romano72
Membres-
Compteur de contenus
12 -
Inscription
-
Dernière visite
Autres informations
-
Mes langues
français
romano72's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
PC infecté "TR/Dldr.agen.ZV.1.B"
romano72 a répondu à un(e) sujet de romano72 dans Analyses et éradication malwares
merci encore mr Ingalls voilà le rapport : SmitFraudFix v2.258 Rapport fait à 1:17:04,76, 06/12/2007 Executé à partir de C:\Documents and Settings\LEDRU\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\My Book\WD Backup\uBBMonitor.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LEDRU »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LEDRU\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT ! C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LEDRU\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: RCA USB Cable Modem #2 - Miniport d'ordonnancement de paquets DNS Server Search Order: 82.216.111.123 DNS Server Search Order: 82.216.111.122 DNS Server Search Order: 82.216.111.124 DNS Server Search Order: 82.216.111.125 HKLM\SYSTEM\CCS\Services\Tcpip\..\{CE01C6D4-41D2-407E-B2E3-C1F55C728CC2}: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125 HKLM\SYSTEM\CS1\Services\Tcpip\..\{CE01C6D4-41D2-407E-B2E3-C1F55C728CC2}: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125 HKLM\SYSTEM\CS2\Services\Tcpip\..\{CE01C6D4-41D2-407E-B2E3-C1F55C728CC2}: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin -
PC infecté "TR/Dldr.agen.ZV.1.B"
romano72 a répondu à un(e) sujet de romano72 dans Analyses et éradication malwares
Et ici le rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:29:50, on 06/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\My Book\WD Backup\uBBMonitor.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\AutoCAD 2006\acad.exe C:\DOCUME~1\LEDRU\LOCALS~1\Temp\AdskCleanup.0001 C:\Program Files\Fichiers communs\Autodesk Shared\WSCommCntr1.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O22 - SharedTaskScheduler: deboner - {fa4fbf53-c766-4622-8011-a87a805eebf0} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7180 bytes -
PC infecté "TR/Dldr.agen.ZV.1.B"
romano72 a répondu à un(e) sujet de romano72 dans Analyses et éradication malwares
Salut, voilà le rapport Panda : ;*********************************************************************************************************************************************************************************** ANALYSIS: 2007-12-06 00:25:20 PROTECTIONS: 1 MALWARE: 30 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== Avira AntiVir PersonalEdition 7.0.1.49 No Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\ledru@atdmt[2].txt 00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026474.exe 00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026468.exe[sDFix\apps\Process.exe] 00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026443.exe 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\ledru@xiti[1].txt 00167783 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\[email protected][1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\ledru@serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\[email protected][2].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\ledru@weborama[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\ledru@adtech[1].txt 00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\ledru@sextracker[1].txt 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\ledru@smartadserver[1].txt 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP724\A0290111.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP722\A0289085.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP721\A0289069.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP721\A0288971.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP723\A0290069.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP720\A0288866.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP719\A0288849.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP719\A0288811.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{54F4E4B6-064B-4588-BC00-386978A7C0E5}\RP344\A0070992.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP720\A0288921.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP724\A0290088.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP722\A0290053.