trop de pub !!! Fermé

Question

Bonjour,je suis infecté par fp pc on internet, des fenêtres de publicités envahisent ma navigation 
j'ai téléchargé hijackthis et j'ai fait un scan 
pouvez vous m'aider??? 
merci beaucoup par avance 

voici mon rapport!!! 


Logfile of Trend Micro HijackThis v2.0.2 
Scan saved at 21:42:34, on 04/08/2008 
Platform: Windows XP SP2 (WinNT 5.01.2600) 
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) 
Boot mode: Normal 

Running processes: 
C:\WINDOWS\System32\smss.exe 
C:\WINDOWS\system32\winlogon.exe 
C:\WINDOWS\system32\services.exe 
C:\WINDOWS\system32\lsass.exe 
C:\WINDOWS\system32\Ati2evxx.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\System32\svchost.exe 
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 
C:\Program Files\Alwil Software\Avast4\ashServ.exe 
C:\WINDOWS\system32\LEXBCES.EXE 
C:\WINDOWS\system32\LEXPPS.EXE 
C:\WINDOWS\system32\spoolsv.exe 
C:\WINDOWS\system32\Ati2evxx.exe 
C:\WINDOWS\Explorer.EXE 
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe 
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE 
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE 
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE 
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe 
C:\PROGRA~1\MESSAG~1\Demon.exe 
C:\Program Files\iTunes\iTunesHelper.exe 
C:\Program Files\QuickTime\qttask.exe 
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe 
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE 
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE 
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 
C:\WINDOWS\System32\svchost.exe 
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
C:\WINDOWS\system32\ctfmon.exe 
C:\Program Files\Messenger\msmsgs.exe 
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE 
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe 
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­ 
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe 
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
C:\documents and settings\administrateur\local settings\application data\kessagy.exe 
C:\Program Files\WinZip\WZQKPICK.EXE 
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe 
C:\Program Files\Canon\CAL\CALMAIN.exe 
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 
C:\Program Files\iPod\bin\iPodService.exe 
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe 
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe 
C:\WINDOWS\system32\WgaTray.exe 
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe 
C:\WINDOWS\System32\wbem\wmiapsrv.exe 
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe 
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe 
C:\WINDOWS\system32\wuauclt.exe 
C:\WINDOWS\System32\svchost.exe 
C:\Program Files\Orange HSS\Launcher\Launcher.exe 
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe 
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe 
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe 
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe 
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe 
C:\Program Files\Orange HSS\systray\systrayapp.exe 
C:\Program Files\Orange HSS\Deskboard\deskboard.exe 
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll 
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll 
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll 
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll 
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll 
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe 
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe 
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon 
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe 
O4 - HKLM\..\Run: [usbn] C:\WINDOWS\system32\usbn.exe -go -c48 -w 
O4 - HKLM\..\Run: [winyp.exe] C:\WINDOWS\system32\winyp.exe 
O4 - HKLM\..\Run: [B.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\B.tmp.exe 
O4 - HKLM\..\Run: [C.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\C.tmp.exe 
O4 - HKLM\..\Run: [B.tmp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\B.tmp.exe 
O4 - HKLM\..\Run: [C.tmp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\C.tmp.exe 
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [itunesff] C:\WINDOWS\system32\itunesff.exe -go -c60 -w3 
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" 
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe 
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash 
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW 
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN 
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe" 
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background 
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI 
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
O4 - HKCU\..\Run: [kessagy] c:\documents and settings\administrateur\local settings\application data\kessagy.exe kessagy 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') 
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE 
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll 
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll 
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll 
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll 
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll 
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe 
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe 
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe 
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL 
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe 
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU) 
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab 
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.systemrequirementslab.com/cyri 
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ 
O16 - DPF: {33331111-1111-1111-1111-611111193423} - 
O16 - DPF: {33331111-1111-1111-1111-611111193429} - 
O16 - DPF: {33331111-1111-1111-1111-615111193427} - 
O16 - DPF: {33331111-1131-1111-1111-611111193428} - 
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab 
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab 
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab 
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB 
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - file://C:\Program Files\The Tournament Director\comdlg32.cab 
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe 
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe 
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe 
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe 
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe 
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe 
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe 
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe 
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE 
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe 
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe 
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe 
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE 
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 

End of file - 12899 bytes
Configuration: Windows XP
Internet Explorer 6.0

bigshow77 · Answer

Je suis pas un pro mais si tu as beaucoup de pub c'est sûrement des spywares je peut te conseiller un bon logiciel que j'approuve à,100% Spyware doctor
Il est gratos et super symple d'utilisation 
En espérant t'avoir aidé
BIGSHOW77

nico-81 · Answer

salut tu fais ctrl+alt+suppr tu vans dans processus, tu cherche tout les fichiers se terminant par .exe en dessous même ceux de ce genre itunesff.exe -go -c60 -w3. Et tu termine lers processus et tu fixe les lignes : 
 C:\documents and settings\administrateur\local settings\application data\kessagy.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (sauf si tu es sous telecom)
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe (sauf si tu es sous telecom)

O4 - HKLM\..\Run: [usbn] C:\WINDOWS\system32\usbn.exe -go -c48 -w
O4 - HKLM\..\Run: [winyp.exe] C:\WINDOWS\system32\winyp.exe
O4 - HKLM\..\Run: [B.tmp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\B.tmp.exe
O4 - HKLM\..\Run: [C.tmp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\C.tmp.exe
O4 - HKLM\..\Run: [itunesff] C:\WINDOWS\system32\itunesff.exe -go -c60 -w3
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {33331111-1111-1111-1111-611111193423} 
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - file://C:\Program Files\The Tournament Director\comdlg32.cab
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
 puis passe un scan complet en mode sans echec de ceci mis à jour avant et poste le rapport (supprime les infection trouvées) : 
https://www.clubic.com/telecharger-fiche215092-malwarebytes-anti-malware.html

Trop de pub !!!

2 réponses

Discussions similaires