virus Win32:Agent-IU [Trj]
Dernière réponse : dans Sécurité
impossible de m'en débarasser !!
Je vous donne mon rapport de hijackthis.
Je suis en train de passe ewido .
J'ai passé avast et adaware en mode sans échec mais rien...
help !!!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Documents and Settings\Antoine et Nadège\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B712} - C:\WINDOWS\adsldpbd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dmwku.exe] C:\WINDOWS\System32\dmwku.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\RunServices: [View Manager] viewmgr.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.msn.com
O16 - DPF: {008F54AC-B639-0BE5-1405-186556C9D574} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {098EAC8E-827D-2CF2-48EE-3E182C775574} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {16D50860-DB81-79C2-1DE0-33597A821B24} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {201B402A-07D8-1304-7840-43DC7ED2251C} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O17 - HKLM\System\CCS\Services\Tcpip\..\{3867BD9F-5F70-4C3F-A725-EF3FD8281E92}: NameServer = 85.255.113.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F76975B-D9EB-4905-B20C-4B01EDAFD85F}: NameServer = 85.255.113.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{B47B03BD-02F0-4675-BC0C-A829A9B95A25}: NameServer = 85.255.113.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7462A61-9FE9-44FC-A2CC-9CECBA72B294}: NameServer = 85.255.113.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{F55E2CC0-30DC-41E6-A27A-589F9183BF8E}: NameServer = 85.255.113.110,85.255.112.151
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: gs - C:\WINDOWS\adsldpbd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TCPIP Managing Service (TCPIPManagingService) - Unknown owner - tcpcheck.exe (file missing)
merci.
Je vous donne mon rapport de hijackthis.
Je suis en train de passe ewido .
J'ai passé avast et adaware en mode sans échec mais rien...
help !!!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Documents and Settings\Antoine et Nadège\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B712} - C:\WINDOWS\adsldpbd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dmwku.exe] C:\WINDOWS\System32\dmwku.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\RunServices: [View Manager] viewmgr.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.msn.com
O16 - DPF: {008F54AC-B639-0BE5-1405-186556C9D574} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {098EAC8E-827D-2CF2-48EE-3E182C775574} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {16D50860-DB81-79C2-1DE0-33597A821B24} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {201B402A-07D8-1304-7840-43DC7ED2251C} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O17 - HKLM\System\CCS\Services\Tcpip\..\{3867BD9F-5F70-4C3F-A725-EF3FD8281E92}: NameServer = 85.255.113.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F76975B-D9EB-4905-B20C-4B01EDAFD85F}: NameServer = 85.255.113.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{B47B03BD-02F0-4675-BC0C-A829A9B95A25}: NameServer = 85.255.113.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7462A61-9FE9-44FC-A2CC-9CECBA72B294}: NameServer = 85.255.113.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{F55E2CC0-30DC-41E6-A27A-589F9183BF8E}: NameServer = 85.255.113.110,85.255.112.151
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: gs - C:\WINDOWS\adsldpbd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TCPIP Managing Service (TCPIPManagingService) - Unknown owner - tcpcheck.exe (file missing)
merci.
Autres pages sur : virus win32 agent trj
Lassé par la pub ? Créez un compte
Bonsoir,
Télécharge:
Fixwareout.exe
Lance le puis poste le rapport situé ici : C:\fixwareout\report.txt
Ccleaner
Installe le dans un répertoire dédié.
Ewido
Installe le puis mets le à jour.
