AbAt
-
Compteur de contenus
17 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par AbAt
-
Au secours, mon PC est infecté !
AbAt a répondu à un(e) sujet de AbAt dans Analyses et éradication malwares
Re, alors pour le dlo5B ( a noter qu'il ya un .temp du meme nom au meme endroit): Antivirus Version Last Update Result AhnLab-V3 2010.09.12.01 2010.09.12 - AntiVir 8.2.4.50 2010.09.12 - Antiy-AVL 2.0.3.7 2010.09.12 - Authentium 5.2.0.5 2010.09.11 - Avast 4.8.1351.0 2010.09.12 Win32:Malware-gen Avast5 5.0.594.0 2010.09.12 Win32:Malware-gen AVG 9.0.0.851 2010.09.13 - BitDefender 7.2 2010.09.13 Gen:Trojan.Heur.SC8aym92!Aoc CAT-QuickHeal 11.00 2010.09.10 - ClamAV 0.96.2.0-git 2010.09.13 - Comodo 6059 2010.09.12 - DrWeb 5.0.2.03300 2010.09.13 Trojan.Inject.10033 Emsisoft 5.0.0.37 2010.09.12 - eSafe 7.0.17.0 2010.09.12 - eTrust-Vet 36.1.7850 2010.09.12 - F-Prot 4.6.1.107 2010.09.12 - F-Secure 9.0.15370.0 2010.09.11 Gen:Trojan.Heur.SC8aym92!Aoc Fortinet 4.1.143.0 2010.09.12 - GData 21 2010.09.13 Gen:Trojan.Heur.SC8aym92!Aoc Ikarus T3.1.1.88.0 2010.09.12 - Jiangmin 13.0.900 2010.09.12 - K7AntiVirus 9.63.2496 2010.09.11 - Kaspersky 7.0.0.125 2010.09.13 - McAfee 5.400.0.1158 2010.09.13 Suspect-AB!9982A6C1C61D McAfee-GW-Edition 2010.1B 2010.09.12 - Microsoft 1.6103 2010.09.12 - NOD32 5445 2010.09.12 - Norman 6.06.06 2010.09.12 - nProtect 2010-09-12.01 2010.09.12 - Panda 10.0.2.7 2010.09.12 - PCTools 7.0.3.5 2010.09.13 - Prevx 3.0 2010.09.13 - Rising 22.64.06.00 2010.09.12 - Sophos 4.57.0 2010.09.12 - Sunbelt 6868 2010.09.13 - SUPERAntiSpyware 4.40.0.1006 2010.09.12 - Symantec 20101.1.1.7 2010.09.13 - TheHacker 6.7.0.0.016 2010.09.12 - TrendMicro 9.120.0.1004 2010.09.12 - TrendMicro-HouseCall 9.120.0.1004 2010.09.13 - VBA32 3.12.14.0 2010.09.08 - ViRobot 2010.9.8.4031 2010.09.12 - VirusBuster 12.65.2.0 2010.09.12 - Additional information Show all MD5 : 9982a6c1c61d795fbeb57725f64f18da SHA1 : 67cedaa3df019d917462e346c3dc48576a97a66a SHA256: b43687c3641183be37bea3393deb3382e3aadafb9ccefaee6310449b3937f1ae ssdeep: 12288:cZNlz0/B3RGnvFJS0mR6cMiacY9zn4PxJK2hSuukg26JAt5XwAfn4cykl/VMIV72:QNRU GnvrS0mR6Uat4Px3hfukxeYwA4cE File size : 729600 bytes First seen: 2010-09-13 00:21:07 Last seen : 2010-09-13 00:21:07 TrID: Win16/32 Executable Delphi generic (34.0%) Generic Win/DOS Executable (32.9%) DOS Executable Generic (32.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck: publisher....: aglrqmtrat Corporation copyright....: © aglrqmtrat Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: phbzhjeu DLL original name: phbzhjeu.dll internal name: phbzhjeu file version.: 5.1.2600.5167 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x17E000 timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992) machinetype......: 0x14c (I386) [[ 7 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 , 0x1000, 0x1B000, 0x16A00, 7.93, 90402a5be302a3e960937759bf563f55 .edata, 0x1C000, 0x2000, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b .rsrc, 0x1E000, 0x3AC, 0x400, 3.73, 6b429cd6f1c46e6b12f50bdba7d4968c .idata , 0x1F000, 0x1000, 0x200, 1.31, e1cbcc395e1702f66f3fd2780d7406b0 , 0x20000, 0xC4000, 0x200, 0.26, a4151568e37e410b58847c9e858db4cf utscowtv, 0xE4000, 0x9A000, 0x99C00, 7.91, 55dd77689dd9ac9b7f46d7e0e7466cf9 cycknrqv, 0x17E000, 0x1000, 0x200, 3.20, 5699b1c3474c1489b6c5396502ba0575 [[ 2 import(s) ]] kernel32.dll: lstrcpy comctl32.dll: InitCommonControls [[ 7 