Exploit.ADODB.Stream.Y

dombilepetitlutin · le 3 septembre 2006

Voila, vois-tu ou est/sont le(s) problème(s) ?

Modifié le 3 septembre 2006 par dombilepetitlutin

Malekal_morte · le 3 septembre 2006

Télécharge SpySweeper - Télécharge SpySweeper - Aide SpySweeper

- Clic sur sur le lien "Free Trial" pour le télécharger tout à droite

- Installe le et démare le

- Il va te demander de télécharger la dernière définition, accepte

- Ensuite, clic sur le bouton Options à gauche

- Clic sur l'onglet Options

- Assure toi que les options suivantes sont cochées :

o Windows Registery

o Memory Object

o Cookies

o System Restore Folder

o Plus bas :

o Sweep all users accounts

o Sweep for rootkis

Ensuite télécharges et installes :

KillBox de Option^Explicit

Aide Killbox

-- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

Vide le contenu de ce dossier : c:\Documents and Settings\Alain\Local Settings\Temporary Internet Files\Content.IE5\

- Démarre SpySweeper

- Clic sur "Sweep Now" à gauche

- Clic sur le bouton "Start"

- Quand le scan est terminé, clic sur le bouton "Next"

- Assure toi que tout est coché et clic sur le bouton "Next"

- Lorsque tous les éléments trouvés ont été supprimés

- Clic sur "Session Log" en haut à droite, copie tous les élements du log.

Aide : N'hésite pas à consulter l'Aide de SpySweeper

sélectionne entièrement la liste ci-dessous :

Citation
C:\WINDOWS\System32\SVKP.sys
C:\WINDOWS\System32\V

c:\1.vbs

---> et tu fais clic droit / copier

Ouvres killbox

- Sélectionne "delete on reboot"

- Clique sur le menu "File" -> "Past from clip board"

- Clique sur la croix rouge et et blanche

- Répond yes et laisse redémarrer ton pc.

N'hésite pas à consulter l'Aide killbox

L'ordinateur va redémarrer.

Ccolle tout le log ici ainsi qu'un log HijackThis

dombilepetitlutin · le 3 septembre 2006

J'ai un probleme. Impossible de télécharger Killbox sa me dit que l'archive est de format inconnue ou endommagé alors que je l'ouvre avec WinRAR.

EDIT : Non c'est bon j'ai réussi a le trouver sans qu'il soit dans une archive .zip.

Modifié le 3 septembre 2006 par dombilepetitlutin

Malekal_morte · le 3 septembre 2006

Prb de DNS semble-t-il sur le domaine.

-> http://informatruc1.free.fr/desinfection/KillBox.exe

-> http://legalfree2.free.fr/informatruc/desi...ion/KillBox.exe

-> http://www.softpedia.com/progDownload/Pock...nload_locations

dombilepetitlutin · le 3 septembre 2006

19:58: Removal process completed. Elapsed time 00:00:17

19:58: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SSTFB.tmp". Reason: Le fichier spécifié est introuvable

19:58: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable

19:58: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SSTFC.tmp". Reason: Le fichier spécifié est introuvable

19:58: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable

19:58: Quarantining All Traces: weborama cookie

19:58: Quarantining All Traces: tripod cookie

19:58: Quarantining All Traces: servlet cookie

19:58: Quarantining All Traces: realmedia cookie

19:58: Quarantining All Traces: offeroptimizer cookie

19:58: Quarantining All Traces: fortunecity cookie

19:58: Quarantining All Traces: touchclarity cookie

19:58: Quarantining All Traces: fe.lea.lycos.com cookie

19:58: Quarantining All Traces: directtrack cookie

19:58: Quarantining All Traces: bizrate cookie

19:58: Quarantining All Traces: belnk cookie

19:58: Quarantining All Traces: hbmediapro cookie

19:58: Quarantining All Traces: 66.220.17 cookie

19:58: Quarantining All Traces: xiti cookie

19:58: Quarantining All Traces: bluestreak cookie

19:58: Quarantining All Traces: adtech cookie

19:58: Quarantining All Traces: mediapipe

19:58: Quarantining All Traces: apropos

19:58: Quarantining All Traces: trojan agent winlogonhook

19:58: Removal process initiated

19:47: Traces Found: 28

19:47: Full Sweep has completed. Elapsed time 00:28:37

19:47: File Sweep Complete, Elapsed Time: 00:26:54

19:47: Warning: Failed to access drive E:

19:47: Warning: Failed to access drive D:

19:20: Starting File Sweep

19:20: Warning: Failed to access drive A:

19:20: Cookie Sweep Complete, Elapsed Time: 00:00:00

19:20: c:\documents and settings\alain\cookies\alain@xiti[2].txt (ID = 3717)

19:20: c:\documents and settings\alain\cookies\alain@weborama[1].txt (ID = 3658)

19:20: Found Spy Cookie: weborama cookie

19:20: c:\documents and settings\alain\cookies\alain@tripod[1].txt (ID = 3591)

19:20: Found Spy Cookie: tripod cookie

19:20: c:\documents and settings\alain\cookies\alain@servlet[1].txt (ID = 3345)

19:20: Found Spy Cookie: servlet cookie

19:20: c:\documents and settings\alain\cookies\alain@renault.touchclarity[1].txt (ID = 3566)

