Trojan / scan HijackThis - Page 2

Précédent
  • 1
  • 2
  1. ric025
     
    Je crois que vinc n'avait pas vu ton précédent post! ;)
    0
  2. gen-hackman
     
    lol.....POST 17 !!(desole pour le ton)
    0
  3. vinc_56
     
    ---------\\ ToolBar S&D 1.2.5 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2500+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Vincent ( Administrator )
    BOOT : Normal boot
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:14 Go (Free:0 Go)
    D:\ (Local Disk) - NTFS - Total:89 Go (Free:5 Go)
    E:\ (Local Disk) - NTFS - Total:10 Go (Free:8 Go)
    F:\ (CD or DVD)
    G:\ (CD or DVD)
    H:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
    Option : [1] ( 26/11/2008|18:51 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\AskSBar
    C:\Program Files\AskSBar\bar
    C:\Program Files\AskSBar\bar\1.bin
    C:\Program Files\AskSBar\bar\Cache
    C:\Program Files\AskSBar\bar\History
    C:\Program Files\AskSBar\bar\Settings
    C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
    C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
    C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
    C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
    C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
    C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
    C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
    C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL
    C:\Program Files\AskSBar\bar\Cache\0024BB42.bin
    C:\Program Files\AskSBar\bar\Cache\0024BCD8.bin
    C:\Program Files\AskSBar\bar\Cache\0024BE11.bin
    C:\Program Files\AskSBar\bar\Cache\0024BF59.bin
    C:\Program Files\AskSBar\bar\Cache\0024C0B1.bin
    C:\Program Files\AskSBar\bar\Cache\0024C1CA.bin
    C:\Program Files\AskSBar\bar\Cache\files.ini
    C:\Program Files\AskSBar\bar\History\search2
    C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
    E:\Temp\ICD1.tmp

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="https://www.msn.com/fr-fr"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !
    0
  4. gen-hackman
     
    et bien je pense que maintenant :

    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 2.
    * Poste le rapport généré. (C:\TB.txt)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. vinc_56
     
    SmitFraudFix v2.378

    Rapport fait à 18:54:59,20, 26/11/2008
    Executé à partir de C:\Documents and Settings\Vincent\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ARCGIS\CRACK ARCGIS\lmgrd.exe
    C:\WINDOWS\system32\sstray.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\oneclick\oneclick.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\ARCGIS\CRACK ARCGIS\ESRI.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Vincent

    »»»»»»»»»»»»»»»»»»»»»»»» E:\Temp

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Vincent\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    C:\DOCUME~1\Vincent\MENUDM~1\PROGRA~1\homeview PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Vincent\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NVIDIA nForce MCP Networking Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.40.241
    DNS Server Search Order: 212.27.40.240

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{295CAA68-96A0-4F38-883E-6ABB9A67F358}: DhcpNameServer=212.27.40.241 212.27.40.240

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  7. vinc_56
     
    PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    File/Folder c:\program files\askbar\bar\1.bin\askbar.dll not found.
    File/Folder c:\windows\system32\kdiwu.exe not found.
    File/Folder c:\windows\system32\kduuj.exe not found.
    ========== COMMANDS ==========
    File delete failed. E:\Temp\etilqs_tqcmJsmnYDKqM9bXgeY7 scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\Vincent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4jjqlag.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Vincent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4jjqlag.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Vincent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4jjqlag.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Vincent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4jjqlag.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Vincent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4jjqlag.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Vincent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4jjqlag.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11262008_190017

    Files moved on Reboot...
    File E:\Temp\etilqs_tqcmJsmnYDKqM9bXgeY7 not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    C:\Documents and Settings\Vincent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4jjqlag.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\Vincent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4jjqlag.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\Vincent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4jjqlag.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\Vincent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4jjqlag.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\Vincent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4jjqlag.default\urlclassifier3.sqlite moved successfully.
    C:\Documents and Settings\Vincent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4jjqlag.default\XUL.mfl moved successfully.
    0
  8. gen-hackman
     
    ceci depasse mes competences je te souhaite donc une bonne soiree et espere que quelqu'un pourra te venir en aide
    0
  9. vinc_56
     
    Désolé j'avais pas vue les derniers posts,

    je vous transmet le rapport demandé de Toolbar-S&D ce soir,

    je n'ai pas le pc dans la journée.
    0
  10. gen-hackman
     
    et evite de faire ce qu'il ne t est pas demande ca evitera de planter ton systeme
    0
Précédent
  • 1
  • 2