A voir également:
- Contextual by addsites
- Home by me - Télécharger - 3D
- Message bounced by administrator - Forum Mail
- Traduction de message - Forum Mail
- To be filled by o.e.m - Forum Logiciels
- Zen by deezer avis - Télécharger - Santé & Bien-être
35 réponses
Utilisateur anonyme
19 juin 2009 à 13:19
19 juin 2009 à 13:19
Hello
● Rends toi sur ce site :
https://www.virustotal.com/gui/
● Copie/colle ceci à gauche (en gras) de " parcourir " : c:\windows\system32\vghd.scr
● Clique sur Send File.
● Un rapport va s'élaborer ligne à ligne.
● Attends la fin. Il doit comprendre la taille du fichier envoyé.
● Sauvegarde le rapport avec le bloc-note.
● Copie le dans ta réponse.
(!) Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyser le fichier maintenant
******************************************
● Télécharge et installe MalwareByte's Anti-Malware :http://www.malwarebytes.org/mbam/program/mbam-setup.exe
● Mets le à jour
● Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
● Sélectionne Exécuter un examen RAPIDE si ce n'est pas déjà fait
● clique sur Rechercher
● Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
● Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
● Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
● Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Tutorial : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
++
● Rends toi sur ce site :
https://www.virustotal.com/gui/
● Copie/colle ceci à gauche (en gras) de " parcourir " : c:\windows\system32\vghd.scr
● Clique sur Send File.
● Un rapport va s'élaborer ligne à ligne.
● Attends la fin. Il doit comprendre la taille du fichier envoyé.
● Sauvegarde le rapport avec le bloc-note.
● Copie le dans ta réponse.
(!) Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyser le fichier maintenant
******************************************
● Télécharge et installe MalwareByte's Anti-Malware :http://www.malwarebytes.org/mbam/program/mbam-setup.exe
● Mets le à jour
● Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
● Sélectionne Exécuter un examen RAPIDE si ce n'est pas déjà fait
● clique sur Rechercher
● Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
● Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
● Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
● Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Tutorial : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
++
Voici le premier report (le log)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:43, on 2009-06-17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Cmd\Osd\floAtMediaCtrl.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Jeux\Command & Conquer Generals - Heure H\Data\Mod\Elfmod\elfmod.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Internet\Firefox\firefox.exe
C:\Program Files\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldusa.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Volume] C:\Cmd\Osd\floAtMediaCtrl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\LOGICI~1\Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati External Event Utility - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:43, on 2009-06-17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Cmd\Osd\floAtMediaCtrl.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Jeux\Command & Conquer Generals - Heure H\Data\Mod\Elfmod\elfmod.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Internet\Firefox\firefox.exe
C:\Program Files\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldusa.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Volume] C:\Cmd\Osd\floAtMediaCtrl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\LOGICI~1\Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati External Event Utility - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Le 2iè (le info)
* Trend Micro HijackThis v2.0.2 *
See bottom for version history.
The different sections of hijacking possibilities have been separated into the following groups.
You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.
R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components
Command-line parameters:
* /autolog - automatically scan the system, save a logfile and open it
* /ihatewhitelists - ignore all internal whitelists
* /uninstall - remove all HijackThis Registry entries, backups and quit
* /silentautuolog - the same as /autolog, except with no required user intervention
* Version history *
[v2.00.0]
* AnalyzeThis added for log file statistics
* Recognizes Windows Vista and IE7
* Fixed a few bugs in the O23 method
* Fixed a bug in the O22 method (SharedTaskScheduler)
* Did a few tweaks on the log format
* Fixed and improved ADS Spy
* Improved Itty Bitty Procman (processes are frozen before they are killed)
* Added listing of O4 autoruns from other users
* Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
* Added /silentautolog parameter for system admins
* Added /deleteonreboot [file] parameter for system admins
* Added O24 - ActiveX Desktop Components enumeration
* Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check
[v1.99.1]
* Added Winlogon Notify keys to O20 listing
* Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
* Fixed lots and lots of 'unexpected error' bugs
* Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
* Added 'Delete NT Service' function in Misc Tools section
* Added ProtocolDefaults to O15 listing
* Fixed MD5 hashing not working
* Fixed 'ISTSVC' autorun entries with garbage data not being fixed
* Fixed HijackThis uninstall entry not being updated/created on new versions
* Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
* Added option to scan the system at startup, then show results or quit if nothing found
[v1.99]
* Added O23 (NT Services) in light of newer trojans
* Integrated ADS Spy into Misc Tools section
* Added 'Action taken' to info in 'More info on this item'
[v1.98]
* Definitive support for Japanese/Chinese/Korean systems
* Added O20 (AppInit_DLLs) in light of newer trojans
* Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
* Added O22 (SharedTaskScheduler) in light of newer trojans
* Backups of fixed items are now saved in separate folder
* HijackThis now checks if it was started from a temp folder
* Added a small process manager (Misc Tools section)
[v1.96]
* Lots of bugfixes and small enhancements! Among others:
* Fix for Japanese IE toolbars
* Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
* Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
* Added several files to the LSP whitelist
* Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
* All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
[v1.95]
* Added a new regval to check for from Whazit hijack (Start Page_bak).
* Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
* New in logfile: Running processes at time of scan.
* Checkmarks for running StartupList with /full and /complete in HijackThis UI.
* New O19 method to check for Datanotary hijack of user stylesheet.
* Google.com IP added to whitelist for Hosts file check.
[v1.94]
* Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
* Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
* Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
* Fixed a bug where DPF could not be deleted.
* Fixed a stupid bug in enumeration of autostarting shortcuts.
* Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
* Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
* Added support for backing up F0 and F1 items (d'oh!).
[v1.93]
* Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
* Fixed a bug in LSP routine for Win95.
* Made taborder nicer.
* Fixed a bug in backup/restore of IE plugins.
* Added UltimateSearch hijack in O17 method (I think).
* Fixed a bug with detecting/removing BHO's disabled by BHODemon.
* Also fixed a bug in StartupList (now version 1.52.1).
[v1.92]
* Fixed two stupid bugs in backup restore function.
* Added DiamondCS file to LSP files safelist.
* Added a few more items to the protocol safelist.
* Log is now opened immediately after saving.
* Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
* Updated integrated StartupList to v1.52.
* In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
* Rudimentary proxy support for the Check for Updates function.
[v1.91]
* Added rd.yahoo.com to the Nonstandard But Safe Domains list.
* Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
* Added listing of programs/links in Startup folders (O4).
* Fixed 'Check for Update' not detecting new versions.
[v1.9]
* Added check for Lop.com 'Domain' hijack (O17).
* Bugfix in URLSearchHook (R3) fix.
* Improved O1 (Hosts file) check.
* Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
* Added AutoConfigURL and proxyserver checks (R1).
* IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
* Added check for extra protocols (O18).
[v1.81]
* Added 'ignore non-standard but safe domains' option.
* Improved Winsock LSP hijackers detection.
* Integrated StartupList updated to v1.4.
[v1.8]
* Fixed a few bugs.
* Adds detecting of free.aol.com in Trusted Zone.
* Adds checking of URLSearchHooks key, which should have only one value.
* Adds listing/deleting of Download Program Files.
* Integrated StartupList into the new 'Misc Tools' section of the Config screen!
[v1.71]
* Improves detecting of O6.
* Some internal changes/improvements.
[v1.7]
* Adds backup function! Yay!
* Added check for default URL prefix
* Added check for changing of IERESET.INF
* Added check for changing of Netscape/Mozilla homepage and default search engine.
[v1.61]
* Fixes Runtime Error when Hosts file is empty.
[v1.6]
* Added enumerating of MSIE plugins
* Added check for extra options in 'Advanced' tab of 'Internet Options'.
[v1.5]
* Adds 'Uninstall & Exit' and 'Check for update online' functions.
* Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
[v1.4]
* Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
* A few bugfixes/enhancements
[v1.3]
* Adds detecting of extra MSIE context menu items
* Added detecting of extra 'Tools' menu items and extra buttons
* Added 'Confirm deleting/ignoring items' checkbox
[v1.2]
* Adds 'Ignorelist' and 'Info' functions
[v1.1]
* Supports BHO's, some default URL changes
[v1.0]
* Original release
A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.
* Trend Micro HijackThis v2.0.2 *
See bottom for version history.
The different sections of hijacking possibilities have been separated into the following groups.
You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.
R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components
Command-line parameters:
* /autolog - automatically scan the system, save a logfile and open it
* /ihatewhitelists - ignore all internal whitelists
* /uninstall - remove all HijackThis Registry entries, backups and quit
* /silentautuolog - the same as /autolog, except with no required user intervention
* Version history *
[v2.00.0]
* AnalyzeThis added for log file statistics
* Recognizes Windows Vista and IE7
* Fixed a few bugs in the O23 method
* Fixed a bug in the O22 method (SharedTaskScheduler)
* Did a few tweaks on the log format
* Fixed and improved ADS Spy
* Improved Itty Bitty Procman (processes are frozen before they are killed)
* Added listing of O4 autoruns from other users
* Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
* Added /silentautolog parameter for system admins
* Added /deleteonreboot [file] parameter for system admins
* Added O24 - ActiveX Desktop Components enumeration
* Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check
[v1.99.1]
* Added Winlogon Notify keys to O20 listing
* Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
* Fixed lots and lots of 'unexpected error' bugs
* Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
* Added 'Delete NT Service' function in Misc Tools section
* Added ProtocolDefaults to O15 listing
* Fixed MD5 hashing not working
* Fixed 'ISTSVC' autorun entries with garbage data not being fixed
* Fixed HijackThis uninstall entry not being updated/created on new versions
* Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
* Added option to scan the system at startup, then show results or quit if nothing found
[v1.99]
* Added O23 (NT Services) in light of newer trojans
* Integrated ADS Spy into Misc Tools section
* Added 'Action taken' to info in 'More info on this item'
[v1.98]
* Definitive support for Japanese/Chinese/Korean systems
* Added O20 (AppInit_DLLs) in light of newer trojans
* Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
* Added O22 (SharedTaskScheduler) in light of newer trojans
* Backups of fixed items are now saved in separate folder
* HijackThis now checks if it was started from a temp folder
* Added a small process manager (Misc Tools section)
[v1.96]
* Lots of bugfixes and small enhancements! Among others:
* Fix for Japanese IE toolbars
* Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
* Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
* Added several files to the LSP whitelist
* Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
* All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
[v1.95]
* Added a new regval to check for from Whazit hijack (Start Page_bak).
* Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
* New in logfile: Running processes at time of scan.
* Checkmarks for running StartupList with /full and /complete in HijackThis UI.
* New O19 method to check for Datanotary hijack of user stylesheet.
* Google.com IP added to whitelist for Hosts file check.
[v1.94]
* Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
* Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
* Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
* Fixed a bug where DPF could not be deleted.
* Fixed a stupid bug in enumeration of autostarting shortcuts.
* Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
* Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
* Added support for backing up F0 and F1 items (d'oh!).
[v1.93]
* Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
* Fixed a bug in LSP routine for Win95.
