Le rapport VBG suite à l'analyse de mon pc
traorefay
Messages postés
4
Statut
Membre
-
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,
[05/23/2008, 14:16:48] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\LE PARRAIN\Bureau\VirtumundoBeGone.exe" )
[05/23/2008, 14:17:02] - Detected System Information:
[05/23/2008, 14:17:02] - Windows Version: 5.1.2600, Service Pack 2
[05/23/2008, 14:17:02] - Current Username: LE PARRAIN (Admin)
[05/23/2008, 14:17:02] - Windows is in NORMAL mode.
[05/23/2008, 14:17:02] - Searching for Browser Helper Objects:
[05/23/2008, 14:17:02] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[05/23/2008, 14:17:02] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/23/2008, 14:17:02] - BHO 3: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[05/23/2008, 14:17:02] - BHO 4: {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} ()
[05/23/2008, 14:17:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/23/2008, 14:17:02] - Checking for HKLM\...\Winlogon\Notify\yayabaAP
[05/23/2008, 14:17:02] - Found: HKLM\...\Winlogon\Notify\yayabaAP - This is probably Virtumundo.
[05/23/2008, 14:17:02] - Assigning {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} MSEvents Object
[05/23/2008, 14:17:02] - BHO list has been changed! Starting over...
[05/23/2008, 14:17:02] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[05/23/2008, 14:17:02] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/23/2008, 14:17:02] - BHO 3: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[05/23/2008, 14:17:02] - BHO 4: {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} (MSEvents Object)
[05/23/2008, 14:17:02] - ALERT: Found MSEvents Object!
[05/23/2008, 14:17:02] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/23/2008, 14:17:02] - BHO 6: {85C61B39-0543-4693-BB4D-A42E4B5B4D3E} ()
[05/23/2008, 14:17:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/23/2008, 14:17:02] - Checking for HKLM\...\Winlogon\Notify\jkkHbxYp
[05/23/2008, 14:17:02] - Key not found: HKLM\...\Winlogon\Notify\jkkHbxYp, continuing.
[05/23/2008, 14:17:02] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/23/2008, 14:17:02] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/23/2008, 14:17:02] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[05/23/2008, 14:17:02] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/23/2008, 14:17:02] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/23/2008, 14:17:02] - Finished Searching Browser Helper Objects
[05/23/2008, 14:17:02] - *** Detected MSEvents Object
[05/23/2008, 14:17:02] - Trying to remove MSEvents Object...
[05/23/2008, 14:17:03] - Terminating Process: IEXPLORE.EXE
[05/23/2008, 14:17:03] - Terminating Process: RUNDLL32.EXE
[05/23/2008, 14:17:04] - Disabling Automatic Shell Restart
[05/23/2008, 14:17:04] - Terminating Process: EXPLORER.EXE
[05/23/2008, 14:17:04] - Suspending the NT Session Manager System Service
[05/23/2008, 14:17:04] - Terminating Windows NT Logon/Logoff Manager
[05/23/2008, 14:17:05] - Re-enabling Automatic Shell Restart
[05/23/2008, 14:17:05] - File to disable: C:\WINDOWS\system32\yayabaAP.dll
[05/23/2008, 14:17:05] - Renaming C:\WINDOWS\system32\yayabaAP.dll -> C:\WINDOWS\system32\yayabaAP.dll.vir
[05/23/2008, 14:17:06] - File successfully renamed!
[05/23/2008, 14:17:06] - Removing HKLM\...\Browser Helper Objects\{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}
[05/23/2008, 14:17:06] - Removing HKCR\CLSID\{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}
[05/23/2008, 14:17:06] - Adding Kill Bit for ActiveX for GUID: {6C23AB0C-0244-4B01-8253-BEE724D0D2EC}
[05/23/2008, 14:17:07] - Deleting ATLEvents/MSEvents Registry entries
[05/23/2008, 14:17:07] - Removing HKLM\...\Winlogon\Notify\yayabaAP
[05/23/2008, 14:17:07] - Searching for Browser Helper Objects:
[05/23/2008, 14:17:07] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[05/23/2008, 14:17:07] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/23/2008, 14:17:07] - BHO 3: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[05/23/2008, 14:17:07] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/23/2008, 14:17:07] - BHO 5: {85C61B39-0543-4693-BB4D-A42E4B5B4D3E} ()
[05/23/2008, 14:17:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/23/2008, 14:17:07] - Checking for HKLM\...\Winlogon\Notify\jkkHbxYp
[05/23/2008, 14:17:07] - Key not found: HKLM\...\Winlogon\Notify\jkkHbxYp, continuing.
[05/23/2008, 14:17:07] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/23/2008, 14:17:07] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/23/2008, 14:17:07] - BHO 8: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[05/23/2008, 14:17:07] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/23/2008, 14:17:07] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/23/2008, 14:17:07] - Finished Searching Browser Helper Objects
[05/23/2008, 14:17:07] - Finishing up...
[05/23/2008, 14:17:07] - A restart is needed.
[05/23/2008, 14:18:01] - Attempting to Restart via STOP error (Blue Screen!)