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{A4721006-4953-4EFA-B796-09FF8E9CE226}\RP273\A0229474.EXE 01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026194.exe 01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026195.exe 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026278.exe 01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026467.exe[nircmd.cfexe] 01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026467.exe[nircmd.exe] 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026338.exe 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe 02070830 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026342.exe 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026203.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026196.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026214.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026202.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026201.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026205.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026210.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026221.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026200.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026212.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026225.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026227.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026218.dll 02652697 W32/P2PSimple.C.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026290.exe 02652697 W32/P2PSimple.C.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026295.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026182.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026187.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026183.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026188.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026189.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026184.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026190.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026185.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026191.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026186.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026192.exe 02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026353.dll 02694181 Trj/Agent.HBA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026197.dll 02694181 Trj/Agent.HBA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026199.dll 02804145 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026206.dll 02812177 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026204.dll 02812177 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026213.dll 02861976 Trj/Agent.HEH Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026473.exe 02861976 Trj/Agent.HEH Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026469.exe 02882735 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026228.dll 02882736 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026220.dll 02882737 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026226.dll 02882738 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026223.dll 02882739 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026219.dll 02882742 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026224.dll 02882745 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026211.dll 02883045 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026363.dll ;=================================================================================================================================================================================== SUSPECTS Location ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== Je n'ai pas pu desinfecter les infections détectées car il faut s'abonner apparement, sinon mon pc tourne beaucoup mieux qu'hier -
PC infecté "TR/Dldr.agen.ZV.1.B"
romano72 a répondu à un(e) sujet de romano72 dans Analyses et éradication malwares
Salut, désolé je n'ai pas pu me connecter plus tôt, voila le rapport combofix : ComboFix 07-12-02.6 - LEDRU 2007-12-05 15:40:54.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.53 [GMT 1:00] Running from: C:\Documents and Settings\LEDRU\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\LEDRU\Bureau\CFScript.txt * Created a new restore point FILE C:\Documents and Settings\LEDRU\f.exe C:\sqmdata15.sqm C:\sqmnoopt15.sqm C:\WINDOWS\system32\bduxtbei.ini C:\WINDOWS\system32\birhhaml.ini C:\WINDOWS\system32\bocxpwuv.ini C:\WINDOWS\system32\hcknodft.ini C:\WINDOWS\system32\irfyfmhc.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mvrbkhga.ini C:\WINDOWS\system32\ogpapoit.ini C:\WINDOWS\system32\pywgsvqc.dll C:\WINDOWS\system32\qrqcucqw.ini C:\WINDOWS\system32\qvcmipmg.ini C:\WINDOWS\system32\ssqooml.dll C:\WINDOWS\system32\svkyawut.dll C:\WINDOWS\system32\vbzip10.dll C:\WINDOWS\system32\vltbqvfo.ini C:\WINDOWS\system32\wmfkagjo.ini C:\WINDOWS\system32\wpyaqliu.ini C:\WINDOWS\system32\yulphppy.ini . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\LEDRU\f.exe C:\sqmdata15.sqm C:\sqmnoopt15.sqm C:\WINDOWS\system32\bduxtbei.ini C:\WINDOWS\system32\birhhaml.ini C:\WINDOWS\system32\bocxpwuv.ini C:\WINDOWS\system32\hcknodft.ini C:\WINDOWS\system32\irfyfmhc.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mvrbkhga.ini C:\WINDOWS\system32\ogpapoit.ini C:\WINDOWS\system32\pywgsvqc.dll C:\WINDOWS\system32\qrqcucqw.ini C:\WINDOWS\system32\qvcmipmg.ini C:\WINDOWS\system32\ssqooml.dll C:\WINDOWS\system32\svkyawut.dll C:\WINDOWS\system32\vbzip10.dll C:\WINDOWS\system32\vltbqvfo.ini C:\WINDOWS\system32\wmfkagjo.ini C:\WINDOWS\system32\wpyaqliu.ini C:\WINDOWS\system32\yulphppy.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))))))) . 2007-12-05 08:28 . 2007-12-05 08:28 268 --ah----- C:\sqmdata17.sqm 2007-12-05 08:28 . 2007-12-05 08:28 244 --ah----- C:\sqmnoopt17.sqm 2007-12-05 03:10 . 2007-12-05 03:10 <REP> d-------- C:\WINDOWS\ERUNT 2007-12-05 03:02 . 2007-12-05 03:02 268 --ah----- C:\sqmdata16.sqm 2007-12-05 03:02 . 2007-12-05 03:02 244 --ah----- C:\sqmnoopt16.sqm 2007-12-04 21:19 . 2007-12-04 21:19 <REP> d-------- C:\Program Files\Avira 2007-12-04 21:19 . 2007-12-04 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-04 20:57 . 2007-12-04 20:57 <REP> d-------- C:\Program Files\Trend Micro 2007-11-20 00:25 . 2007-11-27 22:44 <REP> d-------- C:\Program Files\Everest Poker 2007-11-14 18:58 . 2007-11-19 13:57 <REP> d--h----- C:\Program Files\InstallShield Installation Information 2007-11-13 23:05 . 2007-11-13 23:28 <REP> d-------- C:\VundoFix Backups . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 20:38 10 ----a-w C:\Program Files\.autoreg 2007-12-04 20:22 --------- d-----w C:\Documents and Settings\LEDRU\Application Data\LimeWire 2007-12-04 15:32 --------- d-----w C:\Program Files\Java 2007-11-30 17:38 --------- d-----w C:\Program Files\eMule 2007-11-14 17:58 --------- d-----w C:\Program Files\Google 2007-10-22 22:05 --------- d-----w C:\Program Files\Veoh Networks 2007-10-22 21:23 --------- d-----w C:\Program Files\DivX 2007-10-22 12:22 --------- d-----w C:\Program Files\Winamp 2007-10-22 11:02 --------- d-----w C:\Program Files\Overland 2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((( snapshot@2007-12-05_ 1.59.10.34 ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-03 11:52:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2007-12-05 02:11:00 4,141,056 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2007-12-05 02:11:00 278,528 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2007-12-03 11:52:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2007-12-05 02:10:59 4,141,056 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2007-12-05 02:10:59 278,528 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 15:48] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-14 03:06] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-05 00:44] "HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 23:12] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-02-02 20:43] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-23 16:06] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "WD Button Manager"="WDBtnMgr.exe" [2007-05-02 11:13 C:\WINDOWS\system32\WDBtnMgr.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-04 21:42] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00] R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys R3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-07-15 08:28:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-05 04:35:01 C:\WINDOWS\Tasks\HP Usg Daily.job" - C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 15:44:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-05 15:46:57 - machine was rebooted C:\ComboFix2.txt ... 2007-12-05 02:11 C:\ComboFix3.txt ... 2007-12-05 01:59 . --- E O F --- Et au fait je n'ai pas vu de mots de passe dans le fichier C:\SDFix\Data.txt -
