Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard

Par Bessard
dans Analyses et éradication malwares

 Partager

Messages recommandés

Bessard Power Member

Bessard

Posté(e)
  • Auteur
Posté(e)

OK voici le rapport :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:39:58, on 19/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

C:\WINDOWS\system32\lxcycoms.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://ppack.srv.france.rexel/ppack/proxy.htm:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

R3 - URLSearchHook: Secured_eMule toolbar - {1D1B60FD-B21F-4B9A-8A5F-64E8544828D7} - C:\Program Files\Secured_eMule\tbSecu.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

R3 - URLSearchHook: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing)

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Phishing Agent - {B34E20E5-96B2-46AC-9D68-C6B2CD293C2C} - (no file)

O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing)

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Microsoft appswitch] C:\WINDOWS\system32\jwt32.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html

O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Saldo Daniel\Application Data\Dealio\kb127\res\DealioSearch.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {AF4F850B-68FF-404C-8417-549F86B1E236} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.canalplay.com (HKLM)

O15 - Trusted Zone: *.canalplusactive.com (HKLM)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_1.cab

O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} - http://www.mophun.com/codebase/mophun.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{30B29BB8-7CC7-48F7-8220-3C93FD9C30C1}: NameServer = 192.168.0.1

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

--

End of file - 14528 bytes

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ca remarche le gestionnaire des tâches ?

 

Désactive TeaTimer dans spybot dès maintenant, ça peut empêcher la désinfection. :P

A faire en passant par les options de Spybot: il faut aller dans le menu "Mode"=> coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" .

Inutile de le réactive,r ce programme est plus souvent nuisible qu'efficace, d'ailleurs.

 

Il y a du bazar dans les toolbars. Relance HijackThis, clique sur "Do a system scan only" puis coche ceci et clique sur le bouton "Fix checked", en bas à gauche :

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028 => ZHPHosts White List

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028

R3 - URLSearchHook: Secured_eMule toolbar - {1D1B60FD-B21F-4B9A-8A5F-64E8544828D7} - C:\Program Files\Secured_eMule\tbSecu.dll

R3 - URLSearchHook: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing)

O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll

O2 - BHO: Phishing Agent - {B34E20E5-96B2-46AC-9D68-C6B2CD293C2C} - (no file)

O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing)

O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll

O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll

O4 - HKLM\..\Run: [Microsoft appswitch] C:\WINDOWS\system32\jwt32.exe

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {AF4F850B-68FF-404C-8417-549F86B1E236} - (no file)

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

Bessard Power Member

Bessard

Posté(e)
  • Auteur
Posté(e)

Tu m'avais décocher teatimer hier donc c'est ok

J'ai cocher les trois lignes demandées et fix cheked ok

toujours pas de gestionnaire ...!

Je te renvoie un rapport :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:03:07, on 19/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

C:\WINDOWS\system32\lxcycoms.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://ppack.srv.france.rexel/ppack/proxy.htm:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

R3 - URLSearchHook: Secured_eMule toolbar - {1D1B60FD-B21F-4B9A-8A5F-64E8544828D7} - C:\Program Files\Secured_eMule\tbSecu.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

R3 - URLSearchHook: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing)

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Phishing Agent - {B34E20E5-96B2-46AC-9D68-C6B2CD293C2C} - (no file)

O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing)

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCom0.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Microsoft appswitch] C:\WINDOWS\system32\jwt32.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html

O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Saldo Daniel\Application Data\Dealio\kb127\res\DealioSearch.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {AF4F850B-68FF-404C-8417-549F86B1E236} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.canalplay.com (HKLM)

O15 - Trusted Zone: *.canalplusactive.com (HKLM)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_1.cab

O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} - http://www.mophun.com/codebase/mophun.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{30B29BB8-7CC7-48F7-8220-3C93FD9C30C1}: NameServer = 192.168.0.1

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

--

End of file - 14143 bytes

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

On va s'occuper de tout ça autrement, car les manips ne passent pas toutes.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  • On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  • Le bureau disparaît, c'est normal, et il va revenir.
  • Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

Bessard Power Member

Bessard

Posté(e)
  • Auteur
Posté(e)

Ci dessous le rapport Combofix

J'ai retrouvé le gestionnaire ....... super !

Par quelle s.... ai-je donc été infecté ? as-tu une réponse ?

Ta patience m'a été d'un grand secours, mais j'aimerais bien savoir !

 

Le rapport :

 

ComboFix 09-03-18.01 - 2009-03-19 22:19:29.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3071.2422 [GMT 1:00]

Lancé depuis: c:\documents and settings\Daniel\Bureau\ComboFix.exe

AV: Norton Internet Security *On-access scanning enabled* (Updated)

FW: Norton Internet Security *enabled*

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\pthreadGC2.dll

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_OREANS32

-------\Service_oreans32

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-19 au 2009-03-19 ))))))))))))))))))))))))))))))))))))

.

