Kayhan
-
Compteur de contenus
9 -
Inscription
-
Dernière visite
Kayhan's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
[RESOLU] Rapport HijackThis - Haxdoor - trojan
Kayhan a répondu à un(e) sujet de Kayhan dans Analyses et éradication malwares
jutilise ZoneAlarm Pro durant la periode de Try de 15 jours ... et lorsqu'il fais un scan anti-espions... le program freeze a 99% du scan (Not responding) alors je dois fermer le program par la task window et quand je redemarre le programme ca me dis pourtant que les logiciel espions ont ete traiter... C'est grace a toi si jai fait un si bon travail ... Merci bcp -
[RESOLU] Rapport HijackThis - Haxdoor - trojan
Kayhan a répondu à un(e) sujet de Kayhan dans Analyses et éradication malwares
j'ai reactiver la restauration de systeme. je fais un dernier scan online... et je tenvois un dernier log HijackThis ... juste pour etre sur si ca te derange pas je ne semble plus avoir de probleme de pc ... a part Zone Lab qui gele a 99% quand il fait un scan contre les logiciel espion... Donc le dernier Scan Online a rien trouver ... et voici mon dernier log HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 18:02:13, on 2006-07-11 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\Winamp\winampa.exe D:\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe D:\Post-it\PsnLite.exe D:\Post-it\PSNGive.exe C:\WINDOWS\system32\svchost.exe D:\Mozilla Firefox\firefox.exe D:\Acrobat 7.0\Acrobat\Acrobat.exe C:\Documents and Settings\Kayhan\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Post-it® Software Notes Lite.lnk = D:\Post-it\PsnLite.exe O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe merci bcp! -
[RESOLU] Rapport HijackThis - Haxdoor - trojan
Kayhan a répondu à un(e) sujet de Kayhan dans Analyses et éradication malwares
Salut ... jai desactiver la restoration ... mais je n'arrive pas a avoir accet aux fichiers trouver par Kaspersky C:\System Volume Information\ (il me dis access denied, meme si je suis dans mon login administrateur) mais plus biz encore ... jai refais un autre scan avec Kaspersky .. et il trouve rien ... Voici le dernier rapport HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 07:49:05, on 2006-07-11 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\Winamp\winampa.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe D:\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe D:\Post-it\PsnLite.exe D:\Post-it\PSNGive.exe C:\WINDOWS\system32\svchost.exe D:\Mozilla Firefox\firefox.exe C:\Documents and Settings\Kayhan\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Post-it® Software Notes Lite.lnk = D:\Post-it\PsnLite.exe O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -
[RESOLU] Rapport HijackThis - Haxdoor - trojan
Kayhan a répondu à un(e) sujet de Kayhan dans Analyses et éradication malwares
Voici le scan fais par mon antivirus : AntiVir PersonalEdition Classic Report file date: 10 juillet 2006 20:50 Scanning for 452302 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Kayhan Computer name: SULLY-ZEO7RCJIV Version informations: AVSCAN.EXE : 7.0.0.42 557096 7/11/2006 00:18:06 AVSCAN.DLL : 7.0.0.42 53288 7/11/2006 00:18:06 LUKE.DLL : 7.0.0.42 118824 7/11/2006 00:18:07 LUKERES.DLL : 7.0.0.42 25640 7/11/2006 00:18:07 ANTIVIR0.VDF : 6.35.0.1 7371264 7/11/2006 00:18:06 ANTIVIR1.VDF : 6.35.0.168 730112 7/11/2006 00:18:06 ANTIVIR2.VDF : 6.35.0.181 78336 7/11/2006 00:18:06 ANTIVIR3.VDF : 6.35.0.183 9216 7/11/2006 00:18:06 AVEWIN32.DLL : 7.1.0.21 1552896 7/11/2006 00:18:06 AVPREF.DLL : 7.0.0.1 49192 7/11/2006 00:18:06 AVREP.DLL : 6.35.0.154 708648 7/11/2006 00:18:06 AVRPBASE.DLL : 7.0.0.0 2162728 7/11/2006 00:18:06 AVPACK32.DLL : 7.1.0.1 335912 7/11/2006 00:18:06 AVREG.DLL : 6.31.0.90 27688 7/11/2006 00:18:06 NETNT.DLL : 6.32.0.0 6696 7/11/2006 00:18:07 NETNW.DLL : 6.32.0.0 9768 7/11/2006 00:18:07 RCIMAGE.DLL : 7.0.0.71 1642536 7/11/2006 00:18:12 RCTEXT.DLL : 7.0.0.75 77864 7/11/2006 00:18:12 Configuration settings for the scan: Jobname: '%s'.................: Local Hard Disks Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp Boot sectors..................: C,D,E,F Scan memory...................: 1 Process scan..................: 1 Scan all files................: 2 Scan archives.................: 1 Recursion depth...............: 20 Smart extensions..............: 1 Macro heuristic...............: 1 File heuristic................: -1 Primary action................: 1 Secondary action..............: 0 Start of the scan: 10 juillet 2006 20:50 The scan over running processes will be started 37 Processes was scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 13 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Kayhan\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\Kayhan\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Kayhan\Application Data\Mozilla\Firefox\Profiles\fon4g8li.default\parent.lock [WARNING] The file could not be opened! C:\Documents and Settings\Kayhan\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\infected.dat [WARNING] The file could not be opened! C:\Documents and Settings\Kayhan\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat [WARNING] The file could not be opened! C:\Documents and Settings\Kayhan\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_2EAC_E033_ACDF_F377\dfsr.db [WARNING] The file could not be opened! C:\Documents and Settings\Kayhan\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_2EAC_E033_ACDF_F377\fsr.log [WARNING] The file could not be opened! C:\Documents and Settings\Kayhan\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_2EAC_E033_ACDF_F377\tmp.edb [WARNING] The file could not be opened! C:\Documents and Settings\Kayhan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\Kayhan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Kayhan\Local Settings\Temp\~DF60DE.tmp [WARNING] The file could not be opened! C:\Documents and Settings\Kayhan\Local Settings\Temp\~DF628B.tmp [WARNING] The file could not be opened! C:\Documents and Settings\Kayhan\Local Settings\Temp\~DFBA70.tmp [WARNING] The file could not be opened! C:\Documents and Settings\Kayhan\Local Settings\Temp\~DFBA80.tmp [WARNING] The file could not be opened! C:\Documents and Settings\Kayhan\Local Settings\Temp\~DFFDB4.tmp [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! C:\WINDOWS\Temp\ZLT011ac.TMP [WARNING] The file could not be opened! C:\WINDOWS\Temp\ZLT011af.TMP [WARNING] The file could not be opened! End of the scan: 10 juillet 2006 21:07 Used time: 17:11 min The scan has been done completely. 3045 Scanning directories 193939 Files were scanned 0 viruses and/or unwanted programs was found 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1760 Archives were scanned 36 Warnings 20 Notes Rapport Scan en ligne : KASPERSKY ON-LINE SCANNER - RAPPORT lundi 10 juillet 2006 22:05:38 Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Version de Kaspersky On-line Scanner: 5.0.78.0 Dernière mise à jour de la base antivirus Kaspersky : 11/07/2006 Enregistrements dans la base antivirus Kaspersky : 193995 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie. vrai Cible de l'analyse Poste de travail A:\ C:\ D:\ E:\ F:\ G:\ Statistiques de l'analyse Total d'objets analysés : 55398 Nombre de virus trouvés 3 Nombre d'objets infectés 4 Nombre d'objets suspects 0 Durée de l'analyse 00:43:06 Nom de l'objet infecté Nom du virus Dernière action C:\System Volume Information\_restore{341ABBD0-E26B-4A93-AF23-5FD6BAC5B607}\RP46\A0010638.exe Infecté: Trojan-Dropper.Win32.MultiJoiner.13.h ignoré C:\System Volume Information\_restore{341ABBD0-E26B-4A93-AF23-5FD6BAC5B607}\RP46\A0010667.exe Infecté: not-virus:Hoax.Win32.Renos.cn ignoré C:\System Volume Information\_restore{341ABBD0-E26B-4A93-AF23-5FD6BAC5B607}\RP47\A0011700.sys Infecté: Backdoor.Win32.Haxdoor.ii ignoré C:\System Volume Information\_restore{341ABBD0-E26B-4A93-AF23-5FD6BAC5B607}\RP47\A0011702.sys Infecté: Backdoor.Win32.Haxdoor.ii ignoré Analyse terminée. -
[RESOLU] Rapport HijackThis - Haxdoor - trojan
Kayhan a répondu à un(e) sujet de Kayhan dans Analyses et éradication malwares
Voici mon dernier rapport HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 20:37:08, on 2006-07-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\Winamp\winampa.exe D:\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe D:\Acrobat 7.0\Acrobat\acrobat_sl.exe D:\Post-it\PsnLite.exe D:\Post-it\PSNGive.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Kayhan\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Post-it® Software Notes Lite.lnk = D:\Post-it\PsnLite.exe O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Rapport Ewido dans mon login Administrateur en mose sans echec : --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 19:41:20 2006-07-10 + Scan result: C:\Documents and Settings\Kayhan\Local Settings\Application Data\Mozilla\Firefox\Profiles\fon4g8li.default\Cache\DA89B81Ed01/YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined). :mozilla.32:C:\Documents and Settings\Kayhan\Application Data\Mozilla\Firefox\Profiles\fon4g8li.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Kayhan\Local Settings\Temp\Cookies\kayhan@2o7[1].txt -> TrackingCookie.2o7 : Cleaned. :mozilla.42:C:\Documents and Settings\Kayhan\Application Data\Mozilla\Firefox\Profiles\fon4g8li.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Kayhan\Local Settings\Temp\Cookies\kayhan@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.40:C:\Documents and Settings\Kayhan\Application Data\Mozilla\Firefox\Profiles\fon4g8li.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.33:C:\Documents and Settings\Kayhan\Application Data\Mozilla\Firefox\Profiles\fon4g8li.