Liloute
-
Compteur de contenus
118 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Liloute
-
Bonjour... Je souhaiterai formater entierement mon pc, j'ai donc réisntaller xp et je retrouve mes fichiers Que faut il faire? Supprimer la partition C? (j'ai fais des sauvegardes de mes dossiers au préalable)?
-
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Comme je te l'ai déjà dis, c'est nous qui te remercions! -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
On laisse tomber zone alarme étant donné que c une version d'essai -
Voici mon rapport Hijackthis
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Re re re salut!! oui, je voulais dl zonealarm, mais c'est la version d'essai, parmis les gratuits, vous en avez 1 a me conseiller?? et GAIN GATOR a été supprimé par Spybot, mais il revient de temps en temps et je le resupprime et il revient et ainsi de suite -
Voici mon rapport Hijackthis
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Hop, j'ai fais tout ce que tu m'dais demandé de faire (sauf l'instllation du firewall, je vais le faire après) et voici un nouveau rapport HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 22:43:38, on 18/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\slserv.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe Pas d'infection? Rien d'autre a fixer ? je viens de lancer un scan avec Spybot et jarrive pas a me débarasser de GAIN GATOR, qu'est-ce?? -
Voici mon rapport Hijackthis
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Je vous en poste un autre, je trouve mon pc un peu lent ces derniers temps, y a t il des lignes a fixer (le maximum svp de maniere à avoir un pc "fluide")? Logfile of HijackThis v1.99.1 Scan saved at 21:46:22, on 18/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ATI-CPanel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Soulseek\slsk.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Ripp-it_AM\Ripp-it_AM.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: sockspy.dll sockspy.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Hummm je viens de lui faire installer Zone Alarme...impossible, ca met que le service "True Vector" doit etre désactivé......??? -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Voici chef : Avec Silent Runners: "Silent Runners.vbs", revision 43, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray" ["Webroot Software, Inc."] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "C:\windows\system32\shmgrate.exe OCInstallUserConfigOE" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6b5 (beta test) Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6b5 (beta test) DragDrop Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6b5 (beta test) Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6b5 (beta test) Property Sheet Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org1.1.5\program\shlxthdl.dll" ["Sun Microsystems, Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! "AppInit_DLLs" = " sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll" [file not found] HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e SsiEfr.e SsiEfr.e" [file not found], [MS], [file not found], [file not found], [file not found], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\windows\web\wallpaper\Colline verdoyante.bmp" Startup items in "Utilisateur" & "All Users" startup folders: ------------------------------------------------------------- C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage "CD-MENU" -> shortcut to: "" [file not found] "OpenOffice.org 1.1.5" -> shortcut to: "C:\Program Files\OpenOffice.org1.1.5\program\crashrep.exe" [null data] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string] Enabled Scheduled Tasks: ------------------------ "wrSpySweeperTrialSweep" -> launches: "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /ScheduleSweep=wrSpySweeperTrialSweep" ["Webroot Software, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Console Java (Sun)" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version): [strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."] ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"] Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."] windows rom driver, windows cdrom, ""C:\windows\mscdex.exe"" [null data] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 109 seconds, including 5 seconds for message boxes) Avec BlackLight: 02/17/06 01:52:18 [info]: BlackLight Engine 1.0.30 initialized 02/17/06 01:52:18 [info]: OS: 5.1 build 2600 (Service Pack 1) 02/17/06 01:52:18 [Note]: 7019 4 02/17/06 01:52:18 [Note]: 7005 0 02/17/06 01:54:07 [Note]: 7006 0 02/17/06 01:54:07 [Note]: 7011 760 02/17/06 01:54:08 [Note]: FSRAW library version 1.7.1014 02/17/06 01:56:12 [Note]: 7007 0 -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Hop! Le regsearch: REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.0.1 ; Results at 16/02/2006 18:31:16 for strings: ; 'aol7.0' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AOL7.0] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AOL7.0\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AOL7.0\0000] "Service"="aol7.