Rapport Hijackthis à analyser, merci !
Dernière réponse : dans Sécurité
Bonjour, mon pc est infecté et ce serait gentil de m'aider à le désinfecter:
Rapport Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 20:01:16, on 05.06.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\pavsrv.exe
C:\WINDOWS\System32\AVENGINE.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\Zone Labs\ZoneAlarm\zlclient.exe
C:\DAEMON Tools\daemon.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\Fichiers communs\ACD Systems\fr\DevDetect.exe
C:\WINDOWS\twain_32\A4CIS\WATCH.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Spybot - Search & Destroy\TeaTimer.exe
C:\ewido anti-malware\SecuritySuite.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schachbund.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Zone Labs Client] C:\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [wnxlib] rundll32.exe C:\WINDOWS\System32\wnxlib.dll,start
O4 - HKCU\..\Run: [fmww] C:\PROGRA~1\FICHIE~1\fmww\fmwwm.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Poker.fr - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\POKER.FR\client.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.ca...
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.c...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab45837....
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab342...
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.c...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5240C8C-6547-4CCB-B6EA-4B9B5EB07BF0}: NameServer = 195.186.1.108 195.186.4.108
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9hbmc\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\WINDOWS\SYSTEM32\pavsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Rapport L2M destroyer :
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 05.06.2006 19:34:03
Infected! C:\WINDOWS\system32\jt4807hue.dll
Infected! C:\WINDOWS\system32\sbbrccsp.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\jt4807hue.dll
C:\WINDOWS\system32\jt4807hue.dll could not be deleted!
Attempting to delete: C:\WINDOWS\system32\sbbrccsp.dll
C:\WINDOWS\system32\sbbrccsp.dll could not be deleted!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Internet Settings
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FFB6DDB9-F680-4AB4-B519-A3802321978A}"
HKCR\Clsid\{FFB6DDB9-F680-4AB4-B519-A3802321978A}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
Je suis en train de passer Ewido.
Merci pour votre aide !
Rapport Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 20:01:16, on 05.06.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\pavsrv.exe
C:\WINDOWS\System32\AVENGINE.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\Zone Labs\ZoneAlarm\zlclient.exe
C:\DAEMON Tools\daemon.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\Fichiers communs\ACD Systems\fr\DevDetect.exe
C:\WINDOWS\twain_32\A4CIS\WATCH.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Spybot - Search & Destroy\TeaTimer.exe
C:\ewido anti-malware\SecuritySuite.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schachbund.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Zone Labs Client] C:\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [wnxlib] rundll32.exe C:\WINDOWS\System32\wnxlib.dll,start
O4 - HKCU\..\Run: [fmww] C:\PROGRA~1\FICHIE~1\fmww\fmwwm.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Poker.fr - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\POKER.FR\client.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.ca...
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.c...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab45837....
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab342...
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.c...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5240C8C-6547-4CCB-B6EA-4B9B5EB07BF0}: NameServer = 195.186.1.108 195.186.4.108
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9hbmc\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\WINDOWS\SYSTEM32\pavsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Rapport L2M destroyer :
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 05.06.2006 19:34:03
Infected! C:\WINDOWS\system32\jt4807hue.dll
Infected! C:\WINDOWS\system32\sbbrccsp.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\jt4807hue.dll
C:\WINDOWS\system32\jt4807hue.dll could not be deleted!
Attempting to delete: C:\WINDOWS\system32\sbbrccsp.dll
C:\WINDOWS\system32\sbbrccsp.dll could not be deleted!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Internet Settings
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FFB6DDB9-F680-4AB4-B519-A3802321978A}"
HKCR\Clsid\{FFB6DDB9-F680-4AB4-B519-A3802321978A}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
Je suis en train de passer Ewido.
Merci pour votre aide !
Autres pages sur : rapport hijackthis analyser merci
Lassé par la pub ? Créez un compte
Voici le rapport de Ewido:
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 20:35:22, 05.06.2006
+ Somme de contrôle: B8839148
+ Résultats du scan:
C:\WINDOWS\system32\vtuts.dll -> Adware.Virtumonde : Nettoyer et sauvegarder
C:\WINDOWS\system32\jt4807hue.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\s8rsli9718.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Anh\Cookies\anh@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Anh\Cookies\anh@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Nettoyer et sauvegarder
C:\Documents and Settings\Anh\Cookies\anh@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Anh\Cookies\anh@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\Anh\Cookies\anh@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\Anh\Cookies\anh@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
::Fin du rapport
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 20:35:22, 05.06.2006
+ Somme de contrôle: B8839148
+ Résultats du scan:
C:\WINDOWS\system32\vtuts.dll -> Adware.Virtumonde : Nettoyer et sauvegarder
C:\WINDOWS\system32\jt4807hue.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\s8rsli9718.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Anh\Cookies\anh@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Anh\Cookies\anh@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Nettoyer et sauvegarder
C:\Documents and Settings\Anh\Cookies\anh@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Anh\Cookies\anh@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\Anh\Cookies\anh@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\Anh\Cookies\anh@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
::Fin du rapport
Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKCU\..\Run: [fmww] C:\PROGRA~1\FICHIE~1\fmww\fmwwm.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9hbmc\command.exe (file missing)
Redémarre en mode sans échec, (en tapotant F8 au démarrage).
Assures-toi que tu as accès aux fichiers cachés.
-Explorateur windows->outils->options des dossiers->affichage
"Afficher les fichiers cachés"->coché
"Masquer les extensions.."->décoché
"Masquer les fichiers protégers du système"->décoché
Supprimes manuellement les fichiers suivants:
C:\PROGRA~1\FICHIE~1\fmww\fmwwm.exe
C:\WINDOWS\SG9hbmc\command.exe(mais normalement y devrait plus y etre)
Vide ta corbeille.
Redémarre ton pc.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumUn rapport hijackthis a analyser
- ForumVirus rapport hijackthis a analyser
- ForumPopup rapport hijackthis a analyser
- ForumRapport hijackthis a analyser
- ForumRapport hijackthis a analyser svp
- ForumTrojan, rapport hijackthis a analyser
- ForumAnalyser rapport hijackthis
- ForumAnalyser un rapport hijackthis
- ForumSavoir analyser un rapport hijackthis
- ForumRapport hijackthis et kaspersky a analyser
- Voir plus
