - {b23920f4-4c2f-412b-9450-1d7028d5454e} => torrentreactor.net (Saldo Daniel) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper (Saldo Daniel) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.fr/" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.google.com/ie" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" "SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=66028" "CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\SALDOD~1\Favoris\Cracks C:\DOCUME~1\SALDOD~1\Favoris\Cracks\Les cracks, patchs et autres serials....url C:\DOCUME~1\SALDOD~1\Favoris\Cracks\Serial numbers.url 1 - "C:\ToolBar SD\TB_1.txt" - 19/03/2009| 0:15 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 19/03/2009| 0:48 - Option : [2] -----------\\ Fin du rapport a 0:48:55,62 Rapport OT MoveIT : ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== C:\WINDOWS\system32\jwt32.exe moved successfully. C:\Program Files\spoolsvt.exe moved successfully. File/Folder C:\Program Files\spooler.exe not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IgfxSys not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Microsoft appswitch deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Printspooler not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\SALDOD~1\LOCALS~1\Temp\etilqs_fktnos5grTx1QuQGgq0W scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\SALDOD~1\LOCALS~1\Temp\~DFE8F.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\JETDB2D.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_ac8.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03192009_005509 Files moved on Reboot... File C:\DOCUME~1\SALDOD~1\LOCALS~1\Temp\etilqs_fktnos5grTx1QuQGgq0W not found! C:\DOCUME~1\SALDOD~1\LOCALS~1\Temp\~DFE8F.tmp moved successfully. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File C:\WINDOWS\temp\JETDB2D.tmp not found! File C:\WINDOWS\temp\Perflib_Perfdata_ac8.dat not found! C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\XUL.mfl moved successfully. Voilà voilà ! Et maintenant que fais-je ? il est tard ! courage Bessard
- le 19 mars 2009
- 29 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

