seden2

Membres

Afficher le profil Afficher son activité

Compteur de contenus
2
Inscription
le 19 février 2006
Dernière visite
le 19 mars 2006

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par seden2

Analyse Hijackthis

seden2 a répondu à un(e) sujet de seden2 dans Analyses et éradication malwares

Apres avoir suivi les instructions : Fixwareout ver 1.003 Last edited 2/15/2006 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\puorgdopd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd ... Microsoft ® Windows Script Host Version 5.6 Random Runs removed from HKLM REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dmgyl.exe"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] ... PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Search by size and names... Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\XFIND.COM »»»»» Misc files Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\XFIND.COM »»»»» Checking for older varients covered by the Rem3 tool Logfile of HijackThis v1.99.1 Scan saved at 17:34:46, on 23/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Outils Systeme\Eset\nod32krn.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\Messager Wanadoo\Demon.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe C:\WINDOWS\system32\dslagent.exe C:\Program Files\Winamp\winampa.exe C:\Outils Systeme\Eset\nod32kui.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\AlertModule\AlertModule.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\swmfd.dll/sp.html#10001%resultposition.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\swmfd.dll/sp.html#10001%resultposition.net R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\swmfd.dll/sp.html#10001%resultposition.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Class - {484E6A8F-D990-0E41-B833-E180E3149E44} - C:\WINDOWS\system32\atlnj.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Class - {A49D52A9-DE08-47DE-6764-86D278A7683C} - C:\WINDOWS\system32\sysgb.dll (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: Class - {CF22795E-F0CD-B9F1-BAF6-79B05A0373A3} - C:\WINDOWS\ntaa.dll (file missing) O2 - BHO: Class - {FBD6353C-D46D-064E-0DB4-A986D34AD0CE} - C:\WINDOWS\ntfb32.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: (no name) - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - (no file) O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\Messager Wanadoo\Demon.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [ntcy32.exe] C:\WINDOWS\ntcy32.exe O4 - HKLM\..\Run: [2239.tmp] C:\DOCUME~1\Administrateur\Local Settings\Temp\2239.tmp.exe O4 - HKLM\..\Run: [2239.tmp.exe] C:\DOCUME~1\Administrateur\Local Settings\Temp\2239.tmp.exe O4 - HKLM\..\Run: [DCB.tmp] C:\DOCUME~1\Administrateur\Local Settings\Temp\DCB.tmp.exe O4 - HKLM\..\Run: [DCB.tmp.exe] C:\DOCUME~1\Administrateur\Local Settings\Temp\DCB.tmp.exe O4 - HKLM\..\Run: [E12.tmp] C:\DOCUME~1\Administrateur\Local Settings\Temp\E12.tmp.exe O4 - HKLM\..\Run: [E12.tmp.exe] C:\DOCUME~1\Administrateur\Local Settings\Temp\E12.tmp.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [DCC_send] _ctcp.exe O4 - HKLM\..\Run: [WTFCTF] DCC_send.exe O4 - HKLM\..\Run: [nod32kui] "C:\Outils Systeme\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [wormexe] ERTYDF.exe O4 - HKCU\..\Run: [bogobot] BoundRec.exe O4 - HKCU\..\Run: [br0ken] InpriseMon.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0A5A71B2-600F-44DE-AEA0-82CFB5CCA393}: NameServer = 85.255.116.87,85.255.112.236 O17 - HKLM\System\CCS\Services\Tcpip\..\{0B7AC058-3071-47E7-B605-1A3307C7706E}: NameServer = 85.255.116.87,85.255.112.236 O17 - HKLM\System\CCS\Services\Tcpip\..\{6F7763A2-605B-4C8B-B61D-B258EFA6DDC9}: NameServer = 80.10.246.1 80.10.246.132 O17 - HKLM\System\CCS\Services\Tcpip\..\{F3898909-3887-4166-BD79-A8251C0B159F}: NameServer = 85.255.116.87,85.255.112.236 O17 - HKLM\System\CS2\Services\Tcpip\..\{0A5A71B2-600F-44DE-AEA0-82CFB5CCA393}: NameServer = 85.255.116.87,85.255.112.236 O17 - HKLM\System\CS3\Services\Tcpip\..\{0A5A71B2-600F-44DE-AEA0-82CFB5CCA393}: NameServer = 85.255.116.87,85.255.112.236 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing) O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\msrw32.exe (file missing) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Outils Systeme\Eset\nod32krn.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
- le 23 février 2006
- 4 réponses
Analyse Hijackthis

seden2 a posté un sujet dans Analyses et éradication malwares

En fait il y a de multiples trucs bizarres, l'ouverture de fenetre windows etranges ( pour des erreurs inexistentes et contenant des petits commentaires naze ), le curseur qui se deplace seul sur l'ecran.
- le 19 février 2006
- 4 réponses

Connexion

seden2

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par seden2

Analyse Hijackthis

Analyse Hijackthis

Zebulon

Outils en ligne

Naviguer