Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

PC infecté, aide pour analyse Hijack This SVP


maxo
 Share

Messages recommandés

Bonjour,

Mon PC était infecté par le spyware "AntispywareXP2009", j'ai pu le nettoyer avec "Malwarebytes' Anti-Malware", apparemennt le spyware a disparu, j'ai donc fait un scan Hijack This, est-ce que quelqu'un peut m'aider à analyser le log SVP, pour voir s'il y a d'autres choses à nettoyer ?

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:26:53, on 01/11/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://mm.tf1.fr/superdistribution/installer2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154717268671

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.orange.fr/al/presentation/pc...ivex/Ephoto.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUplo...geUploader3.cab

O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layou...PSUploader4.cab

O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab

O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/frame...geUploader5.cab

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layou...PSUploader4.cab

O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramou.../vivid_ocx.jpeg

O20 - AppInit_DLLs: karna.dat

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ewido security suite control - Unknown owner - D:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

O24 - Desktop Component 0: (no name) - http://photo.coolgrafik.com/prev/uploaded/...8hvk9w5lfnr.jpg

 

--

End of file - 6239 bytes

Lien vers le commentaire
Partager sur d’autres sites

Bonsoir,

 

C'est bien de vouloir désinfecter soi-même mais si tu veux de l'aide, ne prive pas le helper des rapports donnés par MBAM et Antivir par exemple.

 

Lance Hijackthis en "do a system scan only" et coche ces cases:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Office10\OSA.EXE

O20 - AppInit_DLLs: karna.dat

 

Ferme toutes les applications et clique sur Fix Checked.

 

Redémarre le pc.

 

Ensuite:

 

1) Télécharger ATF Cleaner par Atribune.

  • Installe-le sur le bureau. (A conserver car très utile après chaque séance de surf)
     
    Double-clique ATF-Cleaner.exe afin de lancer le programme.
    --> Sous Vista: Clic droit/exécuter en temps qu'administrateur.
    Sous l'onglet Main, choisis : Select All
    Cliquer sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

  • Clique Firefox au haut et choisis : Select All
    Cliquer le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

  • Clique Opera au haut et choisis : Select All
    Cliquer le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, cliquer No à l'invite.

Clique Exit, du menu principal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

 

2) Assure toi que la console Java est bien la plus récente; pour le savoir rends-toi sur cette page et clique sur Vérifier la version de Java -> http://www.java.com/fr/download/installed.jsp -> Il te sera indiqué si tu dois installer la dernière version.

 

TUTO: http://www.vista-xp.fr/forum/topic109.html

 

  • Fais un scan en ligne Kaspersky
  • Clique sur Accept
  • Patiente le temps d'installation du Webscanner.
  • Les bases de mises à jour vont s'installer, patiente un moment
  • Clique sur Next.
  • Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie/colle l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

 

Colle ce rapport dans ta réponse sur le forum.

 

@++

Lien vers le commentaire
Partager sur d’autres sites

Salut Apollo et merci pour ton aide.

 

J'ai fait ce que tu m'as dit, et voici les rapports MBAM et Kaspersky :

 

MBAM :

 

Malwarebytes' Anti-Malware 1.30

Version de la base de données: 1349

Windows 5.1.2600 Service Pack 1

 

01/11/2008 13:26:29

mbam-log-2008-11-01 (13-26-29).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 96433

Temps écoulé: 38 minute(s), 26 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 4

