Spy/Malware? Win32.banker.FSTrojan et autres
Résolu
Elderath
-
Destrio5 Messages postés 85985 Date d'inscription Statut Modérateur Dernière intervention -
Destrio5 Messages postés 85985 Date d'inscription Statut Modérateur Dernière intervention -
Bonjour,
Après avoir parcouru sans succès votre forum, je poste ma petite bouteille à la mer.
J'ai semble-t'il été méchamment infecté par un virus étrange...Voilà ce qui s'est passé :
Surfant sur Internet avec Firefox, je sens soudain que mon PC rame monstrueusement...Mauvais pressentiment : et à juste titre, Windows m'informe que mon Pare-feu n'est pas enclenché : TROP TARD! Mon fond d'écran est modifié et j'ai le droit à une petite icone "Croix blanche sur fond rouge" en bas à droite de la barre de tache me disant que mon PC est infecté...Aaargl.
Windows dit détecter Win32.Banker.FSTrojan.SpyAgent.DA, et d'autres. J'ai voulu lancer Spybot - impossible. Je le désinstalle, le réinstalle, et comme un ABRUTI, et je pèse mes mots, je ne fais pas attention et fais redémarrer mon ordi'...Là, j'ai vraiment cru que c'était cuit. Mais non, il a démarré, difficilement, avec plein de messages pas cool (tellement que je n'ai pas tout noté de tete). J'ai réactivé le pare-feu windows. Quand je clique sur la celebre icone "Croix blanche sur fond rouge", l'ordi tente de me lancer sur un site antispyware blabla mais j'arrete le lancement du navigateur...Voulant consulter Internet, je lance Firefox, impossible. Impossible aussi d'accéder aux gestionnaires de taches, heeek!
Bon, a contre coeur, je lance IE6.
La, je tombe sur un site qui me dit d'installer Trojan Remover...Bon. J'installe, je lance...Il me detecte nfox.exe...bon, je reconsulte Internet...admettons, je fais ce que Trojan Remover me dit de faire...Puis vient une autre alerte, "Jjarogijanileri.dll"...Bon, je reconsulte Internet...Puis ordonne a Trojan Remover de renommer et "inactiver"...mais, je sais pas, j'ai pas confiance dans sa fiabilite au bestiau...la, il me dit que c'est "c_437p.exe"...A l'AIIIIDE!!!^^
A noter egalement, que AVIRA m'informe regulierement de blocage de page html bizarre ("HTML Crypted Gen" ou qqchose comme ca?)...et que mes accents circonflexes ne marche pas sur ce site?
Voila. J'espere que quelqu'un verra ce message...Je vous envoie mon Hijack this ensuite.
Après avoir parcouru sans succès votre forum, je poste ma petite bouteille à la mer.
J'ai semble-t'il été méchamment infecté par un virus étrange...Voilà ce qui s'est passé :
Surfant sur Internet avec Firefox, je sens soudain que mon PC rame monstrueusement...Mauvais pressentiment : et à juste titre, Windows m'informe que mon Pare-feu n'est pas enclenché : TROP TARD! Mon fond d'écran est modifié et j'ai le droit à une petite icone "Croix blanche sur fond rouge" en bas à droite de la barre de tache me disant que mon PC est infecté...Aaargl.
Windows dit détecter Win32.Banker.FSTrojan.SpyAgent.DA, et d'autres. J'ai voulu lancer Spybot - impossible. Je le désinstalle, le réinstalle, et comme un ABRUTI, et je pèse mes mots, je ne fais pas attention et fais redémarrer mon ordi'...Là, j'ai vraiment cru que c'était cuit. Mais non, il a démarré, difficilement, avec plein de messages pas cool (tellement que je n'ai pas tout noté de tete). J'ai réactivé le pare-feu windows. Quand je clique sur la celebre icone "Croix blanche sur fond rouge", l'ordi tente de me lancer sur un site antispyware blabla mais j'arrete le lancement du navigateur...Voulant consulter Internet, je lance Firefox, impossible. Impossible aussi d'accéder aux gestionnaires de taches, heeek!
Bon, a contre coeur, je lance IE6.
