virus paralisant les fonctions vitales []

virus paralisant les fonctions vitales [] - Sécurité - Virus

Recherche Recherche
Règles Règles
Aide Aide

TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !

Se connecter | Inscription

Voir les posts : Par défaut Tous Les bonnes notes Les notes insuffisantes

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : virus paralisant les fonctions vitales []

hells31

Profil : IDNaute

Plus d'informations

15-10-2005 à 17:28:26

bonjour,

je suis infester par un virus (un trojan je pense) qui me ralenti fortement mon PC...de plus il prend de l'empleur et désactiv antivirguard, mon gestionnaire (alt controle suppr). en mode sans echec le virus m'empêche de supprimer les fichier critiques.

je suis vraiment perdu et je ne sais pas quoi faire car mes connaissances en informatiques sont tès limitées.

j'ai fait des scan avec antivir panda et symatec que voici:
pour PANDA
Incident Statut Analyse

Spyware:Spyware/Virtumonde No Désinfecté C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8DUB81UB\r322[1].exe
Adware:Adware/Maxifiles No Désinfecté C:\Documents and Settings\os\Local Settings\Temporary Internet Files\Content.IE5\98G7TPCT\maxifilesdns[1].zip[gui.exe]
Adware:Adware/Maxifiles No Désinfecté C:\Documents and Settings\os\Local Settings\Temporary Internet Files\Content.IE5\98G7TPCT\maxifilesdns[1].zip[cwebpage.dll]
Adware:Adware/Maxifiles No Désinfecté C:\Documents and Settings\os\Local Settings\Temporary Internet Files\Content.IE5\ODAZG92N\maxifilesdns[1].zip[gui.exe]
Adware:Adware/Maxifiles No Désinfecté C:\Documents and Settings\os\Local Settings\Temporary Internet Files\Content.IE5\ODAZG92N\maxifilesdns[1].zip[cwebpage.dll]
Adware:Adware/Exact.BargainBuddyNo Désinfecté C:\Program Files\BullsEye Network\bin\adv.exe
Adware:Adware/Exact.BargainBuddyNo Désinfecté C:\Program Files\BullsEye Network\bin\adx.exe
Adware:Adware/Exact.BargainBuddyNo Désinfecté C:\Program Files\BullsEye Network\bin\bargains.exe
Adware:Adware/Exact.BargainBuddyNo Désinfecté C:\Program Files\BullsEye Network\Uninstall.exe
Adware:Adware/Maxifiles No Désinfecté C:\Program Files\DNS\cwebpage.dll
Adware:Adware/Maxifiles No Désinfecté C:\Program Files\DNS\gui.exe
Adware:Adware/Maxifiles No Désinfecté C:\Program Files\Fichiers communs\InetGet\mc-30-595-0000027.exe
Adware:Adware/Maxifiles No Désinfecté C:\Program Files\Fichiers communs\mc-30-595-0000027.exe
Adware:Adware/Maxifiles No Désinfecté C:\Program Files\Fichiers communs\services.exe
Adware:adware/maxifiles No Désinfecté C:\Program Files\Fichiers communs\system32.dll
Adware:Adware/Maxifiles No Désinfecté C:\Program Files\Fichiers communs\system32.dll[gui.exe]
Adware:Adware/Maxifiles No Désinfecté C:\Program Files\Fichiers communs\system32.dll[cwebpage.dll]
Adware:Adware/Maxifiles No Désinfecté C:\Program Files\Fichiers communs\Windows\mc-30-595-0000027.exe
Virus:Trj/Agent.AQC Désinfecté C:\WINDOWS\spooler32(2).exe
Adware:adware/exact.bargainbuddyNo Désinfecté C:\WINDOWS\system32\bbchk.exe
Adware:Adware/404Search No Désinfecté C:\WINDOWS\system32\exclean.exe
Adware:Adware/Exact.BargainBuddyNo Désinfecté C:\WINDOWS\system32\exdl.exe
Adware:Adware/Exact.BargainBuddyNo Désinfecté C:\WINDOWS\system32\exdl0.exe
Adware:Adware/Exact.BargainBuddyNo Désinfecté C:\WINDOWS\system32\exdl1.exe
Adware:Adware/Exact.SearchBar No Désinfecté C:\WINDOWS\system32\exul.exe
Adware:Adware/Exact.SearchBar No Désinfecté C:\WINDOWS\system32\exul1.exe
Virus:W32/Sdbot.ftp Désinfecté C:\WINDOWS\system32\i
Adware:adware/wupd No Désinfecté C:\WINDOWS\system32\ide21201.vxd
Adware:Adware/Exact.SearchBar No Désinfecté C:\WINDOWS\system32\javexulm.vxd
Virus:Trj/Vundo.B Désinfecté C:\WINDOWS\system32\ljjkk.dll
Adware:Adware/Exact.BargainBuddyNo Désinfecté C:\WINDOWS\system32\mqexdlm.srg
Adware:Adware/Exact.BargainBuddyNo Désinfecté C:\WINDOWS\system32\msbe.dll
Spyware:Spyware/Virtumonde No Désinfecté C:\WINDOWS\system32\opnmn(2).dll
Virus:Bck/IrcBot.NH Désinfecté C:\WINDOWS\winsys(2).exe