export(s) ]] DllCanUnloadNow, DllGetClassObject, Pmcmacp, DllMain, DllRegisterServer, DllUnregisterServer, ServiceMain Symantec reputation:Suspicious.Insight VT Community 0 This file has never been reviewed by any VT Community member. Be the first one to comment on it! VirusTotal Team et le nbbzghqf.sys : Antivirus Version Last Update Result AhnLab-V3 2010.09.12.01 2010.09.12 - AntiVir 8.2.4.50 2010.09.12 - Antiy-AVL 2.0.3.7 2010.09.12 - Authentium 5.2.0.5 2010.09.11 - Avast 4.8.1351.0 2010.09.12 - Avast5 5.0.594.0 2010.09.12 - AVG 9.0.0.851 2010.09.13 - BitDefender 7.2 2010.09.13 - CAT-QuickHeal 11.00 2010.09.10 - ClamAV 0.96.2.0-git 2010.09.13 - Comodo 6059 2010.09.12 - DrWeb 5.0.2.03300 2010.09.13 - Emsisoft 5.0.0.37 2010.09.12 - eSafe 7.0.17.0 2010.09.12 - eTrust-Vet 36.1.7850 2010.09.12 - F-Prot 4.6.1.107 2010.09.12 - F-Secure 9.0.15370.0 2010.09.11 - Fortinet 4.1.143.0 2010.09.12 - GData 21 2010.09.13 - Ikarus T3.1.1.88.0 2010.09.12 - Jiangmin 13.0.900 2010.09.12 - K7AntiVirus 9.63.2496 2010.09.11 - Kaspersky 7.0.0.125 2010.09.13 - McAfee 5.400.0.1158 2010.09.13 - McAfee-GW-Edition 2010.1B 2010.09.12 - Microsoft 1.6103 2010.09.12 - NOD32 5445 2010.09.12 - Norman 6.06.06 2010.09.12 - nProtect 2010-09-12.01 2010.09.12 - Panda 10.0.2.7 2010.09.12 - PCTools 7.0.3.5 2010.09.13 - Prevx 3.0 2010.09.13 - Rising 22.64.06.00 2010.09.12 - Sophos 4.57.0 2010.09.12 - Sunbelt 6868 2010.09.13 - SUPERAntiSpyware 4.40.0.1006 2010.09.12 - Symantec 20101.1.1.7 2010.09.13 - TheHacker 6.7.0.0.016 2010.09.12 - TrendMicro 9.120.0.1004 2010.09.12 - TrendMicro-HouseCall 9.120.0.1004 2010.09.13 - VBA32 3.12.14.0 2010.09.08 - ViRobot 2010.9.8.4031 2010.09.12 - VirusBuster 12.65.2.0 2010.09.12 - Additional information Show all MD5 : 4c3628e16bf32e97b5e38f1b1fcc510d SHA1 : d36e761cb3f2dc150c8fe21d0d3dd0fde5c2ad14 SHA256: f9d0e6bae94f815d92469cd6f189736f11f8e51010c40b65d315f1df644a1fbd ssdeep: 384:AJ0DpPIWUcWZKZ4E1X4J6nWVmOOEgv5RcyJZU+CnIRyHTAwZgV0c/AxRp7OCvVLb:ATTsTn Wgv5TEn2eTA8JzRp7jNLp File size : 23424 bytes First seen: 2010-09-13 00:25:36 Last seen : 2010-09-13 00:25:36 TrID: Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck: publisher....: Microsoft Corporation copyright....: © Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Universal Serial Bus Driver original name: usbd.sys internal name: usbd.sys file version.: 5.1.2600.0 (XPClient.010817-1148) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x300 timedatestamp....: 0x3B7D8682 (Fri Aug 17 21:02:58 2001) machinetype......: 0x14c (I386) [[ 8 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x300, 0xFC, 0x100, 5.56, 59394ad2fd122ee4d08378038ddb5953 .rdata, 0x400, 0x5D, 0x80, 2.96, bfa27b8e812ab381b127c69f48a59a5d PAGE, 0x480, 0x34E, 0x380, 6.19, 08c0255d9b891c63aaae8ee441a6ef98 .edata, 0x800, 0x4D6, 0x500, 5.14, 0396bd9d4db5aaf5cb0ac004680dca2e INIT, 0xD00, 0xC6, 0x100, 3.72, 4758bdbfa0600d626bc4b75a0b52342c .skvn, 0xE00, 0x4900, 0x4900, 7.89, a1bc93c7b34e1d22b9e5376b3a5889aa .rsrc, 0x5700, 0x3E8, 0x400, 3.29, 904b60daf9a8e8efe8b5dde25bfc2de0 .reloc, 0x5B00, 0x36, 0x80, 1.37, 584b2806e09e6964a9b9a98f370cdd7b [[ 1 import(s) ]] NTOSKRNL.EXE: ZwQueryValueKey, ExAllocatePoolWithTag, RtlInitUnicodeString, ZwClose, IoOpenDeviceRegistryKey, ExFreePool [[ 35 