[MSN] Virus photo***.zip ?! - Page 2

Précédent
  • 1
  • 2
  1. Utilisateur anonyme
     
    Re,

    OUI c'est parfois très long.

    @+
    0
    1. coeugh Messages postés 43 Statut Membre
       
      Voila

      Malwarebytes' Anti-Malware 1.30
      Database version: 1306
      Windows 5.1.2600 Service Pack 2

      11/11/2008 4:17:31 PM
      mbam-log-2008-11-11 (16-17-31).txt

      Scan type: Full Scan (C:\|D:\|)
      Objects scanned: 129585
      Time elapsed: 40 minute(s), 45 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 10
      Registry Values Infected: 1
      Registry Data Items Infected: 2
      Folders Infected: 1
      Files Infected: 0

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      Registry Values Infected:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01e69986-a054-4c52-abe8-ef63df1c5211} (Adware.SoftMate) -> Quarantined and deleted successfully.

      Registry Data Items Infected:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Folders Infected:
      C:\Program Files\Common Files\DriveCleaner Freeware (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

      Files Infected:
      (No malicious items detected)
      0
  2. Utilisateur anonyme
     
    Re,

    Fait un nouveau hijackthis et ensuite tu relance une analyse malwarebyte.

    @+
    0
    1. coeugh Messages postés 43 Statut Membre
       
      Voila
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 4:24:48 PM, on 11/11/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\LogMeIn\x86\RaMaint.exe
      C:\Program Files\LogMeIn\x86\LogMeIn.exe
      C:\Program Files\LogMeIn\x86\LMIGuardian.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\Program Files\LogMeIn\x86\LogMeIn.exe
      C:\Program Files\LogMeIn\x86\LMIGuardian.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
      C:\Program Files\Athan\Athan.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\Program Files\LogMeIn\x86\LMIGuardian.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\zz.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.aljazeera.net/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)
      O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
      O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
      O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      O4 - HKLM\..\Run: [Symantec Admin Services] symrdpcli.exe
      O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-21-169195718-1763179899-3636341709-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'LogMeInRemoteUser')
      O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
      O9 - Extra button: GloPhone - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Program Files\theglobe.com\tgloPhone\glophone.exe (file missing)
      O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
      O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
      O24 - Desktop Component 0: (no name) - https://www.aljazeera.net/mritems/images/2006/5/21/1_619565_1_49.jpg
      0
    2. coeugh Messages postés 43 Statut Membre
       
      voila

      Malwarebytes' Anti-Malware 1.30
      Database version: 1306
      Windows 5.1.2600 Service Pack 2

      11/11/2008 5:07:41 PM
      mbam-log-2008-11-11 (17-07-41).txt

      Scan type: Full Scan (C:\|D:\|)
      Objects scanned: 129496
      Time elapsed: 40 minute(s), 35 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 1
      Folders Infected: 0
      Files Infected: 0

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      (No malicious items detected)
      0
    3. coeugh Messages postés 43 Statut Membre
       
      voila les 2 logs hijackthis et malwarebyte
      0
  3. Utilisateur anonyme
     
    Re,

    Relance hijack et clique sur "Do a system scan only"
    Ensuite recherche ces lignes et coches les cases

    R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missin

    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    O9 - Extra button: GloPhone - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Program Files\theglobe.com\tgloPhone\glophone.exe (file missing)

    Ensuite clique sur "Fix checked"
    =====================================================================

    Ensuite met un antivirus:antivir
    =====================================================================
    Il faut d'abord désinstaller l'ancienne version :

    ==>Ouvre le menu démarrer -->

    ==>Panneau de configuration -->

    ==>ajout/suppression de programmes -->

    ==>sélectionne toutes les versions de java présentes et désinstalle les.

    Ensuite, télécharge et installe la nouvelle version depuis le site officiel de java :

    =>>JAVA
    ======================================================================
    Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques

    Télécharge toolscleaner sur ton Bureau :

    toolscleaner

    * Double-clique sur ToolsCleaner2.exe et laisse le travailler
    * Clique sur Recherche et laisse le scan se terminer.
    * Clique sur Suppression pour finaliser.
    * Tu peux, si tu le souhaites, te servir des Options facultatives.
    * Clique sur Quitter, pour que le rapport puisse se créer.
    * Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

    Tutoriel toolscleaner

    Désactive et réactive la Restauration du système :

    1 Dans la barre des tâches de Windows, clique sur Démarrer.

    2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.