C'est reparti ... Le fichier JWT32 : Fichier jwt32.exe reçu le 2009.03.19 00:07:54 (CET) Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.03.18 - AhnLab-V3 5.0.0.2 2009.03.18 - AntiVir 7.9.0.120 2009.03.18 TR/Drop.Small.jhl Authentium 5.1.2.4 2009.03.18 - Avast 4.8.1335.0 2009.03.18 Win32:Spyware-gen AVG 8.0.0.237 2009.03.18 - BitDefender 7.2 2009.03.18 - CAT-QuickHeal 10.00 2009.03.18 - ClamAV 0.94.1 2009.03.18 - Comodo 1066 2009.03.18 - DrWeb 4.44.0.09170 2009.03.18 - eSafe 7.0.17.0 2009.03.18 - eTrust-Vet 31.6.6388 2009.03.09 - F-Prot 4.4.4.56 2009.03.18 - F-Secure 8.0.14470.0 2009.03.18 Trojan-Downloader:W32/Agent.JSY Fortinet 3.117.0.0 2009.03.18 - GData 19 2009.03.18 Win32:Spyware-gen Ikarus T3.1.1.48.0 2009.03.18 - K7AntiVirus 7.10.674 2009.03.17 - Kaspersky 7.0.0.125 2009.03.18 - McAfee 5557 2009.03.18 - McAfee+Artemis 5557 2009.03.18 - McAfee-GW-Edition 6.7.6 2009.03.18 Trojan.Drop.Small.jhl Microsoft 1.4502 2009.03.18 - NOD32 3946 2009.03.18 - Norman 6.00.06 2009.03.18 - nProtect 2009.1.8.0 2009.03.18 - Panda 10.0.0.10 2009.03.18 - PCTools 4.4.2.0 2009.03.18 - Prevx1 V2 2009.03.19 Medium Risk Malware Dropper Rising 21.21.22.00 2009.03.18 - Sophos 4.39.0 2009.03.18 - Sunbelt 3.2.1858.2 2009.03.18 - Symantec 1.4.4.12 2009.03.18 - TheHacker 6.3.3.0.283 2009.03.16 - TrendMicro 8.700.0.1004 2009.03.18 - VBA32 3.12.10.1 2009.03.18 suspected of Embedded.MalwareScope.Zhelatin.Api.accept ViRobot 2009.3.18.1654 2009.03.18 - VirusBuster 4.6.5.0 2009.03.18 - Information additionnelle File size: 30833 bytes MD5...: c1a5b3dd7ef8f008394f3a80451fa11b SHA1..: 2828ebb6498a34d361676efd1c70f998a4dd2190 SHA256: 9f0efbce3c30fff2d638ddf0159179e65f4711d481b33342fec2d4609f58ea70 SHA512: bddf8a1f3cdea43ee86d0870e96f548d6606aea0c5227be6569522fe9f6fe208 e46c7cc683579781a9e70697e79856a000811ade9e896c207e0b7d9e1d68b806 ssdeep: 384:k1GVhNN6ISrC4CFHzmjT7t2hIsr9qN2MbnHcGdT:k1dDMzCTerSciT PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) VXD Driver (0.1%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1000 timedatestamp.....: 0x49ae698d (Wed Mar 04 11:44:13 2009) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1926 0x1a00 6.99 aa366c8d8b6044ef44a8e7f9f93ae92a .data 0x3000 0x4a84 0x4c00 4.05 9defccdd3ff1588f0a2783c014ef7476 .rsrc 0x8000 0x120 0x200 1.87 5364c37e059cd1ab8f56d65e0fb47138 ( 3 imports ) > kernel32.dll: CreateMutexA, GetLastError, GetModuleHandleA, LoadLibraryA, GetProcAddress, Sleep, FreeLibrary, RtlZeroMemory, FindFirstFileA, CreateDirectoryA, MoveFileA, FindNextFileA, FindClose, ExitProcess, RtlMoveMemory, CreateFileA, WriteFile, CloseHandle, TerminateThread, TerminateProcess, GetSystemDirectoryA, GlobalAlloc, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, FlushFileBuffers > user32.dll: DialogBoxParamA, LoadIconA, SendMessageA, SetDlgItemTextA, EndDialog, GetClassNameA, GetWindowThreadProcessId, EnumWindows, MessageBoxA > comctl32.dll: InitCommonControls ( 0 exports ) Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=B9078EF371E305E2787C009893660100F26A5DA5' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=B9078EF371E305E2787C009893660100F26A5DA5</a> Le fichier Toolbar : -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.40GHz ) BIOS : BIOS Date: 04/26/05 20:54:36 Ver: 08.00.10 USER : Saldo Daniel ( Administrator ) BOOT : Normal boot Antivirus : Norton Internet Security 15.0.0.60 (Activated) Firewall : Norton Internet Security 15.0.0.60 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:68 Go (Free:26 Go) D:\ (CD or DVD) E:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go) F:\ (Local Disk) - NTFS - Total:45 Go (Free:29 Go) G:\ (Local Disk) - NTFS - Total:66 Go (Free:39 Go) H:\ (CD or DVD) I:\ (CD or DVD) J:\ (USB) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 19/03/2009| 0:14 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\dinstallhelper.DC295621FCCE456E86BB35F5409239FF.dll C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\alerts.gif C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\alerts_over.gif C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\alerts_rec.gif C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\chevron-small.gif C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\DealioSearch.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\deal_report.jpg C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\ebay_login.jpg C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\err_mainwindow.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\err_toolbar.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\global_scripts.js C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\highlight-bg.png C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\logo.gif C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\logo_over.gif C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\man_toolbar.css C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\man_toolbar.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\man_toolbar.js C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\man_toolbarl.js C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\post-this-deal.gif C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\scripts.js C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\scroller.js C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\search-chevron.gif C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\separator.gif C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\settings.gif C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\settings_over.gif C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\yahoo-search.png C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\index.76.35 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.10.76 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.109.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.110.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.12.52 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.13.58 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.130.58 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.135.50 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.153.44 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.155.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.156.49 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.16.60 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.161.52 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.178.66 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.184.55 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.188.52 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.189.45 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.196.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.198.56 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.199.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.200.53 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.201.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.202.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.203.71 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.205.62 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.213.71 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.214.49 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.215.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.216.67 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.217.67 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.218.52 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.219.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.220.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.221.57 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.222.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.223.68 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.226.68 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.227.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.228.62 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.229.76 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.23.63 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.239.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.24.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.240.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.241.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.242.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.243.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.244.63 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.245.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.247.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.248.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.249.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.250.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.251.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.252.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.253.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.254.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.255.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.256.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.257.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.279.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.28.58 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.282.75 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.283.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.284.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.289.67 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.290.62 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.291.61 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.296.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.297.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.304.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.307.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.308.75 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.31.47 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.310.46 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.311.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.315.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.316.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.317.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.318.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.319.49 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.32.48 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.334.44 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.335.60 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.336.44 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.337.44 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.338.75 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.339.47 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.34.