export(s) ]] DllInitialize, DllUnload, USBD_AllocateDeviceName, USBD_CalculateUsbBandwidth, USBD_CompleteRequest, USBD_CreateConfigurationRequest, USBD_CreateConfigurationRequestEx, USBD_CreateDevice, USBD_Debug_GetHeap, USBD_Debug_LogEntry, USBD_Debug_RetHeap, USBD_Dispatch, USBD_FreeDeviceMutex, USBD_FreeDeviceName, USBD_GetDeviceInformation, USBD_GetInterfaceLength, USBD_GetPdoRegistryParameter, USBD_GetSuspendPowerState, USBD_GetUSBDIVersion, USBD_InitializeDevice, USBD_MakePdoName, USBD_ParseConfigurationDescriptor, USBD_ParseConfigurationDescriptorEx, USBD_ParseDescriptors, USBD_QueryBusTime, USBD_RegisterHcDeviceCapabilities, USBD_RegisterHcFilter, USBD_RegisterHostController, USBD_RemoveDevice, USBD_RestoreDevice, USBD_SetSuspendPowerState, USBD_WaitDeviceMutex, _USBD_CreateConfigurationRequestEx@8, _USBD_ParseConfigurationDescriptorEx@28, _USBD_ParseDescriptors@16 Symantec reputation:Suspicious.Insight VT Community 0 This file has never been reviewed by any VT Community member. Be the first one to comment on it! VirusTotal Team voila ^^ Merci. -
Au secours, mon PC est infecté !
AbAt a répondu à un(e) sujet de AbAt dans Analyses et éradication malwares
Bonsoir Thanos, merci de t'occuper de mon cas... log MBAM Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4597 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/09/2010 20:37:22 mbam-log-2010-09-12 (20-37-22).txt Type d'examen: Examen rapide Elément(s) analysé(s): 178843 Temps écoulé: 23 minute(s), 23 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Log et info rsit : Cijoint.fr - Service gratuit de dépôt de fichiers Cijoint.fr - Service gratuit de dépôt de fichiers encore merci -
Bonsoir, Hier soir j'ai été infecté par security tool que manifestement j'ai réussi a éradiquer ( mbam ne détecte plus rien ) Mais je voie qu'il ya autre chose, applications qui ne s'ouvrent pas, pop up de fausse analyses d'infections etc... Je ne sais pas par ou commencer... Merci. A votre disposition, je bosse de nuit pour demande de rapport éventuels.
-
[Résolu] Trojan depuis hier isolé aujourd'hui...
AbAt a répondu à un(e) sujet de AbAt dans Analyses et éradication malwares
c'est bon, norton removal s'est occupé des restes... (c'est sur que dur de se debarasser definitivement de ce Norton !!) Merci a toi pour ce temps passé !! ps : Comment fait on pour signaler le pb "résolu" ? -
[Résolu] Trojan depuis hier isolé aujourd'hui...
AbAt a répondu à un(e) sujet de AbAt dans Analyses et éradication malwares
Bonjour, alors regseeker c bon je l'avais deja et le registre est propre. Quand au restes de norton ils n'apparaissent pas dans la liste d'ajout/supression de windows et avec regseeker il sont la mais impossible de les enlever avec. Sacré norton dur à éradiquer aussi celui la !!! Je vais de ce pas voir le site de malwares complaints. Merci d'avoir passer du tps a nettoyer mon pc. (si tu as une piste pour virer ces restes ?) Encore Merci Charles Ingalls !!! -
[Résolu] Trojan depuis hier isolé aujourd'hui...
AbAt a répondu à un(e) sujet de AbAt dans Analyses et éradication malwares
alors, manip de restauration systeme effectuée. le repertoire conflict1 etait inexsistant. les fichiers cachés etants bien sur affichés. Quand a mon PC, il ne me fait plus de pop up intempestifs et je ne recois plus d'alerte d'AVG par contre il me semble que Windows demarre tres lentement : apres l'affichage du fond d'ecran, j'attends une min et la barre des taches arrivez puis re une petite min et j'ai droit aux icones du bureau. a part ca tout a l'air d'aller. Merci à toi Charles ingalls, plus jamais je ne dirais du mal de la petite maison dans la prairie !!! -
[Résolu] Trojan depuis hier isolé aujourd'hui...