avec antivir:

Creation date of the report file: samedi 15 octobre 2005 12:20

AntiVir®/XP (2000 + NT) PersonalEdition Classic
Build 1068 of 21.09.2005
Mainprogram 6.32.00.07 of 16.09.2005
VDF file 6.32.0.68 (0) of 07.10.2005

This program is for PERSONAL USE only.
Any other use is PROHIBITED.
Informations regarding commercial versions of AntiVir may be obtained from:
www.hbedv.com.

Scanning for 228826 virus strains and unwanted programs.

Licensed for: AntiVir Personal Edition
Serial number: 0000149991-WURGE-0001

Please enter the workstation and
contact name with phone number in this form:

Name ___________________________________________

Street ___________________________________________

Town ___________________________________________

Phone/Fax ___________________________________________

Email ___________________________________________

Platform: Windows NT Workstation
Windows version: 5.1 Build 2600 (Service Pack 1)
Username: Administrateur
Computername: ORDI
Processor: Pentium
Working memory: 392688 KB free

Version information:
AVWIN.DLL : 6.32.00.04 561192 13.09.2005 11:19:36
AVEWIN32.DLL : 6.32.0.6 832000 27.09.2005 23:50:30
AVGNT.EXE : 6.32.00.00 168039 13.09.2005 11:19:36
AVGUARD.EXE : 6.32.00.06 207912 13.09.2005 11:19:36
GUARDMSG.DLL : 6.30.00.02 94248 01.02.2005 11:24:10
AVGCMSG.DLL : 6.32.00.00 258165 13.09.2005 11:19:36
AVGNTDW.SYS : 6.31.00.01 32896 29.04.2005 08:07:16
AVPACK32.DLL : 6.31.01.07 327720 13.09.2005 11:19:36
AVGETVER.DLL : 6.30.00.00 24576 28.01.2005 18:10:20
AVSHLEXT.DLL : 6.30.00.01 40960 28.01.2005 18:10:22
AVSched32.EXE : 6.32.00.01 110632 21.09.2005 11:14:42
AVSched32.DLL : 6.30.00.00 122880 01.02.2005 11:24:10
AVREG.DLL : 6.31.00.05 41000 13.09.2005 11:19:36
AVRep.DLL : 6.32.00.45 1388584 27.09.2005 23:50:34
INETUPD.EXE : 6.32.00.05 254011 13.09.2005 11:19:38
INETUPD.DLL : 6.32.00.05 143360 13.09.2005 11:19:38
CTL3D32.DLL : 2.31.000 27136 28.08.2001 16:00:00
MFC42.DLL : 6.00.8665.0 995383 28.08.2001 16:00:00
MSVCRT.DLL : 7.0.2600.1106 (xpsp1.020828-1920
MSVCRT.DLL : 7.0.2600.1106 323072 29.08.2002 13:44:52
CTL3DV2.DLL : No information

