Probleme DisableTaskMgr repasse à 1 tout seul
Résolu/Fermé
A voir également:
- Probleme DisableTaskMgr repasse à 1 tout seul
- Dans le texte, un seul mot a réellement été écrit en lettres capitales (majuscules). quel est ce mot ? ✓ - Forum Word
- Mon téléphone appelle tout seul - Forum Mobile
- Mon téléphone envoie des sms tout seul pour des colis - Forum Samsung
- Mon pc se verrouille tout seul - Forum Windows
- Le son de mon téléphone augmente tout seul ✓ - Forum Casque / Micro / kit
11 réponses
salut, Voici le rapport :
SmitFraudFix v2.352
Rapport fait à 23:17:10,14, 19/09/2008
Executé à partir de C:\Documents and Settings\SEBASTIEN\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\apps\ABoard\ABoard.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Vivitar\V3301\CamCheck\CamCheck.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\lphcajaj0ec9v.exe
C:\Program Files\Microsoft Security Adviser\msctrl.exe
C:\Program Files\Microsoft Security Adviser\msavsc.exe
C:\Program Files\Microsoft Security Adviser\msscan.exe
C:\Program Files\Microsoft Security Adviser\msiemon.exe
C:\Program Files\Microsoft Security Adviser\msfw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxthon\maxthon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\SEBASTIEN
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\SEBASTIEN\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SEBAST~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 208.67.220.220
DNS Server Search Order: 208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0481FB19-4F09-4863-9730-CE7B2BE384C9}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{402C1A1F-4A9E-4971-B137-90040A22749A}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{402C1A1F-4A9E-4971-B137-90040A22749A}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{524DEEF2-ED7F-4789-8E28-989C1A7C0E5D}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{88A5EA0C-2699-4195-8771-35BDCB5F8535}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{88A5EA0C-2699-4195-8771-35BDCB5F8535}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB2F501F-D462-45EE-9CC7-DD5BD21E9544}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB2F501F-D462-45EE-9CC7-DD5BD21E9544}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0481FB19-4F09-4863-9730-CE7B2BE384C9}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{402C1A1F-4A9E-4971-B137-90040A22749A}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{402C1A1F-4A9E-4971-B137-90040A22749A}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{524DEEF2-ED7F-4789-8E28-989C1A7C0E5D}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{88A5EA0C-2699-4195-8771-35BDCB5F8535}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{88A5EA0C-2699-4195-8771-35BDCB5F8535}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CB2F501F-D462-45EE-9CC7-DD5BD21E9544}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CB2F501F-D462-45EE-9CC7-DD5BD21E9544}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0481FB19-4F09-4863-9730-CE7B2BE384C9}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{402C1A1F-4A9E-4971-B137-90040A22749A}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{402C1A1F-4A9E-4971-B137-90040A22749A}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{524DEEF2-ED7F-4789-8E28-989C1A7C0E5D}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{88A5EA0C-2699-4195-8771-35BDCB5F8535}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{88A5EA0C-2699-4195-8771-35BDCB5F8535}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CB2F501F-D462-45EE-9CC7-DD5BD21E9544}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CB2F501F-D462-45EE-9CC7-DD5BD21E9544}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.352
Rapport fait à 23:17:10,14, 19/09/2008
Executé à partir de C:\Documents and Settings\SEBASTIEN\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\apps\ABoard\ABoard.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Vivitar\V3301\CamCheck\CamCheck.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\lphcajaj0ec9v.exe
C:\Program Files\Microsoft Security Adviser\msctrl.exe
C:\Program Files\Microsoft Security Adviser\msavsc.exe
C:\Program Files\Microsoft Security Adviser\msscan.exe
C:\Program Files\Microsoft Security Adviser\msiemon.exe
C:\Program Files\Microsoft Security Adviser\msfw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxthon\maxthon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\SEBASTIEN
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\SEBASTIEN\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SEBAST~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 208.67.220.220
DNS Server Search Order: 208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0481FB19-4F09-4863-9730-CE7B2BE384C9}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{402C1A1F-4A9E-4971-B137-90040A22749A}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{402C1A1F-4A9E-4971-B137-90040A22749A}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{524DEEF2-ED7F-4789-8E28-989C1A7C0E5D}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{88A5EA0C-2699-4195-8771-35BDCB5F8535}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{88A5EA0C-2699-4195-8771-35BDCB5F8535}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB2F501F-D462-45EE-9CC7-DD5BD21E9544}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB2F501F-D462-45EE-9CC7-DD5BD21E9544}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0481FB19-4F09-4863-9730-CE7B2BE384C9}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{402C1A1F-4A9E-4971-B137-90040A22749A}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{402C1A1F-4A9E-4971-B137-90040A22749A}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{524DEEF2-ED7F-4789-8E28-989C1A7C0E5D}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{88A5EA0C-2699-4195-8771-35BDCB5F8535}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{88A5EA0C-2699-4195-8771-35BDCB5F8535}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CB2F501F-D462-45EE-9CC7-DD5BD21E9544}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CB2F501F-D462-45EE-9CC7-DD5BD21E9544}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0481FB19-4F09-4863-9730-CE7B2BE384C9}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{402C1A1F-4A9E-4971-B137-90040A22749A}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{402C1A1F-4A9E-4971-B137-90040A22749A}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{524DEEF2-ED7F-4789-8E28-989C1A7C0E5D}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{88A5EA0C-2699-4195-8771-35BDCB5F8535}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{88A5EA0C-2699-4195-8771-35BDCB5F8535}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CB2F501F-D462-45EE-9CC7-DD5BD21E9544}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CB2F501F-D462-45EE-9CC7-DD5BD21E9544}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
19 sept. 2008 à 23:12
19 sept. 2008 à 23:12
Salut,
- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse.
