Aller au contenu

dead

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

dead's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. dead
    *Up* J'ai deux rapports l'un HijackThis et l'autre de Malwarebytes Je voudrais éradiquer toutes les cochonneries du genre de "EoRezo" et tout ce que je ne connais pas comme les keylogger,malwares. Je remercie d'avance à toutes les personnes voulant me donner une précieuse aide. **************HijackThis************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:02:24, on 15/09/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Users\azerty\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe C:\Users\azerty\AppData\Roaming\1085\WindowsUpdate.exe C:\Users\azerty\AppData\Roaming\1085\WindowsUpdate.exe C:\Users\azerty\AppData\Roaming\1085\WindowsUpdate.exe C:\Users\azerty\AppData\Roaming\1085\WindowsUpdate.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: --------------------------------- O1 - Hosts: | Hosts Optimisé par Hajdar pour | O1 - Hosts: | le bonheur des internautes | O1 - Hosts: | hTTp://AdZHosts.BlogSpot.Com | O1 - Hosts: | | O1 - Hosts: |Merci à tous pour votre soutiens | O1 - Hosts: | | O1 - Hosts: | kakudhajdar@gmail.com | O1 - Hosts: --------------------------------- O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Applications\Hotspot\Hotspot Shield\HssIE\HssIE.dll O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [HKLM] C:\Users\azerty\AppData\Roaming\1085\WindowsUpdate.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [softwareHelper] C:\Users\azerty\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [HKCU] C:\Users\azerty\AppData\Roaming\1085\WindowsUpdate.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files (x86)\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [Google Update] "C:\Users\azerty\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Users\azerty\AppData\Roaming\1085\WindowsUpdate.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Users\azerty\AppData\Roaming\1085\WindowsUpdate.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU') O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm O9 - Extra button: Mon Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll O9 - Extra button: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - D:\Jeux\Poker\PartyPokerFr\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - D:\Jeux\Poker\PartyPokerFr\RunApp.exe (file missing) O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll O13 - Gopher Prefix: O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://www.ma-config.com/plugins/MaConfig_4_1_0_2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - D:\Phostoshop Elements 8\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing) O23 - Service: Service de gestion du système CryproStorage (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - D:\Applications\Hotspot\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Applications\Hotspot\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - D:\Applications\Hotspot\Hotspot Shield\bin\hsswd.exe O23 - Service: Service de liPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 10978 bytes **************MalwareBytes************** [ analyse rapide ] Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4618 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 15/09/2010 10:27:58 mbam-log-2010-09-15 (10-27-58).txt Type d'examen: Examen rapide Elément(s) analysé(s): 146826 Temps écoulé: 4 minute(s), 24 seconde(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 5 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): C:\Users\azerty\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> No action taken. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{ahp84mde-g7g4-m768-srem-704t074b1g37} (Generic.Bot.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\softwarehelper (Rogue.Eorezo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.SpyNet) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.SpyNet) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.SpyNet) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Backdoor.Bot) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Users\azerty\AppData\Roaming\1085\WindowsUpdate.exe (Generic.Bot.H) -> No action taken. C:\Users\azerty\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> No action taken. C:\Users\azerty\AppData\Roaming\cglogs.dat (Malware.Trace) -> No action taken. **************MalwareBytes************** [ analyse longue ] Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4618 Windows 7 Internet Explorer 8.0.7600.16385 15/09/2010 11:41:11 mbam-log-2010-09-15 (11-41-11).txt Type d'examen: Examen complet (C:\|D:\|E:\|) Elément(s) analysé(s): 326997 Temps écoulé: 1 heure(s), 6 minute(s), 33 seconde(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 5 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): C:\Users\azerty\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> No action taken. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{ahp84mde-g7g4-m768-srem-704t074b1g37} (Generic.Bot.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\softwarehelper (Rogue.Eorezo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.SpyNet) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.SpyNet) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.SpyNet) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Backdoor.Bot) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Users\azerty\AppData\Roaming\1085\WindowsUpdate.exe (Generic.Bot.H) -> No action taken. C:\Users\azerty\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> No action taken. C:\Users\azerty\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdate.exe (Rogue.Eorezo) -> No action taken. E:\Telechargement\Complet\Hard Disk Sentinel Pro v3.00 build 3736 MultiLang\hard.disk.sentinel.pro.v3.00.b3736-mpt.exe (Trojan.Agent.CK) -> No action taken. C:\Users\azerty\AppData\Roaming\cglogs.dat (Malware.Trace) -> No action taken. voila
  2. dead
    Bonjour à tous. Je recherche quelqu'un qui pourrait voir si mon ordinateur est en bonne santé ou non. Je ne sais pas pour le moment quoi faire. J'attend vos conseils Cordialement
×
×
  • Créer...