1/ Redémarre en mode sans échec
/!\ Tu n'as pas accès à Internet dans ce mode, note bien les instructions /!\
Desinstalle si possible
UnSpyPc
2/ Lance Hijackthis ->Do a system scan only
->Coche les lignes puis Fix checked
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R3 - Default URLSearchHook is missing
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B712} - C:\WINDOWS\adsldpbd.dll (file missing)
O4 - HKLM\..\Run: [dmwku.exe] C:\WINDOWS\System32\dmwku.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O15 - Trusted Zone: *.msn.com
O16 - DPF: {008F54AC-B639-0BE5-1405-186556C9D574} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {098EAC8E-827D-2CF2-48EE-3E182C775574} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {16D50860-DB81-79C2-1DE0-33597A821B24} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {201B402A-07D8-1304-7840-43DC7ED2251C} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3867BD9F-5F70-4C3F-A725-EF3FD8281E92}: NameServer = 85.255.113.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F76975B-D9EB-4905-B20C-4B01EDAFD85F}: NameServer = 85.255.113.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{B47B03BD-02F0-4675-BC0C-A829A9B95A25}: NameServer = 85.255.113.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7462A61-9FE9-44FC-A2CC-9CECBA72B294}: NameServer = 85.255.113.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{F55E2CC0-30DC-41E6-A27A-589F9183BF8E}: NameServer = 85.255.113.110,85.255.112.151
O20 - Winlogon Notify: gs - C:\WINDOWS\adsldpbd.dll (file missing)
O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing)
Assure toi d'avoir accès au dossier/fichiers caches
->Panneau de configuration
->Options dossiers
->Coche Afficher les dossiers cachés
Decoche Masquer les extensions...
Decoche Masquer les fichiers protégés...
3/ Suppime ces fichiers/dossiers si existe:
C:\WINDOWS\adsldpbd.dll
C:\WINDOWS\System32\dmwku.exe
C:\WINDOWS\System32\yaemu.exe
C:\Program Files\UnSpyPC\
C:\WINDOWS\adsldpbd.dll
C:\WINDOWS\Slave.exe
4/ Lance un nettoyage Ccleaner
5/ Lance un scan complet avec Ewido
Sauvegarde puis colle le rapport
Redémarre normalement
6/ Fais un scan en ligne Kaspersky
Sauvegarde puis colle le rapport
7/ Poste un nouveau rapport Hijackthis
Si suite a une erreur tu as perdu ta connection au net
Hijackthis-> View the List of Backups
Coche les lignes 017 puis fais Restore
Télécharge:
Fixwareout.exe
Lance le puis poste le rapport situé ici : C:\fixwareout\report.txt
Ccleaner
Installe le dans un répertoire dédié.
Ewido
Installe le puis mets le à jour.
1/ Redémarre en mode sans échec
/!\ Tu n'as pas accès à Internet dans ce mode, note bien les instructions /!\
Desinstalle si possible
UnSpyPc
2/ Lance Hijackthis ->Do a system scan only
->Coche les lignes puis Fix checked
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R3 - Default URLSearchHook is missing
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B712} - C:\WINDOWS\adsldpbd.dll (file missing)
O4 - HKLM\..\Run: [dmwku.exe] C:\WINDOWS\System32\dmwku.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O15 - Trusted Zone: *.msn.com
O16 - DPF: {008F54AC-B639-0BE5-1405-186556C9D574} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {098EAC8E-827D-2CF2-48EE-3E182C775574} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {16D50860-DB81-79C2-1DE0-33597A821B24} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {201B402A-07D8-1304-7840-43DC7ED2251C} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3867BD9F-5F70-4C3F-A725-EF3FD8281E92}: NameServer = 85.255.113.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F76975B-D9EB-4905-B20C-4B01EDAFD85F}: NameServer = 85.255.113.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{B47B03BD-02F0-4675-BC0C-A829A9B95A25}: NameServer = 85.255.113.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7462A61-9FE9-44FC-A2CC-9CECBA72B294}: NameServer = 85.255.113.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{F55E2CC0-30DC-41E6-A27A-589F9183BF8E}: NameServer = 85.255.113.110,85.255.112.151
O20 - Winlogon Notify: gs - C:\WINDOWS\adsldpbd.dll (file missing)
O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing)
Assure toi d'avoir accès au dossier/fichiers caches
->Panneau de configuration
->Options dossiers
->Coche Afficher les dossiers cachés
Decoche Masquer les extensions...
Decoche Masquer les fichiers protégés...