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AOL7.0] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AOL7.0\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AOL7.0\0000] "Service"="aol7.0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AOL7.0] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AOL7.0\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AOL7.0\0000] "Service"="aol7.0" ; End Of The Log... le hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 23:44:36, on 16/02/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\windows\System32\smss.exe C:\windows\SYSTEM32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\windows\mscdex.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\iPod\bin\iPodService.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: CD-MENU.LNK = ? O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\crashrep.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll O20 - Winlogon Notify: WRNotifier - C:\windows\SYSTEM32\WRLogonNTF.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: windows virus scanner (windows antivirus) - Unknown owner - C:\windows\nav32.exe (file missing) O23 - Service: windows rom driver (windows cdrom) - Unknown owner - C:\windows\mscdex.exe pour le spy sweeper, mon amie n'a pas eu de rapport text, mais des indésirables ont été trouvés et détruits avec le scan.. pour ce qui est des dysfonctionnements: machine lente certains programmes se bloquent (apres un redémarrage ca devient + fluide et ca se rebloque quelques temps après) -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Ok chef!!! Je ne lui fais pas faire la restauration système mais toutes les autres manips -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Ok, je lui fais désactiver puis réactiver sa restauration système aussi? comme conseillé par S.Birkoff? -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Voici le Ewido: --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 16:46:20, 14/02/2006 + Somme de contrôle: 27B953F4 + Résultats du scan: C:\WINDOWS\system32\mljgg.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\pmkhg.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\geeby.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\jkhhf.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\sstts.dll -> Adware.Virtumonde : Nettoyer et sauvegarder :mozilla.43:C:\Sauve\Documents and Settings\DRAGON\Application Data\Mozilla\Firefox\Profiles\m1dniwyi.default\cookies.txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder :mozilla.44:C:\Sauve\Documents and Settings\DRAGON\Application Data\Mozilla\Firefox\Profiles\m1dniwyi.default\cookies.txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder :mozilla.251:C:\Sauve\Documents and Settings\DRAGON\Application Data\Mozilla\Firefox\Profiles\m1dniwyi.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder :mozilla.252:C:\Sauve\Documents and Settings\DRAGON\Application Data\Mozilla\Firefox\Profiles\m1dniwyi.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder :mozilla.145:C:\Sauve\Documents and Settings\DRAGON\Application Data\Mozilla\Profiles\default\hu9pjgej.slt\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder :mozilla.146:C:\Sauve\Documents and Settings\DRAGON\Application Data\Mozilla\Profiles\default\hu9pjgej.slt\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder :mozilla.147:C:\Sauve\Documents and Settings\DRAGON\Application Data\Mozilla\Profiles\default\hu9pjgej.slt\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder :mozilla.199:C:\Sauve\Documents and Settings\DRAGON\Application Data\Mozilla\Profiles\default\hu9pjgej.slt\cookies.txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder :mozilla.364:C:\Sauve\Documents and Settings\DRAGON\Application Data\Mozilla\Profiles\default\hu9pjgej.slt\cookies.txt -> TrackingCookie.Adrevolver : Nettoyer et sauvegarder :mozilla.365:C:\Sauve\Documents and Settings\DRAGON\Application Data\Mozilla\Profiles\default\hu9pjgej.slt\cookies.txt -> TrackingCookie.Adrevolver : Nettoyer et sauvegarder :mozilla.366:C:\Sauve\Documents and Settings\DRAGON\Application Data\Mozilla\Profiles\default\hu9pjgej.slt\cookies.txt -> TrackingCookie.Adrevolver : Nettoyer et sauvegarder :mozilla.369:C:\Sauve\Documents and Settings\DRAGON\Application Data\Mozilla\Profiles\default\hu9pjgej.slt\cookies.txt -> TrackingCookie.Adrevolver : Nettoyer et sauvegarder :mozilla.311:C:\Sauve\Documents and Settings\DRAGON\Application Data\Mozilla\Profiles\Default User\wtu55xzg.slt\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder :mozilla.312:C:\Sauve\Documents and Settings\DRAGON\Application Data\Mozilla\Profiles\Default User\wtu55xzg.slt\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder C:\Documents and Settings\Utilisateur\Cookies\utilisateur@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder C:\Documents and Settings\Utilisateur\Cookies\utilisateur@wreport.weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder C:\Documents and Settings\Utilisateur\Cookies\utilisateur@adtech[2].txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder C:\Documents and Settings\Utilisateur\Cookies\utilisateur@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder C:\Documents and Settings\Utilisateur\Cookies\utilisateur@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder C:\Documents and Settings\Utilisateur\Cookies\utilisateur@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder C:\Documents and Settings\Utilisateur\Cookies\utilisateur@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder C:\Documents and Settings\Utilisateur\Cookies\utilisateur@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder :mozilla.53:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\l6ptnviv.default\cookies-3.txt -> TrackingCookie.Clickbank : Nettoyer et sauvegarder :mozilla.252:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\l6ptnviv.default\cookies-1.txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder :mozilla.437:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\l6ptnviv.