La, je tombe sur un site qui me dit d'installer Trojan Remover...Bon. J'installe, je lance...Il me detecte nfox.exe...bon, je reconsulte Internet...admettons, je fais ce que Trojan Remover me dit de faire...Puis vient une autre alerte, "Jjarogijanileri.dll"...Bon, je reconsulte Internet...Puis ordonne a Trojan Remover de renommer et "inactiver"...mais, je sais pas, j'ai pas confiance dans sa fiabilite au bestiau...la, il me dit que c'est "c_437p.exe"...A l'AIIIIDE!!!^^
A noter egalement, que AVIRA m'informe regulierement de blocage de page html bizarre ("HTML Crypted Gen" ou qqchose comme ca?)...et que mes accents circonflexes ne marche pas sur ce site?
Voila. J'espere que quelqu'un verra ce message...Je vous envoie mon Hijack this ensuite.
A voir également:
- Spy/Malware? Win32.banker.FSTrojan et autres
- Malwarebytes anti-malware - Télécharger - Antivirus & Antimalwares
- Spy bot - Télécharger - Antivirus & Antimalwares
- Win64 malware gen - Forum Virus
- Gridinsoft anti-malware ✓ - Forum Virus
- Spy sweeper - Télécharger - Antivirus & Antimalwares
30 réponses
Hello! Bien dormi? Moi oui, sachant que cet ordi' va mieux! ^^
Voilà le rapport AVIRA :
Avira AntiVir Personal
Report file date: dimanche 1 mars 2009 01:02
Scanning for 1271369 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MATHIEU
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 07/12/2008 23:46:16
AVSCAN.DLL : 8.1.4.0 40705 Bytes 17/07/2008 14:21:00
LUKE.DLL : 8.1.4.5 164097 Bytes 17/07/2008 14:21:00
LUKERES.DLL : 8.1.4.0 12033 Bytes 17/07/2008 14:21:00
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 23:46:16
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 00:33:28
ANTIVIR2.VDF : 7.1.2.55 248832 Bytes 20/02/2009 10:38:12
ANTIVIR3.VDF : 7.1.2.96 190976 Bytes 28/02/2009 13:37:00
Engineversion : 8.2.0.98
AEVDF.DLL : 8.1.1.0 106868 Bytes 31/01/2009 17:42:34
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 27/02/2009 13:37:04
AESCN.DLL : 8.1.1.7 127347 Bytes 14/02/2009 00:33:12
AERDL.DLL : 8.1.1.3 438645 Bytes 07/12/2008 23:46:16
AEPACK.DLL : 8.1.3.8 397684 Bytes 05/02/2009 10:33:16
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 13:37:02
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 26/02/2009 13:00:22
AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 13:37:02
AEGEN.DLL : 8.1.1.22 336245 Bytes 26/02/2009 13:00:14
AEEMU.DLL : 8.1.0.9 393588 Bytes 16/10/2008 15:01:42
AECORE.DLL : 8.1.6.6 176501 Bytes 18/02/2009 10:37:50
AEBB.DLL : 8.1.0.3 53618 Bytes 16/10/2008 15:01:38
AVWINLL.DLL : 1.0.0.12 15105 Bytes 17/07/2008 14:21:00
AVPREF.DLL : 8.0.2.0 38657 Bytes 17/07/2008 14:21:00
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 14:39:02
AVREG.DLL : 8.0.0.1 33537 Bytes 17/07/2008 14:21:00
AVARKT.DLL : 1.0.0.23 307457 Bytes 21/04/2008 11:00:16
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 17/07/2008 14:21:00
SQLITE3.DLL : 3.3.17.1 339968 Bytes 21/04/2008 11:00:18
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 17/07/2008 14:21:00
NETNT.DLL : 8.0.0.1 7937 Bytes 21/04/2008 11:00:18
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 17/07/2008 14:20:58
RCTEXT.DLL : 8.0.52.0 86273 Bytes 17/07/2008 14:20:58
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 1 mars 2009 01:02
Starting search for hidden objects.
'86690' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'FIREFOX.EXE' - '1' Module(s) have been scanned
Scan process 'revouninstaller.exe' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'SOFFICE.BIN' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SOFFICE.EXE' - '1' Module(s) have been scanned
Scan process 'Printkey 2000 Fr.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'Rainlendar2.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'BatteryLife.exe' - '1' Module(s) have been scanned
Scan process 'EOUWiz.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'WCOURIER.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'WMIAPSRV.EXE' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'JQS.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
52 processes with 52 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '61' files ).
