Rapport hijackthis

Nad71 -  
 Nad71 -
Bonjour,

Hier j'ai effectué une analyse avec Malwarebytes' et il m'a trouvé ceci que j'ai supprimé :

C:\captura.bmp (Malware.Traces) -> Quarantined and deleted successfully.
C:\codigo1.bmp (Malware.Traces) -> Quarantined and deleted successfully.
C:\codigo2.bmp (Malware.Traces) -> Quarantined and deleted successfully.
C:\codigo3.bmp (Malware.Traces) -> Quarantined and deleted successfully.
C:\codigo4.bmp (Malware.Traces) -> Quarantined and deleted successfully.
C:\error.bmp (Malware.Traces) -> Quarantined and deleted successfully.

Je viens de faire une analyse avec Hijackthis, pouvez vous me dire si tout va bien, svp !!!

Nadege

Ps : hier quelque a réussi a trouver mon pass msn car une fenetre s'est ouverte en me disant que je venais de me connecter ailleurs alors que non. J'ai donc changé de pass.

9 réponses

  1. Nad71
     
    oups j'ai oublié de rajouter le resultat de l'analyse, lol

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:28:08, on 06/06/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\PROGRA~1\Crawler\CToolbar.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.youtube.com/c/MyWebs
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://mywebs.tv
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://mywebs.tv
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.youtube.com/c/MyWebs
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.youtube.com/c/MyWebs
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O13 - Gopher Prefix:
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
    O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  2. archet9
     
    Bonjour,

    "Je viens de faire une analyse avec Hijackthis, pouvez vous me dire si tout va bien, svp !!!"

    ==> Pour le moment il ne montre rien LOL.....!!!!

    Ou est ton rapport ?

    a+

    0
  3. Nad71
     
    mon rapport est au dessus de ta reponse
    0
  4. archet9
     
    * Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)
    http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

    Miroir:

    https://www.androidworld.fr/

    /!\ Ferme toutes applications en cours /!\

    /!\ Désactive provisoirement et seulement le temps de l'utilisation de AD-Remover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    - Double-clique sur l'icône Ad-remover située sur ton Bureau.
    - Sur la page, clique sur le bouton « Nettoyer »
    - Confirme lancement du scan
    - Laisse travailler l'outil.
    - Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Nad71
     
    voici le rapport :

    .
    ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 19/05/10 à 19:20
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 16:14:04 le 06/06/2010 | Mode normal | Option: CLEAN
    Exécuté de: C:\Ad-Remover\ADR.exe
    SE: Microsoft® Windows Vista(TM) Édition Familiale Basique (Service Pack 2 - X86)
    Nom du PC: PC-DE-NADEGE (TOSHIBA Satellite L300)
    Utilisateur actuel: Nadege
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .
    C:\Program Files\Crawler
    C:\Program Files\Mozilla FireFox\searchplugins\crawlersrch.xml
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barre d'outils Crawler

    (!) -- Fichiers temporaires supprimés.
    .
    HKCR\VirtualStore\MACHINE\Software\CToolbar
    HKCU\Software\CToolbar
    HKCU\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
    HKLM\Software\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
    HKLM\Software\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    HKLM\Software\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}
    HKLM\Software\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    HKLM\Software\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
    HKLM\Software\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
    HKLM\Software\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
    HKLM\Software\Classes\CLSID\{DBDB6FAA-1F5F-4A18-B60B-7A905C7FF83F}
    HKLM\Software\Classes\ctbcommon.Buttons
    HKLM\Software\Classes\CTBR.R404Pro
    HKLM\Software\Classes\CToolbar.TB4Client
    HKLM\Software\Classes\CToolbar.TB4Script
    HKLM\Software\Classes\CToolbar.TB4Server
    HKLM\Software\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
    HKLM\Software\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
    HKLM\Software\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
    HKLM\Software\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
    HKLM\Software\Classes\PROTOCOLS\Handler\tbr
    HKLM\Software\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
    HKLM\Software\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
    HKLM\Software\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
    HKLM\Software\CToolbar
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7459F1D0-9FB6-4D71-AA7B-9DECB34EB704}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar|{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    HKLM\Software\Mozilla\Firefox\Extensions|{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    .
    .
    ============== SCAN ADDITIONNEL ==============
    .
    * Mozilla FireFox Version 3.6.3 (fr) *
    .
    C:\Users\Nadege\..\qbnj11pb.default\prefs.js - browser.search.defaultenginename: Ask.com
    C:\Users\Nadege\..\qbnj11pb.default\prefs.js - browser.search.defaulturl: hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    C:\Users\Nadege\..\qbnj11pb.default\prefs.js - browser.startup.homepage: hxxp://fr.msn.com/
    C:\Users\Nadege\..\qbnj11pb.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
    C:\Users\Nadege\..\qbnj11pb.default\prefs.js - keyword.URL: hxxp://www.bing.com/search?mkt=fr-FR&form=MIAWB1&q=
    .
    EFFACÉ: C:\Users\Nadege\..\qbnj11pb.default\prefs.js - user_pref("browser.search.defaultengine", "Ask.com");
    EFFACÉ: C:\Users\Nadege\..\qbnj11pb.default\prefs.js - user_pref("browser.search.defaultenginename", "Ask.com");
    EFFACÉ: C:\Users\Nadege\..\qbnj11pb.default\prefs.js - user_pref("browser.search.order.1", "Ask.com");
    .
    * Internet Explorer Version 8.0.6001.18904 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\Windows\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    AutoHide: yes
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\Windows\System32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ========================================
    .
    C:\Ad-Remover\Quarantine: 87 Fichier(s)
    C:\Ad-Remover\Backup: 15 Fichier(s)
    .
    C:\Ad-Report-CLEAN[1].txt - 5818 Octet(s)
    .
    Fin à: 16:19:37, 06/06/2010
    .
    ============== E.O.F - CLEAN[1] ==============
    0
  7. archet9
     
    Impec...

    Un nouveau scan hijack maintenant stp.

    a+
    0
  8. Nad71
     
    voici le rapport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:22:21, on 06/06/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O13 - Gopher Prefix:
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
    O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  9. archet9
     
    Tout est nickel maintenant....
    Désintalle Ad-remover en le relançant puis option "Désinstaller".
    Evite les "toobar", c'est souvent néfaste!

    a+
    0