Sujet Précédent Sujet Suivant

Rapport Hijack

Fermé
camarchepas - 29 juin 2008 à 22:17
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 - 3 juil. 2008 à 13:07
Bonjour,

j<ai besoin daide je viens d<avoir mon ordi c un ami qui me la donner voici le hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:57 PM, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\CTSvcCDA.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\WgaTray.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Windows Live Toolbar\msn_sl.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3095D50F-F1BA-4BBC-A54D-819EEB7E0898} - D:\WINDOWS\system32\ssqnOgDS.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: (no name) - {64087B02-5782-430A-B9E3-AEB0C691C97D} - D:\WINDOWS\system32\ddcYrSJc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {5241b193-94ff-9079-2724-ca6191c0787e} - {e7870c19-16ac-4272-9709-ff49391b1425} - D:\WINDOWS\system32\byejgovj.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] D:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iKeyWorks] D:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [cctray] "D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SBI] D:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\AF0PCL29\installer_sbd_en[1].exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW6] "D:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Policies\Explorer\Run: [{ACE45AB7-069E-1033-1207-010303310002}] "D:\Program Files\Common Files\{ACE45AB7-069E-1033-1207-010303310002}\Update.exe" mc-110-12-0001411
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant Internet.lnk = D:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - D:\Program Files\Poker.com\Poker.exe (file missing) (HKCU)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EEBBA5C9-6612-12CA-A72B-9B6A09C28A1A} - http://performanceoptimizer.com/files/PerformanceOptimizerPre_Installer.cab
O20 - AppInit_DLLs: axyjurbj.dll
O20 - Winlogon Notify: khfedaw - khfedaw.dll (file missing)
O20 - Winlogon Notify: ssqnOgDS - D:\WINDOWS\SYSTEM32\ssqnOgDS.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - D:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

7 réponses

Réponse 1 / 7
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
29 juin 2008 à 22:27
salut :

au moins ça :

O2 - BHO: (no name) - {3095D50F-F1BA-4BBC-A54D-819EEB7E0898} - D:\WINDOWS\system32\ssqnOgDS.dll
O2 - BHO: (no name) - {64087B02-5782-430A-B9E3-AEB0C691C97D} - D:\WINDOWS\system32\ddcYrSJc.dll
O2 - BHO: {5241b193-94ff-9079-2724-ca6191c0787e} - {e7870c19-16ac-4272-9709-ff49391b1425} - D:\WINDOWS\system32\byejgovj.dll


O20 - AppInit_DLLs: axyjurbj.dll
O20 - Winlogon Notify: khfedaw - khfedaw.dll (file missing)
O20 - Winlogon Notify: ssqnOgDS - D:\WINDOWS\SYSTEM32\ssqnOgDS.dll

Si tu te décidais à apprendre à lire un rapport Hijackthis au lieu de prendre des posts que tu ne traites au mieux qu'à moitié, tu le trouverais tout seul !
2
camarchepas
29 juin 2008 à 22:29
Je ne sais pas lire ces rapports alors peux tu maider
0
Utilisateur anonyme > camarchepas
29 juin 2008 à 22:32
* Télécharge Malwarebytes' Anti-Malware.
*A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
*Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.
*Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK
*Laisse les Mises à jour se télécharger

*** Referme le programme ***

1) Redémarre en "Mode sans échec".

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparait rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm

Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

2) Scan avec Malwarebyte's Anti-Malware

*Lance Malwarebyte's Anti-Malware
*Puis vas dans l'onglet "Recherche" puis coche "Exécuter un examen complet" puis "Rechercher sélectionne tes disques durs" puis clique sur "Lancer l’examen"
*A la fin du scan, clique sur "Afficher les résultats" puis "Suppression des éléments détectés" puis clique sur "Supprimer la sélection" puis un bloc-note s'ouvrira enregistre le et envoie le moi.
*S'il t'es demandé de redémarrer >>> clique sur "Yes"
0
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536 > camarchepas
29 juin 2008 à 22:35
Bonjour,

c'est tout à fait normal que tu ne saches pas lire un rapport Hijackthis. C'est à boy94450 que je parlais.

Désolé de ne pas avoir été plus précis.
0
camarchepas > Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016
1 juil. 2008 à 06:59
Salut, voila le rapport de malware... j<ai supprimer la s/lection... je sais pas si c grave de toute facon c dur de mieux aller en ce moment.

Merci de ton aide c vraiment apprecier
0
Réponse 2 / 7
Utilisateur anonyme
29 juin 2008 à 22:19
Salut quel est son problème ?
0
camarchepas
29 juin 2008 à 22:23
quand jouvre mon ordi je nai pas de buraeau je dois faire mes trucs par le gestionnaire de tache en faissant ctrl alt suppr puis jai bcp de pub mon ordi est tres lent . de plus jai que mon fond decran qui apparait.
merci
0
Utilisateur anonyme > camarchepas
29 juin 2008 à 22:26
Préalable
• Vider la corbeille
• Fermer toutes les applications
================NAVILOG====================
* Télécharge Navilog sur ton bureau
* Faire un clic droit sur navilog1.zip et choisir "tout extraire"
* Double-cliquez sur navilog1.exe
* Arriver au menu principal, choisir l'option 1 et valider.
* Patientez jusqu'au message : Analyse Termine le ...
* Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt)
0
Réponse 3 / 7
camarchepas
1 juil. 2008 à 07:02
bon bin quest ce que je fais et qui va m<aider je suis meler la
0
Réponse 4 / 7
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
1 juil. 2008 à 07:57
Bonjour,

tu n'as pas posté le rapport de MBAM.
0
Utilisateur anonyme
1 juil. 2008 à 11:50
Ok alors ouvre "Malwarebytes' Anti-Malware" va dans "Rapport/Logs" puis tu ouvre le "Dernier rapport" puis tu me le "Copie/collé" dans ta prochaine réponse.
0
camarchepas
1 juil. 2008 à 22:40
voici le rapport. merci a tous

Malwarebytes' Anti-Malware 1.18
Version de la base de données: 897

12:54:18 AM 28/06/2008
mbam-log-6-28-2008 (00-54-17).txt

Type de recherche: Examen rapide
Eléments examinés: 41931
Temps écoulé: 17 minute(s), 37 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 30
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 94

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
D:\WINDOWS\system32\ddcYrSJc.dll (Trojan.Vundo) -> Unloaded module successfully.
D:\WINDOWS\system32\ssqnOgDS.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64087b02-5782-430a-b9e3-aeb0c691c97d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{64087b02-5782-430a-b9e3-aeb0c691c97d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3095d50f-f1ba-4bbc-a54d-819eeb7e0898} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3095d50f-f1ba-4bbc-a54d-819eeb7e0898} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqnogds (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f4002052-ab29-4b33-8c8d-0e99084564ec} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4002052-ab29-4b33-8c8d-0e99084564ec} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b4a78d29-52b1-4a7b-bac0-1471bedf9836} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\d:/windows/downloaded program files/setup.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{b4a78d29-52b1-4a7b-bac0-1471bedf9836} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\d:/windows/downloaded program files/performanceoptimizerpre_installer.exe (Rogue.PerformanceOptimizer) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\performance optimizer (trial version) (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Performanceoptimizer (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\performance optimizer (trial version) (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Performanceoptimizer (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sellmosoft (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sellmosoft (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7c09485b (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3095d50f-f1ba-4bbc-a54d-819eeb7e0898} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DW4 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f4002052-ab29-4b33-8c8d-0e99084564ec} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\D:\WINDOWS\Downloaded Program Files\setup.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\D:\WINDOWS\Downloaded Program Files\PerformanceOptimizerPre_Installer.exe (Rogue.PerformanceOptimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMafd76984 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: d:\windows\system32\ddcyrsjc -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: d:\windows\system32\ddcyrsjc -> Delete on reboot.

