yoylebarjo
-
Compteur de contenus
4 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par yoylebarjo
-
Aide analyse rapport HijackThis
yoylebarjo a répondu à un sujet dans Analyses et éradication malwares
hallelujah !!! Suite a cette manip', je me suis hasarde a changer tout simplement la page de demarrage dans mes options internet de internet explorer, et ce coup-ci ca marche... OUF !! Un grand merci a toi Chrifleur de m'avoir aiguille sur ComboFix...!! -
Aide analyse rapport HijackThis
yoylebarjo a répondu à un sujet dans Analyses et éradication malwares
Rapport ComboFix: ComboFix 08-04-12.7 - G Ray 2008-04-13 16:02:28.1 - NTFSx86 Running from: C:\Documents and Settings\G Ray\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Mr Gautam Ray\Application Data\hidires C:\Documents and Settings\Mr Gautam Ray\Application Data\hidires\hidr.exe C:\Documents and Settings\Mr Gautam Ray\Application Data\hidires\rosa.sys . ---- Previous Run ------- . C:\Program Files\internet explorer\iekey.dll C:\WINDOWS\exefld . ((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))) . 2008-04-13 10:48 . 2008-04-13 10:48 <DIR> d-------- C:\_OTMoveIt 2008-04-12 20:00 . 2008-04-12 20:01 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-10 20:49 . 2008-03-29 23:53 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-04-10 20:49 . 2008-03-30 00:05 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-04-10 20:49 . 2008-01-17 22:04 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-04-10 20:49 . 2008-03-30 00:01 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys 2008-04-10 20:49 . 2008-03-29 23:57 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-04-10 20:49 . 2008-03-29 23:56 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-04-10 20:49 . 2008-03-29 23:59 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-04-10 20:49 . 2008-03-30 00:05 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys 2008-04-10 20:48 . 2008-03-30 00:15 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-04-10 20:48 . 2004-01-09 14:43 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-04-09 20:20 . 2008-04-10 18:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-04-09 19:55 . 2008-04-13 10:55 <DIR> d-------- C:\Program Files\Antivirus 2008-04-09 17:40 . 2008-04-09 17:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft 2008-04-09 17:16 . 2008-04-09 17:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-08 20:04 . 2008-04-08 20:04 10,026 -rahs---- C:\WINDOWS\system32\snake.exe.vbs 2008-03-28 11:47 . 2008-03-28 11:47 <DIR> d-------- C:\Games 2008-03-28 11:41 . 2008-03-28 11:44 <DIR> d-------- C:\Program Files\Street Challenge 2008-03-26 22:20 . 2008-03-26 22:20 <DIR> d-------- C:\Program Files\EA SPORTS 2008-03-26 22:14 . 2008-03-27 11:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-03-26 22:13 . 2008-03-27 11:05 <DIR> d-------- C:\Program Files\GameSpy Arcade 2008-03-22 15:53 . 2008-03-22 15:53 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-03-22 12:47 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-22 12:47 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-22 12:47 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-22 06:35 --------- d-----w C:\Program Files\Windows Live 2008-08-22 06:35 --------- d-----w C:\Program Files\MSN Messenger 2008-08-22 06:34 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-08-22 06:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2008-08-22 06:15 9,192,136 ----a-w C:\INSTALL_MSN_MESSENGER_NT.EXE 2008-03-30 07:35 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-22 10:14 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17 4670704] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-06 09:01 171448] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 16:20 155648] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-05-23 18:20 974898] "DSLSTATEXE"="C:\Program Files\GlobespanVirata\Adsl\dslstat.exe" [2001-10-24 23:41 356352] "DSLAGENTEXE"="C:\Program Files\GlobespanVirata\Adsl\dslagent.exe" [2003-09-19 01:22 16384] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 17:10 49152] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 19:08 172032] "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-03 02:26 40960] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 11:27 344064] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-30 00:07 79224] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a73f5740-40eb-11db-95d3-000d8743c19c}] \Shell\AutoRun\command - G:\SSVICHOSST.exe \Shell\Open\command - G:\SSVICHOSST.exe . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-13 16:04:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-13 16:05:32 ComboFix-quarantined-files.txt 2008-04-13 10:35:20 Pre-Run: 370,438,144 bytes free Post-Run: 360,845,312 bytes free . 2008-04-10 02:00:51 --- E O F --- -
Aide analyse rapport HijackThis
yoylebarjo a répondu à un sujet dans Analyses et éradication malwares
J'ai oublie de joindre le rapport HijackThis: __________________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:31:28 PM, on 4/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscript.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\GlobespanVirata\Adsl\dslstat.exe C:\Program Files\GlobespanVirata\Adsl\dslagent.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\vsnp2std.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Antivirus\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sandeep-verma.blogspot.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sandeep Verma F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\snake.exe.vbs O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-21-1275210071-448539723-682003330-1003\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?') O4 - HKUS\S-1-5-21-1275210071-448539723-682003330-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?') O4 - HKUS\S-1-5-21-1275210071-448539723-682003330-1003\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{FB8399C7-8030-49A6-82C4-217F0E497E42}: NameServer = 202.56.215.54 202.56.215.55 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GRAY~1\LOCALS~1\Temp\hpdj.exe (file missing) O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe -- End of file - 6589 bytes ________________________________________________________________________________ _________________________________________________________________________________ __________________________ StartupList report, 4/12/2008, 8:32:04 PM StartupList version: 1.52.2 Started from : C:\Program Files\Antivirus\HiJackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscript.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\GlobespanVirata\Adsl\dslstat.exe C:\Program Files\GlobespanVirata\Adsl\dslagent.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\vsnp2std.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Antivirus\HiJackThis.exe C:\WINDOWS\notepad.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\snake.exe.vbs -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run NeroCheck = C:\WINDOWS\system32\\NeroCheck.exe InCD = C:\Program Files\Ahead\InCD\InCD.exe DSLSTATEXE = C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon DSLAGENTEXE = C:\Program Files\GlobespanVirata\Adsl\dslagent.exe HP Software Update = C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe DeviceDiscovery = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" AlcxMonitor = ALCXMNTR.EXE Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" snp2std = C:\WINDOWS\vsnp2std.exe avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe MsnMsgr = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} -------------------------------------------------- Enumerating Download Program Files: [installation Support] InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- End of report, 5,973 bytes Report generated in 0.047 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only -
Aide analyse rapport HijackThis
yoylebarjo a répondu à un sujet dans Analyses et éradication malwares
Deja, merci beaucoup de m'aider J'ai fait ce que vous suggeriez, et voici le rapport de SDFix: _________________________________________________________________________ SDFix: Version 1.169 Run by G Ray on Sat 04/12/2008 at 08:03 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\GRAY~1\Desktop\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-12 20:14:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:000000af scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\DOCUME~1\GRAY~1\Desktop\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 5 Feb 2001 34,331 A..H. --- "C:\Compaq\Monitors\5500\INSTALL.EXE" Tue 19 Mar 2002 21,653 A..H. --- "C:\Compaq\Monitors\5500\SETMON.EXE" Sat 13 Nov 2004 37,376 A..H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe" Sat 22 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT1.tmp" Finished! ________________________________________________________________________________ __ Alors je suis pas un expert, mais ce rapport semble dire qu'il n'y a pas de probleme particulier... Pourtant je vous confirme mon probleme: ma page de demarage internet explorer est systematiquement: http://sandeep-verma.blogspot.com/ Que faire??