* Made taborder nicer.
* Fixed a bug in backup/restore of IE plugins.
* Added UltimateSearch hijack in O17 method (I think).
* Fixed a bug with detecting/removing BHO's disabled by BHODemon.
* Also fixed a bug in StartupList (now version 1.52.1).
[v1.92]
* Fixed two stupid bugs in backup restore function.
* Added DiamondCS file to LSP files safelist.
* Added a few more items to the protocol safelist.
* Log is now opened immediately after saving.
* Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
* Updated integrated StartupList to v1.52.
* In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
* Rudimentary proxy support for the Check for Updates function.
[v1.91]
* Added rd.yahoo.com to the Nonstandard But Safe Domains list.
* Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
* Added listing of programs/links in Startup folders (O4).
* Fixed 'Check for Update' not detecting new versions.
[v1.9]
* Added check for Lop.com 'Domain' hijack (O17).
* Bugfix in URLSearchHook (R3) fix.
* Improved O1 (Hosts file) check.
* Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
* Added AutoConfigURL and proxyserver checks (R1).
* IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
* Added check for extra protocols (O18).
[v1.81]
* Added 'ignore non-standard but safe domains' option.
* Improved Winsock LSP hijackers detection.
* Integrated StartupList updated to v1.4.
[v1.8]
* Fixed a few bugs.
* Adds detecting of free.aol.com in Trusted Zone.
* Adds checking of URLSearchHooks key, which should have only one value.
* Adds listing/deleting of Download Program Files.
* Integrated StartupList into the new 'Misc Tools' section of the Config screen!
[v1.71]
* Improves detecting of O6.
* Some internal changes/improvements.
[v1.7]
* Adds backup function! Yay!
* Added check for default URL prefix
* Added check for changing of IERESET.INF
* Added check for changing of Netscape/Mozilla homepage and default search engine.
[v1.61]
* Fixes Runtime Error when Hosts file is empty.
[v1.6]
* Added enumerating of MSIE plugins
* Added check for extra options in 'Advanced' tab of 'Internet Options'.
[v1.5]
* Adds 'Uninstall & Exit' and 'Check for update online' functions.
* Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
[v1.4]
* Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
* A few bugfixes/enhancements
[v1.3]
* Adds detecting of extra MSIE context menu items
* Added detecting of extra 'Tools' menu items and extra buttons
* Added 'Confirm deleting/ignoring items' checkbox
[v1.2]
* Adds 'Ignorelist' and 'Info' functions
[v1.1]
* Supports BHO's, some default URL changes
[v1.0]
* Original release
A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
17 juin 2009 à 21:49
17 juin 2009 à 21:49
Hello
Télécharges AD-Remover sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et suit les instructions.
● Double clique sur l'icône Ad-remover située sur ton bureau
● Au menu principal choisi l'option "S"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé sous C:\Ad-report-scan.log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
++
Télécharges AD-Remover sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et suit les instructions.
● Double clique sur l'icône Ad-remover située sur ton bureau
● Au menu principal choisi l'option "S"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé sous C:\Ad-report-scan.log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
++
Je ne comprend pas mais voici le raport.
Hey ton afaire par exp yier dangeureux sa dit à vos risque et perils sa peut arrêter de cecsiooner ( Arrêter ) des programmes bon je te laisse le raport répond au plus vite s.v.p j'ai vraiment besoins d'aide.
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_J | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 14/06/2009 à 10:30 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 17:35:31, 2009-06-17 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: FRANCIS-2400 | Utilisateur actuel: Francis
.
Administrateur: Administrateur
Administrateur: Francis
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
.
C:\WINDOWS\System32\WhoisCL.exe
.
============== Scan additionnel ==============
.
.
.
* Internet Explorer Version 6.0.2900.5512 *
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.worldusa.com
First Home Page: hxxp://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
============== Suspect (Cracks, Serials ... ) ==============
.
+---------------------------------------------------------------------------+
1670 Octet(s) - C:\Ad-Report-SCAN.log
0 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
Fin à: 17:50:43 | 2009-06-17
.
============== E.O.F ==============
.
Hey ton afaire par exp yier dangeureux sa dit à vos risque et perils sa peut arrêter de cecsiooner ( Arrêter ) des programmes bon je te laisse le raport répond au plus vite s.v.p j'ai vraiment besoins d'aide.
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_J | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 14/06/2009 à 10:30 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 17:35:31, 2009-06-17 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: FRANCIS-2400 | Utilisateur actuel: Francis
.
Administrateur: Administrateur
Administrateur: Francis
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
.
C:\WINDOWS\System32\WhoisCL.exe
.
============== Scan additionnel ==============
.
.
.
* Internet Explorer Version 6.0.2900.5512 *
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.worldusa.com
First Home Page: hxxp://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
============== Suspect (Cracks, Serials ... ) ==============
.
+---------------------------------------------------------------------------+
1670 Octet(s) - C:\Ad-Report-SCAN.log
0 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
Fin à: 17:50:43 | 2009-06-17
.
============== E.O.F ==============
.
Utilisateur anonyme
18 juin 2009 à 18:04
18 juin 2009 à 18:04
Re,
Relance Ad-remover, mais avec l'option "L" cette fois ci. Poste le rapport et ne t'inquiète pas pour les avertissements ;).
++
Relance Ad-remover, mais avec l'option "L" cette fois ci. Poste le rapport et ne t'inquiète pas pour les avertissements ;).
++
Voici le report mais en mode '' L '' comme tu me la dit.