PC infecté "TR/Dldr.agen.ZV.1.B"
romano72 a répondu à un(e) sujet de romano72 dans Analyses et éradication malwares
Et un rapport HijackThis au cas où : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:27:58, on 05/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\My Book\WD Backup\uBBMonitor.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\ssqooml.dll O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - Winlogon Notify: ssqooml - C:\WINDOWS\SYSTEM32\ssqooml.dll O22 - SharedTaskScheduler: deboner - {fa4fbf53-c766-4622-8011-a87a805eebf0} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7078 bytes -
PC infecté "TR/Dldr.agen.ZV.1.B"
romano72 a répondu à un(e) sujet de romano72 dans Analyses et éradication malwares
Merci encore pour ton aide voici donc le rapport de SDFix : SDFix: Version 1.116 Run by LEDRU on 05/12/2007 at 03:11 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\Documents and Settings\LEDRU\x.dat - Deleted C:\Documents and Settings\LEDRU\z.dat - Deleted C:\n.bat - Deleted C:\WINDOWS\Fonts\Setup.exe - Deleted x.dat and z.dat data copied to \SDFix\Data.txt Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 03:14:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:fc98cdb3 "s2"=dword:bc01b9d4 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000000 "ujdew"=hex:11,1f,01,1f,7d,ff,eb,8c,4e,89,84,23,1c,94,7c,b6,0e,5d,fc,89,5c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\CfgD79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000000 "ujdew"=hex:11,1f,01,1f,7d,ff,eb,8c,4e,89,84,23,1c,94,7c,b6,0e,5d,fc,89,5c,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Thu 21 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 22 Dec 2004 76,568 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe" Wed 22 Dec 2004 16,384 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll" Thu 20 Jan 2005 11,344 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll" Tue 20 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d03f71700772ecd1d20bacc33c473cd5\BIT3.tmp" Finished! -
PC infecté "TR/Dldr.agen.ZV.1.B"
romano72 a répondu à un(e) sujet de romano72 dans Analyses et éradication malwares
Et enfin le rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:27:52, on 05/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\My Book\WD Backup\uBBMonitor.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\ssqooml.dll O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - Winlogon Notify: ssqooml - C:\WINDOWS\SYSTEM32\ssqooml.dll O22 - SharedTaskScheduler: deboner - {fa4fbf53-c766-4622-8011-a87a805eebf0} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7078 bytes -
PC infecté "TR/Dldr.agen.ZV.1.B"
romano72 a répondu à un(e) sujet de romano72 dans Analyses et éradication malwares
et le rapport combofix : ComboFix 07-12-02.6 - LEDRU 2007-12-05 1:53:54.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.79 [GMT 1:00] Running from: C:\Documents and Settings\LEDRU\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\LEDRU\Application Data\WinTouch C:\Documents and Settings\LEDRU\Application Data\WinTouch\wintouch.cfg C:\WINDOWS\Fonts\a.zip C:\WINDOWS\system32\__c00DD4D0.dat C:\WINDOWS\system32\awhxryrv.dll C:\WINDOWS\system32\cbxwvvt.dll C:\WINDOWS\system32\cbxwwww.dll C:\WINDOWS\system32\cbxyvwt.dll C:\WINDOWS\system32\cidbifvj.exe C:\WINDOWS\system32\dcwdnafj.dll C:\WINDOWS\system32\dksdndex.dll C:\WINDOWS\system32\fgtkyyhr.dll C:\WINDOWS\system32\fmxvatqr.exe C:\WINDOWS\system32\iexevuil.dll C:\WINDOWS\system32\ipdijacl.dllbox C:\WINDOWS\system32\ixuffanm.dll C:\WINDOWS\system32\jiwxosco.exe C:\WINDOWS\system32\jjpptdqv.dll C:\WINDOWS\system32\kdwpabsv.exe C:\WINDOWS\system32\khfccay.dll C:\WINDOWS\system32\kyxdosyr.dll C:\WINDOWS\system32\ltkcuudp.dll C:\WINDOWS\system32\mjedkgnq.dll C:\WINDOWS\system32\mjvferwn.exe C:\WINDOWS\system32\mkmklxno.exe C:\WINDOWS\system32\mnaffuxi.ini C:\WINDOWS\system32\mwhgtpbe.dll C:\WINDOWS\system32\oktrikgr.ini C:\WINDOWS\system32\pqmyifyh.dll C:\WINDOWS\system32\prqss.ini C:\WINDOWS\system32\prqss.ini2 C:\WINDOWS\system32\qpaxcbcv.exe C:\WINDOWS\system32\qthnydbb.dll C:\WINDOWS\system32\rdkyxckk.exe C:\WINDOWS\system32\rgkirtko.dll C:\WINDOWS\system32\riyvcpjb.dll C:\WINDOWS\system32\rnddrtqp.exe