Starting the file scan:
Begin scan in 'C:\' <PROG_55>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
C:\Program Files\eMule\Temp\005.part
[0] Archive type: RAR
--> Adobe_Premiere_Pro_CS3_Full_Version_with_Crack\payloads\AdobeAssetServices3All\AdobeAssetServices3All1.cab
[1] Archive type: CAB (Microsoft)
--> _6_f60bf5851f5f0ee8931421d34634a9dc
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\RMXP\Standard\Graphics.exe
[0] Archive type: CAB SFX (self extracting)
--> Graphics\Animations\002-Action02.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{2B950379-086E-4D45-9913-85CB2061AB16}\RP588\A0103673.exe
[DETECTION] Is the TR/Spy.FlyStudio.are Trojan
[NOTE] The file was moved to '49db6257.qua'!
C:\System Volume Information\_restore{2B950379-086E-4D45-9913-85CB2061AB16}\RP599\A0105458.EXE
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49db6298.qua'!
Begin scan in 'D:\' <DATA_35>
End of the scan: dimanche 1 mars 2009 13:18
Used time: 12:15:56 Hour(s)
The scan has been done completely.
16698 Scanning directories
341148 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
341143 Files not concerned
7769 Archives were scanned
5 Warnings
2 Notes
86690 Objects were scanned with rootkit scan
0 Hidden objects were found
J'ai mes les fichiers concernés en quarentaine (les deux trojans). Dois-je les supprimer purement et simplement?
Merci!
Voilà le rapport AVIRA :
Avira AntiVir Personal
Report file date: dimanche 1 mars 2009 01:02
Scanning for 1271369 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MATHIEU
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 07/12/2008 23:46:16
AVSCAN.DLL : 8.1.4.0 40705 Bytes 17/07/2008 14:21:00
LUKE.DLL : 8.1.4.5 164097 Bytes 17/07/2008 14:21:00
LUKERES.DLL : 8.1.4.0 12033 Bytes 17/07/2008 14:21:00
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 23:46:16
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 00:33:28
ANTIVIR2.VDF : 7.1.2.55 248832 Bytes 20/02/2009 10:38:12
ANTIVIR3.VDF : 7.1.2.96 190976 Bytes 28/02/2009 13:37:00
Engineversion : 8.2.0.98
AEVDF.DLL : 8.1.1.0 106868 Bytes 31/01/2009 17:42:34
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 27/02/2009 13:37:04
AESCN.DLL : 8.1.1.7 127347 Bytes 14/02/2009 00:33:12
AERDL.DLL : 8.1.1.3 438645 Bytes 07/12/2008 23:46:16
AEPACK.DLL : 8.1.3.8 397684 Bytes 05/02/2009 10:33:16
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 13:37:02
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 26/02/2009 13:00:22
AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 13:37:02
AEGEN.DLL : 8.1.1.22 336245 Bytes 26/02/2009 13:00:14
AEEMU.DLL : 8.1.0.9 393588 Bytes 16/10/2008 15:01:42
AECORE.DLL : 8.1.6.6 176501 Bytes 18/02/2009 10:37:50
AEBB.DLL : 8.1.0.3 53618 Bytes 16/10/2008 15:01:38
AVWINLL.DLL : 1.0.0.12 15105 Bytes 17/07/2008 14:21:00
AVPREF.DLL : 8.0.2.0 38657 Bytes 17/07/2008 14:21:00
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 14:39:02
AVREG.DLL : 8.0.0.1 33537 Bytes 17/07/2008 14:21:00
AVARKT.DLL : 1.0.0.23 307457 Bytes 21/04/2008 11:00:16
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 17/07/2008 14:21:00
SQLITE3.DLL : 3.3.17.1 339968 Bytes 21/04/2008 11:00:18
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 17/07/2008 14:21:00
NETNT.DLL : 8.0.0.1 7937 Bytes 21/04/2008 11:00:18
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 17/07/2008 14:20:58
RCTEXT.DLL : 8.0.52.0 86273 Bytes 17/07/2008 14:20:58
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 1 mars 2009 01:02
Starting search for hidden objects.
'86690' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'FIREFOX.EXE' - '1' Module(s) have been scanned
Scan process 'revouninstaller.exe' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'SOFFICE.BIN' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SOFFICE.EXE' - '1' Module(s) have been scanned
Scan process 'Printkey 2000 Fr.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'Rainlendar2.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'BatteryLife.exe' - '1' Module(s) have been scanned
Scan process 'EOUWiz.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'WCOURIER.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'WMIAPSRV.EXE' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'JQS.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
52 processes with 52 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '61' files ).