 

2009-03-19 22:19 . 2009-03-19 22:19 6,736 --a------ c:\windows\system32\drivers\PROCEXP90.SYS

2009-03-19 14:10 . 2009-03-19 20:57 <REP> d-------- c:\documents and settings\Daniel\Application Data\Search Settings

2009-03-19 00:53 . 2009-03-19 00:53 <REP> d-------- C:\_OTMoveIt

2009-03-19 00:13 . 2009-03-19 00:48 <REP> d-------- C:\ToolBar SD

2009-03-18 23:28 . 2009-03-18 23:28 <REP> d-------- C:\rsit

2009-03-18 00:22 . 2009-03-18 01:13 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-18 00:22 . 2009-03-18 00:22 <REP> d-------- c:\documents and settings\Daniel\Application Data\Malwarebytes

2009-03-18 00:22 . 2009-03-18 00:22 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-18 00:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-18 00:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-17 23:02 . 2009-03-17 23:02 <REP> d-------- c:\program files\Trend Micro

2009-03-17 21:59 . 2009-03-17 21:59 357,768 --a------ c:\documents and settings\Daniel\SymXPep2.dll

2009-03-17 20:53 . 2009-03-17 20:53 <REP> d-------- c:\program files\Safer Networking

2009-03-17 20:53 . 2009-03-17 20:53 <REP> d-------- c:\documents and settings\Daniel\Application Data\Safer Networking

2009-03-16 23:09 . 2004-09-29 12:41 <REP> d--h----- c:\documents and settings\Administrateur.RAPIDE.002\Voisinage réseau

2009-03-16 23:09 . 2004-09-29 12:41 <REP> d--h----- c:\documents and settings\Administrateur.RAPIDE.002\Voisinage d'impression

2009-03-16 23:09 . 2004-09-29 10:45 <REP> d--h----- c:\documents and settings\Administrateur.RAPIDE.002\Modèles

2009-03-16 23:09 . 2004-09-29 12:41 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002\Mes documents

2009-03-16 23:09 . 2004-09-29 12:41 <REP> dr------- c:\documents and settings\Administrateur.RAPIDE.002\Menu Démarrer

2009-03-16 23:09 . 2004-09-29 12:41 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002\Favoris

2009-03-16 23:09 . 2004-09-29 12:41 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002\Bureau

2009-03-16 23:09 . 2007-11-26 20:02 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002\Application Data\Apple Computer

2009-03-16 23:09 . 2009-03-16 23:09 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002

2009-03-16 22:11 . 2009-03-16 22:11 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll

2009-03-16 22:09 . 2009-03-16 22:09 <REP> d-------- c:\windows\ERUNT

2009-03-16 21:59 . 2009-03-16 23:30 <REP> d-------- C:\SDFix

2009-03-16 14:52 . 2009-03-13 16:38 15,688 --a------ c:\windows\system32\lsdelete.exe

2009-03-13 16:39 . 2009-03-13 16:38 64,160 --a------ c:\windows\system32\drivers\Lbd.sys

2009-03-13 16:36 . 2009-03-13 16:36 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-03-13 15:17 . 2009-03-13 15:33 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2009-03-08 19:50 . 2009-03-08 20:29 <REP> d-------- c:\documents and settings\Daniel\EurekaLog

2009-03-08 15:26 . 2009-03-08 15:58 <REP> d-------- c:\program files\IZArc

2009-03-07 15:54 . 2009-03-07 16:52 <REP> d-------- c:\program files\free-downloads.net

2009-03-07 15:53 . 2009-03-07 15:53 <REP> d-------- c:\program files\Alcohol Soft

2009-03-07 15:48 . 2009-03-07 15:48 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2009-03-07 15:27 . 2009-03-07 15:34 <REP> d-------- c:\program files\VirtualDub

2009-03-05 11:39 . 2009-03-09 19:57 <REP> d-------- c:\documents and settings\Daniel\Application Data\c2

2009-03-04 21:31 . 2009-03-04 21:31 <REP> d-------- c:\windows\system32\IOSUBSYS

2009-03-04 17:42 . 2009-03-04 23:49 <REP> d-------- c:\documents and settings\Daniel\Application Data\c1

2009-03-04 17:36 . 2009-03-19 00:55 162 --a------ c:\windows\ad1.htm

2009-03-04 16:39 . 2009-03-04 16:39 <REP> d-------- c:\program files\RozetUtil

2009-03-04 14:26 . 2009-03-04 14:26 <REP> d-------- c:\program files\VirtualDubMOD

2009-02-19 12:03 . 2009-02-19 12:03 579,464 --a------ c:\windows\system32\SymNeti.dll

2009-02-19 12:03 . 2009-02-19 12:03 207,240 --a------ c:\windows\system32\SymRedir.dll

2009-02-19 11:31 . 2009-02-19 11:31 184,496 --a------ c:\windows\system32\drivers\symtdi.sys

2009-02-19 11:31 . 2009-02-19 11:31 96,560 --a------ c:\windows\system32\drivers\symfw.sys

2009-02-19 11:31 . 2009-02-19 11:31 41,008 --a------ c:\windows\system32\drivers\symndisv.sys

2009-02-19 11:31 . 2009-02-19 11:31 38,576 --a------ c:\windows\system32\drivers\symids.sys

2009-02-19 11:31 . 2009-02-19 11:31 37,424 --a------ c:\windows\system32\drivers\symndis.sys

2009-02-19 11:31 . 2009-02-19 11:31 31,280 --a------ c:\windows\system32\drivers\SymIM.sys

2009-02-19 11:31 . 2009-02-19 11:31 22,320 --a------ c:\windows\system32\drivers\symredrv.sys

2009-02-19 11:31 . 2009-02-19 11:31 13,616 --a------ c:\windows\system32\drivers\symdns.sys

2009-02-19 11:31 . 2009-02-19 11:31 9,844 --a------ c:\windows\system32\drivers\SymRedir.cat

2009-02-19 11:31 . 2009-02-19 11:31 1,611 --a------ c:\windows\system32\drivers\SymRedir.inf

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-19 21:24 --------- d-----w c:\program files\lx_cats

2009-03-19 21:20 --------- d-----w c:\program files\Fichiers communs\Symantec Shared