C:\WINDOWS\system32\smlrkief.dll C:\WINDOWS\system32\ssqrp.dll C:\WINDOWS\system32\tecchnaw.dll C:\WINDOWS\system32\tlsegbax.dll C:\WINDOWS\system32\twxwpttq.dll C:\WINDOWS\system32\ucacdtff.dll C:\WINDOWS\system32\udjlfsif.dll C:\WINDOWS\system32\umjmfvuu.dll C:\WINDOWS\system32\urqnllj.dll C:\WINDOWS\system32\vnffgsxo.dll C:\WINDOWS\system32\vnnuptxl.dll C:\WINDOWS\system32\vrjqgabb.exe C:\WINDOWS\system32\vrkvivrk.exe C:\WINDOWS\system32\vtxgqlcs.exe C:\WINDOWS\system32\wdqtedft.dll C:\WINDOWS\system32\wqdvopgo.dll C:\WINDOWS\system32\xjrnssly.exe C:\WINDOWS\system32\yingcatw.dll C:\WINDOWS\system32\ysebdegr.exe C:\WINDOWS\system32\ysthqpby.dll C:\winlogon.exe C:\x.dat C:\z.dat H:\Autorun.inf C:\WINDOWS\Fonts\' . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))))))) . 2007-12-04 21:19 . 2007-12-04 21:19 <REP> d-------- C:\Program Files\Avira 2007-12-04 21:19 . 2007-12-04 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-04 21:17 . 2007-12-04 21:17 37,376 --a------ C:\WINDOWS\system32\ssqooml.dll 2007-12-04 20:57 . 2007-12-04 20:57 <REP> d-------- C:\Program Files\Trend Micro 2007-12-04 16:37 . 2007-12-04 16:37 718,718 ---hs---- C:\WINDOWS\system32\qvcmipmg.ini 2007-12-03 11:34 . 2007-12-03 11:34 73,280 --a------ C:\WINDOWS\system32\pywgsvqc.dll 2007-12-03 11:31 . 2007-12-04 16:26 845,645 ---hs---- C:\WINDOWS\system32\wmfkagjo.ini 2007-11-30 15:13 . 2007-12-03 11:25 756,471 ---hs---- C:\WINDOWS\system32\birhhaml.ini 2007-11-28 16:07 . 2007-11-30 15:10 882,576 ---hs---- C:\WINDOWS\system32\yulphppy.ini 2007-11-27 16:03 . 2007-11-28 16:03 771,076 ---hs---- C:\WINDOWS\system32\qrqcucqw.ini 2007-11-26 16:57 . 2007-11-27 15:58 779,304 ---hs---- C:\WINDOWS\system32\mvrbkhga.ini 2007-11-23 16:18 . 2007-11-26 16:45 773,267 ---hs---- C:\WINDOWS\system32\bocxpwuv.ini 2007-11-22 15:51 . 2007-11-23 16:13 773,069 ---hs---- C:\WINDOWS\system32\wpyaqliu.ini 2007-11-21 23:13 . 2007-11-21 23:13 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-11-20 23:05 . 2007-11-20 23:05 268 --ah----- C:\sqmdata15.sqm 2007-11-20 23:05 . 2007-11-20 23:05 244 --ah----- C:\sqmnoopt15.sqm 2007-11-20 15:55 . 2007-11-21 15:56 834 ---hs---- C:\WINDOWS\system32\irfyfmhc.ini 2007-11-20 00:25 . 2007-11-27 22:44 <REP> d-------- C:\Program Files\Everest Poker 2007-11-19 13:18 . 2007-11-20 15:44 836,471 ---hs---- C:\WINDOWS\system32\vltbqvfo.ini 2007-11-16 20:43 . 2007-11-19 13:13 675,164 ---hs---- C:\WINDOWS\system32\bduxtbei.ini 2007-11-16 15:33 . 2007-11-19 13:16 40,960 --a------ C:\Documents and Settings\LEDRU\f.exe 2007-11-16 15:33 . 2007-11-19 13:15 262 --a------ C:\Documents and Settings\LEDRU\z.dat 2007-11-16 15:33 . 2007-11-19 13:15 0 --a------ C:\Documents and Settings\LEDRU\x.dat 2007-11-15 20:34 . 2007-11-16 20:34 677,781 ---hs---- C:\WINDOWS\system32\ogpapoit.ini 2007-11-14 20:43 . 2007-11-14 20:43 671,127 ---hs---- C:\WINDOWS\system32\hcknodft.ini 2007-11-14 18:58 . 2007-11-19 13:57 <REP> d--h----- C:\Program Files\InstallShield Installation Information 2007-11-13 23:05 . 2007-11-13 23:28 <REP> d-------- C:\VundoFix Backups 2007-11-13 20:32 . 2007-11-13 20:32 145,984 --a------ C:\WINDOWS\system32\svkyawut.dll 2007-11-12 21:08 . 2007-11-12 21:08 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-11-12 21:05 . 2007-11-19 13:16 120 --a------ C:\n.bat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 20:38 10 ----a-w C:\Program Files\.autoreg 2007-12-04 20:22 --------- d-----w C:\Documents and Settings\LEDRU\Application Data\LimeWire 2007-12-04 15:32 --------- d-----w C:\Program Files\Java 2007-11-30 17:38 --------- d-----w C:\Program Files\eMule 2007-11-14 17:58 --------- d-----w C:\Program Files\Google 2007-11-12 20:08 278,536 ----a-w C:\WINDOWS\Fonts\Setup.exe 2007-10-22 22:05 --------- d-----w C:\Program Files\Veoh Networks 2007-10-22 21:23 --------- d-----w C:\Program Files\DivX 2007-10-22 12:22 --------- d-----w C:\Program Files\Winamp 2007-10-22 11:02 --------- d-----w C:\Program Files\Overland 2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}] 2007-12-04 21:17 37376 --a------ C:\WINDOWS\system32\ssqooml.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 15:48] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-14 03:06] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-05 00:44] "HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 23:12] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-02-02 20:43] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-23 16:06] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "WD Button Manager"="WDBtnMgr.exe" [2007-05-02 11:13 C:\WINDOWS\system32\WDBtnMgr.