btz44
-
Compteur de contenus
3 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par btz44
-
Un rapport Hijackthis apparement normal ? HELP !!
btz44 a répondu à un(e) sujet de btz44 dans Analyses et éradication malwares
donc pour le premier le programme n'a rien trouvé et pour le deuxieme [10/01/2007, 17:18:50] - VirtumundoBeGone v1.5 ( "H:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" ) [10/01/2007, 17:18:59] - Detected System Information: [10/01/2007, 17:18:59] - Windows Version: 5.1.2600, Service Pack 2 [10/01/2007, 17:18:59] - Current Username: Administrateur (Admin) [10/01/2007, 17:18:59] - Windows is in NORMAL mode. [10/01/2007, 17:18:59] - Searching for Browser Helper Objects: [10/01/2007, 17:18:59] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader) [10/01/2007, 17:18:59] - BHO 2: {1A982092-06F9-4FB7-B8BB-F938086E903D} () [10/01/2007, 17:18:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [10/01/2007, 17:18:59] - Checking for HKLM\...\Winlogon\Notify\cdosysr [10/01/2007, 17:18:59] - Key not found: HKLM\...\Winlogon\Notify\cdosysr, continuing. [10/01/2007, 17:18:59] - BHO 3: {253BD990-FCBA-478B-A46A-A6088882A37A} () [10/01/2007, 17:18:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [10/01/2007, 17:18:59] - Checking for HKLM\...\Winlogon\Notify\swkwkstd [10/01/2007, 17:18:59] - Key not found: HKLM\...\Winlogon\Notify\swkwkstd, continuing. [10/01/2007, 17:18:59] - BHO 4: {AD250E38-F016-48F5-8197-302401554E99} () [10/01/2007, 17:18:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [10/01/2007, 17:18:59] - Checking for HKLM\...\Winlogon\Notify\clbcatexn [10/01/2007, 17:18:59] - Key not found: HKLM\...\Winlogon\Notify\clbcatexn, continuing. [10/01/2007, 17:18:59] - Finished Searching Browser Helper Objects [10/01/2007, 17:18:59] - Finishing up... [10/01/2007, 17:18:59] - Nothing found! Exiting... et pour hijackthis Logfile of HijackThis v1.99.1 Scan saved at 17:20:56, on 01/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\Explorer.EXE H:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe H:\WINDOWS\system32\5hd3t41q8pe3.exe H:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\MSN Messenger\MsnMsgr.Exe H:\WINDOWS\system32\pctspk.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\Program Files\MSN Messenger\usnsvc.exe H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1A982092-06F9-4FB7-B8BB-F938086E903D} - H:\WINDOWS\system32\cdosysr.dll O2 - BHO: (no name) - {253BD990-FCBA-478B-A46A-A6088882A37A} - h:\windows\system32\swkwkstd.dll O2 - BHO: (no name) - {AD250E38-F016-48F5-8197-302401554E99} - h:\windows\system32\clbcatexn.dll O4 - HKLM\..\Run: [AudioDeck] H:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [5hd3t41q8pe3] H:\WINDOWS\system32\5hd3t41q8pe3.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [5hd3t41q8pe3] H:\WINDOWS\system32\5hd3t41q8pe3.exe O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: mexavrzx - H:\WINDOWS\SYSTEM32\clbcatexn.dll O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - H:\WINDOWS\system32\pctspk.exe -
Un rapport Hijackthis apparement normal ? HELP !!
btz44 a répondu à un(e) sujet de btz44 dans Analyses et éradication malwares
disont que lorsque je suis sur google, et que je clic sur un site, apparait a la place du site, des moteurd erecherche bizzaroide de plus je trouve mon pc lent depuis ça -
Un rapport Hijackthis apparement normal ? HELP !!
btz44 a posté un sujet dans Analyses et éradication malwares
voi çi mon rapport Logfile of HijackThis v1.99.1 Scan saved at 12:07:34, on 01/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\Explorer.EXE H:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe H:\WINDOWS\system32\5hd3t41q8pe3.exe H:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\MSN Messenger\MsnMsgr.Exe H:\WINDOWS\system32\pctspk.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\Program Files\Outlook Express\msimn.exe H:\Program Files\MSN Messenger\usnsvc.exe H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1A982092-06F9-4FB7-B8BB-F938086E903D} - H:\WINDOWS\system32\cdosysr.dll O2 - BHO: (no name) - {253BD990-FCBA-478B-A46A-A6088882A37A} - h:\windows\system32\swkwkstd.dll O2 - BHO: (no name) - {AD250E38-F016-48F5-8197-302401554E99} - h:\windows\system32\clbcatexn.dll O4 - HKLM\..\Run: [AudioDeck] H:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [5hd3t41q8pe3] H:\WINDOWS\system32\5hd3t41q8pe3.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [5hd3t41q8pe3] H:\WINDOWS\system32\5hd3t41q8pe3.exe O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: mexavrzx - H:\WINDOWS\SYSTEM32\clbcatexn.dll O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - H:\WINDOWS\system32\pctspk.exe amicalement