Analyse Genproc et hijackthis

Résolu
yoyochtka Messages postés 290 Statut Membre -  
yoyochtka Messages postés 290 Statut Membre -
Bonjour,a tous
je suis embeté par plein de cochoneries quelqu'un peut il analyser ela svp et me donner son avis
Merci d'avance

--

yoyochtka
Configuration: Windows Vista
Internet Explorer 7.0

5 réponses

  1. kevbdx Messages postés 398 Statut Membre 6
     
    malware's bytes + scan de ton anti virus
    0
    1. yoyochtka Messages postés 290 Statut Membre 36
       
      --Désolé j'ai ublié de coller les raports
      Initialisation GenProc 2.323 [09/01/2009] à [21:06:23,55]

      *** Liste des composants GenProc ***

      C:\Users\yoyochtka\Documents\My Completed Downloads\!CID_0~12.GIF
      C:\Users\yoyochtka\Documents\My Completed Downloads\15-_A_diffuser_encore_et_encore.mpg
      C:\Users\yoyochtka\Documents\My Completed Downloads\banniere-49035.gif
      C:\Users\yoyochtka\Documents\My Completed Downloads\banniere-49060.gif
      C:\Users\yoyochtka\Documents\My Completed Downloads\Debug.txt
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags
      C:\Users\yoyochtka\Documents\My Completed Downloads\GenProc.zip
      C:\Users\yoyochtka\Documents\My Completed Downloads\HiJackThis.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\hijackthis.log
      C:\Users\yoyochtka\Documents\My Completed Downloads\image002.jpg
      C:\Users\yoyochtka\Documents\My Completed Downloads\JCC.xls
      C:\Users\yoyochtka\Documents\My Completed Downloads\poilus d'...JPG
      C:\Users\yoyochtka\Documents\My Completed Downloads\r1.wmv
      C:\Users\yoyochtka\Documents\My Completed Downloads\_1230080135_001.pdf
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\CD-Analogue-USB-36e1
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\CH-SkiChallenge08.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\changeLog.txt
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\dap86.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\dap9.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\Defenza.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\DivXInstaller.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\DSLtest2006.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\ed2k.reg
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\Everest Poker.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\FotoSketcher.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\FreeVideoToMp3Converter.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\Install.EXE
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\Installation_WLMessenger2009.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\install_SetupSopCast3.0.32008430.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\ObjectifTarot.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\Official-eMule_setup.exe.dap
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\Plug-in_messagerie_vocale_888.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\posteriza_install.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\ProgrammeTV.gadget
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\Setup-SopCast-3.0.3-2008-4-30.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\setup.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\setup.log
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\setup_calendar.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\SopCast.zip
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\tarot.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\VistaTcpipUacPatch1.6.rar
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\Windows6.0-KB931621-x86.msu
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\winkaa1.0.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\WLinstaller.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\yesmessenger.exe
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\CD-Analogue-USB-36e1\CD-Analogue-USB-36e1
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\CD-Analogue-USB-36e1\CD-Analogue-USB-36e1\hcwdlace_Copying.txt
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\CD-Analogue-USB-36e1\CD-Analogue-USB-36e1\HCWOEM.bmp
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\CD-Analogue-USB-36e1\CD-Analogue-USB-36e1\Scheduler
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\CD-Analogue-USB-36e1\CD-Analogue-USB-36e1\Vtplus32
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\CD-Analogue-USB-36e1\CD-Analogue-USB-36e1\Scheduler\WinTV Scheduler
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\CD-Analogue-USB-36e1\CD-Analogue-USB-36e1\Scheduler\WinTV Scheduler\INSTALL.LOG
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\CD-Analogue-USB-36e1\CD-Analogue-USB-36e1\Scheduler\WinTV Scheduler\scheduler.dat
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\CD-Analogue-USB-36e1\CD-Analogue-USB-36e1\Vtplus32\Update
      C:\Users\yoyochtka\Documents\My Completed Downloads\Dossier application\CD-Analogue-USB-36e1\CD-Analogue-USB-36e1\Vtplus32\Update\ReadMe_first.txt
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\8_Idiotas.wm
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\A.Jesus_te_regarde.pps
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\Accidents insolites1.pps
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\Baiser_de_Femme_Serpent__NEW.wmv
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\Blagues_courteslaetitia.pps
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\bush_a_l_ecole.pps
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\chasse__aux_phoques.mpeg
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\chien_GIGN.wmv
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\dessinsderue.pps
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\Ecureuil.wmv
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\euthanasie_m_24_11_07_jpg.JPG
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\Faitesdespaires.pps
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\ho le con.wmv
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\Horoscope.pps
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\Images_Droles.pps
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\Ivre_billard.wmv
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\L-argent_3_.JP.G.pps
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\laughing_babies(bj).wmv
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\Lesfemmesnecomprendrontjamais.wmv
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\Les_bienfaits_du_sexe1.pps
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\NouvellesTetines.pps
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\paparazzi...wmv
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\parachutejo.pps
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\perles du bac 2006.xls
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\Pimmel im Gesicht.wmv
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\Presque.wmv
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\RANCUNIER.pps
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\Rock au Maroc.mp3
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\Sculptures_de_sable(11.03)T.PPS
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\shrek.jpg
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\Voiturepourfemme.wmv
      C:\Users\yoyochtka\Documents\My Completed Downloads\Gags\zodiaque-_jph.pps