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_J | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 14/06/2009 à 10:30 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 15:37:17, 2009-06-18 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: FRANCIS-2400 | Utilisateur actuel: Francis
.
Administrateur: Administrateur
Administrateur: Francis
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
.
C:\WINDOWS\System32\WhoisCL.exe
(!) -- Fichiers temporaires supprimés.
.
============== Scan additionnel ==============
.
.
.
* Internet Explorer Version 6.0.2900.5512 *
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
============== Suspect (Cracks, Serials ... ) ==============
.
+---------------------------------------------------------------------------+
1892 Octet(s) - C:\Ad-Report-SCAN.log
2020 Octet(s) - C:\Ad-Report-CLEAN.log
16 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
1 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
Fin à: 15:52:17 | 2009-06-18
.
============== E.O.F ==============
.
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_J | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 14/06/2009 à 10:30 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 15:37:17, 2009-06-18 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: FRANCIS-2400 | Utilisateur actuel: Francis
.
Administrateur: Administrateur
Administrateur: Francis
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
.
C:\WINDOWS\System32\WhoisCL.exe
(!) -- Fichiers temporaires supprimés.
.
============== Scan additionnel ==============
.
.
.
* Internet Explorer Version 6.0.2900.5512 *
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
============== Suspect (Cracks, Serials ... ) ==============
.
+---------------------------------------------------------------------------+
1892 Octet(s) - C:\Ad-Report-SCAN.log
2020 Octet(s) - C:\Ad-Report-CLEAN.log
16 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
1 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
Fin à: 15:52:17 | 2009-06-18
.
============== E.O.F ==============
.
Utilisateur anonyme
18 juin 2009 à 22:02
18 juin 2009 à 22:02
Re,
● Télécharge DDS de sUBs sur le bureau:
(.scr) https://download.bleepingcomputer.com/sUBs/dds.scr
(.pif) https://forospyware.com
(!) L'outil ne nécessite pas d'installation.
Lances-le en cliquant sur l'icône ( selon celui des 3 que tu as téléchargé ).
Cette fenêtre DOS va apparaitre : https://i75.servimg.com/u/f75/11/05/93/83/ddsdos10.jpg
● Le scan ne doit pas dépasser trois minutes.
● Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau.
● Il te sera demandé si tu veux faire le scan optionnel.
Accepte par Oui
● Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau.
Tu ne le fourniras que si nécessaire.
Poste moi le rapport DDS.txt.
+
● Télécharge DDS de sUBs sur le bureau:
(.scr) https://download.bleepingcomputer.com/sUBs/dds.scr
(.pif) https://forospyware.com
(!) L'outil ne nécessite pas d'installation.
Lances-le en cliquant sur l'icône ( selon celui des 3 que tu as téléchargé ).
Cette fenêtre DOS va apparaitre : https://i75.servimg.com/u/f75/11/05/93/83/ddsdos10.jpg
● Le scan ne doit pas dépasser trois minutes.
● Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau.
● Il te sera demandé si tu veux faire le scan optionnel.
Accepte par Oui
● Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau.
Tu ne le fourniras que si nécessaire.
Poste moi le rapport DDS.txt.
+
Voici le DDS le attach je fait quoi avec ?
DDS (Ver_09-05-14.01) - FAT32x86
Run by Francis at 16:27:19,67 on 2009-06-18
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.767.441 [GMT -4:00]
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\Cmd\Osd\floAtMediaCtrl.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
D:\Jeux\Command & Conquer Generals - Heure H\Data\Mod\Elfmod\elfmod.exe
D:\Jeux\dds.pif
============== Pseudo HJT Report ===============
uWindow Title =
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Volume] c:\cmd\osd\floAtMediaCtrl.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoNetworkConnections = 01000000
uPolicies-explorer: NoSMHelp = 01000000
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
uPolicies-explorer: NoRecentDocsNetHood = 01000000
uPolicies-explorer: NoActiveDesktop = 01000000
IE: E&xporter vers Microsoft Excel - d:\logici~1\office\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
LSP: c:\windows\system32\imon.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath -
============= SERVICES / DRIVERS ===============
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-11-15 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2008-11-15 552064]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
=============== Created Last 30 ================
2009-06-18 15:35 <DIR> --d----- c:\program files\Ad-remover
2009-06-13 17:50 46 a------- c:\windows\Builder.ini
2009-06-11 18:47 34,543,112 a------- c:\program files\Ad-AwareAE.exe
2009-06-11 18:47 401,720 a------- c:\program files\HiJackThis.exe