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 73

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP809\A0115437.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP809\A0115438.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP809\A0115622.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP809\A0115623.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP811\A0115715.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP811\A0115716.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115728.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115729.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115734.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115735.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115746.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115747.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115755.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115756.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115762.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115763.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115776.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115777.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115783.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115784.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115800.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115957.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115958.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115967.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP812\A0115968.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP815\A0116105.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP815\A0116106.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP815\A0116114.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP815\A0116115.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP815\A0116143.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP815\A0116144.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP815\A0118477.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP815\A0118478.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP817\A0118584.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP817\A0118585.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP817\A0118591.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP817\A0118592.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP823\A0118727.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP823\A0118728.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP826\A0118865.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP826\A0118866.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP826\A0118880.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP826\A0118881.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP826\A0118888.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP826\A0118889.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP834\A0118986.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP834\A0118987.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP837\A0119785.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP837\A0119786.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP837\A0119793.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP837\A0119794.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP837\A0119806.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP837\A0119807.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP837\A0119814.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP837\A0119815.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP838\A0119822.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP838\A0119823.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP838\A0119833.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0C660EEA-1423-4ECA-AECA-9A866174946F}\RP838\A0119834.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wini101954.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin.ADMIN-GDNE2X6I1\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin.ADMIN-GDNE2X6I1\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin.ADMIN-GDNE2X6I1\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin.ADMIN-GDNE2X6I1\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin.ADMIN-GDNE2X6I1\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

 

 

 

 

Kaspersky :

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Sunday, November 2, 2008

Operating System: Microsoft Windows XP Home Edition Service Pack 1 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Saturday, November 01, 2008 19:21:57

Records in database: 1366501

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

 

Scan statistics:

Files scanned: 36963

Threat name: 1

Infected objects: 1

Suspicious objects: 0

Duration of the scan: 00:55:17

 

 

File name / Threat name / Threats count

C:\Documents and Settings\admin.ADMIN-GDNE2X6I1\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

 

The selected area was scanned.

 

 

Qu'est-ce que je dois faire maintenant ? :P

Lien vers le commentaire
Partager sur d’autres sites

Voici mon dernier scan hijackthis :

est-ce que c'est normal que la jre java se lance au démarrage ?

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:08:41, on 02/11/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\QuickTime\QTTask.exe

D:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\HijackThis\HijackThis.exe

 

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://mm.tf1.fr/superdistribution/installer2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154717268671

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.orange.fr/al/presentation/pc...ivex/Ephoto.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUplo...geUploader3.cab

O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layou...PSUploader4.cab

O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab

O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/frame...geUploader5.cab

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layou...PSUploader4.cab

O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramou.../vivid_ocx.jpeg

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ewido security suite control - Unknown owner - D:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

O24 - Desktop Component 0: (no name) - http://photo.coolgrafik.com/prev/uploaded/...8hvk9w5lfnr.jpg

 

--

End of file - 7121 bytes

Lien vers le commentaire
Partager sur d’autres sites

Bonjour,

 

Vérifie ta version Java et mets-la à jour si nécessaire (6 update 10).

 

http://www.java.com/fr/download/manual.jsp

 

Ta console Java étant à jour; t'es-tu déjà servi(e) de Javara?

Si c'est non: n'utilise que le bouton que je montre:

img-2327100u0pq.jpg

 

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.

  • * Décompresse le fichier sur le bureau (clic droit > Extraire tout)
    * Double-cliquer sur le répertoire JavaRa.
    * Puis double-cliquer sur le fichier JavaRa.exe (le exe peut ne pas s'afficher)
    * Clique sur Search For Updates.
    * Sélectionner Update Using jucheck.exe puis cliquer sur Search.
    * Autorise le processus à se connecter s'il le demande, cliquer sur Install et suivre les instructions d'installation qui prennent quelques minutes.
    * L'installation est terminée, revenez à l'écran de JavaRa et clique sur Remove Older Versions.
    * Clique sur Oui pour confirmer. Laisse travailler et cliquez ensuite sur Ok, puis une deuxième fois sur Ok.
    * Un rapport va s'ouvrir à copier-coller dans la prochaine réponse.
    * Fermer l'application

Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log .

 

@++

Lien vers le commentaire
Partager sur d’autres sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

 Share

  • En ligne récemment   0 membre est en ligne

    Aucun utilisateur enregistré regarde cette page.

×
×
  • Créer...