Virus

Fermé
denis0091 Messages postés 81 Date d'inscription samedi 4 avril 2009 Statut Membre Dernière intervention 20 juillet 2010 - 30 janv. 2010 à 09:26
 Utilisateur anonyme - 30 janv. 2010 à 18:04
Bonjour,

apres avoir lu le 4 de cette page : https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc , je poste mon rapport de scan, et, ceux qui s'y connaissent, pouvez-vous me dire si j'ai un/des virus, merci :) !

(je poste le rapport) :
BitDefender QuickScan Beta 32-bit v0.9.9.0
------------------------------------------

Scan date: Sat Jan 30 09:23:10 2010
Machine ID: 483EB7A1



No infection found.
---------------------


Processes
---------
<unsigned> AntiVir Desktop 1980 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
<unsigned> AntiVir Desktop 508 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
<unsigned> AntiVir Desktop 1600 C:\Program Files\Avira\AntiVir Desktop\sched.exe
<unsigned> LightScribe 732 C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
<unsigned> Microsoft Development Environment 1132 C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
<unsigned> Ralink Wireless Utility 228 C:\Program Files\RALINK\Common\RaUI.exe
<unsigned> SecuROM User Access Service (V7). 1644 C:\WINDOWS\system32\UAService7.exe

<verified> Adobe Acrobat 1864 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
<verified> Firefox 3392 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Java(TM) Platform SE 6 U17 588 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Java(TM) Platform SE 6 U17 1896 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Messenger 2004 C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft Search Enhancement Pack 1408 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
<verified> Microsoft® Windows® Operating System 3120 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 604 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 2036 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 684 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 1552 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 1332 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 3940 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1716 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 844 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 904 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 944 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 980 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1088 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1192 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 3104 C:\WINDOWS\system32\wbem\wmiprvse.exe
<verified> Microsoft® Windows® Operating System 1628 C:\WINDOWS\system32\wuauclt.exe
<verified> Microsoft® Windows® Operating System 2068 C:\WINDOWS\system32\wuauclt.exe
<verified> NMSAccessU.exe 1124 C:\Program Files\CDBurnerXP\NMSAccessU.exe
<verified> PnkBstrA.exe 1252 C:\WINDOWS\system32\PnkBstrA.exe
<verified> Système d'exploitation Microsoft® Windows® 1340 C:\WINDOWS\Explorer.EXE
<verified> Système d'exploitation Microsoft® Windows® 672 C:\WINDOWS\system32\services.exe
<verified> Système d'exploitation Microsoft® Windows® 540 C:\WINDOWS\System32\smss.exe
<verified> Système d'exploitation Microsoft® Windows® 2680 C:\WINDOWS\System32\wbem\wmiapsrv.exe
<verified> Système d'exploitation Microsoft® Windows® 628 C:\WINDOWS\system32\winlogon.exe
<verified> Windows Live Communications Platform 2676 C:\Program Files\Windows Live\Contacts\wlcomm.exe
<verified> Windows Live Messenger 2568 C:\Program Files\Windows Live\Messenger\msnmsgr.exe


Network activity
----------------
Process msnmsgr.exe (2568) connected on port 1863 (MSN) - sn1msg2010713.phx.gbl
Process firefox.exe (3392) connected on port 80 (HTTP) - 77.67.30.88
Process firefox.exe (3392) connected on port 80 (HTTP) - wy-in-f156.1e100.net
Process firefox.exe (3392) connected on port 80 (HTTP) - wy-in-f102.1e100.net
Process firefox.exe (3392) connected on port 80 (HTTP) - 80.15.236.206
Process firefox.exe (3392) connected on port 80 (HTTP) - 217.243.192.18
Process firefox.exe (3392) connected on port 80 (HTTP) - 81.52.160.74
Process firefox.exe (3392) connected on port 80 (HTTP) - 207.123.34.126
Process firefox.exe (3392) connected on port 80 (HTTP) - 209.85.227.105
Process firefox.exe (3392) connected on port 80 (HTTP) - 213.248.125.105
Process firefox.exe (3392) connected on port 80 (HTTP) - 209.85.227.113
Process firefox.exe (3392) connected on port 80 (HTTP) - 92.123.228.20
Process firefox.exe (3392) connected on port 80 (HTTP) - 93.188.131.155
Process firefox.exe (3392) connected on port 80 (HTTP) - 91.103.138.65

Process svchost.exe (904) listens on ports: 135 (RPC)
Process svchost.exe (1332) listens on ports: 2869 (SSDP event notification, UPNP)


Autoruns and critical files
---------------------------
<unsigned> Adobe Systems, Inc. Adobe Gamma Loader C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
<unsigned> AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
<unsigned> ral.exe D:\ral.exe
<unsigned> Ralink Wireless Utility C:\Program Files\RALINK\Common\RaUI.exe
<unsigned> SiS (R) Compatible Super VGA SiSTray application C:\WINDOWS\system32\sistray.exe
<unsigned> SiS Power Scheme Library C:\WINDOWS\system32\SiSPower.dll
<unsigned> SiS SiSUSBrg C:\WINDOWS\SiSUSBrg.exe

<verified> Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
<verified> Adobe Photoshop Album Starter Edition C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
<verified> Adobe Reader and Acrobat Manager C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
<verified> GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
<verified> Java(TM) Platform SE 6 U17 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Messenger Plus! 3 C:\Program Files\MessengerPlus! 3\MsgPlus.exe
<verified> Microsoft Office XP C:\Program Files\Microsoft Office\Office10\OSA.EXE
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dumprep.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\browseui.dll
<verified> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\crypt32.dll
<verified> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\cscdll.dll
<verified> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\logonui.exe
<verified> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\sclgntfy.dll
<verified> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\shell32.dll
<verified> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\stobject.dll
<verified> Système d'exploitation Microsoft® Windows® c:\windows\system32\userinit.exe
<verified> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\wlnotify.dll
<verified> Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
<verified> Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
<unsigned> BitCometAgent C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
<unsigned> frozen.dll C:\Documents and Settings\POINT PC\Application Data\Mozilla\Firefox\Profiles/1ydnxx05.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
<unsigned> googletoolbar-ff2.dll C:\Documents and Settings\POINT PC\Application Data\Mozilla\Firefox\Profiles/1ydnxx05.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
<unsigned> googletoolbar-ff3.dll C:\Documents and Settings\POINT PC\Application Data\Mozilla\Firefox\Profiles/1ydnxx05.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
<unsigned> googletoolbarloader.dll C:\Documents and Settings\POINT PC\Application Data\Mozilla\Firefox\Profiles/1ydnxx05.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
<unsigned> Installer Control C:\WINDOWS\Downloaded Program Files\InstallerControl.dll
<unsigned> InterTrust Redemption Wizard C:\Program Files\Internet Explorer\plugins\NPDocBox.dll
<unsigned> Java(TM) Platform SE 6 U17 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
<unsigned> Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

<verified> AcroIEHelper Library c:\program files\fichiers communs\adobe\acrobat\activex\acroiehelper.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> BitDefender QuickScan C:\Documents and Settings\POINT PC\Application Data\Mozilla\Firefox\Profiles/1ydnxx05.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
<verified> BitDefender QuickScan C:\Documents and Settings\POINT PC\Application Data\Mozilla\Firefox\Profiles/1ydnxx05.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx
<verified> Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
<verified> GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
<verified> Java Deployment Toolkit 6.0.170.4 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Java(TM) Platform SE 6 U17 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft Office Live Plug-in for Firefox C:\Program Files\Microsoft\Office Live\npOLW.dll
<verified> Microsoft Search Enhancement Pack c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
<verified> Microsoft® Windows Live Login Helper c:\program files\fichiers communs\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
<verified> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\mswsock.dll
<verified> UNO Messenger C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll
<verified> Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
<verified> Windows Live Toolbar c:\program files\windows live\toolbar\wltcore.dll
<verified> Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Missing files
-------------
File not found: C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
referenced in: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"LightScribe Control Panel"

File not found: C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
referenced in: HKLM\System\CurrentControlSet\Services\Nero BackItUp Scheduler 4.0\"ImagePath"

File not found: C:\Program Files\NEXON\EuropeMapleStory\npkcrypt.sys
referenced in: HKLM\System\CurrentControlSet\Services\npkcrypt\"ImagePath"

File not found: C:\Program Files\NEXON\EuropeMapleStory\npkcusb.sys
referenced in: HKLM\System\CurrentControlSet\Services\npkcusb\"ImagePath"

File not found: C:\WINDOWS\vsnpstd.exe
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"snpstd"

File not found: E:\Fxdrv.sys
referenced in: HKLM\System\CurrentControlSet\Services\FXDRV\"ImagePath"

File not found: System32\Drivers\ov519vid.sys
referenced in: HKLM\System\CurrentControlSet\Services\ovt519\"ImagePath"

File not found: c:\program files\ask.com\genericasktoolbar.dll
referenced in: HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\InprocServer32\(default)
referenced in: HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\InprocServer32\(default)

File not found: c:\program files\daemon tools toolbar\dttoolbar.dll
referenced in: HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\InprocServer32\(default)

File not found: system32\DRIVERS\snpstd.sys
referenced in: HKLM\System\CurrentControlSet\Services\snpstd\"ImagePath"


Scan
----

No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.05 MB sent, 2.80 KB recvd
Scanned 1085 files and modules - 74 seconds
A voir également:

3 réponses

Utilisateur anonyme
30 janv. 2010 à 12:02
Salut,

Je pense que le début du rapport est assez clair :)

No infection found.
---------------------

Quelque chose te faisait penser que tu pouvais être infecté ?
0
denis0091 Messages postés 81 Date d'inscription samedi 4 avril 2009 Statut Membre Dernière intervention 20 juillet 2010 9
30 janv. 2010 à 16:46
Pas mal oui ;(, changement d'antivirus, donc un temps passer sans, et quand on vois le nombre de pub, liens soit disant dangeureux etc... J'ai toutes les raisons de penser que je suis infecté :)

Et souvent, mon PC me dit que je suis connecté a internet, mais FireFox, et toutes les applications utilisants internet ne fonctionnent plus ;( !
0
Utilisateur anonyme
30 janv. 2010 à 18:04
Ok, dans ce cas, on va analyser ton PC :

• Télécharge RSIT de Random/Random, et enregistre le sur ton Bureau.

• Sous XP : Double clique sur RSIT.exe
• Sous Vista/7 : Fais un clic droit sur RSIT.exe et sélectionne "Exécuter en tant qu'administrateur"

• Clique sur Continue à l'écran Disclaimer.

• Si l'outil HijackThis n'est pas présent sur ton PC, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) et tu devras accepter la licence en cliquant sur le bouton accept.

• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés.

Les rapports sont sauvegardés dans C:\rsit\info.txt et C:\rsit\log.txt

Aide en images
0