2009-06-08 15:43 <DIR> --d----- c:\program files\fichiers communs\Wise Installation Wizard
2009-06-07 18:42 <DIR> --d----- c:\program files\CCleaner
2009-06-07 18:29 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-03 20:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-06-03 20:32 <DIR> --d----- c:\docume~1\francis\applic~1\DAEMON Tools Lite
2009-06-03 20:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-06-03 20:12 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-03 20:12 <DIR> --d----- c:\docume~1\francis\applic~1\DAEMON Tools Pro
2009-05-31 16:32 <DIR> --d----- c:\program files\SUPERAntiSpyware
==================== Find3M ====================
2009-06-13 18:56 1,540 a------- c:\windows\eReg.dat
2009-06-13 15:52 34 a------- c:\documents and settings\francis\jagex_runescape_preferences.dat
2009-04-25 09:26 90,112 a------- c:\windows\DUMP7203.tmp
2009-04-24 15:35 90,112 a------- c:\windows\DUMP709c.tmp
2009-04-24 15:06 90,112 a------- c:\windows\DUMP6d31.tmp
2009-04-17 12:02 90,112 a------- c:\windows\DUMPe2f8.tmp
2009-04-17 11:47 90,112 a------- c:\windows\DUMP7f42.tmp
2009-04-17 11:06 90,112 a------- c:\windows\DUMP707c.tmp
2009-04-16 13:09 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-15 18:26 122,880 a------- c:\windows\system32\UAService7.exe
2009-04-03 14:09 90,112 a------- c:\windows\DUMP9805.tmp
2009-03-23 19:52 152,904 a------- c:\windows\system32\vghd.scr
2003-08-27 11:49 3,424 a------- c:\windows\inf\other\cmiainfo.sys
============= FINISH: 16:27:44,26 ===============
DDS (Ver_09-05-14.01) - FAT32x86
Run by Francis at 16:27:19,67 on 2009-06-18
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.767.441 [GMT -4:00]
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\Cmd\Osd\floAtMediaCtrl.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
D:\Jeux\Command & Conquer Generals - Heure H\Data\Mod\Elfmod\elfmod.exe
D:\Jeux\dds.pif
============== Pseudo HJT Report ===============
uWindow Title =
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Volume] c:\cmd\osd\floAtMediaCtrl.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoNetworkConnections = 01000000
uPolicies-explorer: NoSMHelp = 01000000
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
uPolicies-explorer: NoRecentDocsNetHood = 01000000
uPolicies-explorer: NoActiveDesktop = 01000000
IE: E&xporter vers Microsoft Excel - d:\logici~1\office\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
LSP: c:\windows\system32\imon.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath -
============= SERVICES / DRIVERS ===============
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-11-15 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2008-11-15 552064]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
=============== Created Last 30 ================
2009-06-18 15:35 <DIR> --d----- c:\program files\Ad-remover
2009-06-13 17:50 46 a------- c:\windows\Builder.ini
2009-06-11 18:47 34,543,112 a------- c:\program files\Ad-AwareAE.exe
2009-06-11 18:47 401,720 a------- c:\program files\HiJackThis.exe
2009-06-08 15:43 <DIR> --d----- c:\program files\fichiers communs\Wise Installation Wizard
2009-06-07 18:42 <DIR> --d----- c:\program files\CCleaner
2009-06-07 18:29 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-03 20:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-06-03 20:32 <DIR> --d----- c:\docume~1\francis\applic~1\DAEMON Tools Lite
2009-06-03 20:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-06-03 20:12 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-03 20:12 <DIR> --d----- c:\docume~1\francis\applic~1\DAEMON Tools Pro
2009-05-31 16:32 <DIR> --d----- c:\program files\SUPERAntiSpyware
==================== Find3M ====================
2009-06-13 18:56 1,540 a------- c:\windows\eReg.dat
2009-06-13 15:52 34 a------- c:\documents and settings\francis\jagex_runescape_preferences.dat
2009-04-25 09:26 90,112 a------- c:\windows\DUMP7203.tmp
2009-04-24 15:35 90,112 a------- c:\windows\DUMP709c.tmp
2009-04-24 15:06 90,112 a------- c:\windows\DUMP6d31.tmp
2009-04-17 12:02 90,112 a------- c:\windows\DUMPe2f8.tmp
2009-04-17 11:47 90,112 a------- c:\windows\DUMP7f42.tmp
2009-04-17 11:06 90,112 a------- c:\windows\DUMP707c.tmp
2009-04-16 13:09 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-15 18:26 122,880 a------- c:\windows\system32\UAService7.exe
2009-04-03 14:09 90,112 a------- c:\windows\DUMP9805.tmp
2009-03-23 19:52 152,904 a------- c:\windows\system32\vghd.scr
2003-08-27 11:49 3,424 a------- c:\windows\inf\other\cmiainfo.sys
============= FINISH: 16:27:44,26 ===============
Utilisateur anonyme
18 juin 2009 à 22:30
18 juin 2009 à 22:30
Re,
Toi rien ;)
Je revient demain pour te donner la suite ( vers midi )
++
Toi rien ;)
Je revient demain pour te donner la suite ( vers midi )
++
Je ne mettra que information aditionelle Je fera le raport de malwarebyte's anti-malware demain car la sa plante trops mais voici celle avec virustotal et sa va te servir a quoi? sa devient long mettre des raport de pleins d'antis virus lol je te laisse faire c'est toi l'expert la dedans.