19:20: c:\documents and settings\alain\cookies\alain@realmedia[2].txt (ID = 3235)

19:20: Found Spy Cookie: realmedia cookie

19:20: c:\documents and settings\alain\cookies\alain@offeroptimizer[1].txt (ID = 3087)

19:20: Found Spy Cookie: offeroptimizer cookie

19:20: c:\documents and settings\alain\cookies\alain@mediastay.directtrack[2].txt (ID = 2528)

19:20: c:\documents and settings\alain\cookies\alain@fortunecity[1].txt (ID = 2686)

19:20: Found Spy Cookie: fortunecity cookie

19:20: c:\documents and settings\alain\cookies\alain@ford.touchclarity[1].txt (ID = 3566)

19:20: Found Spy Cookie: touchclarity cookie

19:20: c:\documents and settings\alain\cookies\alain@fe.lea.lycos[2].txt (ID = 2660)

19:20: c:\documents and settings\alain\cookies\alain@fe.lea.lycos[1].txt (ID = 2660)

19:20: Found Spy Cookie: fe.lea.lycos.com cookie

19:20: c:\documents and settings\alain\cookies\alain@dist.belnk[2].txt (ID = 2293)

19:20: c:\documents and settings\alain\cookies\alain@directtrack[1].txt (ID = 2527)

19:20: Found Spy Cookie: directtrack cookie

19:20: c:\documents and settings\alain\cookies\alain@bluestreak[1].txt (ID = 2314)

19:20: c:\documents and settings\alain\cookies\alain@bizrate[1].txt (ID = 2308)

19:20: Found Spy Cookie: bizrate cookie

19:20: c:\documents and settings\alain\cookies\alain@belnk[1].txt (ID = 2292)

19:20: Found Spy Cookie: belnk cookie

19:20: c:\documents and settings\alain\cookies\alain@adtech[2].txt (ID = 2155)

19:20: c:\documents and settings\alain\cookies\alain@adopt.hbmediapro[2].txt (ID = 2768)

19:20: Found Spy Cookie: hbmediapro cookie

19:20: c:\documents and settings\alain\cookies\alain@66.220.17[1].txt (ID = 1991)

19:20: Found Spy Cookie: 66.220.17 cookie

19:20: c:\documents and settings\benjamin\cookies\benjamin@xiti[1].txt (ID = 3717)

19:20: Found Spy Cookie: xiti cookie

19:20: c:\documents and settings\benjamin\cookies\benjamin@bluestreak[1].txt (ID = 2314)

19:20: Found Spy Cookie: bluestreak cookie

19:20: c:\documents and settings\benjamin\cookies\benjamin@adtech[2].txt (ID = 2155)

19:20: Found Spy Cookie: adtech cookie

19:20: Starting Cookie Sweep

19:20: Registry Sweep Complete, Elapsed Time:00:00:19

19:20: HKU\WRSS_Profile_S-1-5-21-842925246-1343024091-725345543-1003\software\aprps\ (ID = 103740)

19:20: HKU\WRSS_Profile_S-1-5-21-842925246-1343024091-725345543-1006\software\aprps\ (ID = 103740)

19:20: Found Adware: apropos

19:20: HKLM\software\microsoft\mssmgr\ (ID = 937101)

19:20: Found Trojan Horse: trojan agent winlogonhook

19:20: HKLM\software\classes\appid\downloadmanager.exe\ (ID = 866963)

19:20: HKCR\appid\downloadmanager.exe\ (ID = 866684)

19:20: Found Adware: mediapipe

19:20: Starting Registry Sweep

19:20: Memory Sweep Complete, Elapsed Time: 00:01:00

19:19: Starting Memory Sweep

19:19: Sweep initiated using definitions version 753

19:19: Spy Sweeper 5.0.5.1286 started

19:19: | Start of Session, dimanche 3 septembre 2006 |

********

19:19: | End of Session, dimanche 3 septembre 2006 |

Keylogger Shield: On

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites Shield: Off

Hosts File Shield: On

Spy Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

19:18: Shield States

19:18: Spyware Definitions: 753

19:17: Spy Sweeper 5.0.5.1286 started

19:17: Program Version 5.0.5.1286 Using Spyware Definitions 753

18:40: Your spyware definitions have been updated.

Operation: File Access

Target:

Source: C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE

18:40: Tamper Detection

Keylogger Shield: On

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites Shield: Off

Hosts File Shield: On

Spy Communication Shield: On

18:37: Messenger service has been disabled.

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

18:37: Shield States

18:37: Spyware Definitions: 691

18:37: Spy Sweeper 5.0.5.1286 started

18:37: | Start of Session, dimanche 3 septembre 2006 |

********

Logfile of HijackThis v1.99.1

Scan saved at 20:07:04, on 03/09/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\WINDOWS\System32\RunDll32.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Opera\Opera.exe

C:\Documents and Settings\Benjamin\Mes documents\Mes documents\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe

O4 - HKLM\..\Run: [soundFusion] RunDll32 hercplgs.cpl,BootEntryPoint

O4 - HKLM\..\Run: [WOOTASKBARICON] "C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [WOOKIT] "C:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148737195947

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

dombilepetitlutin · le 3 septembre 2006