AbAt a répondu à un(e) sujet de AbAt dans Analyses et éradication malwares
ok alors je n'ai trouvé aucun des deux (C:\WINDOWS\Downloaded Program Files\CONFLICT.1\istactivex.inf C:\WINDOWS\system32\neomonap23.exe) la base de registre a bien pris en compte le changement et voila le rapport de combofix : loan - 06-11-04 18:20:56,57 Service Pack 2 ComboFix 06.10.19 - Running from: "F:\T‚l‚chargements" ((((((((((((((((((((((((((((((( Files Created from 2006-10-04 to 2006-11-04 )))))))))))))))))))))))))))))))))) 2006-11-03 22:04 1,492 --a------ C:\WINDOWSvundofix.reg 2006-11-03 11:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-10-16 19:04 42,920 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-04 18:05 -------- d-------- C:\Program Files\Mozilla Firefox 2006-11-04 10:34 -------- d-------- C:\Program Files\Internet Explorer 2006-11-03 22:27 -------- d-------- C:\Program Files\Fichiers communs 2006-11-03 21:52 -------- d-------- C:\Program Files\MSN Messenger 2006-11-03 21:41 -------- d-------- C:\Program Files\Spyware Doctor 2006-11-03 19:13 -------- d-------- C:\Program Files\a-squared Free 2006-11-03 18:48 -------- d-------- C:\Program Files\a-squared Anti-Dialer 2006-11-03 12:40 -------- d-------- C:\Documents and Settings\loan\Application Data\PC Tools 2006-11-03 12:39 -------- d-------- C:\Program Files\CleanUp! 2006-11-03 12:10 -------- d-------- C:\Program Files\eMule 2006-11-03 11:38 -------- d-------- C:\Program Files\Grisoft 2006-10-16 21:56 -------- d-------- C:\Program Files\PyGrenouille 2006-10-16 19:03 -------- d-------- C:\Program Files\Zone Labs 2006-10-16 18:44 -------- d-------- C:\Documents and Settings\loan\Application Data\nView_Wallpaper 2006-10-16 18:14 -------- d-------- C:\Documents and Settings\loan\Application Data\Jetico Personal Firewall 2006-10-16 17:29 -------- d-------- C:\Program Files\Sokoban 2006-10-09 20:43 -------- d---s---- C:\Documents and Settings\loan\Application Data\Microsoft 2006-10-09 20:43 -------- d-------- C:\Program Files\HDD Regenerator 2006-10-08 10:24 19976 --a------ C:\Documents and Settings\loan\Application Data\GDIPFONTCACHEV1.DAT 2006-10-02 14:09 -------- d-------- C:\Program Files\GWFreaks 2006-09-30 23:08 -------- d-------- C:\Program Files\Teamspeak2_RC2 2006-09-30 23:08 -------- d-------- C:\Documents and Settings\loan\Application Data\teamspeak2 2006-09-30 07:11 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoActiveDesktop"=hex:00,00,00,00 "NoSaveSettings"=hex:00,00,00,00 "ClearRecentDocsOnExit"=hex:00,00,00,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "UPS"=dword:00000003 "SCardSvr"=dword:00000003 "mnmsrvc"=dword:00000003 "ERSvc"=dword:00000002 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SCardClnt Completion time: 06-11-04 18:22:03.81 C:\ComboFix.txt ... 06-11-04 18:22 C:\ComboFix2.txt ... 06-11-04 10:27 C:\ComboFix3.txt ... 06-11-04 00:37 -
[Résolu] Trojan depuis hier isolé aujourd'hui...
AbAt a répondu à un(e) sujet de AbAt dans Analyses et éradication malwares
plus un scan Avg as : VG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 11:22:47 04/11/2006 + Résultat de l'analyse: C:\Documents and Settings\loan\Cookies\loan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\System Volume Information\_restore{7A5ACC04-09F8-4741-9721-D727CEB2E3B4}\RP159\A0022096.dll -> Trojan.Agent.vg : Nettoyé. Fin du rapport -
[Résolu] Trojan depuis hier isolé aujourd'hui...
AbAt a répondu à un(e) sujet de AbAt dans Analyses et éradication malwares
et le scan de panda : Incident Statut Analyse Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt[.xiti.com/] Spyware:Cookie/Toplist No Désinfecté C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt[.toplist.cz/] Spyware:Cookie/Atwola No Désinfecté C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt[.atwola.com/] Spyware:Cookie/Apmebf No Désinfecté C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt[.apmebf.com/] Virus Eventuel. No Désinfecté C:\VundoFix Backups\ssttq.dll.bad Adware:Adware/IST.ISTBar No Désinfecté C:\WINDOWS\Downloaded Program Files\CONFLICT.1\istactivex.inf Virus:W32/Sdbot.ftp.worm Désinfecté C:\WINDOWS\system32\i Outil indésirable:Application/Processor No Désinfecté F:\Téléchargements\SmitfraudFix\SmitfraudFix\Process.exe Virus Eventuel. No Désinfecté F:\Téléchargements\SmitfraudFix\SmitfraudFix\swsc.exe Outil indésirable:Application/Processor No Désinfecté F:\Téléchargements\SmitfraudFix\SmitfraudFix.zip[smitfraudFix/Process.exe] Virus Eventuel. No Désinfecté F:\Téléchargements\SmitfraudFix\SmitfraudFix.zip[smitfraudFix/swsc.exe] -
[Résolu] Trojan depuis hier isolé aujourd'hui...