File size: 152904 bytes
MD5...: e1f080091b41057248e688974f5ccd04
SHA1..: fee9b42ef3116d890b264f189eaca7593141f66d
SHA256: b9ad2d033265b6ada5a27cde111401b455f6cd56f01d413537266c6e5173c7dd
ssdeep: 1536:Wx/WZCxZdtSe3gK4cPXJkkkIznntRh2vj9PxluQjsJxLroVZzYB7:WFWZCz
HQncPjznQ1xl3jsJxLroDu
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x23e5
timedatestamp.....: 0x4986edbb (Mon Feb 02 12:57:31 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x653e 0x7000 6.26 fcd7bd79ade0b7eb06c7ec3597db6c5c
.rdata 0x8000 0x17c2 0x2000 4.24 7958e9d6aee017cfd144c9781432f705
.data 0xa000 0x1cf8 0x1000 1.21 616f32d1470ad598d8b629143715cd40
.rsrc 0xc000 0x180f8 0x19000 5.98 2187fff541a175b59894a849b89fca34
( 6 imports )
> KERNEL32.dll: SetStdHandle, SetFilePointer, GetLocaleInfoA, LCMapStringW, LCMapStringA, ReadFile, CloseHandle, CreateProcessA, WinExec, FlushFileBuffers, GetStringTypeW, GetStringTypeA, RtlUnwind, GetProcAddress, GetModuleHandleA, FreeLibrary, LoadLibraryA, GetTickCount, GetSystemPowerStatus, UnhandledExceptionFilter, GetVersionExA, ExitProcess, GetStartupInfoA, GetCommandLineA, TerminateProcess, GetCurrentProcess, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetModuleFileNameA, WriteFile, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapDestroy, HeapCreate, VirtualFree, HeapFree, MultiByteToWideChar, HeapAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, HeapReAlloc, HeapSize, GetACP, GetOEMCP, GetCPInfo, Sleep
> USER32.dll: FindWindowA, ShowWindow, LoadImageA, GetDC, InvalidateRect, ReleaseDC, GetWindowRect, SystemParametersInfoA, PostQuitMessage, SetCursor, DefWindowProcA, IsWindow, GetParent, DialogBoxParamA, SendMessageA, PeekMessageA, DispatchMessageA, TranslateMessage, GetMessageA, CreateWindowExA, RegisterClassA, RegisterWindowMessageA, SetForegroundWindow, GetSystemMetrics, GetClientRect, LoadIconA, CharNextA, EnumWindows, MoveWindow, GetCursorPos, GetAsyncKeyState, MessageBoxA, GetWindowTextA, PostMessageA, GetForegroundWindow
> GDI32.dll: CreateCompatibleDC, SelectObject, BitBlt, GetStockObject, GetClipBox, DeleteDC
> SHLWAPI.dll: SHGetValueA, SHSetValueA
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyA, RegCloseKey
> COMCTL32.dll: InitCommonControlsEx
( 0 exports )
File size: 152904 bytes
MD5...: e1f080091b41057248e688974f5ccd04
SHA1..: fee9b42ef3116d890b264f189eaca7593141f66d
SHA256: b9ad2d033265b6ada5a27cde111401b455f6cd56f01d413537266c6e5173c7dd
ssdeep: 1536:Wx/WZCxZdtSe3gK4cPXJkkkIznntRh2vj9PxluQjsJxLroVZzYB7:WFWZCz
HQncPjznQ1xl3jsJxLroDu
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x23e5
timedatestamp.....: 0x4986edbb (Mon Feb 02 12:57:31 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x653e 0x7000 6.26 fcd7bd79ade0b7eb06c7ec3597db6c5c
.rdata 0x8000 0x17c2 0x2000 4.24 7958e9d6aee017cfd144c9781432f705
.data 0xa000 0x1cf8 0x1000 1.21 616f32d1470ad598d8b629143715cd40
.rsrc 0xc000 0x180f8 0x19000 5.98 2187fff541a175b59894a849b89fca34
( 6 imports )
> KERNEL32.dll: SetStdHandle, SetFilePointer, GetLocaleInfoA, LCMapStringW, LCMapStringA, ReadFile, CloseHandle, CreateProcessA, WinExec, FlushFileBuffers, GetStringTypeW, GetStringTypeA, RtlUnwind, GetProcAddress, GetModuleHandleA, FreeLibrary, LoadLibraryA, GetTickCount, GetSystemPowerStatus, UnhandledExceptionFilter, GetVersionExA, ExitProcess, GetStartupInfoA, GetCommandLineA, TerminateProcess, GetCurrentProcess, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetModuleFileNameA, WriteFile, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapDestroy, HeapCreate, VirtualFree, HeapFree, MultiByteToWideChar, HeapAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, HeapReAlloc, HeapSize, GetACP, GetOEMCP, GetCPInfo, Sleep
> USER32.dll: FindWindowA, ShowWindow, LoadImageA, GetDC, InvalidateRect, ReleaseDC, GetWindowRect, SystemParametersInfoA, PostQuitMessage, SetCursor, DefWindowProcA, IsWindow, GetParent, DialogBoxParamA, SendMessageA, PeekMessageA, DispatchMessageA, TranslateMessage, GetMessageA, CreateWindowExA, RegisterClassA, RegisterWindowMessageA, SetForegroundWindow, GetSystemMetrics, GetClientRect, LoadIconA, CharNextA, EnumWindows, MoveWindow, GetCursorPos, GetAsyncKeyState, MessageBoxA, GetWindowTextA, PostMessageA, GetForegroundWindow
> GDI32.dll: CreateCompatibleDC, SelectObject, BitBlt, GetStockObject, GetClipBox, DeleteDC
> SHLWAPI.dll: SHGetValueA, SHSetValueA
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyA, RegCloseKey
> COMCTL32.dll: InitCommonControlsEx
( 0 exports )
Utilisateur anonyme
19 juin 2009 à 22:10
19 juin 2009 à 22:10
Hello,
mais non c'est pas long ;)
Tu as tronqué le rapport Virus Total, il n'est pas entier.
Poste le entier stp.
++
mais non c'est pas long ;)
Tu as tronqué le rapport Virus Total, il n'est pas entier.
Poste le entier stp.