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.438:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\l6ptnviv.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.439:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\l6ptnviv.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.440:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\l6ptnviv.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.284:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\l6ptnviv.default\cookies-2.txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder :mozilla.447:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\l6ptnviv.default\cookies-2.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.448:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\l6ptnviv.default\cookies-2.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.449:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\l6ptnviv.default\cookies-2.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.450:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\l6ptnviv.default\cookies-2.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.53:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\l6ptnviv.default\cookies-4.txt -> TrackingCookie.Clickbank : Nettoyer et sauvegarder :mozilla.53:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\l6ptnviv.default\cookies-5.txt -> TrackingCookie.Clickbank : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP4\A0002079.tlb -> Downloader.Zlob.fu : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP4\A0013985.exe -> Downloader.PurityScan.bs : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP8\A0028210.exe.mwt -> Backdoor.SdBot.xd : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP9\A0029484.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP9\A0028428.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP9\A0038582.exe -> Backdoor.SdBot.ajs : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP10\A0039423.sys -> Backdoor.Agent.ub : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP13\A0040460.exe -> Backdoor.SdBot.ajs : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP13\A0040461.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP13\A0040462.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP13\A0040463.exe -> Backdoor.SdBot.ajs : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP13\A0040464.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP13\A0040465.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP13\A0040466.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP13\A0040467.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP13\A0040468.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP13\A0040469.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP13\A0040470.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP13\A0040471.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP13\A0040472.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP13\A0040473.exe -> Proxy.Small.eb : Nettoyer et sauvegarder C:\!KillBox\winlogon.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder C:\!KillBox\sjkkl.exe -> Proxy.Small.eb : Nettoyer et sauvegarder C:\!KillBox\nav32.exe.mwt -> Backdoor.SdBot.xd : Nettoyer et sauvegarder C:\!KillBox\gpogbhbu.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\!KillBox\ncqaufca.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\!KillBox\cpyivvil.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\!KillBox\kcogjvqj.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\!KillBox\bkqreiwf.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\!KillBox\ttmyomya.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\!KillBox\ldflmhyi.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\!KillBox\gwkvnnqo.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\!KillBox\ygngxkwl.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\!KillBox\eraseme_60515.exe -> Backdoor.SdBot.ajs : Nettoyer et sauvegarder C:\!KillBox\ghgspjaw.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\!KillBox\cdfkmosp.dll -> Logger.Agent.kg : Nettoyer et sauvegarder C:\!KillBox\eraseme_24203.exe -> Backdoor.SdBot.ajs : Nettoyer et sauvegarder ::Fin du rapport et le HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 17:16:23, on 14/02/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\windows\System32\smss.exe C:\windows\SYSTEM32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\windows\winlogon.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: CD-MENU.LNK = ? O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\crashrep.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AOL instant messenger 7.0 (aol7.0) - Unknown owner - C:\windows\winlogon.