Trojan-Dropper.Agent.AIUB

voici les liens (en esperant que j ai bien fais)
http://www.cijoint.fr/cjlink.php?file=cj200905/cijO477OhL.txt
http://www.cijoint.fr/cjlink.php?file=cj200905/cij0vMzgpF.txt

à te lire merci

petite precision stp :
c est le texte suivant :
:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
[2009/05/11 10:59:08 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005245_.tmp.dll
[2009/05/11 10:59:07 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005213_.tmp.dll
[2007/11/09 22:09:09 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll

:Commands
[purity]
[emptytemp]
[Reboot]/quote







ou celui ci :
:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
[2009/05/11 10:59:08 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005245_.tmp.dll
[2009/05/11 10:59:07 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005213_.tmp.dll
[2007/11/09 22:09:09 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll

voici le resulat :

========== OTLISTIT ==========
No active process named explorer.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
File C:\WINDOWS\System32\_005245_.tmp.dll not found.
File C:\WINDOWS\System32\_005213_.tmp.dll not found.
File C:\WINDOWS\SlantAdj.dll not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temp\tmphut3_1 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temp\ZLT01dc1.TMP scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temp\ZLT01dd1.TMP scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temp\~DF640A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temp\~DF9D0D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temp\~DFD45C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_a54.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05162009_212446

Files moved on Reboot...
File C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temp\ZLT01dc1.TMP not found!
File C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temp\ZLT01dd1.TMP not found!
File C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_a54.dat not found!
File C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temp\tmphut3_1 not found!
File C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temp\~DF640A.tmp not found!
File C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temp\~DF9D0D.tmp not found!
File C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temp\~DFD45C.tmp not found!

Registry entries deleted on Reboot...

JAVA maj, Adobe reader maj
voici le resultat (negatif) de MBAM

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2142
Windows 5.1.2600 Service Pack 3

16/05/2009 22:15:33
mbam-log-2009-05-16 (22-15-33).txt

Type de recherche: Examen rapide
Eléments examinés: 109256
Temps écoulé: 5 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

pas encore lancé. je le fais de suite

tu me vois déçu !!
Spywaredoctor l a encore détecté :


Rapport d'activité sur Spyware Doctor
Généré le 16/05/2009 22:23:41 Page d'accueil de Spyware Doctor Page d'accueil de PC Tools Assistance technique


Analyses (informations de base uniquement) :

Résultats de l'analyse :
démarrage de l'analyse : 16/05/2009 22:26:39
arrêt de l'analyse : 16/05/2009 23:16:17
Eléments analysés : 111191
éléments trouvés : 9
trouvés et ignorés : 0
outils utilisés : General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



Nom de l'infection Emplacement Risque
Application.TrackingCookies C:\Documents and Settings\LADOPAFAMILY\Cookies\ladopafamily@cybermonitor[1].txt Bas
Application.TrackingCookies C:\Documents and Settings\LADOPAFAMILY\Cookies\ladopafamily@estat[1].txt Bas
Application.TrackingCookies C:\Documents and Settings\LADOPAFAMILY\Cookies\ladopafamily@xiti[1].txt Bas
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{489873CE-F3E1-44A3-8E89-04BE26BE4446} Moyen
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{489873CE-F3E1-44A3-8E89-04BE26BE4446}## Moyen
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{489873CE-F3E1-44A3-8E89-04BE26BE4446}##Compatibility Flags Moyen
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F01CD512-AE66-45BD-B182-EED2D68E9FA2} Moyen
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F01CD512-AE66-45BD-B182-EED2D68E9FA2}## Moyen
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F01CD512-AE66-45BD-B182-EED2D68E9FA2}##Compatibility Flags Moyen





que faire maintenant ?

salut, me revoila,

voici le resultat OtMOVEiT :
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Documents and Settings\LADOPAFAMILY\Cookies\ladopafamily@cybermonitor[1].t­xt not found.
File/Folder C:\Documents and Settings\LADOPAFAMILY\Cookies\ladopafamily@estat[1].txt not found.
C:\Documents and Settings\LADOPAFAMILY\Cookies\ladopafamily@xiti[1].txt moved successfully.
========== REGISTRY ==========
Registry key HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{489873CE-F3E1-44A3-8E89-04BE26BE4446}\\ deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F01CD512-AE66-45BD-B182-EED2D68E9FA2}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\LADOPA~1\LOCALS~1\Temp\ZLT01e5c.TMP scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\LADOPA~1\LOCALS~1\Temp\ZLT01e73.TMP scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temporary Internet Files\Content.IE5\GRWH2VQ6\google_fr[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temporary Internet Files\Content.IE5\3K3LA85N\affich-12483459-trojan-dropper-agent-aiub[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_d6c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_448.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05172009_100551

Files moved on Reboot...
File C:\DOCUME~1\LADOPA~1\LOCALS~1\Temp\ZLT01e5c.TMP not found!
File C:\DOCUME~1\LADOPA~1\LOCALS~1\Temp\ZLT01e73.TMP not found!
C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temporary Internet Files\Content.IE5\GRWH2VQ6\google_fr[1].htm moved successfully.
C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temporary Internet Files\Content.IE5\3K3LA85N\affich-12483459-trojan-dropper-agent-aiub[1].htm moved successfully.
C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_d6c.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_448.dat not found!


je relance Spyware pour voir et 'j'te dis quoi'

je ne sais pas si tu as eu des réponses :

Salut, me revoila,

voici le resultat OtMOVEiT :
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Documents and Settings\LADOPAFAMILY\Cookies\ladopafamily@cybermonitor[1].t­­xt not found.
File/Folder C:\Documents and Settings\LADOPAFAMILY\Cookies\ladopafamily@estat[1].txt not found.
C:\Documents and Settings\LADOPAFAMILY\Cookies\ladopafamily@xiti[1].txt moved successfully.
========== REGISTRY ==========
Registry key HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{489873CE-F3E1-44A3-8E89-04BE26BE4446}\\ deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F01CD512-AE66-45BD-B182-EED2D68E9FA2}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\LADOPA~1\LOCALS~1\Temp\ZLT01e5c.TMP scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\LADOPA~1\LOCALS~1\Temp\ZLT01e73.TMP scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temporary Internet Files\Content.IE5\GRWH2VQ6\google_fr[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temporary Internet Files\Content.IE5\3K3LA85N\affich-12483459-trojan-dropper-ag­ent-aiub[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_d6c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_448.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05172009_100551

Files moved on Reboot...
File C:\DOCUME~1\LADOPA~1\LOCALS~1\Temp\ZLT01e5c.TMP not found!
File C:\DOCUME~1\LADOPA~1\LOCALS~1\Temp\ZLT01e73.TMP not found!
C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temporary Internet Files\Content.IE5\GRWH2VQ6\google_fr[1].htm moved successfully.
C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temporary Internet Files\Content.IE5\3K3LA85N\affich-12483459-trojan-dropper-ag­ent-aiub[1].htm moved successfully.
C:\Documents and Settings\LADOPAFAMILY\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_d6c.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_448.dat not found!


je relance Spyware pour voir et 'j'te dis quoi'



14
chdom02, le dimanche 17 mai 2009 à 11:41:21

Bebete toujours présente sur sPYWARE DOCTOR, se nettoie mais revient toujours


Rapport d'activité sur Spyware Doctor
Généré le 17/05/2009 10:13:32 Page d'accueil de Spyware Doctor Page d'accueil de PC Tools Assistance technique


Analyses (informations de base uniquement) :

Résultats de l'analyse :
démarrage de l'analyse : 17/05/2009 10:16:07
arrêt de l'analyse : 17/05/2009 11:38:04
Eléments analysés : 190740
éléments trouvés : 7
trouvés et ignorés : 0
outils utilisés : General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



Nom de l'infection Emplacement Risque
Application.TrackingCookies C:\Documents and Settings\LADOPAFAMILY\Cookies\ladopafamily@xiti[1].txt Bas
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{489873CE-F3E1-44A3-8E89-04BE26BE4446} Moyen
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{489873CE-F3E1-44A3-8E89-04BE26BE4446}## Moyen
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{489873CE-F3E1-44A3-8E89-04BE26BE4446}##Compat­ibility Flags Moyen
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F01CD512-AE66-45BD-B182-EED2D68E9FA2} Moyen
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F01CD512-AE66-45BD-B182-EED2D68E9FA2}## Moyen
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F01CD512-AE66-45BD-B182-EED2D68E9FA2}##Compat­ibility Flags Moyen


Autres sections :



dans l attente de tes consignes pour nettoyage definitif

oui
mais n a rien detecté

ok et je lance quoi apres

??? en relançant spyware doctor, ou dans regedit ????????

ok, je realnce l anayse
à tout à l heure

je ne comprends plus. ce matin, à 11h38 pb toujours présent
(Rapport d'activité sur Spyware Doctor
Généré le 17/05/2009 10:13:32 Page d'accueil de Spyware Doctor Page d'accueil de PC Tools Assistance technique
Analyses (informations de base uniquement) :
Résultats de l'analyse :
démarrage de l'analyse : 17/05/2009 10:16:07
arrêt de l'analyse : 17/05/2009 11:38:04
Eléments analysés : 190740
éléments trouvés : 7
trouvés et ignorés : 0
outils utilisés : General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner
Nom de l'infection Emplacement Risque
Application.TrackingCookies C:\Documents and Settings\LADOPAFAMILY\Cookies\ladopafamily@xiti[1].txt Bas
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{489873CE-F3E1-44A3-8E89-04BE26BE4446} Moyen
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{489873CE-F3E1-44A3-8E89-04BE26BE4446}## Moyen
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{489873CE-F3E1-44A3-8E89-04BE26BE4446}##Compatibility Flags Moyen
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F01CD512-AE66-45BD-B182-EED2D68E9FA2} Moyen
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F01CD512-AE66-45BD-B182-EED2D68E9FA2}## Moyen
Trojan-Dropper.Agent.AIUB HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F01CD512-AE66-45BD-B182-EED2D68E9FA2}##Compatibility Flags Moyen )




et là maintenant, disparu, meme pas besoin de le supprimer ou mettre en quarantaine :

Rapport d'activité sur Spyware Doctor
Généré le 17/05/2009 16:09:24 Page d'accueil de Spyware Doctor Page d'accueil de PC Tools Assistance technique
Analyses (informations de base uniquement) :
Résultats de l'analyse :
démarrage de l'analyse : 17/05/2009 16:11:57
arrêt de l'analyse : 17/05/2009 17:12:47
Eléments analysés : 140278
éléments trouvés : 3
trouvés et ignorés : 0
outils utilisés : General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner

Nom de l'infection Emplacement Risque
Application.TrackingCookies C:\Documents and Settings\LADOPAFAMILY\Cookies\ladopafamily@cybermonitor[1].txt Bas
Application.TrackingCookies C:\Documents and Settings\LADOPAFAMILY\Cookies\ladopafamily@estat[1].txt Bas
Application.TrackingCookies C:\Documents and Settings\LADOPAFAMILY\Cookies\ladopafamily@xiti[1].txt Bas

Autres sections :


qu en penses tu ?

que faisons nous maintenant ?
rien ou d autres analyses ?


comment et ou ce genre de bebete se chope ?


ais je bien les bons outils de detections et nettoyage ?

il ne s installe pas en permanence danc pas de desinstal