Dossier(s) infecté(s):
D:\Program Files\Performanceoptimizer (Free) (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\com_s (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\cur_s (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Download (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Restore (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks.Bak (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
D:\Documents and Settings\Mike\Start Menu\Programs\Performance Optimizer (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Documents and Settings\Mike\Start Menu\Programs\Performance Optimizer\Documentation (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
D:\WINDOWS\system32\bimmbxmj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\jmxbmmib.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ddcYrSJc.dll (Trojan.Vundo) -> Delete on reboot.
D:\WINDOWS\system32\cJSrYcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\cJSrYcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\uqxvkeht.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\thekvxqu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\uvjcdcub.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\bucdcjvu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\wepucvap.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pavcupew.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ssqnOgDS.dll (Trojan.Vundo) -> Delete on reboot.
D:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\WINDOWS\Downloaded Program Files\setup.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ygriktgm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\Downloaded Program Files\PerformanceOptimizerPre_Installer.exe (Rogue.PerformanceOptimizer) -> Quarantined and deleted successfully.
D:\Documents and Settings\Mike\Local Settings\Temp\SPOENB_0001_F01M2711\setup.exe (Rogue.PerformanceOptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\creader.exe (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\inst.imd (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\language.cfg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\MFC71.dll (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\msvcp71.dll (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\msvcr71.dll (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\pcid.exe (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\PerfOpt.chm (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\PoChk.exe (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\po_cfg.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\ReadMe.doc (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\sload.sbd (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\ua_manager.exe (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\uninstpo.exe (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\up.dat (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\updater.exe (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\ver.dat (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\1031_im1.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\1031_im2.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\1031_im4.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\1033_im1.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\1033_im2.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\1033_im4.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\1034_im1.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\1034_im2.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\1034_im4.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\1036_im1.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\1036_im2.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\1036_im4.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\English.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\English_po.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\English_spo.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\Franch.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\Franch_po.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\Franch_spo.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\German.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\German_po.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\German_spo.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\Spanish.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\Spanish_po.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Language\Spanish_spo.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Program Files\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
D:\Program Files\VAV\vav.ooo (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
D:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
D:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
D:\Documents and Settings\Mike\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Documents and Settings\Mike\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Documents and Settings\Mike\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Documents and Settings\Mike\Start Menu\Programs\Performance Optimizer\Uninstall Performance Optimizer.lnk (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Documents and Settings\Mike\Start Menu\Programs\Performance Optimizer\Documentation\Documentation.lnk (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\Documents and Settings\Mike\Start Menu\Programs\Performance Optimizer\Documentation\ReadMe.doc.lnk (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
D:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\vmlslvmb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\mpmvqbie.dll (Trojan.vundo) -> Quarantined and deleted successfully.
D:\Documents and Settings\Mike\Desktop\Vista Antivirus 2008.lnk (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
0
Utilisateur anonyme > camarchepas
1 juil. 2008 à 22:45
Re ouvre "Malwarebytes' Anti-Malware" va dans "Quarantaine "puis fait "Tout Supprimer". Pourquoi as tu fais un scan rapide alors que je t'ai demandé un scan complet.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
tnfntic Messages postés 9 Date d'inscription mercredi 22 août 2007 Statut Membre Dernière intervention 1 juillet 2010
1 juil. 2008 à 11:52
Logfile of HijackThis v1.99.1
Scan saved at 09:29:13, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\drivers\Curriculum vitae.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\TinaSoft\Easy Cafe Server\EASYSERVER.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Modèles\AlcorDemo\smartap.exe
C:\Documents and Settings\user\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Mswinword] C:\Windows\ANZIAN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [] C:\WINDOWS\system32\drivers\Curriculum vitae
O4 - Startup: Analyses.lnk = ?
O4 - Startup: Curriculum vitae.lnk = ?
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD797EBD-6C82-4FFB-BFF7-6C2B3C3AEF81}: NameServer = 10.0.0.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Utilisateur anonyme
1 juil. 2008 à 11:53
Ok alors ouvre "Malwarebytes' Anti-Malware" va dans "Rapport/Logs" puis tu ouvre le "Dernier rapport" puis tu me le "Copie/collé" dans ta prochaine réponse.
0
Réponse 6 / 7
camarchepas
1 juil. 2008 à 23:42
c<est fait j<ai tout supprimer sur ce rapports aussi

Malwarebytes' Anti-Malware 1.19
Version de la base de données: 904
Windows 5.1.2600 Service Pack 2

5:40:58 PM 01/07/2008
mbam-log-7-1-2008 (17-40-58).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 86509
Temps écoulé: 48 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{64087b02-5782-430a-b9e3-aeb0c691c97d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64087b02-5782-430a-b9e3-aeb0c691c97d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3095d50f-f1ba-4bbc-a54d-819eeb7e0898} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3095d50f-f1ba-4bbc-a54d-819eeb7e0898} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqnogds (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3095d50f-f1ba-4bbc-a54d-819eeb7e0898} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: d:\windows\system32\ddcyrsjc -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\RECYCLER\S-1-5-21-299502267-616249376-839522115-1003\Dc8.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelNE.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelQC.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{28B79763-6DBB-4D8A-BDDF-89B54E2940FC}\RP627\A0100913.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{28B79763-6DBB-4D8A-BDDF-89B54E2940FC}\RP635\A0104117.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{28B79763-6DBB-4D8A-BDDF-89B54E2940FC}\RP645\A0105363.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{28B79763-6DBB-4D8A-BDDF-89B54E2940FC}\RP647\A0106363.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{28B79763-6DBB-4D8A-BDDF-89B54E2940FC}\RP652\A0107449.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{28B79763-6DBB-4D8A-BDDF-89B54E2940FC}\RP658\A0109494.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ddcYrSJc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ssqnOgDS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
0
Réponse 7 / 7
Utilisateur anonyme
2 juil. 2008 à 12:29
Re tu es la ?
0
camarchepas
3 juil. 2008 à 01:22
je suis la
0
Utilisateur anonyme > camarchepas
3 juil. 2008 à 11:35
Ok ton antivirus est Norton ?
0
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536 > Utilisateur anonyme
3 juil. 2008 à 11:56
salut,

tu es intervenu sur 1800 topics en 3 mois et tu es toujours incapable de lire un rapport Hijackthis.

D'ailleurs c'est évidemment l'inverse : tu es incapable de lire un rapport Hijackthis parce que tu ne savais pas quand tu as commencé et on ne peut pas traiter 1800 topics (soit 40 topics ouvert quotidiennement) et apprendre à lire un rapport.

On te l'a dit, redit. Tu n'es pas capable de traiter plus de 5 topics par jour.

Mais tu t'en moques.
0
Utilisateur anonyme > Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016
3 juil. 2008 à 12:07
Service: LiveUpdate - Symantec Corporation je voies bien que c'est Norton mais pour en être sur mais t'a pas autre chose a f***** de m'en enmer***
0
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536 > Utilisateur anonyme
3 juil. 2008 à 12:26
Re,

mais t'a pas autre chose a f***** de m'en enmer***

non, le meilleur service que je puisse rendre aux internautes venus demander de l'aide est de t'obliger à changer tes méthodes et à apprendre.

Comme tu entends rester sourd à tout ce que l'on te dit, je suis sourd à tes protestations.

___________

Au passage, non seulement il a Norton, mais il a un problème avec Norton.
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
1fichier.com et bloqueur de pub
anthea1309 -
Patoche12 -

60 réponses
Accés au cloud
Dadou1968 -
loisou17 -

3 réponses