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.340.47 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.341.47 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.349.50 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.35.48 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.350.50 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.351.51 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.352.54 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.353.51 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.354.51 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.357.62 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.358.52 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.359.52 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.360.53 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.361.54 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.362.68 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.363.58 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.364.54 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.365.53 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.367.56 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.368.58 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.369.55 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.370.56 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.371.56 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.372.57 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.373.55 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.375.56 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.376.57 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.377.55 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.378.65 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.384.58 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.386.71 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.387.59 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.388.59 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.389.59 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.390.60 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.391.60 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.392.60 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.393.60 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.394.60 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.396.61 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.397.61 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.398.60 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.399.60 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.403.61 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.404.63 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.405.61 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.406.61 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.407.76 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.408.63 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.409.61 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.412.62 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.413.62 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.414.62 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.415.62 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.416.62 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.417.62 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.418.62 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.419.62 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.420.62 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.421.62 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.423.63 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.424.63 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.425.63 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.426.63 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.427.63 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.428.65 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.429.63 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.430.63 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.432.65 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.433.64 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.434.65 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.435.64 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.436.76 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.437.64 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.438.71 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.439.71 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.440.75 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.442.73 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.443.73 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.444.73 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.445.68 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.446.69 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.450.67 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.451.67 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.452.68 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.453.68 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.454.69 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.456.69 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.457.75 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.458.70 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.459.70 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.460.69 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.462.74 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.463.69 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.464.70 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.465.68 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.468.70 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.469.70 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.470.70 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.471.73 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.472.70 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.478.74 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.479.73 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.480.68 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.481.71 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.482.74 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.49.67 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.50.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.500.71 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.501.74 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.502.71 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.51.69 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.52.72 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.520.76 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.521.76 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.522.76 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.53.51 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.531.76 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.532.75 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.534.75 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.54.47 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.55.45 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.56.69 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.57.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.58.47 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.593.76 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.595.76 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.63.57 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.66.47 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.70.75 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.71.43 C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\dealio-14293.log C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\dealio-14294.log C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\dealio-14297.log C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\dod_cache.xml C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\installtype.ini C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1008_1012_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1048_952_1.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1048_952_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1212_4000_1.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1212_4000_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1344_2060_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1348_3216_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1356_2888_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1712_1148_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1760_1948_1.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1760_1948_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1976_2024_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2012_416_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2132_224_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2148_1672_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2196_2568_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2292_3100_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2328_424_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2344_396_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2404_2408_1.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2404_2408_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2408_2972_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2436_3260_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2464_2992_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2480_408_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2668_1836_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2728_3736_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2744_2876_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2956_2540_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3064_3876_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3104_732_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_312_2204_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3168_344_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3168_780_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3212_3220_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3304_3528_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3332_3340_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3372_2344_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_600_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3412_2136_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3516_1564_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_352_4028_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3584_2688_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3644_2508_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3656_2500_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_372_864_1.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_372_864_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3760_488_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3812_1692_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3836_2736_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3896_2576_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3896_3900_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3920_3612_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3940_3512_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3948_4084_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_428_3708_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_432_3544_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_496_2780_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_524_532_1.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_524_532_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_540_3256_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_580_3540_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_648_676_1.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_648_676_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_752_536_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_868_728_3.html C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_928_536_3.html C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio C:\Program Files\Multi_Media C:\Program Files\Multi_Media\INSTALL.LOG C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings\kb127 C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings\kb127\res C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings\kb127\temp C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings\kb127\temp\ws-14319.log C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings\kb127\temp\ws-14320.log C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings\kb127\temp\ws-14321.log C:\Program Files\Search Settings C:\Program Files\Search Settings\kb127 C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\Search Settings\kb127\res C:\Program Files\Search Settings\kb127\SearchSettings.dll C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll C:\Program Files\Search Settings\kb127\temp C:\DOCUME~1\SALDOD~1\Favoris\Torrent Portal - BitTorrent Search Index.url -----------\\ Extensions (Saldo Daniel) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar (Saldo Daniel) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (Saldo Daniel) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar (Saldo Daniel) - {b23920f4-4c2f-412b-9450-1d7028d5454e} => torrentreactor.net (Saldo Daniel) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper (Saldo Daniel) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.fr/" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.google.com/ie" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" "SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=66028" "CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\SALDOD~1\Application Data\Azureus\torrents\Adobe Premiere Pro v7 0 with Keygen.torrent C:\DOCUME~1\SALDOD~1\Favoris\Cracks C:\DOCUME~1\SALDOD~1\Favoris\Cracks\Les cracks, patchs et autres serials....url C:\DOCUME~1\SALDOD~1\Favoris\Cracks\Serial numbers.url 1 - "C:\ToolBar SD\TB_1.txt" - 19/03/2009| 0:15 - Option : [1] -----------\\ Fin du rapport a 0:15:48,34 Bon courage et merci de ton aide Cordialement Bessard
- le 18 mars 2009
- 29 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

