| Voir le sujet précédent :: Voir le sujet suivant |
| Auteur |
Message |
!aur3n7
Dépanneur
Inscrit le: 11 Oct 2005
Messages: 1328
|
 Posté le: 16 Sep 2006 à 11:36 Sujet du message: |
 |
|
Bonjour,
On va aller plus en profondeur alors
Télécharge F-Secure Blacklight  F-Secure) https://europe.f-secure.com/blacklight/try.shtml
Un tuto: http://www.malekal.com/tutorial_f-secure_BlackLight.html
- Clic en bas sur I accept
- Dans la nouvelle fenêtre, clic sur le bouton en haut du tableau Download.
- Lance-le en double-cliquant sur le fichier blbeta.exe
- Accepte la licence, et clique enfin sur Scan puis sur next
- Poste le rapport qui a été créé sur ton bureau dans le fichier fsbl-bxxxx.log (les xxxx sont des chiffres).
- Fais un clique droit sur ce lien http://www.silentrunners.org/Silent%20Runners.vbs
* choisis enregistrer sous ou enregistrer la cible du lien sous (en fonction du navigateur)
* ferme toues les applications en cours
* lance silent runners
** Le premier message demande le type de scan --- clique sur non
** Le second t'informe que le scan débute (il se ferme tout seul apres quelques secondes)
** le troisieme indique que le scn est terminé
Il est important d'attentre ce 3° message sinon le rapport ne sera pas complet
Un fichier texte sera généré dans le même dossier que le script (startup-date et heure-)
Ouvre le et fais un copier coller de son contenu
attention ce rapport peut être tres long
a+ |
|
| Revenir en haut de page |
|
 |
grutendon
Inscrit le: 12 Sep 2006
Messages: 15
|
| Posté le: 16 Sep 2006 à 17:27 Sujet du message: |
|
|
Bonjour,
Le script vbs ne se lancait pas donc j'ai fait autrement (avec la faq du site), j'espere que le résultat est le même!
rapport F-Secure
09/16/06 16:56:19 [Info]: BlackLight Engine 1.0.46 initialized
09/16/06 16:56:19 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/16/06 16:56:19 [Note]: 7019 4
09/16/06 16:56:19 [Note]: 7005 0
09/16/06 16:56:22 [Note]: 7006 0
09/16/06 16:56:22 [Note]: 7011 312
09/16/06 16:56:22 [Note]: 7026 0
09/16/06 16:56:23 [Note]: 7026 0
09/16/06 16:56:37 [Note]: FSRAW library version 1.7.1019
09/16/06 17:02:26 [Note]: 4013 24208
09/16/06 17:02:26 [Note]: 4020 29 65536
09/16/06 17:02:26 [Note]: 4018 29 65536
09/16/06 17:05:10 [Note]: 4013 24138
09/16/06 17:05:10 [Note]: 4020 29 65536
09/16/06 17:05:10 [Note]: 4018 29 65536
09/16/06 17:06:13 [Note]: 4013 10481
09/16/06 17:06:13 [Note]: 4020 29 65536
09/16/06 17:06:13 [Note]: 4018 29 65536
09/16/06 17:06:57 [Note]: 4013 20673
09/16/06 17:06:57 [Note]: 4020 29 65536
09/16/06 17:06:57 [Note]: 4018 29 65536
09/16/06 17:07:20 [Note]: 4013 10481
09/16/06 17:07:20 [Note]: 4020 29 65536
09/16/06 17:07:20 [Note]: 4018 29 65536
09/16/06 17:08:16 [Note]: 2000 1006
09/16/06 17:09:30 [Note]: 7007 0
Rapport Silent Runners
"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"{8857D880-09E5-1036-1020-020102030021}" = ""C:\Program Files\Fichiers communs\{8857D880-09E5-1036-1020-020102030021}\Update.exe" mc-110-12-0000272" [file not found]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Pulse" = "C:\Program Files\Pulse\Pulse.exe -splash" [empty string]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"LXBTCATS" = "rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16" [MS]
"Tweak UI" = "RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp" [MS]
"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"PVModule" = "C:\PROGRA~1\PRINTV~1\pvmodule.exe" [null data]
"!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FDMIECookiesBHO Class"
\InProcServer32\(Default) = "C:\Program Files\Free Download Manager\iefdmcks.dll" [null data]
{D4E0C464-30CE-4075-9A10-71FD106C2847}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PrintViewBHO Class"
\InProcServer32\(Default) = "C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL" [empty string]
{DFECDA91-B8F7-483B-A2F3-F44C8F669365}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\gebcy.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
-> {HKLM...CLSID} = "Microsoft Office Binder Unbind"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1036\UNBIND.DLL" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}" = "wodShellMenu"
-> {HKLM...CLSID} = "wodShellMenu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wodShellMenu.dll" ["WeOnlyDo! COM"]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson Gestionnaire de fichiers"
-> {HKLM...CLSID} = "Sony Ericsson Gestionnaire de fichiers"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {HKLM...CLSID} = "Appareil mobile"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Wcesview.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! gebcy\DLLName = "C:\WINDOWS\system32\gebcy.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
EncodeDivXExt\(Default) = "{E9F5B111-CACC-4FD4-81FD-4EB4FD6765A3}"
-> {HKLM...CLSID} = "EncodeDivXContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\DivX\Dr.DivX\EncodeDivXExt.dll" [empty string]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}"
-> {HKLM...CLSID} = "IMMenuShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\IncrediMail\bin\IMShExt.dll" ["IncrediMail, Ltd."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
wodShellMenu\(Default) = "{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}"
-> {HKLM...CLSID} = "wodShellMenu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wodShellMenu.dll" ["WeOnlyDo! COM"]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
wodShellMenu\(Default) = "{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}"
-> {HKLM...CLSID} = "wodShellMenu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wodShellMenu.dll" ["WeOnlyDo! COM"]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
wodShellMenu\(Default) = "{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}"
-> {HKLM...CLSID} = "wodShellMenu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wodShellMenu.dll" ["WeOnlyDo! COM"]
Default executables:
--------------------
HKCU\Software\Classes\.bat\(Default) = (value not set)
HKCU\Software\Classes\.cmd\(Default) = (value not set)
HKCU\Software\Classes\.com\(Default) = (value not set)
HKCU\Software\Classes\.exe\(Default) = (value not set)
HKCU\Software\Classes\.hta\(Default) = "htafile"
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Fond d'écran.bmp"
Startup items in "Propriétaire" & "All Users" startup folders:
--------------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]
"Philips FunCam Monitor" -> shortcut to: "C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe" ["Arcsoft, Inc."]
Enabled Scheduled Tasks:
------------------------
"852DCFA682FE7C72" -> launches: "c:\progra~1\slowbleh\AmenTeamScr.exe" [file not found]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 46
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Créer un favori mobile..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS]
{45D67653-87D8-463D-B6C0-87E195D845FF}\
"ButtonText" = "Logocapt"
"MenuText" = "Logocapt"
"Exec" = "C:\Program Files\Logocapt\Logocapt.exe" [null data]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\
"ButtonText" = "Yahoo! Messenger"
"MenuText" = "Yahoo! Messenger"
"Exec" = "C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe" ["Yahoo! Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Service d'application d'assistance IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
5200 Series Port\Driver = "lxbtlmpm.DLL" ["Lexmark International, Inc."]
Lexmark Print-2-Fax Port\Driver = "LXPRMON.DLL" [null data]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 27 seconds) |
|
| Revenir en haut de page |
|
|
!aur3n7
Dépanneur
Inscrit le: 11 Oct 2005
Messages: 1328
|
| Posté le: 16 Sep 2006 à 19:18 Sujet du message: |
|
|
Re,
Ce log silent runners nous démontre la présence d'un fichier inhérent à Winfixer
-Télécharge Killbox http://www.downloads.subratam.org/KillBox.zip
- Décompresse le sur le bureau
-<Lance Pocketkillbox,
choisis l'option Delete on reboot
- clique sur all files
Copie le chemin de fichier entier, en gras ci-bas, et colle le dans la boîte Full Path of File to Delete :
C:\WINDOWS\system32\gebcy.dll
-Cliquer sur la croix blanche sur fond rouge:
- au message
** « File will be Deleted on Next Reboot » répondre OUI
** « File will be Removed on Reboot, Do you want to reboot now ? » répondre OUI
- supprime ce dossier C:\ !KillBox
Apres le redémarrage refais un nettoyage avec atfcleaner et jv16
-Fais un scan en ligne ici avec Internet explorer http://www.kaspersky.com/virusscanner
Un tuto http://www.malekal.com/scan_Av_en_ligne.html
* A la fin du scan sauvegarde et fais un copier coller du rapport d'analyse dans ta prochaine réponse
Post un nouveau rapport Hijackthis en même temps que ce rapport |
|
| Revenir en haut de page |
|
|
grutendon
Inscrit le: 12 Sep 2006
Messages: 15
|
| Posté le: 17 Sep 2006 à 4:10 Sujet du message: |
|
|
Re,
voici le report kapersky
Sunday, September 17, 2006 4:03:53 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 16/09/2006
Kaspersky Anti-Virus database records: 210873
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
G:\
H:\
I:\
J:\
Scan Statistics
Total number of scanned objects 203939
Number of viruses found 11
Number of infected objects 35 / 0
Number of suspicious objects 0
Duration of the scan process 03:16:26
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\grut\cert8.db Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\grut\formhistory.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\grut\history.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\grut\key3.db Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\grut\parent.lock Object is locked skipped
C:\Documents and Settings\Propriétaire\Bureau\bric a brac\KaTaNa's ScrIpT Version TakeDown\System\flooder Infected: Net-Worm.Win32.Randon skipped
C:\Documents and Settings\Propriétaire\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\grut\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\grut\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\grut\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\grut\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Temp\abm2.tmp Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Temp\Free Download Manager\tic4.tmp Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Temp\Free Download Manager\tic9.tmp Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Temp\ZLT0400a.TMP Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Temp\ZLT04024.TMP Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\AntiPhishing\07FB382D-AA75-4683-82F4-EAB265A275CB.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\ntuser.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1297\A0272327.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1297\A0272331.exe Infected: Trojan.Win32.Small.fb skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1300\A0272515.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1300\A0272521.exe Infected: Trojan.Win32.Small.fb skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1300\A0272547.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1300\A0272552.exe Infected: Trojan.Win32.Small.fb skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1301\A0272642.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1301\A0272649.exe Infected: Trojan.Win32.Small.fb skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1301\A0272718.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1301\A0272728.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1301\A0273726.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1301\A0274726.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1303\A0274810.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1303\A0274813.exe Infected: Trojan.Win32.Small.fb skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1303\A0274892.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1303\A0274897.exe Infected: Trojan.Win32.Small.fb skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1303\A0274906.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1303\A0274911.exe Infected: Trojan.Win32.Small.fb skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1305\A0275299.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1305\A0275302.exe Infected: Trojan.Win32.Small.fb skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1306\A0275456.exe/MP3r.exe Infected: Trojan-Downloader.Win32.Swizzor.i skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1306\A0275456.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1306\A0275466.exe Infected: Trojan-Dropper.Win32.VB.av skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1306\A0275500.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1306\A0275511.exe Infected: Trojan-Clicker.Win32.Small.kg skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1306\A0275513.exe Infected: Trojan.Win32.Small.hl skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1306\A0275534.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1308\A0275995.exe Infected: Trojan.Win16.Rebooter.a skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1308\A0275996.exe Infected: Trojan-Dropper.Win32.VB.av skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1308\A0275998.dll Infected: Trojan-Clicker.Win32.Rotarran skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1308\A0275999.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1308\A0276000.exe Infected: Trojan.Win32.Small.fb skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1308\A0276001.exe Infected: Trojan-Clicker.Win32.VB.dn skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1308\A0276002.exe Infected: Trojan-Clicker.Win32.VB.dn skipped
C:\System Volume Information\_restore{DA578DD8-E74E-46A0-BF5A-4D23F5508B5F}\RP1311\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\YONNIE.ldb Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{98DDCB8C-A71B-4E32-8A98-6807EB0384F8}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
et report hjt
Log supprimé
Merci pour l'aide! |
|
| Revenir en haut de page |
|
|
!aur3n7
Dépanneur
Inscrit le: 11 Oct 2005
Messages: 1328
|
| Posté le: 17 Sep 2006 à 9:58 Sujet du message: |
|
|
Bonjour,
Les fichiers détectés sont tous dans la restauration systeme on va donc nettoyer tout ca
- Désactive la restauration système
| Citation: |
Menu démarrer > panneau de configuration > système.
dans l'onglet restauration système coche la case :
Désactiver la restauration du système sur tous les lecteurs
clique sur ok
|
--**
Un petit complément, Ce log ne laisse paraitre aucune trace d'antivirus. Il serait bon d'en installer un au plus vite.