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-04 21:42] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}"= C:\WINDOWS\system32\ssqooml.dll [2007-12-04 21:17 37376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqooml] ssqooml.dll 2007-12-04 21:17 37376 C:\WINDOWS\system32\ssqooml.dll R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys R3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-07-15 08:28:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-05 00:35:51 C:\WINDOWS\Tasks\HP Usg Daily.job" - C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 01:58:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-05 1:59:43 - machine was rebooted . --- E O F --- Mon pc a redémarré après le combofix, et j'ai l'impression qu'il rame déjà moins, mais maintenant une autre alerte AntiVir s'affiche avec le trojan "TR/Drop.Agent.CWD" ... -
PC infecté "TR/Dldr.agen.ZV.1.B"
romano72 a répondu à un(e) sujet de romano72 dans Analyses et éradication malwares
Tout d'abord merci pour ton aide Alors voici en premier le rapport MSNFix : MSNFix 1.600 C:\Documents and Settings\LEDRU\Bureau\MSNFix\MSNFix Fix exécuté le 05/12/2007 - 1:47:01,54 By LEDRU mode normal ************************ Recherche les fichiers présents ... C:\DOCUME~1\LEDRU\LOCALS~1\Temp\removalfile.bat ... C:\WINDOWS\b???.exe ... C:\WINDOWS\cookies.ini ... C:\WINDOWS\mrofinu*.exe.tmp ************************ MSNCHK ***** /!\ beta test /!\ ************************ Recherche les dossiers présents ... C:\PROGRA~1\InetGet2\ ... C:\PROGRA~1\Temporary\ ... C:\PROGRA~1\WinAble\ ************************ Suppression des fichiers .. OK ... C:\DOCUME~1\LEDRU\LOCALS~1\Temp\removalfile.bat .. OK ... C:\WINDOWS\b???.exe .. OK ... C:\WINDOWS\cookies.ini .. OK ... C:\WINDOWS\mrofinu*.exe.tmp ************************ Suppression des dossiers .. OK ... C:\PROGRA~1\InetGet2\ .. OK ... C:\PROGRA~1\Temporary\ .. OK ... C:\PROGRA~1\WinAble\ ************************ Nettoyage du registre ************************ Fichiers suspects /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention [C:\WINDOWS\Fonts\Setup.exe] 58B463A2E355F05079A16D08191DEA9F [C:\setup_wm.exe] CB590BCE547BA8C7378E5B4220FCF256 [C:\winlogon.exe] A3879EADB0B106DC79941FF124DCA9E2 [C:\Documents and Settings\LEDRU\f.exe] 52B1C318B141C2D684CDF7C2D303FD5D [C:\PROGRA~1\Uninstall_CDS.exe] 6ED26B4DD712DCC8456079DD15330F03 ==> SVP merci d'envoyer le fichier C:\DOCUME~1\LEDRU\Bureau\Upload_Me.zip sur http://upload.changelog.fr Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 05122007_ 1483614.zip ------------------------------------------------------------------------ Auteur : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- -
PC infecté "TR/Dldr.agen.ZV.1.B"
romano72 a répondu à un(e) sujet de romano72 dans Analyses et éradication malwares
J'ai l'impression que mon pc rame de plus en plus... Help please ! -
PC infecté "TR/Dldr.agen.ZV.1.B"
romano72 a répondu à un(e) sujet de romano72 dans Analyses et éradication malwares
J'allais oublier le rapport le voici: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:10:43, on 04/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\My Book\WD Backup\uBBMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {69264CAA-1A47-4A87-923E-19E8F534DFC1} - C:\WINDOWS\system32\ssqrp.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\ssqooml.dll O2 - BHO: {51474f05-bfe1-3c88-7f04-a6670a5bc2a9} - {9a2cb5a0-766a-40f7-88c3-1efb50f47415} - C:\WINDOWS\system32\tlsegbax.dll O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe O4 - HKCU\..\Run: [insider] C:\Program Files\Insider\Insider.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00DD4D0.dat O20 - Winlogon Notify: ssqooml - C:\WINDOWS\SYSTEM32\ssqooml.dll O22 - SharedTaskScheduler: deboner - {fa4fbf53-c766-4622-8011-a87a805eebf0} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: DomainService - - C:\WINDOWS\system32\kdwpabsv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7637 bytes -
Bonjour, Depuis maintenant 1 semaine mon pc est infecté et AntiVir n'arrête pas d'afficher l'alerte du troyen TR/Dldr.Agen.ZV.1.B et je commence à peter les plombs A l'aide s'il vous plait