Je viens de lancer RSIT Il m'affiche rapidement une erreur "AutoIT error Line-1 error: subscript used with non array-variable" et se ferme ...!! décidément ! A te lire Cdt Bessard
- le 18 mars 2009
- 29 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

Désolé, Après un reboot, à nouveau plus de regedit ... 2 nouveaux scan Malwarebytes ... voilà le rapport ... et toujours le malware présent Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1866 Windows 5.1.2600 Service Pack 3 18/03/2009 23:20:35 mbam-log-2009-03-18 (23-20-35).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 201454 Temps écoulé: 38 minute(s), 44 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\System Volume Information\_restore{7196635A-EA5C-4CF7-BDE0-2259E4EED6DF}\RP37\A0008824.dll (Backdoor.Bot) -> Quarantined and deleted successfully. Dur dur ! Qu'en penses tu ? Cordialement Bessard
- le 18 mars 2009
- 29 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

Falkra bonsoir, Je te tiens au courant ... je viens de faire à l'instant une nouvelle mise à jour de Malwarebytes Re-scanner et au miracle plus de virus trouvé et .... j'ai bien retrouvé l'exécution de regedit ... super merci beaucoup. Par contre je n'ai toujours pas l'accés au gestionnaire de tâches que ce soit par Ctrl Alt Sup (rien ne se passe) ou par l'exécution de taskmgr ou une fenêtre m'informe que Windows ne trouve pas taskmgr (celui-ci est pourtant bien présent) ou par le click droit sur la barre de l'horloge (rien ne se passe). Dois-je soumettre cette anomalie sur un sujet différent du forum ?? Merci de ta réponse et encore bravo Bien cordialement Bessard
- le 18 mars 2009
- 29 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