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Hop....... Voici le rapport: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER - RAPPORT mardi 14 février 2006 00:49:13 Système d'exploitation : Microsoft Windows XP Professional, Service Pack 1 (Build 2600) Version de Kaspersky On-line Scanner: 5.0.78.0 Dernière mise à jour de la base antivirus Kaspersky : 13/02/2006 Enregistrements dans la base antivirus Kaspersky : 165849 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie.: vrai Cible de l'analyse - Poste de travail: A:\ C:\ D:\ E:\ Statistiques de l'analyse: Total d'objets analysés :: 107621 Nombre de virus trouvés: 13 Nombre d'objets infectés: 35 Nombre d'objets suspects: 0 Durée de l'analyse: 01:53:25 Nom de l'objet infecté / Nom du virus / Dernière action C:\WINDOWS\system32\i Infecté: Trojan-Downloader.BAT.Ftp.ab ignoré C:\WINDOWS\system32\eraseme_24203.exe Infecté: Backdoor.Win32.SdBot.ajs ignoré C:\WINDOWS\system32\cdfkmosp.dll Infecté: Trojan-Spy.Win32.Agent.kg ignoré C:\WINDOWS\system32\ghgspjaw.dll Infecté: Trojan-Spy.Win32.Agent.kg ignoré C:\WINDOWS\system32\eraseme_60515.exe Infecté: Backdoor.Win32.SdBot.ajs ignoré C:\WINDOWS\system32\ygngxkwl.dll Infecté: Trojan-Spy.Win32.Agent.kg ignoré C:\WINDOWS\system32\gwkvnnqo.dll Infecté: Trojan-Spy.Win32.Agent.kg ignoré C:\WINDOWS\system32\ldflmhyi.dll Infecté: Trojan-Spy.Win32.Agent.kg ignoré C:\WINDOWS\system32\ttmyomya.dll Infecté: Trojan-Spy.Win32.Agent.kg ignoré C:\WINDOWS\system32\bkqreiwf.dll Infecté: Trojan-Spy.Win32.Agent.kg ignoré C:\WINDOWS\system32\kcogjvqj.dll Infecté: Trojan-Spy.Win32.Agent.kg ignoré C:\WINDOWS\system32\cpyivvil.dll Infecté: Trojan-Spy.Win32.Agent.kg ignoré C:\WINDOWS\system32\ncqaufca.dll Infecté: Trojan-Spy.Win32.Agent.kg ignoré C:\WINDOWS\system32\gpogbhbu.dll Infecté: Trojan-Spy.Win32.Agent.kg ignoré C:\WINDOWS\nav32.exe.mwt Infecté: Backdoor.Win32.SdBot.xd ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP4\A0002079.tlb Infecté: Trojan-Downloader.Win32.Zlob.fu ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP4\A0013985.exe Infecté: Trojan-Downloader.Win32.PurityScan.bs ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP5\A0016098.dll Infecté: Backdoor.Win32.Haxdoor.gm ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP5\A0016099.dll Infecté: Backdoor.Win32.Haxdoor.gm ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP8\A0026152.exe/WISE0015.BIN Infecté: Trojan-Downloader.Win32.Small.bke ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP8\A0026152.exe WiseSFX: infecté - 1 ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP8\A0026152.exe WiseSFX Dropper: infecté - 1 ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP8\A0028210.exe.mwt Infecté: Backdoor.Win32.SdBot.xd ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP8\A0028211.exe/stream/data0001 Infecté: Trojan-Downloader.Win32.Harnig.bb ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP8\A0028211.exe/stream/data0002 Infecté: Trojan-Downloader.Win32.Adload.o ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP8\A0028211.exe/stream/data0004/data0001 Infecté: Trojan-Downloader.NSIS.Agent.p ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP8\A0028211.exe/stream/data0004 Infecté: Trojan-Downloader.NSIS.Agent.p ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP8\A0028211.exe/stream Infecté: Trojan-Downloader.NSIS.Agent.p ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP8\A0028211.exe NSIS: infecté - 5 ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP9\A0029484.exe Infecté: Backdoor.Win32.SdBot.xd ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP9\A0028428.exe Infecté: Backdoor.Win32.SdBot.xd ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP9\A0038582.exe Infecté: Backdoor.Win32.SdBot.ajs ignoré C:\System Volume Information\_restore{73FA0109-2634-4D6E-9D48-C39ACE737CA1}\RP10\A0039423.sys Infecté: Backdoor.Win32.Agent.ub ignoré C:\sjkkl.exe Infecté: Trojan-Proxy.Win32.Small.eb ignoré C:\!KillBox\winlogon.exe Infecté: Backdoor.Win32.SdBot.xd ignoré Analyse terminée. -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
lol, ok......... -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Oui, son pare feu de Windows est simplement désactivé, elle le réactivera.... Elle fait lequel de vos 2 antivirus en ligne?? mdrrrr Sinon, je tenais a vous remercier, vous tous, toute l'équipe de Zébulon, vous etes géniaux!!!! -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Logfile of HijackThis v1.99.1 Scan saved at 22:09:28, on 13/02/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\windows\System32\smss.exe C:\windows\SYSTEM32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: CD-MENU.LNK = ? O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\crashrep.