      *** Liste des étapes franchies avec succès ***



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:39:49, on 09/01/2009
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\DesktopEarth\DesktopEarth.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      C:\Users\yoyochtka\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\system32\igfxsrvc.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Users\yoyochtka\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Java\jre6\bin\javaw.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
      c:\users\yoyochtka\appdata\local\oqmks.exe
      C:\Windows\system32\conime.exe
      C:\Program Files\DAP\DAP.EXE
      C:\Users\yoyochtka\Documents\My Completed Downloads\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
      O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [oqmks] "c:\users\yoyochtka\appdata\local\oqmks.exe" oqmks
      O4 - Startup: Outil de notification Live Search.lnk = yoyochtka\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
      O4 - Global Startup: DesktopEarth AutoStart.lnk = ?
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
      O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
      O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
      O13 - Gopher Prefix:
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      0
      1. yoyochtka Messages postés 290 Statut Membre 36 > yoyochtka Messages postés 290 Statut Membre
         
        Bonjour de nouveau là avec le rapport malware
        Malwarebytes' Anti-Malware 1.32
        Version de la base de données: 1637
        Windows 6.0.6001 Service Pack 1

        10/01/2009 09:09:43
        2ieme analyse

        Type de recherche: Examen rapide
        Eléments examinés: 50116
        Temps écoulé: 4 minute(s), 57 second(s)

        Processus mémoire infecté(s): 0
        Module(s) mémoire infecté(s): 0
        Clé(s) du Registre infectée(s): 3
        Valeur(s) du Registre infectée(s): 0
        Elément(s) de données du Registre infecté(s): 0
        Dossier(s) infecté(s): 0
        Fichier(s) infecté(s): 1

        Processus mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Module(s) mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Clé(s) du Registre infectée(s):
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e49a9fcb-faa9-4c1f-a1c1-54920da2cca4} (Adware.EGDAccess) -> No action taken.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Lop) -> No action taken.
        HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> No action taken.

        Valeur(s) du Registre infectée(s):
        (Aucun élément nuisible détecté)

        Elément(s) de données du Registre infecté(s):
        (Aucun élément nuisible détecté)

        Dossier(s) infecté(s):
        (Aucun élément nuisible détecté)

        Fichier(s) infecté(s):
        C:\Program Files\eoRezo (Rogue.Eorezo) -> No action taken.

        Bonne journée

        0
  2. kevbdx Messages postés 398 Statut Membre 6
     
    supprime je pense les clés infectés
    0
  3. yoyochtka Messages postés 290 Statut Membre 36
     
    --slt comment faut il faire pour y acceder aux clés?

    yoyochtka
    0
  4. kevbdx Messages postés 398 Statut Membre 6
     
    clique droit sur le poste de travail et "gerer" mais fait un scan de malware's bytes mais par le rapport juste un scan puis tu pourras les supprimers.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. yoyochtka Messages postés 290 Statut Membre 36
     
    --je ne trouve rien qui corespond

    yoyochtka
    0
    1. yoyochtka Messages postés 290 Statut Membre 36
       
      --Slt
      C'est bon j'abandonne


      yoyochtka
      0