2009-03-19 16:04 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2009-03-17 20:14 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-16 20:52 --------- d-----w c:\program files\Come2PlayK2P

2009-03-16 15:14 --------- d-----w c:\program files\Norton Internet Security

2009-03-16 14:44 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-03-13 15:36 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard

2009-03-10 22:07 --------- d-----w c:\program files\TuneUp Utilities 2008

2009-03-08 15:49 --------- d-----w c:\documents and settings\Daniel\Application Data\dvdcss

2009-03-05 20:50 --------- d-----w c:\program files\Elaborate Bytes

2009-03-05 20:47 --------- d-----w c:\program files\eMule

2009-03-05 10:34 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-04 20:31 --------- d-----w c:\program files\Google

2009-02-27 09:27 --------- d-----w c:\program files\Azureus

2009-02-19 19:55 --------- d-----w c:\program files\Common Files

2009-02-17 18:12 --------- d-----w c:\program files\Fichiers communs\Adobe

2009-02-16 21:30 --------- d-----w c:\program files\Microsoft Bootvis

2009-02-16 20:55 --------- d-----w c:\program files\QuickTime

2009-02-16 20:55 --------- d-----w c:\program files\iTunes(2)

2009-02-16 20:55 --------- d-----w c:\program files\iTunes

2009-02-16 20:54 --------- d-----w c:\program files\ma-config.com

2009-02-16 20:54 --------- d-----w c:\program files\Bonjour(2)

2009-02-16 20:54 --------- d-----w c:\program files\Apple Software Update

2009-02-16 20:54 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com

2009-02-11 18:35 --------- d-----w c:\program files\iPod

2009-02-11 18:35 --------- d-----w c:\program files\Fichiers communs\Apple

2009-02-03 14:38 --------- d-----w c:\program files\Zeb-Utility

2009-02-03 14:19 --------- d-----w c:\program files\Virtual Magnifying Glass

2009-01-31 12:47 --------- d-----w c:\program files\proDAD

2009-01-31 11:55 --------- d-----w c:\program files\Spamihilator

2009-01-31 11:30 --------- d-----w c:\program files\Conduit

2009-01-31 11:26 --------- d-----w c:\documents and settings\Daniel\Application Data\Babylon

2009-01-31 11:26 --------- d-----w c:\documents and settings\All Users\Application Data\Babylon

2009-01-26 11:03 --------- d-----w c:\program files\Lexmark Toolbar

2009-01-26 10:53 --------- d-----w c:\program files\Lexmark 3400 Series

2009-01-24 15:51 --------- d-----w c:\documents and settings\Daniel\Application Data\Viewpoint

2009-01-23 17:28 57,344 ----a-w c:\documents and settings\Daniel\lametritonus.dll

2009-01-23 17:28 162,304 ----a-w c:\documents and settings\Daniel\lame_enc.dll

2006-10-26 17:47 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe

2002-07-26 16:02 153,088 ----a-w c:\program files\UNWISE.EXE

2007-08-24 19:52 300,400 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

"{b8a5b62c-517f-42a5-85ae-29b5497fb15f}"= "c:\program files\Come2PlayK2P\tbCom0.dll" [2009-03-16 1883672]

"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2009-03-07 1883672]

 

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

 

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

 

[HKEY_CLASSES_ROOT\clsid\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]

 

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

2007-05-27 13:17 1326104 --a------ c:\program files\Secured_eMule\tbSecu.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]

2009-03-16 21:53 1883672 --a------ c:\program files\Come2PlayK2P\tbCom0.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]

2009-03-07 16:53 1883672 --a------ c:\program files\free-downloads.net\tbfre1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

"{b8a5b62c-517f-42a5-85ae-29b5497fb15f}"= "c:\program files\Come2PlayK2P\tbCom0.dll" [2009-03-16 1883672]

"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2009-03-07 1883672]

 

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

 

[HKEY_CLASSES_ROOT\clsid\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]

 

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

"{B8A5B62C-517F-42A5-85AE-29B5497FB15F}"= "c:\program files\Come2PlayK2P\tbCom0.dll" [2009-03-16 1883672]

"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2009-03-07 1883672]

 

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

 

[HKEY_CLASSES_ROOT\clsid\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]

 

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 68856]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-13 515416]

"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 65536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.MJPG"= Pvmjpg30.dll

"VIDC.PIM1"= pclepim1.dll

"vidc.X264"= x264vfw.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe

"High Definition Audio Property Page Shortcut"=HDAudPropShortcut.exe

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd

"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"

"USB2Check"=RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController

"ccApp"=c:\program files\Fichiers communs\Symantec Shared\ccApp.exe

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe"

"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe"

"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\MUTE\\fileSharingMUTE.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\TribalWeb.net\\tribalweb.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"c:\\Program Files\\AOL 9.0a\\waol.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"=

"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"=

"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force V-Bar.exe"=

"c:\\Program Files\\AOL 9.0b\\waol.exe"=

"c:\\Program Files\\Fichiers communs\\AOL\\1163715249\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2004-09-29 24971]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-13 64160]

R0 ub1394;Unibrain 1394 Class Driver;c:\windows\system32\drivers\UB1394.sys [2004-06-01 115200]

R0 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2004-06-01 11776]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Fichiers communs\Symantec Shared\CCSVCHST.EXE [2007-08-24 149352]

R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2004-06-01 29440]

R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2004-09-29 1475712]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]

R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]

R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2004-06-01 70528]

R3 ubsbp2;Unibrain SBP2 Bus Driver;c:\windows\system32\drivers\ubsbp2.sys [2004-06-01 31872]

R3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [2004-09-29 258560]

S2 Ca533av;USB PC Camera;c:\windows\system32\drivers\Ca533av.sys [2004-11-07 516021]

S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS --> c:\windows\system32\ASNDIS5.SYS [?]