    3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

    4 Clique sur Appliquer.

    5 Ensuite décoche "Désactiver la restauration du systeme"

    6 clique sur appliquer puis ok

    7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.

    0
    1. coeugh Messages postés 43 Statut Membre
       
      re pour la Restauration du système j'arrive pas c disabled et je peux pas changé ca car je peux ni enelvvé le croi ni le mettre
      0
    2. coeugh Messages postés 43 Statut Membre
       
      j'arrive pas a accedé a Start - Run - Regedit
      Je peux pas faire restoration system c disablé et je peux pas l'eneablé et voila le log du toolscleaner

      [ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

      -->- Recherche:

      C:\Combofix.txt: trouvé !
      C:\MsnCleaner.txt: trouvé !
      C:\avenger.txt: trouvé !
      C:\avenger: trouvé !
      C:\SDFIX: trouvé !
      C:\Lop SD: trouvé !
      C:\Qoobox: trouvé !
      C:\Chiki\Combofix.txt: trouvé !
      C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: trouvé !
      C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
      C:\Documents and Settings\Compaq_Administrator\Desktop\LopSD.exe: trouvé !
      C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis: trouvé !
      C:\Documents and Settings\Compaq_Administrator\Desktop\HiJackThis\HijackThis.exe: trouvé !
      C:\Documents and Settings\Compaq_Administrator\Desktop\msncleaner_msncleaner_1.3.7_francais_43676\MSNCleaner.exe: trouvé !
      C:\Documents and Settings\Compaq_Administrator\My Documents\My DVDs\ComboFix.exe: trouvé !
      C:\Documents and Settings\Compaq_Administrator\My Documents\My DVDs\HJTInstall.exe: trouvé !
      C:\Documents and Settings\Compaq_Administrator\My Documents\My DVDs\msncleaner_msncleaner_1.3.7_francais_43676\MSNCleaner.exe: trouvé !
      C:\Documents and Settings\Compaq_Administrator\Recent\MSNFix.lnk: trouvé !
      C:\Documents and Settings\Compaq_Administrator\Recent\HijackThis.lnk: trouvé !
      C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\FindyKill: trouvé !
      C:\Program Files\FindyKill: trouvé !
      C:\Program Files\Trend Micro\HijackThis: trouvé !
      C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

      ---------------------------------
      -->- Suppression:

      C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
      C:\Documents and Settings\Compaq_Administrator\Desktop\LopSD.exe: supprimé !
      C:\Documents and Settings\Compaq_Administrator\Desktop\HiJackThis\HijackThis.exe: supprimé !
      C:\Documents and Settings\Compaq_Administrator\Desktop\msncleaner_msncleaner_1.3.7_francais_43676\MSNCleaner.exe: supprimé !
      C:\Documents and Settings\Compaq_Administrator\My Documents\My DVDs\ComboFix.exe: supprimé !
      C:\Documents and Settings\Compaq_Administrator\My Documents\My DVDs\HJTInstall.exe: supprimé !
      C:\Documents and Settings\Compaq_Administrator\My Documents\My DVDs\msncleaner_msncleaner_1.3.7_francais_43676\MSNCleaner.exe: supprimé !
      C:\Documents and Settings\Compaq_Administrator\Recent\MSNFix.lnk: supprimé !
      C:\Documents and Settings\Compaq_Administrator\Recent\HijackThis.lnk: supprimé !
      C:\Combofix.txt: supprimé !
      C:\MsnCleaner.txt: supprimé !
      C:\avenger.txt: supprimé !
      C:\Chiki\Combofix.txt: supprimé !
      C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
      C:\avenger: supprimé !
      C:\SDFIX: supprimé !
      C:\Lop SD: supprimé !
      C:\Qoobox: supprimé !
      C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: supprimé !
      C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis: supprimé !
      C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\FindyKill: supprimé !
      C:\Program Files\FindyKill: supprimé !
      C:\Program Files\Trend Micro\HijackThis: supprimé !
      0
  4. Utilisateur anonyme
     
    Re,

    Désactive et réactive la Restauration du système :

    1 Dans la barre des tâches de Windows, clique sur Démarrer.

    2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.