++
Re, dsl tien voila et je fera le raport de anti-malware demain je m'anvais chez un pote toute la journer
a-squared 4.5.0.18 2009.06.20 -
AhnLab-V3 5.0.0.2 2009.06.19 -
AntiVir 7.9.0.193 2009.06.19 -
Antiy-AVL 2.0.3.1 2009.06.19 -
Authentium 5.1.2.4 2009.06.20 -
Avast 4.8.1335.0 2009.06.19 -
AVG 8.5.0.339 2009.06.20 -
BitDefender 7.2 2009.06.20 -
CAT-QuickHeal 10.00 2009.06.19 -
ClamAV 0.94.1 2009.06.20 -
Comodo 1379 2009.06.20 -
DrWeb 5.0.0.12182 2009.06.20 -
eSafe 7.0.17.0 2009.06.18 -
eTrust-Vet 31.6.6570 2009.06.19 -
F-Prot 4.4.4.56 2009.06.19 -
F-Secure 8.0.14470.0 2009.06.19 -
Fortinet 3.117.0.0 2009.06.19 -
GData 19 2009.06.20 -
Ikarus T3.1.1.59.0 2009.06.20 -
Jiangmin 11.0.706 2009.06.20 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.20 -
McAfee 5651 2009.06.19 -
McAfee+Artemis 5651 2009.06.19 -
McAfee-GW-Edition 6.7.6 2009.06.19 -
Microsoft 1.4803 2009.06.20 -
NOD32 4173 2009.06.20 -
Norman 6.01.09 2009.06.19 -
nProtect 2009.1.8.0 2009.06.20 -
Panda 10.0.0.16 2009.06.20 -
PCTools 4.4.2.0 2009.06.20 -
Prevx 3.0 2009.06.20 -
Rising 21.34.52.00 2009.06.20 -
Sophos 4.42.0 2009.06.20 -
Sunbelt 3.2.1858.2 2009.06.20 -
Symantec 1.4.4.12 2009.06.20 -
TheHacker 6.3.4.3.348 2009.06.19 -
TrendMicro 8.950.0.1094 2009.06.20 -
VBA32 3.12.10.7 2009.06.20 -
ViRobot 2009.6.19.1796 2009.06.19 -
VirusBuster 4.6.5.0 2009.06.19 -
Information additionnelle
File size: 152904 bytes
MD5...: e1f080091b41057248e688974f5ccd04
SHA1..: fee9b42ef3116d890b264f189eaca7593141f66d
SHA256: b9ad2d033265b6ada5a27cde111401b455f6cd56f01d413537266c6e5173c7dd
ssdeep: 1536:Wx/WZCxZdtSe3gK4cPXJkkkIznntRh2vj9PxluQjsJxLroVZzYB7:WFWZCz
HQncPjznQ1xl3jsJxLroDu
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x23e5
timedatestamp.....: 0x4986edbb (Mon Feb 02 12:57:31 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x653e 0x7000 6.26 fcd7bd79ade0b7eb06c7ec3597db6c5c
.rdata 0x8000 0x17c2 0x2000 4.24 7958e9d6aee017cfd144c9781432f705
.data 0xa000 0x1cf8 0x1000 1.21 616f32d1470ad598d8b629143715cd40
.rsrc 0xc000 0x180f8 0x19000 5.98 2187fff541a175b59894a849b89fca34
( 6 imports )
> KERNEL32.dll: SetStdHandle, SetFilePointer, GetLocaleInfoA, LCMapStringW, LCMapStringA, ReadFile, CloseHandle, CreateProcessA, WinExec, FlushFileBuffers, GetStringTypeW, GetStringTypeA, RtlUnwind, GetProcAddress, GetModuleHandleA, FreeLibrary, LoadLibraryA, GetTickCount, GetSystemPowerStatus, UnhandledExceptionFilter, GetVersionExA, ExitProcess, GetStartupInfoA, GetCommandLineA, TerminateProcess, GetCurrentProcess, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetModuleFileNameA, WriteFile, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapDestroy, HeapCreate, VirtualFree, HeapFree, MultiByteToWideChar, HeapAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, HeapReAlloc, HeapSize, GetACP, GetOEMCP, GetCPInfo, Sleep
> USER32.dll: FindWindowA, ShowWindow, LoadImageA, GetDC, InvalidateRect, ReleaseDC, GetWindowRect, SystemParametersInfoA, PostQuitMessage, SetCursor, DefWindowProcA, IsWindow, GetParent, DialogBoxParamA, SendMessageA, PeekMessageA, DispatchMessageA, TranslateMessage, GetMessageA, CreateWindowExA, RegisterClassA, RegisterWindowMessageA, SetForegroundWindow, GetSystemMetrics, GetClientRect, LoadIconA, CharNextA, EnumWindows, MoveWindow, GetCursorPos, GetAsyncKeyState, MessageBoxA, GetWindowTextA, PostMessageA, GetForegroundWindow
> GDI32.dll: CreateCompatibleDC, SelectObject, BitBlt, GetStockObject, GetClipBox, DeleteDC
> SHLWAPI.dll: SHGetValueA, SHSetValueA
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyA, RegCloseKey
> COMCTL32.dll: InitCommonControlsEx
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=e1f080091b41057248e688974f5ccd04' target='_blank'>https://www.symantec.com?md5=e1f080091b41057248e688974f5ccd04</a>
a-squared 4.5.0.18 2009.06.20 -
AhnLab-V3 5.0.0.2 2009.06.19 -
AntiVir 7.9.0.193 2009.06.19 -
Antiy-AVL 2.0.3.1 2009.06.19 -
Authentium 5.1.2.4 2009.06.20 -
Avast 4.8.1335.0 2009.06.19 -
AVG 8.5.0.339 2009.06.20 -
BitDefender 7.2 2009.06.20 -
CAT-QuickHeal 10.00 2009.06.19 -
ClamAV 0.94.1 2009.06.20 -
Comodo 1379 2009.06.20 -
DrWeb 5.0.0.12182 2009.06.20 -
eSafe 7.0.17.0 2009.06.18 -
eTrust-Vet 31.6.6570 2009.06.19 -
F-Prot 4.4.4.56 2009.06.19 -
F-Secure 8.0.14470.0 2009.06.19 -
Fortinet 3.117.0.0 2009.06.19 -