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.41:C:\Documents and Settings\Kayhan\Application Data\Mozilla\Firefox\Profiles\fon4g8li.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.22:C:\Documents and Settings\Kayhan\Application Data\Mozilla\Firefox\Profiles\fon4g8li.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.23:C:\Documents and Settings\Kayhan\Application Data\Mozilla\Firefox\Profiles\fon4g8li.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.55:C:\Documents and Settings\Kayhan\Application Data\Mozilla\Firefox\Profiles\fon4g8li.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. ::Report end et le rapport Ewido dans mon login personnel en mode sans echec : --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 19:58:54 2006-07-10 + Scan result: Nothing found. ::Report end Merci -
[RESOLU] Rapport HijackThis - Haxdoor - trojan
Kayhan a répondu à un(e) sujet de Kayhan dans Analyses et éradication malwares
Sault .. en fais j'ai un antivirus que jai desactiver le temps de faire le menage dans mon pc ... parce que a chaque fois que j'ouvrais une fenetre... il me sortais encore 10 et 20 avertisment que le fichier winm32 contenais des traces de Haxdoor.... un peu tannant .. j'aimerais savoir si cette antivirus est bon : Avira Antivir PE Classic quesque vous en penser? -
[RESOLU] Rapport HijackThis - Haxdoor - trojan
Kayhan a répondu à un(e) sujet de Kayhan dans Analyses et éradication malwares
Nouveau rapport HaxFix : HAXFIX logfile - by Marckie -------------- version 3.06 2006-07-10 8:01:31,31 Auto Haxdoorfix haxdoor key: winm searching for services.... services found deleting services..... [sWSC] DeleteService SUCCESS [sWSC] DeleteService SUCCESS rebooting the computer..... haxdoor key: winm searching for services.... services not found checking if files are found..... winm32.dll winm32.sys winm64.sys deleting files..... checking if files are deleted..... checking for other files..... qy.sys qz.dll qz.sys klogini.dll p3.ini ps.a3d deleting other files..... checking if the files are deleted..... Finished Nouveau rapport HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 08:04:22, on 2006-07-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\Winamp\winampa.exe D:\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe D:\Acrobat 7.0\Acrobat\acrobat_sl.exe D:\Post-it\PsnLite.exe D:\Post-it\PSNGive.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\svchost.exe D:\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Kayhan\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Post-it® Software Notes Lite.lnk = D:\Post-it\PsnLite.exe O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\javaw.dll O20 - Winlogon Notify: wingsa32 - wingsa32.dll (file missing) O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\system32\2236_26.dll (file missing) O21 - SSODL: ikiNCoRxolUfcvM - {ACDFF378-0675-59D2-6FEC-A870A005FC8E} - C:\WINDOWS\system32\mssjn.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Merci -
[RESOLU] Rapport HijackThis - Haxdoor - trojan
Kayhan a répondu à un(e) sujet de Kayhan dans Analyses et éradication malwares
Bonjour, Voici le rapport de HaxFix: HAXFIX logfile - by Marckie ______________ version 3.06 2006-07-10 7:55:44,12 checking for haxdoor -------------------- checking for a3d files.... a3d files found ps.a3d checking for matching notify keys.... matching notify keys found winm checking for matching services.... matching services found winm32 winm64 checking for matching safeboot services.... matching safeboot services found winm32.sys winm64.sys Checking for goldun ------------------- checking for notify keys.... no notify keys found checking for services.... no services found Finished Merci -
[RESOLU] Rapport HijackThis - Haxdoor - trojan
Kayhan a posté un sujet dans Analyses et éradication malwares
Bonjour a tous ... j'ai fais tout ce que j'ai pus pour enlever ce trojan .. mais je n'y arrive vraiment pas ... je vous envois un rapport HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 07:23:53, on 2006-07-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE D:\Winamp\winampa.exe D:\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\svchost.exe D:\Post-it\PsnLite.exe D:\Post-it\PSNGive.exe C:\Documents and Settings\Kayhan\Desktop\procexp.exe D:\Winamp\winamp.exe C:\Documents and Settings\Kayhan\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Post-it® Software Notes Lite.lnk = D:\Post-it\PsnLite.exe O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\javaw.dll O20 - Winlogon Notify: wingsa32 - wingsa32.dll (file missing) O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\system32\2236_26.dll (file missing) O21 - SSODL: ikiNCoRxolUfcvM - {ACDFF378-0675-59D2-6FEC-A870A005FC8E} - C:\WINDOWS\system32\mssjn.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Merci de toute l'aide que vous pourrez me donner! Kayhan