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe ca en est ou????? -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Salut tout le monde!! Je vous poste son rapport Hijackthis un peu plus tard... A bientot -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Voici le log de RegSearch: REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.0.1 ; Results at 13/02/2006 00:19:07 for strings: ; 'fat defragmentation' ; 'print spooler' ; 'snddrv' ; 'windows antivirus' ; 'windows network' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Network\Type\2\shellex\PropertySheetHandlers\Microsoft Windows Network objects] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\FAT Defragmentation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Print Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\FAT Defragmentation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Print Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FAT_DEFRAGMENTATION\0000] "Service"="FAT Defragmentation" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRINT_SPOOLER\0000] "Service"="Print Spooler" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_NETWORK\0000] "Service"="windows network" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FAT Defragmentation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FAT Defragmentation\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Print Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Print Spooler\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\windows network] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\windows network] "Description"="windows network monitoring tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\windows network\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\FAT Defragmentation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Print Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\FAT Defragmentation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\Print Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FAT_DEFRAGMENTATION\0000] "Service"="FAT Defragmentation" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PRINT_SPOOLER\0000] "Service"="Print Spooler" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SNDDRV] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SNDDRV\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SNDDRV\0000] "Service"="SndDRV" "DeviceDesc"="SndDRV (MS Sound Driver)" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_ANTIVIRUS\0000] "Service"="windows antivirus" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_NETWORK\0000] "Service"="windows network" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FAT Defragmentation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FAT Defragmentation\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FAT Defragmentation\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Print Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Print Spooler\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Print Spooler\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SndDRV] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SndDRV] ; Contents of value: ; "C:\windows\system32\snddrv.exe" "ImagePath"=hex(2):22,43,3a,5c,77,69,6e,64,6f,77,73,5c,73,79,73,74,65,6d,33,32,\ 5c,73,6e,64,64,72,76,2e,65,78,65,22,00 "DisplayName"="SndDRV (MS Sound Driver)" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SndDRV\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SndDRV\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SndDRV\Enum] "0"="Root\\LEGACY_SNDDRV\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\windows antivirus] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\windows antivirus] "Description"="windows antivirus scanner" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\windows antivirus\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\windows antivirus\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\windows network] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\windows network] "Description"="windows network monitoring tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\windows network\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\windows network\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\FAT Defragmentation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\Print Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\FAT Defragmentation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\Print Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FAT_DEFRAGMENTATION\0000] "Service"="FAT Defragmentation" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PRINT_SPOOLER\0000] "Service"="Print Spooler" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SNDDRV] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SNDDRV\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SNDDRV\0000] "Service"="SndDRV" "DeviceDesc"="SndDRV (MS Sound Driver)" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDOWS_ANTIVIRUS\0000] "Service"="windows antivirus" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDOWS_NETWORK\0000] "Service"="windows network" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FAT Defragmentation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FAT Defragmentation\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Print Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Print Spooler\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SndDRV] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SndDRV] ; Contents of value: ; "C:\windows\system32\snddrv.exe" "ImagePath"=hex(2):22,43,3a,5c,77,69,6e,64,6f,77,73,5c,73,79,73,74,65,6d,33,32,\ 5c,73,6e,64,64,72,76,2e,65,78,65,22,00 "DisplayName"="SndDRV (MS Sound Driver)" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SndDRV\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\windows antivirus] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\windows antivirus] "Description"="windows antivirus scanner" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\windows antivirus\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\windows network] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\windows network] "Description"="windows network monitoring tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\windows network\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FAT Defragmentation] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Print Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FAT Defragmentation] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Print Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FAT_DEFRAGMENTATION\0000] "Service"="FAT Defragmentation" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRINT_SPOOLER\0000] "Service"="Print Spooler" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SNDDRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SNDDRV\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SNDDRV\0000] "Service"="SndDRV" "DeviceDesc"="SndDRV (MS Sound Driver)" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_ANTIVIRUS\0000] "Service"="windows antivirus" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_NETWORK\0000] "Service"="windows network" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FAT Defragmentation] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FAT Defragmentation\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FAT Defragmentation\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Print Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Print Spooler\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Print Spooler\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SndDRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SndDRV] ; Contents of value: ; "C:\windows\system32\snddrv.exe" "ImagePath"=hex(2):22,43,3a,5c,77,69,6e,64,6f,77,73,5c,73,79,73,74,65,6d,33,32,\ 5c,73,6e,64,64,72,76,2e,65,78,65,22,00 "DisplayName"="SndDRV (MS Sound Driver)" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SndDRV\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SndDRV\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SndDRV\Enum] "0"="Root\\LEGACY_SNDDRV\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows antivirus] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows antivirus] "Description"="windows antivirus scanner" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows antivirus\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows antivirus\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows network] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows network] "Description"="windows network monitoring tools" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows network\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows network\Enum] ; End Of The Log... -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Bien chef!! lol -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
OK..........Pas de scan avec HijackThis? -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Erf, je suppose qu'il y a encore pas mal de boulot non -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Voici le rapport HijackThis apres toutes les manip demandées: Logfile of HijackThis v1.99.1 Scan saved at 14:28:06, on 12/02/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\windows\System32\smss.exe C:\windows\SYSTEM32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - Startup: CD-MENU.LNK = ? O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\crashrep.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Print Spool Handler (Print Spooler) - Unknown owner - C:\WINDOWS\System32\spooler.exe (file missing) O23 - Service: SndDRV (MS Sound Driver) (SndDRV) - Unknown owner - C:\windows\system32\snddrv.exe (file missing) O23 - Service: windows virus scanner (windows antivirus) - Unknown owner - C:\windows\nav32.exe (file missing) O23 - Service: network monitoring tools (windows network) - Unknown owner - C:\WINDOWS\nvcr32.exe (file missing) -
Rapport d'analyse de mon amie
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Voici le rapport de mon amie après avoir effectuer toutes les manip demandées: Logfile of HijackThis v1.99.1 Scan saved at 19:01:22, on 10/02/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\windows\System32\smss.exe C:\windows\SYSTEM32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\windows\system32\snddrv.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\alc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\iTunes\iTunes.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\alc.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: CD-MENU.LNK = ? O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\crashrep.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Print Spool Handler (Print Spooler) - Unknown owner - C:\WINDOWS\System32\spooler.exe (file missing) O23 - Service: windows virus scanner (windows antivirus) - Unknown owner - C:\windows\nav32.exe (file missing) O23 - Service: network monitoring tools (windows network) - Unknown owner - C:\WINDOWS\nvcr32.exe (file missing) -
Voici mon rapport Hijackthis
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Oui oui @Qc001>> Ok, je vais passer un coup d'Ewido ce week end -
Voici mon rapport Hijackthis
Liloute a répondu à un(e) sujet de Liloute dans Analyses et éradication malwares
Salut Qc001! Merci pour ta réponse, donc, je n'ai pas d'indésirables sur mon pc? Je peux désinstaller Hijackthis?