S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-02-23 20608]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-29 23888]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 191656]

S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [2008-04-10 434176]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-01-04 98488]

S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2008-03-26 26624]

S3 USBCamera;DIGITAL CAMERA;c:\windows\system32\drivers\Bulk533.sys [2004-11-07 10986]

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - COMHOST

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29836bc1-7ab9-11dd-ba70-00112f266405}]

\Shell\AutoRun\command - I:\EmDesk.exe

\Shell\EmDesk\command - I:\EmDesk.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-03-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-13 16:38]

 

2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

 

2009-03-19 c:\windows\Tasks\Maintenance en 1 clic.job

- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]

 

2008-03-11 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job

- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 17:08]

 

2009-03-09 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Saldo Daniel.job

- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 18:19]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-Run-Microsoft appswitch - c:\windows\system32\jwt32.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = hxxp://ppack.srv.france.rexel/ppack/proxy.htm:8080

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html

IE: &Télécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddLink.html

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Compare Prices with &Dealio - c:\documents and settings\Daniel\Application Data\Dealio\kb127\res\DealioSearch.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html

IE: { - notepad.exe

IE: {{AF4F850B-68FF-404C-8417-549F86B1E236}

Trusted Zone: canalplay.com

Trusted Zone: canalplusactive.com

TCP: {30B29BB8-7CC7-48F7-8220-3C93FD9C30C1} = 192.168.0.1

DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} - hxxp://www.mophun.com/codebase/mophun.cab

FF - ProfilePath - c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=3&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=2&q=

FF - component: c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - component: c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFAlert.dll

FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

 

---- PARAMETRES FIREFOX ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 200000

FF - user.js: content.notify.interval - 100000

FF - user.js: content.switch.threshold - 650000

FF - user.js: nglayout.initialpaint.delay - 300

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-19 22:24:17

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-583907252-343818398-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,ae,0e,7d,0c,29,

33,dc,e0,e2,63,26,f1,3f,c8,ff,68,44,df,8f,27,24,0e,70,22,e2,63,26,f1,3f,c8,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,20,c6,5d,ee,11,

c9,ae,c5,6a,9c,d6,61,af,45,84,18,a9,75,eb,68,b8,63,bc,92,6a,9c,d6,61,af,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,59,a1,26,04,10,

77,a1,fd,ff,7c,85,e0,43,d4,0e,fe,41,54,7e,8a,0a,0e,3a,4e,ff,7c,85,e0,43,d4,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,6f,8a,69,10,b3,

b4,48,2b,86,8c,21,01,be,91,eb,e7,a6,96,1e,95,e4,a4,b3,45,86,8c,21,01,be,91,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,82,9a,0f,9f,59,

59,4b,93,f5,1d,4d,73,a8,13,5c,05,a9,20,bc,f1,95,d8,ed,d8,f5,1d,4d,73,a8,13,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,7e,cf,f3,81,6d,

0b,0b,38,df,20,58,62,78,6b,cf,c8,2a,7a,14,ba,b9,32,c0,dd,df,20,58,62,78,6b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,7a,e3,dc,17,86,

c8,b8,c2,fb,a7,78,e6,12,2f,9a,ea,ed,8b,0f,af,05,8f,1b,7b,fb,a7,78,e6,12,2f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,4b,54,39,d1,45,

08,7f,e8,01,3a,48,fc,e8,04,4a,f1,69,f0,b5,36,0e,8c,ff,94,01,3a,48,fc,e8,04,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,1a,e1,02,0c,22,

43,cc,12,f6,0f,4e,58,98,5b,89,c9,5b,4e,1d,7b,da,1f,63,f1,f6,0f,4e,58,98,5b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,85,bb,f4,be,30,

ef,93,99,3d,ce,ea,26,2d,45,aa,78,0f,26,e1,ce,7a,74,a2,20,3d,ce,ea,26,2d,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,3e,13,17,b9,a8,

2e,78,a9,2a,b7,cc,b5,b9,7f,41,e7,69,42,18,2c,95,84,94,95,2a,b7,cc,b5,b9,7f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,95,06,d2,bb,37,

2a,6d,94,6c,43,2d,1e,aa,22,2f,9c,21,ad,7b,4e,dd,74,c6,9a,6c,43,2d,1e,aa,22,\

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ñw*]

"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1840)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Executive Software\Diskeeper\DkService.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

c:\windows\wanmpsvc.exe

c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe

c:\windows\system32\lxcycoms.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Heure de fin: 2009-03-19 22:27:39 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-03-19 21:27:36

 

Avant-CF: 28 287 918 080 octets libres

Après-CF: 28,127,580,160 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

 

425 --- E O F --- 2008-03-04 19:50:39

 

 

 

Y at-il d'autres manip à faire ??

Que me conseilles tu à la place de spybot ? et Adaware qui n'a pas l'air d'être très efficace

Au plaisir de te lire

 

Bessard

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

combofix a réglé le problème du gestionnaire de tâches, c'est une bestiole qui a désactivé ça, pour embêter.

Peu efficace, en l'occurrence. :P

 

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

 

  • Télécharge le fichier CFscript.txt depuis ce site :
    http://senduit.com/1d5aa0
     
  • Place-le sur le bureau, près de l'icône de combofix.
  • Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture

animation1md2.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

 

 

Tu peux remplacer spybot et ad-aware par Malwarebytes.

Même si spybot et ad-aware ne sont pas mauvais, en eux-mêmes, il ne faut plus en faire la pièce maîtresse d'une config sécurité.

Bessard Power Member

Bessard

Posté(e)
  • Auteur
Posté(e)

Voilà qui est fait ....

Je suis sacrement soulagé ....!

Comment puis-je te remercier ?

 

le rapport de combofix :

 

ComboFix 09-03-18.01 - Daniel 2009-03-19 23:46:18.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3071.2492 [GMT 1:00]

Lancé depuis: c:\documents and settings\Daniel\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Daniel\Bureau\CFscript.txt

AV: Norton Internet Security *On-access scanning enabled* (Updated)

FW: Norton Internet Security *enabled*

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Daniel\Application Data\Search Settings

c:\program files\Bonjour(2)

c:\program files\Bonjour(2)\About Bonjour.rtf

c:\program files\Bonjour(2)\mdnsNSP(2).dll

c:\program files\Come2PlayK2P

c:\program files\Come2PlayK2P\Come2PlayK2PToolbarHelper.exe

c:\program files\Come2PlayK2P\INSTALL.LOG

c:\program files\Come2PlayK2P\tbCom0.dll

c:\program files\Come2PlayK2P\tbCom1.dll

c:\program files\Come2PlayK2P\tbCome.dll

c:\program files\Come2PlayK2P\toolbar.cfg

c:\program files\Come2PlayK2P\UNWISE.EXE

c:\program files\free-downloads.net

c:\program files\free-downloads.net\free-downloads.netToolbarHelper.exe

c:\program files\free-downloads.net\INSTALL.LOG

c:\program files\free-downloads.net\tbfre1.dll

c:\program files\free-downloads.net\tbfree.dll

c:\program files\free-downloads.net\toolbar.cfg

c:\program files\free-downloads.net\UNWISE.EXE

c:\program files\Secured_eMule

c:\program files\Secured_eMule\INSTALL.LOG

c:\program files\Secured_eMule\tbSec1.dll

c:\program files\Secured_eMule\tbSecu.dll

c:\program files\Secured_eMule\toolbar.cfg

c:\program files\Secured_eMule\UNWISE.EXE

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-19 au 2009-03-19 ))))))))))))))))))))))))))))))))))))

.

 

2009-03-19 00:53 . 2009-03-19 00:53 <REP> d-------- C:\_OTMoveIt

2009-03-19 00:13 . 2009-03-19 00:48 <REP> d-------- C:\ToolBar SD

2009-03-18 23:28 . 2009-03-18 23:28 <REP> d-------- C:\rsit

2009-03-18 00:22 . 2009-03-18 01:13 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-18 00:22 . 2009-03-18 00:22 <REP> d-------- c:\documents and settings\Daniel\Application Data\Malwarebytes

2009-03-18 00:22 . 2009-03-18 00:22 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-18 00:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-18 00:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-17 23:02 . 2009-03-17 23:02 <REP> d-------- c:\program files\Trend Micro

2009-03-17 21:59 . 2009-03-17 21:59 357,768 --a------ c:\documents and settings\Daniel\SymXPep2.dll

2009-03-17 20:53 . 2009-03-17 20:53 <REP> d-------- c:\program files\Safer Networking

2009-03-17 20:53 . 2009-03-17 20:53 <REP> d-------- c:\documents and settings\Daniel\Application Data\Safer Networking

2009-03-16 23:09 . 2004-09-29 12:41 <REP> d--h----- c:\documents and settings\Administrateur.RAPIDE.002\Voisinage réseau

2009-03-16 23:09 . 2004-09-29 12:41 <REP> d--h----- c:\documents and settings\Administrateur.RAPIDE.002\Voisinage d'impression

2009-03-16 23:09 . 2004-09-29 10:45 <REP> d--h----- c:\documents and settings\Administrateur.RAPIDE.002\Modèles

2009-03-16 23:09 . 2004-09-29 12:41 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002\Mes documents

2009-03-16 23:09 . 2004-09-29 12:41 <REP> dr------- c:\documents and settings\Administrateur.RAPIDE.002\Menu Démarrer

2009-03-16 23:09 . 2004-09-29 12:41 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002\Favoris

2009-03-16 23:09 . 2004-09-29 12:41 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002\Bureau

2009-03-16 23:09 . 2007-11-26 20:02 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002\Application Data\Apple Computer

2009-03-16 23:09 . 2009-03-16 23:09 <REP> d-------- c:\documents and settings\Administrateur.RAPIDE.002

2009-03-16 22:11 . 2009-03-16 22:11 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll

2009-03-16 22:09 . 2009-03-16 22:09 <REP> d-------- c:\windows\ERUNT

2009-03-16 21:59 . 2009-03-16 23:30 <REP> d-------- C:\SDFix

2009-03-16 14:52 . 2009-03-13 16:38 15,688 --a------ c:\windows\system32\lsdelete.exe

2009-03-13 16:39 . 2009-03-13 16:38 64,160 --a------ c:\windows\system32\drivers\Lbd.sys

2009-03-13 16:36 . 2009-03-13 16:36 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-03-13 15:17 . 2009-03-13 15:33 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2009-03-08 19:50 . 2009-03-08 20:29 <REP> d-------- c:\documents and settings\Daniel\EurekaLog

2009-03-08 15:26 . 2009-03-08 15:58 <REP> d-------- c:\program files\IZArc

2009-03-07 15:53 . 2009-03-07 15:53 <REP> d-------- c:\program files\Alcohol Soft

2009-03-07 15:48 . 2009-03-07 15:48 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2009-03-07 15:27 . 2009-03-07 15:34 <REP> d-------- c:\program files\VirtualDub