AbAt a répondu à un(e) sujet de AbAt dans Analyses et éradication malwares
bonjour, bien dorm.. heu travaillé ? j'ai pourtant bien configuré avg as pour la quarantaine ?!? pas de pb avec killbox voici les rapports suivants : Logfile of HijackThis v1.99.1 Scan saved at 10:25:55, on 04/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\r_server.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe F:\Téléchargements\hijackthis\SalutJack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - (no file) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe loan - 06-11-04 10:26:53,54 Service Pack 2 ComboFix 06.10.19 - Running from: "F:\T‚l‚chargements" ((((((((((((((((((((((((((((((( Files Created from 2006-10-04 to 2006-11-04 )))))))))))))))))))))))))))))))))) 2006-11-03 22:04 1,492 --a------ C:\WINDOWSvundofix.reg 2006-11-03 11:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-10-16 19:04 42,920 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-04 10:24 -------- d-------- C:\Program Files\Internet Explorer 2006-11-04 10:22 -------- d-------- C:\Program Files\Mozilla Firefox 2006-11-03 22:27 -------- d-------- C:\Program Files\Fichiers communs 2006-11-03 21:52 -------- d-------- C:\Program Files\MSN Messenger 2006-11-03 21:41 -------- d-------- C:\Program Files\Spyware Doctor 2006-11-03 19:13 -------- d-------- C:\Program Files\a-squared Free 2006-11-03 18:48 -------- d-------- C:\Program Files\a-squared Anti-Dialer 2006-11-03 12:40 -------- d-------- C:\Documents and Settings\loan\Application Data\PC Tools 2006-11-03 12:39 -------- d-------- C:\Program Files\CleanUp! 2006-11-03 12:10 -------- d-------- C:\Program Files\eMule 2006-11-03 11:38 -------- d-------- C:\Program Files\Grisoft 2006-10-16 21:56 -------- d-------- C:\Program Files\PyGrenouille 2006-10-16 19:03 -------- d-------- C:\Program Files\Zone Labs 2006-10-16 18:44 -------- d-------- C:\Documents and Settings\loan\Application Data\nView_Wallpaper 2006-10-16 18:14 -------- d-------- C:\Documents and Settings\loan\Application Data\Jetico Personal Firewall 2006-10-16 17:29 -------- d-------- C:\Program Files\Sokoban 2006-10-09 20:43 -------- d---s---- C:\Documents and Settings\loan\Application Data\Microsoft 2006-10-09 20:43 -------- d-------- C:\Program Files\HDD Regenerator 2006-10-08 10:24 19976 --a------ C:\Documents and Settings\loan\Application Data\GDIPFONTCACHEV1.DAT 2006-10-02 14:09 -------- d-------- C:\Program Files\GWFreaks 2006-09-30 23:08 -------- d-------- C:\Program Files\Teamspeak2_RC2 2006-09-30 23:08 -------- d-------- C:\Documents and Settings\loan\Application Data\teamspeak2 2006-09-30 07:11 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "MOJNPluginSrIvcs"="neomonap23.exe" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "MOJNPluginSrIvcs"="neomonap23.exe" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoActiveDesktop"=hex:00,00,00,00 "NoSaveSettings"=hex:00,00,00,00 "ClearRecentDocsOnExit"=hex:00,00,00,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "UPS"=dword:00000003 "SCardSvr"=dword:00000003 "mnmsrvc"=dword:00000003 "ERSvc"=dword:00000002 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SCardClnt Completion time: 06-11-04 10:27:47.17 C:\ComboFix.txt ... 06-11-04 10:27 C:\ComboFix2.txt ... 06-11-04 00:37 C:\ComboFix3.txt ... 06-11-03 22:28 -
[Résolu] Trojan depuis hier isolé aujourd'hui...