Configuration file:

Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI
Name of report file: C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG
Start path: C:\Program Files\AVPersonal
Command line:
Start mode: unknown

Mode of report file:
[ ] Do not create report
[X] Overwrite report
[ ] Append new report

Data in report file:
[X] Infected files
[ ] Infected files with paths
[ ] All scanned files
[ ] Full information

Abridge report file:
[ ] Abridge report file

Warnings in report:
[X] Access denied/file locked
[X] Wrong file size in directory
[X] Wrong creation time in directory
[ ] COM file is too large
[X] Invalid start address
[X] Invalid EXE header
[X] Possibly damaged

Summary report:
[X] Create summary report
Output file: AVWIN.ACT
Maximum number of entries: 100

Where to search:
[X] Memory
[X] Boot record of selected drives
[X] Report unknown boot sectors
[X] All files
[ ] Program files

Response in case of a detection:
[ ] Repair with prompt
[X] Repair without prompt
[ ] Delete with prompt
[ ] Delete without prompt
[ ] Write in report file only
[X] Acoustic alarm

Response in case of destroyed files:
[X] Delete with prompt
[ ] Delete without prompt
[ ] Ignore

Response in case of destroyed files:
[X] No change
[ ] Current system time
[ ] Correct date

Drag&drop settings:
[X] Scan subdirectories

Profile settings:
[X] Scan subdirectories

Archive options
[X] Search archive
[X] Archive types to leave out
1002 1001 1000

Miscellaneous options:
Temporary path: %TEMP% -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[X] Overwrite infected files
[ ] Detect idle time
[X] Allow interruptions of scan
[ ] Load AVWin®/NT Guard on System start

General settings:
[X] Save options on exiting AntiVir
Priority: medium

Drives:
A: Floppy drive
C: Hard disk
D: Hard disk
F: CD-ROM
G: CD-ROM

Start of scan: samedi 15 octobre 2005 12:20

Memory test OK
Master boot record of hard disk HD0 OK
Boot record of drive C: OK
Boot record of drive D: OK

C:\
pagefile.sys
Access denied! Error during file opening!
This is a Windows swap file. This file is locked by Windows.
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\Administrateur
ntuser.dat
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
ntuser.dat.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows
UsrClass.dat
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
UsrClass.dat.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson
user.dmp
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\Program Files\WinRAR
rarnew.dat
ArchiveType: RAR
NOTE! The archive is created by multiple volumes
Error! Could not change directory: System Volume Information
C:\WINDOWS\$NtUninstallKB828741$
catsrv.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
catsrvut.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
clbcatex.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
clbcatq.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
colbact.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
comadmin.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
comrepl.exe
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
comsvcs.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
comuid.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
es.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
migregdb.exe
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
msdtcprx.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
msdtctm.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
msdtcuiu.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
mtxclu.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
mtxoci.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
rpcrt4.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
txflog.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\WINDOWS\$NtUninstallKB835732$
callcont.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
cmdevtgprov.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
evtgprov.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
gdi32.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
h323.tsp
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
h323msp.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
helpctr.exe
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
ipnathlp.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
lsasrv.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
mf3216.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
msasn1.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
msgina.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
mst120.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
netapi32.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
nmcom.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
rtcdll.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
schannel.dll
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\WINDOWS\system32\config
default
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
default.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
software
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
software.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
system
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
system.LOG
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!

End of scan: samedi 15 octobre 2005 13:37
Time taken: 76:11 min

2665 directories were scanned
44049 files were scanned
51 warning messages were issued
0 files were deleted
0 files were repaired
4 detections

mercii d'avance pour votre aide...