2009-03-05 11:39 . 2009-03-09 19:57 <REP> d-------- c:\documents and settings\Daniel\Application Data\c2

2009-03-04 21:31 . 2009-03-04 21:31 <REP> d-------- c:\windows\system32\IOSUBSYS

2009-03-04 17:42 . 2009-03-04 23:49 <REP> d-------- c:\documents and settings\Daniel\Application Data\c1

2009-03-04 17:36 . 2009-03-19 00:55 162 --a------ c:\windows\ad1.htm

2009-03-04 16:39 . 2009-03-04 16:39 <REP> d-------- c:\program files\RozetUtil

2009-03-04 14:26 . 2009-03-04 14:26 <REP> d-------- c:\program files\VirtualDubMOD

2009-02-19 12:03 . 2009-02-19 12:03 579,464 --a------ c:\windows\system32\SymNeti.dll

2009-02-19 12:03 . 2009-02-19 12:03 207,240 --a------ c:\windows\system32\SymRedir.dll

2009-02-19 11:31 . 2009-02-19 11:31 184,496 --a------ c:\windows\system32\drivers\symtdi.sys

2009-02-19 11:31 . 2009-02-19 11:31 96,560 --a------ c:\windows\system32\drivers\symfw.sys

2009-02-19 11:31 . 2009-02-19 11:31 41,008 --a------ c:\windows\system32\drivers\symndisv.sys

2009-02-19 11:31 . 2009-02-19 11:31 38,576 --a------ c:\windows\system32\drivers\symids.sys

2009-02-19 11:31 . 2009-02-19 11:31 37,424 --a------ c:\windows\system32\drivers\symndis.sys

2009-02-19 11:31 . 2009-02-19 11:31 31,280 --a------ c:\windows\system32\drivers\SymIM.sys

2009-02-19 11:31 . 2009-02-19 11:31 22,320 --a------ c:\windows\system32\drivers\symredrv.sys

2009-02-19 11:31 . 2009-02-19 11:31 13,616 --a------ c:\windows\system32\drivers\symdns.sys

2009-02-19 11:31 . 2009-02-19 11:31 9,844 --a------ c:\windows\system32\drivers\SymRedir.cat

2009-02-19 11:31 . 2009-02-19 11:31 1,611 --a------ c:\windows\system32\drivers\SymRedir.inf

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-19 22:50 --------- d-----w c:\program files\lx_cats

2009-03-19 21:39 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2009-03-19 21:25 --------- d-----w c:\program files\Fichiers communs\Symantec Shared

2009-03-17 20:14 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-16 15:14 --------- d-----w c:\program files\Norton Internet Security

2009-03-16 14:44 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-03-13 15:36 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard

2009-03-10 22:07 --------- d-----w c:\program files\TuneUp Utilities 2008

2009-03-08 15:49 --------- d-----w c:\documents and settings\Daniel\Application Data\dvdcss

2009-03-05 20:50 --------- d-----w c:\program files\Elaborate Bytes

2009-03-05 20:47 --------- d-----w c:\program files\eMule

2009-03-05 10:34 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-04 20:31 --------- d-----w c:\program files\Google

2009-02-27 09:27 --------- d-----w c:\program files\Azureus

2009-02-19 19:55 --------- d-----w c:\program files\Common Files

2009-02-17 18:12 --------- d-----w c:\program files\Fichiers communs\Adobe

2009-02-16 21:30 --------- d-----w c:\program files\Microsoft Bootvis

2009-02-16 20:55 --------- d-----w c:\program files\QuickTime

2009-02-16 20:55 --------- d-----w c:\program files\iTunes(2)

2009-02-16 20:55 --------- d-----w c:\program files\iTunes

2009-02-16 20:54 --------- d-----w c:\program files\ma-config.com

2009-02-16 20:54 --------- d-----w c:\program files\Apple Software Update

2009-02-16 20:54 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com

2009-02-11 18:35 --------- d-----w c:\program files\iPod

2009-02-11 18:35 --------- d-----w c:\program files\Fichiers communs\Apple

2009-02-03 14:38 --------- d-----w c:\program files\Zeb-Utility

2009-02-03 14:19 --------- d-----w c:\program files\Virtual Magnifying Glass

2009-01-31 12:47 --------- d-----w c:\program files\proDAD

2009-01-31 11:55 --------- d-----w c:\program files\Spamihilator

2009-01-31 11:30 --------- d-----w c:\program files\Conduit

2009-01-31 11:26 --------- d-----w c:\documents and settings\Daniel\Application Data\Babylon

2009-01-31 11:26 --------- d-----w c:\documents and settings\All Users\Application Data\Babylon

2009-01-26 11:03 --------- d-----w c:\program files\Lexmark Toolbar

2009-01-26 10:53 --------- d-----w c:\program files\Lexmark 3400 Series

2009-01-24 15:51 --------- d-----w c:\documents and settings\Daniel\Application Data\Viewpoint

2009-01-23 17:28 57,344 ----a-w c:\documents and settings\Daniel\lametritonus.dll

2009-01-23 17:28 162,304 ----a-w c:\documents and settings\Daniel\lame_enc.dll

2006-10-26 17:47 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe

2002-07-26 16:02 153,088 ----a-w c:\program files\UNWISE.EXE

2007-08-24 19:52 300,400 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-19_22.26.15.87 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-03-19 13:01:01 99,120 ----a-w c:\windows\system32\perfc009.dat