AbAt a répondu à un(e) sujet de AbAt dans Analyses et éradication malwares
donc voici pour combofix : loan - 06-11-04 0:36:32,98 Service Pack 2 ComboFix 06.10.19 - Running from: "F:\T‚l‚chargements" ((((((((((((((((((((((((((((((( Files Created from 2006-10-04 to 2006-11-04 )))))))))))))))))))))))))))))))))) 2006-11-03 22:04 1,492 --a------ C:\WINDOWSvundofix.reg 2006-11-03 17:54 101 --a------ C:\WINDOWS\system32\mit.bat 2006-11-03 17:53 59,392 --a------ C:\WINDOWS\system32\drvzos.dll 2006-11-03 11:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-11-02 11:08 60,436 --a------ C:\WINDOWS\system32\qpxvopts.dll 2006-11-02 11:08 110,612 --a------ C:\WINDOWS\system32\vyoxyite.exe 2006-10-16 19:04 42,920 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-04 00:33 -------- d-------- C:\Program Files\Mozilla Firefox 2006-11-03 22:27 -------- d-------- C:\Program Files\Fichiers communs 2006-11-03 21:52 -------- d-------- C:\Program Files\MSN Messenger 2006-11-03 21:41 -------- d-------- C:\Program Files\Spyware Doctor 2006-11-03 19:13 -------- d-------- C:\Program Files\a-squared Free 2006-11-03 18:48 -------- d-------- C:\Program Files\a-squared Anti-Dialer 2006-11-03 12:40 -------- d-------- C:\Documents and Settings\loan\Application Data\PC Tools 2006-11-03 12:39 -------- d-------- C:\Program Files\CleanUp! 2006-11-03 12:10 -------- d-------- C:\Program Files\eMule 2006-11-03 11:38 -------- d-------- C:\Program Files\Grisoft 2006-10-16 21:56 -------- d-------- C:\Program Files\PyGrenouille 2006-10-16 19:03 -------- d-------- C:\Program Files\Zone Labs 2006-10-16 18:44 -------- d-------- C:\Documents and Settings\loan\Application Data\nView_Wallpaper 2006-10-16 18:14 -------- d-------- C:\Documents and Settings\loan\Application Data\Jetico Personal Firewall 2006-10-16 17:29 -------- d-------- C:\Program Files\Sokoban 2006-10-09 20:43 -------- d---s---- C:\Documents and Settings\loan\Application Data\Microsoft 2006-10-09 20:43 -------- d-------- C:\Program Files\HDD Regenerator 2006-10-08 10:24 19976 --a------ C:\Documents and Settings\loan\Application Data\GDIPFONTCACHEV1.DAT 2006-10-02 14:09 -------- d-------- C:\Program Files\GWFreaks 2006-10-01 23:02 -------- d-------- C:\Program Files\Internet Explorer 2006-09-30 23:08 -------- d-------- C:\Program Files\Teamspeak2_RC2 2006-09-30 23:08 -------- d-------- C:\Documents and Settings\loan\Application Data\teamspeak2 2006-09-30 07:11 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 et le rapport highjack : Logfile of HijackThis v1.99.1 Scan saved at 00:39:27, on 04/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\r_server.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Mozilla Firefox\firefox.exe F:\Téléchargements\hijackthis\SalutJack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {3612D66E-EB96-7524-37B5-040F0E8038BA} - C:\WINDOWS\system32\njsywkb.dll (file missing) O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {9181EB02-12F8-4DE0-A07D-2C7855B2112B} - C:\WINDOWS\system32\ssttq.dll (file missing) O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{3D14D009-064F-1036-0820-040217040021}\MyToolBar.dll (file missing) O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\qpxvopts.dll O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{3D14D009-064F-1036-0820-040217040021}\MyToolBar.dll (file missing) O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - (no file) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe voila merci et a demain donc... encore merci vraiment -
[Résolu] Trojan depuis hier isolé aujourd'hui...
AbAt a répondu à un(e) sujet de AbAt dans Analyses et éradication malwares
arf entre ma fille qui fait ses dents et les chiens a sortir, le scan d'avg as a pris 1hr15 !! AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 00:28:35 04/11/2006 + Résultat de l'analyse: C:\System Volume Information\_restore{7A5ACC04-09F8-4741-9721-D727CEB2E3B4}\RP159\A0022064.dll -> Adware.Softomate : Aucune action entreprise. C:\System Volume Information\_restore{7A5ACC04-09F8-4741-9721-D727CEB2E3B4}\RP158\A0021723.exe -> Downloader.Zlob.atw : Aucune action entreprise. C:\System Volume Information\_restore{7A5ACC04-09F8-4741-9721-D727CEB2E3B4}\RP159\A0022061.exe -> Downloader.Zlob.atw : Aucune action entreprise. C:\System Volume Information\_restore{7A5ACC04-09F8-4741-9721-D727CEB2E3B4}\RP159\A0022062.exe -> Downloader.Zlob.atw : Aucune action entreprise. F:\System Volume Information\_restore{7A5ACC04-09F8-4741-9721-D727CEB2E3B4}\RP157\A0021600.exe -> Dropper.Small.asx : Aucune action entreprise. :mozilla.75:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise. :mozilla.76:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise. :mozilla.115:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.Adjuggler : Aucune action entreprise. :mozilla.117:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise. :mozilla.27:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise. :mozilla.45:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise. :mozilla.41:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise. :mozilla.86:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise. :mozilla.92:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise. :mozilla.93:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise. :mozilla.91:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise. :mozilla.59:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise. :mozilla.60:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise. :mozilla.61:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise. :mozilla.83:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.Tribalfusion : Aucune action entreprise. :mozilla.84:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.Tribalfusion : Aucune action entreprise. :mozilla.58:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise. :mozilla.112:C:\Documents and Settings\loan\Application Data\Mozilla\Firefox\Profiles\uyyeowzp.Utilisateur par défaut\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise. C:\WINDOWS\system32\winrnt32.dll -> Trojan.Agent.vg : Aucune action entreprise. Fin du rapport rapports combo et hijack a suivre -
[Résolu] Trojan depuis hier isolé aujourd'hui...