Starting the file scan:
Begin scan in 'C:\' <PROG_55>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
C:\Program Files\eMule\Temp\005.part
[0] Archive type: RAR
--> Adobe_Premiere_Pro_CS3_Full_Version_with_Crack\payloads\AdobeAssetServices3All\AdobeAssetServices3All1.cab
[1] Archive type: CAB (Microsoft)
--> _6_f60bf5851f5f0ee8931421d34634a9dc
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\RMXP\Standard\Graphics.exe
[0] Archive type: CAB SFX (self extracting)
--> Graphics\Animations\002-Action02.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{2B950379-086E-4D45-9913-85CB2061AB16}\RP588\A0103673.exe
[DETECTION] Is the TR/Spy.FlyStudio.are Trojan
[NOTE] The file was moved to '49db6257.qua'!
C:\System Volume Information\_restore{2B950379-086E-4D45-9913-85CB2061AB16}\RP599\A0105458.EXE
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49db6298.qua'!
Begin scan in 'D:\' <DATA_35>
End of the scan: dimanche 1 mars 2009 13:18
Used time: 12:15:56 Hour(s)
The scan has been done completely.
16698 Scanning directories
341148 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
341143 Files not concerned
7769 Archives were scanned
5 Warnings
2 Notes
86690 Objects were scanned with rootkit scan
0 Hidden objects were found
J'ai mes les fichiers concernés en quarentaine (les deux trojans). Dois-je les supprimer purement et simplement?
Merci!
"J'ai mes les fichiers concernés en quarentaine (les deux trojans). Dois-je les supprimer purement et simplement?"
---> Oui.
---> Refais un scan RSIT et poste le rapport log.
---> Oui.
---> Refais un scan RSIT et poste le rapport log.
Voilà le dernier rapport log de RSIT :
Logfile of random's system information tool 1.05 (written by random/random)
Run by Mathieu at 2009-03-02 03:28:28
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 13 GB (23%) free of 56 GB
Total RAM: 2047 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:28:41, on 02/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Mathieu\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mathieu.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Logfile of random's system information tool 1.05 (written by random/random)
Run by Mathieu at 2009-03-02 03:28:28
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 13 GB (23%) free of 56 GB
Total RAM: 2047 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:28:41, on 02/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Mathieu\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mathieu.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Le PC a l'air d'aller très bien! Merci encore, encore et encore ^^, et bravo pour l'efficacité!
IE6 semble être à jour. J'aimerais si possible éviter de passer au 7 ou au 8, vu que je ne les utilise juste JAMAIS!
IE6 semble être à jour. J'aimerais si possible éviter de passer au 7 ou au 8, vu que je ne les utilise juste JAMAIS!
"IE6 semble être à jour. J'aimerais si possible éviter de passer au 7 ou au 8, vu que je ne les utilise juste JAMAIS!"
---> Même si tu n'utilises pas Internet Explorer, c'est mieux de le mettre à jour.
1/
---> Désinstalle HijackThis.
---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
2/
---> Télécharge et installe CCleaner Slim.
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).
3/
---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.
---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.
==Prévention==
Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.
Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension NoScript pour plus de sécurité.
Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).
Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC : Lien
Par rapport au P2P : Lien
Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien
Sois plus vigilant(e) sur Internet ;)
---> Même si tu n'utilises pas Internet Explorer, c'est mieux de le mettre à jour.
1/
---> Désinstalle HijackThis.
---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
2/
---> Télécharge et installe CCleaner Slim.
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).
3/
---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.
---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.
==Prévention==
Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.
Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension NoScript pour plus de sécurité.
Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).
Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC : Lien
Par rapport au P2P : Lien
Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien
Sois plus vigilant(e) sur Internet ;)
Rapport TCleaner :
[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Outils\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\_OTMoveIt\MovedFiles\02282009_235850\UsbFix.txt: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Outils\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\_OTMoveIt\MovedFiles\02282009_235850\UsbFix.txt: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Fichiers temporaires nettoyés !
[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Outils\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\_OTMoveIt\MovedFiles\02282009_235850\UsbFix.txt: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Outils\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\_OTMoveIt\MovedFiles\02282009_235850\UsbFix.txt: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Fichiers temporaires nettoyés !