    3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

    4 Clique sur Appliquer.

    5 Ensuite décoche "Désactiver la restauration du systeme"

    6 clique sur appliquer puis ok

    7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.
    0
    1. coeugh Messages postés 43 Statut Membre
       
      c se que je f depuis tout alheure mais j'arrive pas j pas le droit de le faire car la ou je doit enlevé le croi je peux
      0
    2. coeugh Messages postés 43 Statut Membre
       
      re voila un autre pc a moi qui as le meme problem voila le log de HijackThis

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 0:08:55, on 12-11-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0013)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      C:\Program Files\LogMeIn\x86\RaMaint.exe
      C:\Program Files\LogMeIn\x86\LogMeIn.exe
      C:\Program Files\LogMeIn\x86\LMIGuardian.exe
      C:\WINDOWS\System32\wltrysvc.exe
      C:\WINDOWS\System32\bcmwltry.exe
      C:\Program Files\LogMeIn\x86\LogMeIn.exe
      C:\Program Files\LogMeIn\x86\LMIGuardian.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\LogMeIn\x86\LMIGuardian.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Program Files\Malwarebytes' Anti-Malware\m.exe
      C:\Program Files\Trend Micro\HijackThis\hiji.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Symantec Admin Services] symrdpcli.exe
      O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-21-606747145-920026266-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LogMeInRemoteUser')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Client\Utils\BabylonIEPI.dll/Translate.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/crusher-kiwen.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
      O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O23 - Service: Atheros-configuratieservice (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
      O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
      O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Re,

    C bon pour toi tu peut desinstaller hijackthis et bonne nuit.

    @+
    0
    1. coeugh Messages postés 43 Statut Membre
       
      merci le dernier log c pour un autre pc il est infecté ca ne se voi pas ?
      0
  7. Utilisateur anonyme
     
    Re,

    La ligne me dit que tu doit redemarrer le pc:O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)]
    0
    1. coeugh Messages postés 43 Statut Membre
       
      ok je le redemare et te dirai quoi
      0
    2. coeugh Messages postés 43 Statut Membre
       
      voila tjrs infecté rien ne marche des truc et voila le log

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 01:01, on 2008-11-12
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0013)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\LogMeIn\x86\LMIGuardian.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      C:\Program Files\LogMeIn\x86\RaMaint.exe
      C:\Program Files\LogMeIn\x86\LogMeIn.exe
      C:\Program Files\LogMeIn\x86\LMIGuardian.exe
      C:\WINDOWS\System32\wltrysvc.exe
      C:\WINDOWS\System32\bcmwltry.exe
      C:\Program Files\LogMeIn\x86\LogMeIn.exe
      C:\Program Files\LogMeIn\x86\LMIGuardian.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\hiji.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Symantec Admin Services] symrdpcli.exe
      O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-21-606747145-920026266-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LogMeInRemoteUser')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Client\Utils\BabylonIEPI.dll/Translate.htm
      O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/crusher-kiwen.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
      O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O23 - Service: Atheros-configuratieservice (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
      O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
      O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
      0
  8. Utilisateur anonyme
     
    Re,

    Ben relance malwarebyte redemarre et ensuite tu vide la quarantaine .

    Ensuite c plus la peine de poster c tout bon pour toi.

    @+
    0
    1. coeugh Messages postés 43 Statut Membre
       
      mais je voi tjrs le virus et j redemarer mon pc et meme si je le voi tjrs
      0
  9. Utilisateur anonyme
     
    Re,

    Tu le voit ou ton virus?

    @+
    0
    1. coeugh Messages postés 43 Statut Membre
       
      C: un fichier qui se nome imageBLABLA.zip a chque fois quand j ouvre mon msn et aussi quand je veux faire Outils Options des dossier pour afficher les fichier cacher je ne voit pas OBTIONS DES DOSSIER et Restoration system ne fonction pas car j arrive pas a l'enablé et regedit non plus ca me donne rien du tous et une fois j ouvre mon msn je vois un fichier sur c: Imageblabla.zip
      0
  10. Utilisateur anonyme
     
    Re,

    Poste un topic dans le forum concernant la messagerie et chat de ccm.

    @+
    0
Précédent
  • 1
  • 2