AbAt a répondu à un(e) sujet de AbAt dans Analyses et éradication malwares
oups dsl je l'avais pas vu !! le voici : 3ivx D4 4.5.1 (remove only) AC3Filter (remove only) Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Reader 7.0 - Français Agipa Master ArcSoft PhotoStudio 5.5 a-squared Anti-Dialer 2.0 a-squared Free 2.0 AVG Anti-Spyware 7.5 AVG Free Edition Bibliothèques GTK+ 2.6.2 rev a (supprimer uniquement) Canon MP170 Canon Utilities Easy-PhotoPrint CC_ccStart ccCommon CCleaner (remove only) CleanUp! C-Media 3D Audio Compel Adaptec WinASPI CoreAAC Audio Decoder (remove only) Direct Show Ogg Vorbis Filter (remove only) DivX Codec 3.1alpha release DVD Shrink 3.2 eMule EVEREST Home Edition v2.20 ffdshow GUILD WARS GWFreaks 2.9.1.0 Haali Media Splitter HDD Regenerator HijackThis 1.99.1 Indeo® XP Software J2SE Runtime Environment 5.0 Update 1 Lame ACM MP3 Codec Macromedia Shockwave Player Matroska Pack Microsoft .NET Framework 1.1 Microsoft Office XP Professional avec FrontPage Mozilla Firefox (2.0) MSN Messenger 7.5 MSRedist Nero Suite NVIDIA Drivers OmniPage SE 2.0 -
[Résolu] Trojan depuis hier isolé aujourd'hui...
AbAt a répondu à un(e) sujet de AbAt dans Analyses et éradication malwares
re donc et voici le log de combofix : loan - 06-11-03 22:27:29,96 Service Pack 2 ComboFix 06.10.19 - Running from: "F:\T‚l‚chargements" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ishost.exe C:\WINDOWS\system32\ismini.exe C:\WINDOWS\system32\components C:\Program Files\Fichiers communs\{3D14D009-064F-1036-0820-040217040021} C:\Program Files\Fichiers communs\{7D14D009-064F-1036-0820-040217040021} ((((((((((((((((((((((((((((((( Files Created from 2006-10-03 to 2006-11-03 )))))))))))))))))))))))))))))))))) 2006-11-03 22:04 1,492 --a------ C:\WINDOWSvundofix.reg 2006-11-03 17:54 101 --a------ C:\WINDOWS\system32\mit.bat 2006-11-03 17:53 59,392 --a------ C:\WINDOWS\system32\drvzos.dll 2006-11-03 11:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-11-02 11:08 60,436 --a------ C:\WINDOWS\system32\qpxvopts.dll 2006-11-02 11:08 110,612 --a------ C:\WINDOWS\system32\vyoxyite.exe 2006-11-02 10:44 15,872 --a------ C:\WINDOWS\system32\winrnt32.dll 2006-10-16 19:04 42,920 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-03 22:27 -------- d-------- C:\Program Files\Fichiers communs 2006-11-03 22:12 -------- d-------- C:\Program Files\Mozilla Firefox 2006-11-03 21:52 -------- d-------- C:\Program Files\MSN Messenger 2006-11-03 21:41 -------- d-------- C:\Program Files\Spyware Doctor 2006-11-03 19:13 -------- d-------- C:\Program Files\a-squared Free 2006-11-03 18:48 -------- d-------- C:\Program Files\a-squared Anti-Dialer 2006-11-03 12:40 -------- d-------- C:\Documents and Settings\loan\Application Data\PC Tools 2006-11-03 12:39 -------- d-------- C:\Program Files\CleanUp! 2006-11-03 12:10 -------- d-------- C:\Program Files\eMule 2006-11-03 11:38 -------- d-------- C:\Program Files\Grisoft 2006-11-02 11:08 -------- d-------- C:\Program Files\VSAdd-in 2006-10-16 21:56 -------- d-------- C:\Program Files\PyGrenouille 2006-10-16 19:03 -------- d-------- C:\Program Files\Zone Labs 2006-10-16 18:44 -------- d-------- C:\Documents and Settings\loan\Application Data\nView_Wallpaper 2006-10-16 18:14 -------- d-------- C:\Documents and Settings\loan\Application Data\Jetico Personal Firewall 2006-10-16 17:29 -------- d-------- C:\Program Files\Sokoban 2006-10-09 20:43 -------- d---s---- C:\Documents and Settings\loan\Application Data\Microsoft 2006-10-09 20:43 -------- d-------- C:\Program Files\HDD Regenerator 2006-10-08 10:24 19976 --a------ C:\Documents and Settings\loan\Application Data\GDIPFONTCACHEV1.DAT 2006-10-02 14:09 -------- d-------- C:\Program Files\GWFreaks 2006-10-01 23:02 -------- d-------- C:\Program Files\Internet Explorer 2006-09-30 23:08 -------- d-------- C:\Program Files\Teamspeak2_RC2 2006-09-30 23:08 -------- d-------- C:\Documents and Settings\loan\Application Data\teamspeak2 2006-09-30 07:11 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 la suite : [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "MOJNPluginSrIvcs"="neomonap23.exe" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "MOJNPluginSrIvcs"="neomonap23.exe" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoActiveDesktop"=hex:00,00,00,00 "NoSaveSettings"=hex:00,00,00,00 "ClearRecentDocsOnExit"=hex:00,00,00,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "UPS"=dword:00000003 "SCardSvr"=dword:00000003 "mnmsrvc"=dword:00000003 "ERSvc"=dword:00000002 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrnt32 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SCardClnt Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur - loan.job C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur.job C:\WINDOWS\tasks\XoftSpy.job Completion time: 06-11-03 22:28:05.89 C:\ComboFix.txt ... 06-11-03 22:28 -