+ 2009-03-19 21:28:01 99,120 ----a-w c:\windows\system32\perfc009.dat

- 2009-03-19 13:01:01 114,870 ----a-w c:\windows\system32\perfc00C.dat

+ 2009-03-19 21:28:01 114,870 ----a-w c:\windows\system32\perfc00C.dat

- 2009-03-19 13:01:01 514,312 ----a-w c:\windows\system32\perfh009.dat

+ 2009-03-19 21:28:01 514,312 ----a-w c:\windows\system32\perfh009.dat

- 2009-03-19 13:01:01 588,856 ----a-w c:\windows\system32\perfh00C.dat

+ 2009-03-19 21:28:01 588,856 ----a-w c:\windows\system32\perfh00C.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

 

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 68856]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-13 515416]

"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 65536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.MJPG"= Pvmjpg30.dll

"VIDC.PIM1"= pclepim1.dll

"vidc.X264"= x264vfw.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe

"High Definition Audio Property Page Shortcut"=HDAudPropShortcut.exe

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd

"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"

"USB2Check"=RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController

"ccApp"=c:\program files\Fichiers communs\Symantec Shared\ccApp.exe

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe"

"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe"

"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\MUTE\\fileSharingMUTE.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\TribalWeb.net\\tribalweb.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"c:\\Program Files\\AOL 9.0a\\waol.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"=

"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"=

"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force V-Bar.exe"=

"c:\\Program Files\\AOL 9.0b\\waol.exe"=

"c:\\Program Files\\Fichiers communs\\AOL\\1163715249\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2004-09-29 24971]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-13 64160]

R0 ub1394;Unibrain 1394 Class Driver;c:\windows\system32\drivers\UB1394.sys [2004-06-01 115200]

R0 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2004-06-01 11776]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Fichiers communs\Symantec Shared\CCSVCHST.EXE [2007-08-24 149352]

R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2004-06-01 29440]

R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2004-09-29 1475712]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]

R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]

R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2004-06-01 70528]

R3 ubsbp2;Unibrain SBP2 Bus Driver;c:\windows\system32\drivers\ubsbp2.sys [2004-06-01 31872]

R3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [2004-09-29 258560]

S2 Ca533av;USB PC Camera;c:\windows\system32\drivers\Ca533av.sys [2004-11-07 516021]

S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS --> c:\windows\system32\ASNDIS5.SYS [?]

S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-02-23 20608]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-29 23888]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 191656]

S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [2008-04-10 434176]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-01-04 98488]

S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2008-03-26 26624]

S3 USBCamera;DIGITAL CAMERA;c:\windows\system32\drivers\Bulk533.sys [2004-11-07 10986]

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - COMHOST

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29836bc1-7ab9-11dd-ba70-00112f266405}]

\Shell\AutoRun\command - I:\EmDesk.exe

\Shell\EmDesk\command - I:\EmDesk.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-03-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-13 16:38]

 

2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

 

2009-03-19 c:\windows\Tasks\Maintenance en 1 clic.job

- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]

 

2008-03-11 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job

- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 17:08]

 

2009-03-09 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Saldo Daniel.job

- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 18:19]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = hxxp://ppack.srv.france.rexel/ppack/proxy.htm:8080

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html

IE: &Télécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddLink.html

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Compare Prices with &Dealio - c:\documents and settings\Saldo Daniel\Application Data\Dealio\kb127\res\DealioSearch.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html

IE: { - notepad.exe

IE: {{AF4F850B-68FF-404C-8417-549F86B1E236}

Trusted Zone: canalplay.com

Trusted Zone: canalplusactive.com

TCP: {30B29BB8-7CC7-48F7-8220-3C93FD9C30C1} = 192.168.0.1

DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} - hxxp://www.mophun.com/codebase/mophun.cab

FF - ProfilePath - c:\documents and settings\Saldo Daniel\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - TorrentReactor.Net Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=2&q=

FF - component: c:\documents and settings\Saldo Daniel\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - component: c:\documents and settings\Saldo Daniel\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFAlert.dll

FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

 

---- PARAMETRES FIREFOX ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 200000

FF - user.js: content.notify.interval - 100000

FF - user.js: content.switch.threshold - 650000

FF - user.js: nglayout.initialpaint.delay - 300

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-19 23:50:42

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-583907252-343818398-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,ae,0e,7d,0c,29,

33,dc,e0,e2,63,26,f1,3f,c8,ff,68,44,df,8f,27,24,0e,70,22,e2,63,26,f1,3f,c8,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,20,c6,5d,ee,11,

c9,ae,c5,6a,9c,d6,61,af,45,84,18,a9,75,eb,68,b8,63,bc,92,6a,9c,d6,61,af,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,59,a1,26,04,10,

77,a1,fd,ff,7c,85,e0,43,d4,0e,fe,41,54,7e,8a,0a,0e,3a,4e,ff,7c,85,e0,43,d4,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,6f,8a,69,10,b3,

b4,48,2b,86,8c,21,01,be,91,eb,e7,a6,96,1e,95,e4,a4,b3,45,86,8c,21,01,be,91,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,82,9a,0f,9f,59,

59,4b,93,f5,1d,4d,73,a8,13,5c,05,a9,20,bc,f1,95,d8,ed,d8,f5,1d,4d,73,a8,13,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,7e,cf,f3,81,6d,

0b,0b,38,df,20,58,62,78,6b,cf,c8,2a,7a,14,ba,b9,32,c0,dd,df,20,58,62,78,6b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,7a,e3,dc,17,86,

c8,b8,c2,fb,a7,78,e6,12,2f,9a,ea,ed,8b,0f,af,05,8f,1b,7b,fb,a7,78,e6,12,2f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,4b,54,39,d1,45,

08,7f,e8,01,3a,48,fc,e8,04,4a,f1,69,f0,b5,36,0e,8c,ff,94,01,3a,48,fc,e8,04,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,1a,e1,02,0c,22,

43,cc,12,f6,0f,4e,58,98,5b,89,c9,5b,4e,1d,7b,da,1f,63,f1,f6,0f,4e,58,98,5b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,85,bb,f4,be,30,

ef,93,99,3d,ce,ea,26,2d,45,aa,78,0f,26,e1,ce,7a,74,a2,20,3d,ce,ea,26,2d,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,3e,13,17,b9,a8,

2e,78,a9,2a,b7,cc,b5,b9,7f,41,e7,69,42,18,2c,95,84,94,95,2a,b7,cc,b5,b9,7f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,95,06,d2,bb,37,

2a,6d,94,6c,43,2d,1e,aa,22,2f,9c,21,ad,7b,4e,dd,74,c6,9a,6c,43,2d,1e,aa,22,\

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ñw*]

"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1836)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Executive Software\Diskeeper\DkService.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

c:\windows\wanmpsvc.exe

c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe

c:\windows\system32\lxcycoms.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Heure de fin: 2009-03-19 23:53:38 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-03-19 22:53:35

 

Avant-CF: 28 177 231 872 octets libres

Après-CF: 28,198,723,584 octets libres

 

411 --- E O F --- 2008-03-04 19:50:39

 

 

ENCORE MERCI

 

Daniel

Bessard Power Member

Bessard

Posté(e)
  • Auteur
Posté(e)
De rien, ça fait plaisir. :P

 

Ca a marché là. Poste un nouveau rapport hijackThis stp. :P

 

Bonsoir Falkra,

 

Ci dessous le rapport HJT demandé

Bonne réception

Bien cordialement

Bessard http://forum.zebulon.fr/style_emoticons/de.../icon_Super.gif

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:16:24, on 23/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\lxcycoms.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\totalcmd\TOTALCMD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://ppack.srv.france.rexel/ppack/proxy.htm:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html

O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Saldo Daniel\Application Data\Dealio\kb127\res\DealioSearch.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {AF4F850B-68FF-404C-8417-549F86B1E236} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.canalplay.com (HKLM)

O15 - Trusted Zone: *.canalplusactive.com (HKLM)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_1.cab

O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} - http://www.mophun.com/codebase/mophun.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{30B29BB8-7CC7-48F7-8220-3C93FD9C30C1}: NameServer = 192.168.0.1

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

--

End of file - 12818 bytes

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Dernier petit nettoyage , relance HijackThis, clique sur "Do a system scan only" puis coche ceci et clique sur le bouton "Fix checked", en bas à gauche :

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {AF4F850B-68FF-404C-8417-549F86B1E236} - (no file)

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

 

Désinstalle combofix : entre combofix /u dans la boite exécuter du menu démarrer.

Après cela, efface ce dossier s'il existe encore.

C:\QooBox

 

Supprime RSIT, et le dossier c:\RSIT

Supprime OtMoveit et le dossier c:\_Otmoveit

Supprime Toolbar S&D et le dossier c:\toolbar SD

 

Tu peux garder MBAM, il t'a été utile, et c'est un outil tout public, contrairement à certains utilisés pour nettoyer la machine.

Le module résident (qui tourne à l'arrière plan) est payant, mais le programme fonctionne en mode gratuit, ce module ne s'active simplement pas. Du coup dans sa version gratuite il cohabite avec tout, en tant que scanneur à la demande.

 

----------

 

Il faut mettre Internet Explorer à jour, là tu as IE6, qui est très vulnérable. Même si on ne l'utilise pas, son moteur peut être utilisé par d'autres logiciels et IE6 n'est plus suffisant côté sécurité. On trouve encore des failles, qui ne seront pas corrigées : il suffit d'aller sur une page piégée pour télécharger et installer automatiquement un malware, sans ton accord. IE7 s'installe librement, même sur les windows non authentiques, tout le monde devrait avoir au minimum IE7 donc (ne pas cocher la case pour les dernières mises à jour). Il arrivera par les mises à jour de windows update, sinon on peut le télécharger ici :

http://www.microsoft.com/windows/products/...ie/default.mspx (bouton "get it now", puis choisir la version)

Tu as même IE8 maintenant :

http://www.microsoft.com/windows/internet-...er/default.aspx

 

 

Si l'installation échoue, désinstalle adobe reader, puis réessaie l'installation, puis réinstalle adobe reader (ou foxit).

 

 

Il faut bien garder ton système et les logiciels à jour pour éviter les vulnérabilités.

PSI de Secunia peut t'y aider. https://psi.secunia.com/

JavaRa peut t'y aider pour Java : http://raproducts.org/

Tu peux protéger ta navigation avec Firefox et le sécuriser :

http://www.libellules.ch/securiser_firefox_1.php

 

Rends toi sur cette page de configuration du plugin Flash.

Coche la case "M'avertir de la disponibilité d'une mise à jour de Adobe Flash Player", et règle l'intervalle de recherche sur le minimum, ici 7 jours.

Ferme le navigateur et retourne sur la page pour confirmer la prise en compte du réglage.

 

Voici un peu de lecture, une compilation de conseils pour éviter une réinfection et sécuriser la machine.

 

Un petit point sur les risques du P2P en matière de sécurité logicielle (par Ogu) :

lien.

 

N'hésite pas à poser des questions, cette partie est aussi importante que la désinfection.

 

Tu peux marquer résolu dans le titre, (en éditant le premier post, le titre devient modifiable).

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...