[*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]
** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix
- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse.
[*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]
** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix
jacques.gache
Messages postés
33442
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 640
19 sept. 2008 à 23:18
19 sept. 2008 à 23:18
bonjour à vous deux , juste pour suivre @+
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
19 sept. 2008 à 23:23
19 sept. 2008 à 23:23
Moué...
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jacques.gache
Messages postés
33442
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 640
19 sept. 2008 à 23:54
19 sept. 2008 à 23:54
passes le en mode normal
Salut,
Passé en mode normal, il a trouvé et supprimé du monde :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1179
Windows 5.1.2600 Service Pack 2
20/09/2008 10:03:46
mbam-log-2008-09-20 (10-03-46).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 111165
Temps écoulé: 1 hour(s), 2 minute(s), 7 second(s)
Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 14
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 24
Processus mémoire infecté(s):
C:\Program Files\Microsoft Security Adviser\msctrl.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\Microsoft Security Adviser\msfw.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\Microsoft Security Adviser\msiemon.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\Microsoft Security Adviser\msscan.exe (Trojan.Downloader) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msavsc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msavsc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msctrl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msctrl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msfw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msfw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiemon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiemon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msscan.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msscan.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssadv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssadv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Microsoft Security Adviser (Trojan.Downloader) -> Delete on reboot.
Fichier(s) infecté(s):
C:\Program Files\Microsoft Security Adviser\msavsc.exe (Trojan.Downloader) -> Delete on reboot.
C:\Program Files\Microsoft Security Adviser\msctrl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\msctrl.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\msfw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\msiemon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\mssadv.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\mssadv_pv.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\mssadv_sp.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\msscan.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcajaj0ec9v.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcajaj0ec9v.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kernel32.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt1.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt2.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt4.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Je reboote.
Passé en mode normal, il a trouvé et supprimé du monde :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1179
Windows 5.1.2600 Service Pack 2
20/09/2008 10:03:46
mbam-log-2008-09-20 (10-03-46).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 111165
Temps écoulé: 1 hour(s), 2 minute(s), 7 second(s)
Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 14
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 24
Processus mémoire infecté(s):
C:\Program Files\Microsoft Security Adviser\msctrl.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\Microsoft Security Adviser\msfw.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\Microsoft Security Adviser\msiemon.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\Microsoft Security Adviser\msscan.exe (Trojan.Downloader) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msavsc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msavsc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msctrl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msctrl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msfw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msfw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiemon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiemon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msscan.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msscan.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssadv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssadv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Microsoft Security Adviser (Trojan.Downloader) -> Delete on reboot.
Fichier(s) infecté(s):
C:\Program Files\Microsoft Security Adviser\msavsc.exe (Trojan.Downloader) -> Delete on reboot.
C:\Program Files\Microsoft Security Adviser\msctrl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\msctrl.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\msfw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\msiemon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\mssadv.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\mssadv_pv.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\mssadv_sp.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\msscan.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcajaj0ec9v.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcajaj0ec9v.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kernel32.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt1.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt2.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEBASTIEN\Local Settings\Temp\.tt4.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Je reboote.
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
20 sept. 2008 à 10:06
20 sept. 2008 à 10:06
Après redémarrage :
---> Supprime SmitFraudFix
---> Relance MBAM, va dans Quarantaine et supprime tout
---> Supprime SmitFraudFix
---> Relance MBAM, va dans Quarantaine et supprime tout
Hé ben voila le probleme resolu !
J'ai rebooté et j'ai le gestionnaire des taches, j'ai supprimé les objets en quarantaine dans MBAM.
Un très grand Merci à toi Destrio5 pour m'avoir dépanné à une heure tardive !! et sur ce coup là c'etait pas gagné, j'avoue que j'avais usé toutes mes cartouches.
Je garde MBAM sous le coude en tout cas.
Encore MERCI !!!
@+
J'ai rebooté et j'ai le gestionnaire des taches, j'ai supprimé les objets en quarantaine dans MBAM.
Un très grand Merci à toi Destrio5 pour m'avoir dépanné à une heure tardive !! et sur ce coup là c'etait pas gagné, j'avoue que j'avais usé toutes mes cartouches.
Je garde MBAM sous le coude en tout cas.
Encore MERCI !!!
@+
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
20 sept. 2008 à 10:26
20 sept. 2008 à 10:26
---> Mets à jour Internet Explorer :
http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=fr
---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme
---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php
http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=fr
---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme
---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php