[Résolu] Trojan depuis hier isolé aujourd'hui...
AbAt a répondu à un(e) sujet de AbAt dans Analyses et éradication malwares
alors le rapport vundo : VundoFix V6.2.6 Checking Java version... Scan started at 21:58:59 03/11/2006 Listing files found while scanning.... C:\WINDOWS\system32\njsywkb.dll C:\WINDOWS\system32\xobghic.dll C:\WINDOWS\system32\ssttq.dll C:\WINDOWS\system32\qttss.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\njsywkb.dll C:\WINDOWS\system32\njsywkb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xobghic.dll C:\WINDOWS\system32\xobghic.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ssttq.dll C:\WINDOWS\system32\ssttq.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\qttss.ini C:\WINDOWS\system32\qttss.ini Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\ssttq.dll C:\WINDOWS\system32\ssttq.dll Has been deleted! Performing Repairs to the registry. Done! et le rapport highjack : C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\r_server.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe F:\Téléchargements\hijackthis\SalutJack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {3612D66E-EB96-7524-37B5-040F0E8038BA} - C:\WINDOWS\system32\njsywkb.dll (file missing) O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file) O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {9181EB02-12F8-4DE0-A07D-2C7855B2112B} - C:\WINDOWS\system32\ssttq.dll (file missing) O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{3D14D009-064F-1036-0820-040217040021}\MyToolBar.dll (file missing) O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\qpxvopts.dll O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{3D14D009-064F-1036-0820-040217040021}\MyToolBar.dll (file missing) O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: winrnt32 - C:\WINDOWS\SYSTEM32\winrnt32.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - (no file) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe merci de suivre mon cas ! -
[Résolu] Trojan depuis hier isolé aujourd'hui...
AbAt a répondu à un(e) sujet de AbAt dans Analyses et éradication malwares
Bonsoir et merci ! Voici le rapport demandé : Logfile of HijackThis v1.99.1 Scan saved at 21:49:03, on 03/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\r_server.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\wuauclt.exe F:\Téléchargements\hijackthis\SalutJack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {3612D66E-EB96-7524-37B5-040F0E8038BA} - C:\WINDOWS\system32\njsywkb.dll O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file) O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {9181EB02-12F8-4DE0-A07D-2C7855B2112B} - C:\WINDOWS\system32\ssttq.dll O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{3D14D009-064F-1036-0820-040217040021}\MyToolBar.dll (file missing) O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\qpxvopts.dll O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{3D14D009-064F-1036-0820-040217040021}\MyToolBar.dll (file missing) O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll O20 - Winlogon Notify: winrnt32 - C:\WINDOWS\SYSTEM32\winrnt32.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - (no file) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -
[Résolu] Trojan depuis hier isolé aujourd'hui...
AbAt a posté un sujet dans Analyses et éradication malwares
Bonsoir a tous ! Voila g attrapé hier un trojan indetecté par AVG, Spybot, A² spy et j'en passe... Mais il genere des fichiers win**.temp voir .temp.exe dans le rep temp de windows et de tps en tps ds le rep cache d'ie (qui eux sont reperés et bloqués par avg) J'ai fini par isoler le responsable : winrnt32.dll !! Malgré mes recherches et mes essais je n'arrive pas a m'en debarrasser meme en mode ss echec. Comment faire ? il n'est pas dangereux en soit puisque les fichiers qu'il genere sont systematiquement bloqués, j'ai par contre 5 alerte a la seconde a chaque fois que je lance firefox !!