monemd2000

Je rajoute un rapport hijack this .. `merci de votre aide ... dans l 'attente de votre aide .. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:47:37, on 08/09/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20861) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\VMware\VMware Tools\vmacthlp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\VMware\VMware Tools\VMwareService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\VMware\VMware Tools\VMwareTray.exe C:\Program Files\VMware\VMware Tools\VMwareUser.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CardDetector\ICON505\CardDetector.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\Trojan Remover\Trjscan.exe C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe C:\Documents and Settings\monem\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: C:\WINDOWS\system32\flzry.dll - {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - C:\WINDOWS\system32\flzry.dll O2 - BHO: (no name) - {D6098489-2FA0-41A4-B2E6-ABF7F4EDBF80} - c:\windows\system32\dlo8a.dll O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [VMware Tools] "C:\Program Files\VMware\VMware Tools\VMwareTray.exe" O4 - HKLM\..\Run: [VMware User Process] "C:\Program Files\VMware\VMware Tools\VMwareUser.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM O4 - HKLM\..\Run: [bEWINTERNET-FR-DMESessionManager] "C:\Program Files\OrangeBS\BEWInternet\SessionManager\SessionManager.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CardDetectorICON505] C:\Program Files\CardDetector\ICON505\CardDetector.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [HNUGROXRrta] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe O4 - HKCU\..\Run: [HNUGROXRoeB] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jaw0pg79.exe O4 - HKUS\S-1-5-20\..\RunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [sweetRegistry] rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N (User 'Default user') O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: TPSvc - C:\WINDOWS\SYSTEM32\TPSvc.dll O22 - SharedTaskScheduler: hasf87hdfuidhfiudfhdiu - {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - C:\WINDOWS\system32\flzry.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - ThinPrint GmbH - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe O23 - Service: TP VC Gateway Service (TPVCGateway) - ThinPrint GmbH - C:\Program Files\VMware\VMware Tools\TPVCGateway.exe O23 - Service: Service VMware Tools (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe O23 - Service: Service d'aide du disque physique VMware (VMware Physical Disk Helper Service) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmacthlp.exe -- End of file - 8607 bytes

Bonjour, J'utilise une machine virtuelle type VM Ware et j'ai un message qui s'affiche antimalware doctor etc .. C'est pénible vraiment .. J'ai lu les postes et j'ai fais un scan avec MBAM. Je le poste pour information .. sachant que ces rapports je les ai généré avec un 2eme profil windows xp ..le premier profil me bloque tout meme Hijackthis est maintenant bloqué sur ce profil .. Voila dans l'attente de votre précieuse aide : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 08/09/2010 10:41:53 mbam-log-2010-09-08 (10-41-53).txt Scan type: Quick scan Objects scanned: 126720 Time elapsed: 6 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 4 Registry Data Items Infected: 7 Folders Infected: 0 Files Infected: 18 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Administrateur\Bureau\EUcasino_Setup.exe (Trojan.Genome) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\ilzks5jhrao4j81e.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\tjhgnt.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\tos0ukpxtgucva.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\tpcuqc.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\qloe7y0.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\c7dik7gx.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\gnezysa.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\dp4gsciin5t3.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\xr7ybdp0tavtav.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\yhwvtwx9.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\services.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\monem\Local Settings\Temp\iexplorer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\monem\Local Settings\Temp\iexplorer.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Bureau\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Menu Dىmarrer\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.