Se connecter / S'enregistrer
Votre question

malware rapport hijackthis

Tags :
  • Malware
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Février 2008 13:09:43

bonjour je crois que j ai atrapé un malware(redirection vers sites).
j ai donc fait un raport hijackthis mais je ne sais pas les lire, si quelqu un pouvais me dire ce qu il faut que je supprime comme fichier je lui en serais grandement reconaissant merci d avance :) 

voila le rapport:

C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\robin\LOCALS~1\Temp\Rar$EX00.406\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O21 - SSODL: zip - {eece03a6-2b7b-4083-81d2-70f79469fd94} - C:\WINDOWS\Installer\{eece03a6-2b7b-4083-81d2-70f79469fd94}\zip.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 6030 bytes

Autres pages sur : malware rapport hijackthis

16 Février 2008 13:14:42

Salut,

Relance HiJackThis, do a system scan only, coche ces lignes :
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O21 - SSODL: zip- {eece03a6-2b7b-4083-81d2-70f79469fd94} - C:\WINDOWS\Installer\{eece03a6-2b7b-4083-81d2-70f79469fd94}\zip.dll

Puis Fix Checked !

*********

Télécharge OTMoveIt > Tuto <

Sauvegarde-le sur le Bureau

Séléctionne l'encadré ci-dessous
C:\WINDOWS\Installer\{eece03a6-2b7b-4083-81d2-70f79469fd94}\zip.dll

Lance maintenant OTMoveIt .
Assure toi que la case unregister dll’s and ocx’s soit cochée.
Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
Et clique sur Movelt !

Si le programme te demande de redemarrer, accepte.

Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!

NOTE : Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
16 Février 2008 13:17:57

ok j essaye ca merci
Contenus similaires
16 Février 2008 13:19:48

voila le raport:

File/Folder [nobackups] not found.
File/Folder [deleteself] not found.
File/Folder avenger.zip <Avenger by Swandog46> not found.
File/Folder avenger.exe not found.
File/Folder Avenger not found.
File/Folder avenger.txt not found.
File/Folder bfu.zip <BFU by Merijn> not found.
File/Folder BFU not found.
File/Folder combofix.exe <ComboFix by sUBs> not found.
File/Folder Combo-Fix.sys not found.
File/Folder ComboFix not found.
File/Folder erdnt not found.
File/Folder QooBox not found.
File/Folder ComboFix*.txt not found.
File/Folder catchme.exe not found.
File/Folder fdsv.exe not found.
File/Folder grep.exe not found.
File/Folder moveex.exe not found.
File/Folder nircmd.exe not found.
File/Folder sed.exe not found.
File/Folder swreg.exe not found.
File/Folder Swsc.exe not found.
File/Folder Swxcacls.exe not found.
File/Folder VFind.exe not found.
File/Folder zip.exe not found.
File/Folder tmp.reg not found.
File/Folder dss.exe <Deckard's System Scanner by Deckard> not found.
File/Folder Deckard not found.
File/Folder FindAWF.exe <FindAWF by noahdfear> not found.
File/Folder AWF.txt not found.
File/Folder fixwareout.exe <FixWareout by LonnyRJones> not found.
File/Folder fixwareout not found.
File/Folder fsbl.exe <F-Secure BlackLight> not found.
File/Folder fsbl*.log not found.
File/Folder gmer.exe <GMER by Gmer> not found.
File/Folder gmer.dll not found.
File/Folder gmer.ini not found.
File/Folder gmer.log not found.
File/Folder gmer_uninstall.cmd not found.
File/Folder gmer.sys not found.
File/Folder gmer <delete service> not found.
File/Folder haxfix.exe <Haxfix by Markie> not found.
File/Folder haxfix.txt not found.
File/Folder killbox.exe <Killbox by Option^Explicit> not found.
File/Folder !Killbox not found.
File/Folder NoLop.exe <NoLop by ?> not found.
File/Folder NoLop.txt not found.
File/Folder NoLopOLD.txt not found.
File/Folder delete.bat not found.
File/Folder OTMoveIt.exe <OTMoveIt by OldTimer> not found.
OTMoveIt2.exe moved successfully.
File/Folder _OTMoveIt not found.
File/Folder rustbfix.exe <Rustbfix by Ejvindh> not found.
File/Folder Rustbfix not found.
File/Folder sdfix.exe <SDFix by Andy_Manchesta> not found.
File/Folder SDFix not found.
File/Folder SmitfraudFix.exe <SmitfraudFix by S!Ri> not found.
File/Folder SmitfraudFix not found.
File/Folder rapport.txt not found.
File/Folder SysInsite <System Insite by Bobbi Flekman> not found.
File/Folder VundoFix.exe <VundoFix by Atribune> not found.
File/Folder VundoFix Backups not found.
File/Folder vundofix.txt not found.
File/Folder vundofix.vft not found.
File/Folder win32delfkil.exe <WinDelfKil by Markie> not found.
File/Folder _backupD not found.
File/Folder windelf.txt not found.
File/Folder winpfind.exe <WinPfind by OldTimer> not found.
File/Folder WinPfind not found.
File/Folder WinPFind3u.exe <WinPFind3 by OldTimer> not found.
File/Folder WinPFind3u not found.
File/Folder WinPFind35u.exe <WinPFind35 by OldTimer> not found.
File/Folder WinPFind35u not found.
File/Folder cleanup.txt not found.

OTMoveIt2 v1.0.20 log created on 02162008_131827
16 Février 2008 13:22:06

en fait j ai pas reussi a voir le tuto donc je sais pas trop si ma manip est bonne
16 Février 2008 14:23:59

Oui, tu as fait n'importe quoi :D 
Heureusement aucun dommage.

Tu n'as même pas besoin du tuto pour le faire ;) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS