win32:small:JMH [trj]

Question

Bonjour,
J'ai avast antivirus et ad-aware 2007, mais ils ne parviennent pas a supprimer le virus win32:small:JMH [trj]
Apres avoir consulté une discussion sur le forum a ce sujet, j'ai executé SDfix dont voici le rapport.
Merci de me dire comment finir la suppression de ce virus

[b]SDFix: Version 1.155 [/b]

Run by Losseau Marie on mer. 12/03/2008 at 00:09

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\LOSSEA~1\Bureau\sdfix\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\DOCUME~1\LOSSEA~1\LOCALS~1\Temp\services.exe  - Deleted
C:\autorun.inf  - Deleted
C:\autorun.PNF  - Deleted
C:\WINDOWS\system32eal.txt  - Deleted





Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 00:18:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\DOCUME~1\LOSSEA~1\LOCALS~1\Temp\services.exe"="C:\DOCUME~1\LOSSEA~1\LOCALS~1\Temp\services.exe:*:Enabled:Flash Media"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\LOSSEA~1\Bureau\sdfix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Thu  1 Mar 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun  2 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT43.tmp"
Thu  3 Apr 2003        22,016 A..H. --- "C:\Documents and Settings\Losseau Marie\Bureau\Marie\Marie\~WRL0003.tmp"
Fri  4 Jan 2008       667,136 ...H. --- "C:\Documents and Settings\Losseau Marie\Bureau\Marie\Pio's\~WRL0004.tmp"
Thu 30 Mar 2006       139,264 ...H. --- "C:\Documents and Settings\Losseau Marie\Bureau\Marie\Droit\DRT 21 PremiŠre licence\TD de droit public\~WRL0263.tmp"
Thu 30 Mar 2006       140,800 ...H. --- "C:\Documents and Settings\Losseau Marie\Bureau\Marie\Droit\DRT 21 PremiŠre licence\TD de droit public\~WRL0754.tmp"
Thu 30 Mar 2006       150,016 ...H. --- "C:\Documents and Settings\Losseau Marie\Bureau\Marie\Droit\DRT 21 PremiŠre licence\TD de droit public\~WRL1174.tmp"
Fri 31 Mar 2006       156,672 ...H. --- "C:\Documents and Settings\Losseau Marie\Bureau\Marie\Droit\DRT 21 PremiŠre licence\TD de droit public\~WRL1241.tmp"
Thu 30 Mar 2006       140,800 ...H. --- "C:\Documents and Settings\Losseau Marie\Bureau\Marie\Droit\DRT 21 PremiŠre licence\TD de droit public\~WRL1946.tmp"
Thu 30 Mar 2006       141,312 ...H. --- "C:\Documents and Settings\Losseau Marie\Bureau\Marie\Droit\DRT 21 PremiŠre licence\TD de droit public\~WRL3203.tmp"
Fri 31 Mar 2006       158,720 ...H. --- "C:\Documents and Settings\Losseau Marie\Bureau\Marie\Droit\DRT 21 PremiŠre licence\TD de droit public\~WRL3727.tmp"

[b]Finished![/b]

^^Marie^^ · Answer

Salut

F -  Hijackthis - Outil de diagnostic et réparation 
télécharge HijackThis ici: 
http://telechargement.zebulon.fr/138-hijackthis-1991.html 
https://kerio.probb.fr/t62-comment-utiliser-et-comprendre-hijackthis 
Dézippe le dans un dossier prévu à cet effet. 
Par exemple C:\hijackthis < Enregistre le bien dans c : ! 
Démo : (Merci a Balltrap34 pour cette réalisation) 
http://pageperso.aol.fr/balltrap34/Hijenr.gif 
Lance le puis: 
clique sur "do a system scan and save logfile" (cf démo) 
faire un copier coller du log entier sur le forum 
Démo : (Merci a Balltrap34 pour cette réalisation) 
http://pageperso.aol.fr/balltrap34/demohijack.htm 
http://www.tutoriaux-excalibur.com/hijackthis.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html 

Bon courage 

A+

Win32:small:JMH [trj]

1 réponse

Votre réponse

Discussions similaires

Newsletters