Falkra bonjour, Je te joins l'avant dernier rapport : Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1860 Windows 5.1.2600 Service Pack 3 18/03/2009 13:45:40 mbam-log-2009-03-18 (13-45-40).txt Type de recherche: Examen rapide Eléments examinés: 84367 Temps écoulé: 5 minute(s), 8 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Printspooler (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) 2 virus détectés ...!! ?? et virés ... deuxième scan encore le même virus .. rapport ci dessous :Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1860 Windows 5.1.2600 Service Pack 3 18/03/2009 13:56:59 mbam-log-2009-03-18 (13-56-59).txt Type de recherche: Examen rapide Eléments examinés: 84423 Temps écoulé: 1 minute(s), 49 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) 3 ième scan : Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1860 Windows 5.1.2600 Service Pack 3 18/03/2009 13:59:25 mbam-log-2009-03-18 (13-59-25).txt Type de recherche: Examen rapide Eléments examinés: 84463 Temps écoulé: 1 minute(s), 45 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Il est toujours là ...!!!! Au secours Merci Bien cordialement Bessard
- le 18 mars 2009
- 29 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a répondu à un(e) sujet de Bessard dans Analyses et éradication malwares

Bonsoir Falkra, Merci pour ta réponse rapide. J'ai fait plusieurs analyses avec MBAM ... hélas il n'arrive pas à éradiquer ce trojan sur la même ligne de registre que trouvait Spybot Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1860 Windows 5.1.2600 Service Pack 3 18/03/2009 00:51:00 mbam-log-2009-03-18 (00-50-58).txt Type de recherche: Examen rapide Eléments examinés: 84209 Temps écoulé: 1 minute(s), 44 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)* Quelle plaie !! Qu'en penses-tu ? A bientôt
- le 18 mars 2009
- 29 réponses
Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard a posté un sujet dans Analyses et éradication malwares

Bonjour, Trojan Hupigo13 http://forum.zebulon.fr/style_images/1/fol...con7.gifdétecté par Spybot sur ligne registre : HLM\software\Microsoft\Windows NT\Current Version\Image File Execution Options\regedit.exe Et de fait je n'ai plus accès à regedit, ni au gestionnaire de tâches (Ctrl+Alt+Suppr ou taskmgr ou click droit barre outils horloge ..!) L'analyse HJT : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:03:01, on 17/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\jwt32.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\spoolsvt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\system32\lxcycoms.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://ppack.srv.france.rexel/ppack/proxy.htm:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll R3 - URLSearchHook: Secured_eMule toolbar - {1D1B60FD-B21F-4B9A-8A5F-64E8544828D7} - C:\Program Files\Secured_eMule\tbSecu.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll R3 - URLSearchHook: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Phishing Agent - {B34E20E5-96B2-46AC-9D68-C6B2CD293C2C} - (no file) O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file) O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll O4 - HKLM\..\Run: [igfxSys] rundll32.exe "C:\WINDOWS\Drivers\IgfxSys.dll",StartProtector O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [Microsoft appswitch] C:\WINDOWS\system32\jwt32.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Printspooler] C:\Program Files\spooler.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Saldo Daniel\Application Data\Dealio\kb127\res\DealioSearch.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {AF4F850B-68FF-404C-8417-549F86B1E236} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.canalplay.com (HKLM) O15 - Trusted Zone: *.canalplusactive.com (HKLM) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_1.cab O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} - http://www.mophun.com/codebase/mophun.cab O16 - DPF: {E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4} - http://es6-scripts.dlv4.com/binaries/egaut..._1052_FR_XP.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{30B29BB8-7CC7-48F7-8220-3C93FD9C30C1}: NameServer = 192.168.0.1 O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 15183 bytes Merci de votre aide, je n'ai pas pu jusqu'à présent trouver la solution pour éradiquer cette s..... Cordialement Bessard
- le 17 mars 2009
- 29 réponses

Connexion

Bessard

Compteur de contenus

Inscription

Dernière visite

Jours gagnés

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par Bessard

[Terminé] Impossible de scanner avec les antivirus

[Terminé] Impossible de scanner avec les antivirus

[Terminé] Impossible de scanner avec les antivirus

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Une Équipe Formidable

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Zebulon

Outils en ligne

Naviguer