GData 19 2009.06.20 -
Ikarus T3.1.1.59.0 2009.06.20 -
Jiangmin 11.0.706 2009.06.20 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.20 -
McAfee 5651 2009.06.19 -
McAfee+Artemis 5651 2009.06.19 -
McAfee-GW-Edition 6.7.6 2009.06.19 -
Microsoft 1.4803 2009.06.20 -
NOD32 4173 2009.06.20 -
Norman 6.01.09 2009.06.19 -
nProtect 2009.1.8.0 2009.06.20 -
Panda 10.0.0.16 2009.06.20 -
PCTools 4.4.2.0 2009.06.20 -
Prevx 3.0 2009.06.20 -
Rising 21.34.52.00 2009.06.20 -
Sophos 4.42.0 2009.06.20 -
Sunbelt 3.2.1858.2 2009.06.20 -
Symantec 1.4.4.12 2009.06.20 -
TheHacker 6.3.4.3.348 2009.06.19 -
TrendMicro 8.950.0.1094 2009.06.20 -
VBA32 3.12.10.7 2009.06.20 -
ViRobot 2009.6.19.1796 2009.06.19 -
VirusBuster 4.6.5.0 2009.06.19 -
Information additionnelle
File size: 152904 bytes
MD5...: e1f080091b41057248e688974f5ccd04
SHA1..: fee9b42ef3116d890b264f189eaca7593141f66d
SHA256: b9ad2d033265b6ada5a27cde111401b455f6cd56f01d413537266c6e5173c7dd
ssdeep: 1536:Wx/WZCxZdtSe3gK4cPXJkkkIznntRh2vj9PxluQjsJxLroVZzYB7:WFWZCz
HQncPjznQ1xl3jsJxLroDu
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x23e5
timedatestamp.....: 0x4986edbb (Mon Feb 02 12:57:31 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x653e 0x7000 6.26 fcd7bd79ade0b7eb06c7ec3597db6c5c
.rdata 0x8000 0x17c2 0x2000 4.24 7958e9d6aee017cfd144c9781432f705
.data 0xa000 0x1cf8 0x1000 1.21 616f32d1470ad598d8b629143715cd40
.rsrc 0xc000 0x180f8 0x19000 5.98 2187fff541a175b59894a849b89fca34
( 6 imports )
> KERNEL32.dll: SetStdHandle, SetFilePointer, GetLocaleInfoA, LCMapStringW, LCMapStringA, ReadFile, CloseHandle, CreateProcessA, WinExec, FlushFileBuffers, GetStringTypeW, GetStringTypeA, RtlUnwind, GetProcAddress, GetModuleHandleA, FreeLibrary, LoadLibraryA, GetTickCount, GetSystemPowerStatus, UnhandledExceptionFilter, GetVersionExA, ExitProcess, GetStartupInfoA, GetCommandLineA, TerminateProcess, GetCurrentProcess, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetModuleFileNameA, WriteFile, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapDestroy, HeapCreate, VirtualFree, HeapFree, MultiByteToWideChar, HeapAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, HeapReAlloc, HeapSize, GetACP, GetOEMCP, GetCPInfo, Sleep
> USER32.dll: FindWindowA, ShowWindow, LoadImageA, GetDC, InvalidateRect, ReleaseDC, GetWindowRect, SystemParametersInfoA, PostQuitMessage, SetCursor, DefWindowProcA, IsWindow, GetParent, DialogBoxParamA, SendMessageA, PeekMessageA, DispatchMessageA, TranslateMessage, GetMessageA, CreateWindowExA, RegisterClassA, RegisterWindowMessageA, SetForegroundWindow, GetSystemMetrics, GetClientRect, LoadIconA, CharNextA, EnumWindows, MoveWindow, GetCursorPos, GetAsyncKeyState, MessageBoxA, GetWindowTextA, PostMessageA, GetForegroundWindow
> GDI32.dll: CreateCompatibleDC, SelectObject, BitBlt, GetStockObject, GetClipBox, DeleteDC
> SHLWAPI.dll: SHGetValueA, SHSetValueA
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyA, RegCloseKey
> COMCTL32.dll: InitCommonControlsEx
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=e1f080091b41057248e688974f5ccd04' target='_blank'>https://www.symantec.com?md5=e1f080091b41057248e688974f5ccd04</a>
J'ai fait scan complet supprimer mais il reviennent toujours voici le raport
Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2318
Windows 5.1.2600 Service Pack 3
2009-06-21 10:40:28
mbam-log-2009-06-21 (10-40-28).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 164827
Temps écoulé: 1 hour(s), 9 minute(s), 3 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c81aa20d-94f3-71ac-e97f-3fb4ef49488b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c81aa20d-94f3-71ac-e97f-3fb4ef49488b} (Adware.BHO) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\nsu4B7.dll (Adware.BHO) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2318
Windows 5.1.2600 Service Pack 3
2009-06-21 10:40:28
mbam-log-2009-06-21 (10-40-28).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 164827
Temps écoulé: 1 hour(s), 9 minute(s), 3 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c81aa20d-94f3-71ac-e97f-3fb4ef49488b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c81aa20d-94f3-71ac-e97f-3fb4ef49488b} (Adware.BHO) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\nsu4B7.dll (Adware.BHO) -> Quarantined and deleted successfully.