Liens sponsorisés

Inscrivez-vous ou connectez-vous pour masquer ceci.

esteban54

Profil : IDNaute

Plus d'informations

16-10-2005 à 12:06:28

Masquer

Bonjour,

Télécharge le programme >>Hijackthis 1.99.1<<

Dézippe-le et mets-le dans un dossier specifique (exemple : ..\Bureau\Hijackthis\Hijackthis.exe )

Lance-le
Clique sur "Do a system scan and save a logfile" et poste le rapport avec copier/coller

on regardera quand on aura un moment...

hells31

Profil : IDNaute

Plus d'informations

16-10-2005 à 17:27:46

Masquer

voici ce que ça donne, mais c'est de pire en pire...

Logfile of HijackThis v1.99.1
Scan saved at 17:29:10, on 16/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\spooler32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\msnq3insller.exe
C:\WINDOWS\ymrhadb.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ntdat32.exe
C:\Program Files\dwer\sohs.exe
C:\WINDOWS\System32\d?xplore.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Fichiers communs\services.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Gopher Class - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Program Files\DNS\Catcher.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {FDB2E792-7026-68A0-2061-28D74F5F31E3} - C:\WINDOWS\System32\osnmygif.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\Run: [MS Unix Binary] msnq3insller.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Jx5GTvu7] C:\WINDOWS\ymrhadb.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] msnq3insller.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-30-595-0000027.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Fichiers communs\mc-30-595-0000027.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKCU\..\Run: [MS Unix Binary] msnq3insller.exe
O4 - HKCU\..\Run: [Scpo] "C:\Program Files\dwer\sohs.exe" -vt mt
O4 - HKCU\..\Run: [Orpeip] C:\WINDOWS\System32\d?xplore.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] ntdat32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/software [...] _adult.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Za [...] ge-c11.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTi [...] refid=4814
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Printer Spooler (printspool) - Unknown owner - C:\WINDOWS\spooler32.exe

merci

esteban54

Profil : IDNaute

Plus d'informations

16-10-2005 à 21:01:57

Masquer

Bonsoir,

1/ Télécharge et installe CCleaner

2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.

3/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation

O2 - BHO: Gopher Class - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Program Files\DNS\Catcher.dll
O2 - BHO: (no name) - {FDB2E792-7026-68A0-2061-28D74F5F31E3} - C:\WINDOWS\System32\osnmygif.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing)
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime --> inutile
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe --> inutile
O4 - HKLM\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\Run: [MS Unix Binary] msnq3insller.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Jx5GTvu7] C:\WINDOWS\ymrhadb.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] msnq3insller.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-30-595-0000027.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Fichiers communs\mc-30-595-0000027.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKCU\..\Run: [MS Unix Binary] msnq3insller.exe
O4 - HKCU\..\Run: [Scpo] "C:\Program Files\dwer\sohs.exe" -vt mt
O4 - HKCU\..\Run: [Orpeip] C:\WINDOWS\System32\d?xplore.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] ntdat32.exe

O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/software [...] _adult.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Za [...] ge-c11.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTi [...] refid=4814

O23 - Service: Printer Spooler (printspool) - Unknown owner - C:\WINDOWS\spooler32.exe

4/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->coché
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché)

5/ ensuite supprime les fichiers et/ou dossiers suivants :

C:\Program Files\DNS\ --> supprime ce dossier
C:\WINDOWS\System32\osnmygif.dll
C:\Program Files\ISTbar\ --> supprime ce dossier
C:\WINDOWS\System32\ntdat32.exe
C:\WINDOWS\System32\msnq3insller.exe
C:\Program Files\ISTsvc\ --> supprime ce dossier
C:\WINDOWS\ymrhadb.exe
C:\Program Files\SurfAccuracy\ --> supprime ce dossier
C:\Program Files\Fichiers communs\Windows\mc-30-595-0000027.exe
C:\Program Files\Fichiers communs\mc-30-595-0000027.exe
C:\Program Files\dwer\ --> supprime ce dossier
C:\WINDOWS\System32\d?xplore.exe
C:\WINDOWS\spooler32.exe

6/ Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage

7/ Redémarre normalement et poste un nouveau rapport HijackThis.

hells31

Profil : IDNaute

Plus d'informations

17-10-2005 à 19:22:03

Masquer

bonjour estban!