[05/23/2008, 14:16:48] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\LE PARRAIN\Bureau\VirtumundoBeGone.exe" )
[05/23/2008, 14:17:02] - Detected System Information:
[05/23/2008, 14:17:02] - Windows Version: 5.1.2600, Service Pack 2
[05/23/2008, 14:17:02] - Current Username: LE PARRAIN (Admin)
[05/23/2008, 14:17:02] - Windows is in NORMAL mode.
[05/23/2008, 14:17:02] - Searching for Browser Helper Objects:
[05/23/2008, 14:17:02] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[05/23/2008, 14:17:02] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/23/2008, 14:17:02] - BHO 3: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[05/23/2008, 14:17:02] - BHO 4: {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} ()
[05/23/2008, 14:17:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/23/2008, 14:17:02] - Checking for HKLM\...\Winlogon\Notify\yayabaAP
[05/23/2008, 14:17:02] - Found: HKLM\...\Winlogon\Notify\yayabaAP - This is probably Virtumundo.
[05/23/2008, 14:17:02] - Assigning {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} MSEvents Object
[05/23/2008, 14:17:02] - BHO list has been changed! Starting over...
[05/23/2008, 14:17:02] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[05/23/2008, 14:17:02] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/23/2008, 14:17:02] - BHO 3: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[05/23/2008, 14:17:02] - BHO 4: {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} (MSEvents Object)
[05/23/2008, 14:17:02] - ALERT: Found MSEvents Object!
[05/23/2008, 14:17:02] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/23/2008, 14:17:02] - BHO 6: {85C61B39-0543-4693-BB4D-A42E4B5B4D3E} ()
[05/23/2008, 14:17:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/23/2008, 14:17:02] - Checking for HKLM\...\Winlogon\Notify\jkkHbxYp
[05/23/2008, 14:17:02] - Key not found: HKLM\...\Winlogon\Notify\jkkHbxYp, continuing.
[05/23/2008, 14:17:02] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/23/2008, 14:17:02] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/23/2008, 14:17:02] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[05/23/2008, 14:17:02] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/23/2008, 14:17:02] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/23/2008, 14:17:02] - Finished Searching Browser Helper Objects
[05/23/2008, 14:17:02] - *** Detected MSEvents Object
[05/23/2008, 14:17:02] - Trying to remove MSEvents Object...
[05/23/2008, 14:17:03] - Terminating Process: IEXPLORE.EXE
[05/23/2008, 14:17:03] - Terminating Process: RUNDLL32.EXE
[05/23/2008, 14:17:04] - Disabling Automatic Shell Restart
[05/23/2008, 14:17:04] - Terminating Process: EXPLORER.EXE
[05/23/2008, 14:17:04] - Suspending the NT Session Manager System Service
[05/23/2008, 14:17:04] - Terminating Windows NT Logon/Logoff Manager
[05/23/2008, 14:17:05] - Re-enabling Automatic Shell Restart
[05/23/2008, 14:17:05] - File to disable: C:\WINDOWS\system32\yayabaAP.dll
[05/23/2008, 14:17:05] - Renaming C:\WINDOWS\system32\yayabaAP.dll -> C:\WINDOWS\system32\yayabaAP.dll.vir
[05/23/2008, 14:17:06] - File successfully renamed!
[05/23/2008, 14:17:06] - Removing HKLM\...\Browser Helper Objects\{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}
[05/23/2008, 14:17:06] - Removing HKCR\CLSID\{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}
[05/23/2008, 14:17:06] - Adding Kill Bit for ActiveX for GUID: {6C23AB0C-0244-4B01-8253-BEE724D0D2EC}
[05/23/2008, 14:17:07] - Deleting ATLEvents/MSEvents Registry entries
[05/23/2008, 14:17:07] - Removing HKLM\...\Winlogon\Notify\yayabaAP
[05/23/2008, 14:17:07] - Searching for Browser Helper Objects:
[05/23/2008, 14:17:07] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[05/23/2008, 14:17:07] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/23/2008, 14:17:07] - BHO 3: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[05/23/2008, 14:17:07] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/23/2008, 14:17:07] - BHO 5: {85C61B39-0543-4693-BB4D-A42E4B5B4D3E} ()
[05/23/2008, 14:17:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/23/2008, 14:17:07] - Checking for HKLM\...\Winlogon\Notify\jkkHbxYp
[05/23/2008, 14:17:07] - Key not found: HKLM\...\Winlogon\Notify\jkkHbxYp, continuing.
[05/23/2008, 14:17:07] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/23/2008, 14:17:07] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/23/2008, 14:17:07] - BHO 8: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[05/23/2008, 14:17:07] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/23/2008, 14:17:07] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/23/2008, 14:17:07] - Finished Searching Browser Helper Objects
[05/23/2008, 14:17:07] - Finishing up...
[05/23/2008, 14:17:07] - A restart is needed.
[05/23/2008, 14:18:01] - Attempting to Restart via STOP error (Blue Screen!)
A voir également:
- Le rapport VBG suite à l'analyse de mon pc
- Mon pc est lent - Guide
- Remettre a zero un pc - Guide
- Plus de son sur mon pc - Guide
- Analyse composant pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
1 réponse
bonsoir,
Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm
Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm
