infecter par Trojan downloader vb.AIC (Résolu!) (1/6)

------

+ Créé à: 00:58:33 18/04/2007

+ Résultat de l'analyse:

C:\System Volume Information\_restore{88F0EC16-5093-454D-BD2D-4DD02919E000}\RP2\A0000005.exe -> Dropper.VB.lu : Nettoyé.
:mozilla.59:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.77:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.78:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.79:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.124:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.125:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.49:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.39:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.103:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.104:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.105:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.54:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.62:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.100:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Paypal : Nettoyé.
:mozilla.126:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.127:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.128:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.129:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.130:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.131:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.81:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé.
:mozilla.82:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé.
:mozilla.83:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé.
:mozilla.86:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé.
:mozilla.80:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.87:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.25:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.27:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.64:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.65:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.66:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\bov7cwcb.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

Fin du rapport

Scan saved at 01:15:57, on 18/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
c:\windows\system32\msjvms32.exe
c:\windows\system32\Iupdatesvc.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\test.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=c:\windows\system32\winauths.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IWinAuthService] c:\windows\system32\winauths.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5FA78DC-BAAB-4BDA-B531-BB20780F7F11}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

infecter par Trojan downloader vb.AIC

maghnia_abdel →

Le 15-04-2007 à 22:21 #

maghnia_abdel →

Le 16-04-2007 à 23:13 #

land3 →

Le 17-04-2007 à 11:53 #

maghnia_abdel →

Le 18-04-2007 à 01:14 #

land3 →

Le 18-04-2007 à 09:23 #

maghnia_abdel →

Le 18-04-2007 à 13:27 #

land3 →

Le 19-04-2007 à 08:40 #

maghnia_abdel →

Le 19-04-2007 à 23:00 #

plus10 →

Le 19-04-2007 à 23:18 #

maghnia_abdel →

Le 20-04-2007 à 02:33 #

Ces discussions pourraient vous intéresser également:

Sujets Connexes

Du nouveau ?

Connectés

Restos

Forums

Rechercher

Solidarité Haïti

1 Fan = 10 cents pour Haïti

Concours

Arakien & WéWé

	infecter par Trojan downloader vb.AIC	Page:
	» Liste des Forums » Virus, troyens, etc... » Discussion