- En complément
Télécharge Spybot search and destroy
http://newpages.safer-networking.org/index.php?page=mirrors
nstalle le, scan et supprime tout ce qu'il trouve.
Apres ces derniers petits nettoyage il faudra recréer un point de restauration
- Réactive la restauration système
| Citation: |
Menu démarrer > panneau de configuration > système.
dans l'onglet restauration système décoche la case :
Désactiver la restauration du système sur tous les lecteurs
clique sur ok
|
--**
Connais tu ce programme Logocapt ?
Je ne trouve rien à son sujet. |
|
| Revenir en haut de page |
|
|
Lenouvdu44
Administrateur
Inscrit le: 01 Aoû 2005
Messages: 4919
Localisation: Grenoble
|
| Posté le: 17 Sep 2006 à 11:57 Sujet du message: |
|
|
| Citation: |
J'ai découvert dans mes adsenses une pub pour le site : www.logocapt.com
C'est un logiciel qui permet au quidam de faire une copie d'écran de votre page web ou de vos images et de télécharger l'affaire sur son mobile... via un petit paiement par SMS. Le truc qui m'énerve c'est que le paiement ne va pas dans votre poche mais dans celle de logocapt. |
si cela peut aider ...
_________________
L'nouv qui devient L'vieux |
|
| Revenir en haut de page |
|
|
grutendon
Inscrit le: 12 Sep 2006
Messages: 15
|
| Posté le: 17 Sep 2006 à 12:42 Sujet du message: |
|
|
| Laurent a écrit: |
Bonjour,
Les fichiers détectés sont tous dans la restauration systeme on va donc nettoyer tout ca
- Désactive la restauration système
| Citation: |
Menu démarrer > panneau de configuration > système.
dans l'onglet restauration système coche la case :
Désactiver la restauration du système sur tous les lecteurs
clique sur ok
|
--**
Un petit complément, Ce log ne laisse paraitre aucune trace d'antivirus. Il serait bon d'en installer un au plus vite.
- En complément
Télécharge Spybot search and destroy
http://newpages.safer-networking.org/index.php?page=mirrors
nstalle le, scan et supprime tout ce qu'il trouve.
Apres ces derniers petits nettoyage il faudra recréer un point de restauration
- Réactive la restauration système
| Citation: |
Menu démarrer > panneau de configuration > système.
dans l'onglet restauration système décoche la case :
Désactiver la restauration du système sur tous les lecteurs
clique sur ok
|
--**
Connais tu ce programme Logocapt ?
Je ne trouve rien à son sujet. |
Je ferais ca. En revenche, j'ai déjà spybot ainsi que avast et adaware.
Quoi qu'il en soit je fais ca merci. |
|
| Revenir en haut de page |
|
|
grutendon
Inscrit le: 12 Sep 2006
Messages: 15
|
| Posté le: 18 Sep 2006 à 0:24 Sujet du message: |
|
|
Voila tout est fait.
Je reposte un log pour savoir si y'a encore des trucs a faire.
Log supprimé
Merci! |
|
| Revenir en haut de page |
|
|
!aur3n7
Dépanneur
Inscrit le: 11 Oct 2005
Messages: 1328
|
| Posté le: 18 Sep 2006 à 6:16 Sujet du message: |
|
|
Bonjour,
A voir ce log il me semble correct mais le meilleur moyen d'en être certain ce sera toi qui lors de l'utilisation remarquera un souci ou des symptomes.
a+ |
|
| Revenir en haut de page |
|
|
grutendon
Inscrit le: 12 Sep 2006
Messages: 15
|
| Posté le: 18 Sep 2006 à 20:54 Sujet du message: |
|
|
Merci beaucoup pour votre aide!
Ca me le fait toujours, mais moins qu avant(je l'ai eu deux fois pour le moment aujourd'hui, dont une fois cet aprem ou j'ai ouvert plein de pages) Ca a l'air de le faire avec la 1ere page ouverte puis plus trop après. J'espere que ca va pas reprendre a fond!
Merci encore! |
|
| Revenir en haut de page |
|
|
Ajouter à : 
|
|
Ce que nous vous conseillons :