j'ai suivi tes instruction, et voici le nouveau rapport hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 19:21:06, on 17/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\spooler32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\System32\iifef.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-30-595-0000027.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Fichiers communs\mc-30-595-0000027.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKCU\..\Run: [MS Unix Binary] msnq3insller.exe
O4 - HKCU\..\Run: [Scpo] "C:\Program Files\dwer\sohs.exe" -vt mt
O4 - HKCU\..\Run: [Orpeip] C:\WINDOWS\System32\d?xplore.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] ntdat32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O20 - Winlogon Notify: iifef - C:\WINDOWS\System32\iifef.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Printer Spooler (printspool) - Unknown owner - C:\WINDOWS\spooler32.exe

pour info le PC se comporte mieux et antivir ne se désactive pas tout seul comme avant.
s'il ya d'autre chose à faire dit le moi stp.

merci
a+

hells31

Profil : IDNaute

Plus d'informations

17-10-2005 à 19:22:21

Masquer

esteban54

Profil : IDNaute

Plus d'informations

17-10-2005 à 21:29:45

Masquer

0/ Installe un pare-feu, par exemple ZoneAlarm qui est simple et gratuit.

1/ Fais ceci :
Démarrer/Exécuter/ tape sc stop printspool puis Entrée

ensuite :
Démarrer/Exécuter/ tape sc delete printspool puis Entrée

ensuite supprime le fichier :
C:\WINDOWS\spooler32.exe

2/ Lance HJT et fixe les lignes suivantes :

O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE
O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-30-595-0000027.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Fichiers communs\mc-30-595-0000027.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKCU\..\Run: [MS Unix Binary] msnq3insller.exe
O4 - HKCU\..\Run: [Scpo] "C:\Program Files\dwer\sohs.exe" -vt mt
O4 - HKCU\..\Run: [Orpeip] C:\WINDOWS\System32\d?xplore.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] ntdat32.exe

3/ Supprime les fichiers et/ou dossiers suivants si présents :

C:\UNMT.EXE
C:\Program Files\Fichiers communs\Windows\mc-30-595-0000027.exe
C:\Program Files\Fichiers communs\mc-30-595-0000027.exe
ntdat32.exe
msnq3insller.exe
C:\Program Files\dwer\ --> supprime le dossier
C:\WINDOWS\System32\d?xplore.exe

----------------------------------------------------------------------------------

Il reste une infection très coriace (une variante de Vundo à mon avis) :
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\System32\iifef.dll
O20 - Winlogon Notify: iifef - C:\WINDOWS\System32\iifef.dll

essaie ceci :

1/ Télécharge VundoFix.exe et mets-le sur le bureau.

2/ Double-clic sur VundoFix.exe
Cela créera un dossier VundoFix sur le bureau

3/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.

4/ Ouvre le dossier VundoFix et double-clic sur KillVundo.bat
Tu auras cet avertissement :

Citation :

VundoFix V2.13 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....

Appuie sur la touche Entrée
Ensuite tu auras ce texte :

Citation :

Type in the filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.

Tape exactement ceci : C:\WINDOWS\System32\iifef.dll

Ensuite appuie sur la touche Entrée, puis sur la touche F6, puis à nouveau sur la touche Entrée

Ensuite tu auras ce texte :

Citation :

Please type in the second filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.

Tape exactement ceci : C:\WINDOWS\System32\fefii.*

Ensuite appuie sur la touche Entrée, puis sur la touch

Messages similaires

Dans l'actualité

Atak : le virus intelligent ?

Un virus Windows-Linux

200 000 virus aujourd'hui 400 000 en 2008

Les virus ne sont pas seuls à menacer votre ordinateur

Les téléchargements

Ressources relatives

Albums

Les derniers dossiers

Les logiciels indispensables après un formatage

Que choisir ? Home Cinema 5.1 ou projecteur de son ?

Test du Nokia N96 : la vie sans écran tactile

FAI : les offres de téléphonie