3/ Suppime ces fichiers/dossiers si existe:
C:\WINDOWS\adsldpbd.dll
C:\WINDOWS\System32\dmwku.exe
C:\WINDOWS\System32\yaemu.exe
C:\Program Files\UnSpyPC\
C:\WINDOWS\adsldpbd.dll
C:\WINDOWS\Slave.exe
4/ Lance un nettoyage Ccleaner
5/ Lance un scan complet avec Ewido
Sauvegarde puis colle le rapport
Redémarre normalement
6/ Fais un scan en ligne Kaspersky
Sauvegarde puis colle le rapport
7/ Poste un nouveau rapport Hijackthis
Si suite a une erreur tu as perdu ta connection au net
Hijackthis-> View the List of Backups
Coche les lignes 017 puis fais Restore
j'ai bien effectué ce que tu m'as demandé.
Cela semble réglé car je n'ai plus de message d'avast disant que je suis infecté.
Mais je donne les rapports :
hijackthis :
ogfile of HijackThis v1.99.1
Scan saved at 08:35:42, on 18/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Antoine et Nadège\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\RunServices: [View Manager] viewmgr.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {16D50860-DB81-79C2-1DE0-33597A821B24} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {201B402A-07D8-1304-7840-43DC7ED2251C} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TCPIP Managing Service (TCPIPManagingService) - Unknown owner - tcpcheck.exe (file missing)
ewido :
+ Créé le: 08:26:43, 18/05/2006
+ Somme de contrôle: 4CE79BD0
+ Résultats du scan:
C:\System Volume Information\_restore{01150CEA-99EA-47D5-B696-57072ABC7EAC}\RP1\A0000020.exe -> Downloader.Agent.tc : Nettoyer et sauvegarder
::Fin du rapport
et enfin kaspersky a trouvé :
Nom de l'objet infecté Nom du virus Dernière action
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\U7EN0BKD\WksPatch[9].exe Infecté: Net-Worm.Win32.Welchia.h ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\U7EN0BKD\WksPatch[12].exe Infecté: Net-Worm.Win32.Welchia.e ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\U7EN0BKD\WksPatch[23].exe Infecté: Net-Worm.Win32.Welchia.h ignoré
C:\WINDOWS\system32\TUFIAE.DLL Infecté: Trojan-Downloader.Win32.Agent.ty ignoré
C:\WINDOWS\system32\svchost.cmd Infecté: Trojan.BAT.Crapbat ignoré
Analyse terminée.
voilà .
est-ce que c'est ok ???
Cela semble réglé car je n'ai plus de message d'avast disant que je suis infecté.
Mais je donne les rapports :
hijackthis :
ogfile of HijackThis v1.99.1
Scan saved at 08:35:42, on 18/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Antoine et Nadège\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\RunServices: [View Manager] viewmgr.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {16D50860-DB81-79C2-1DE0-33597A821B24} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {201B402A-07D8-1304-7840-43DC7ED2251C} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TCPIP Managing Service (TCPIPManagingService) - Unknown owner - tcpcheck.exe (file missing)
ewido :
+ Créé le: 08:26:43, 18/05/2006
+ Somme de contrôle: 4CE79BD0
+ Résultats du scan:
C:\System Volume Information\_restore{01150CEA-99EA-47D5-B696-57072ABC7EAC}\RP1\A0000020.exe -> Downloader.Agent.tc : Nettoyer et sauvegarder
::Fin du rapport
et enfin kaspersky a trouvé :
Nom de l'objet infecté Nom du virus Dernière action
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\U7EN0BKD\WksPatch[9].exe Infecté: Net-Worm.Win32.Welchia.h ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\U7EN0BKD\WksPatch[12].exe Infecté: Net-Worm.Win32.Welchia.e ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\U7EN0BKD\WksPatch[23].exe Infecté: Net-Worm.Win32.Welchia.h ignoré
C:\WINDOWS\system32\TUFIAE.DLL Infecté: Trojan-Downloader.Win32.Agent.ty ignoré
C:\WINDOWS\system32\svchost.cmd Infecté: Trojan.BAT.Crapbat ignoré
Analyse terminée.
voilà .
est-ce que c'est ok ???
C'est presque fini.
1/ Redémarre en mode sans échec.
/!\ Tu n'as pas accès à Internet dans ce mode, note bien les instructions /!\
2/ Lance Hijackthis ->Do a system scan only
->Coche les lignes puis Fix checked
O16 - DPF: {16D50860-DB81-79C2-1DE0-33597A821B24} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {201B402A-07D8-1304-7840-43DC7ED2251C} - http://69.50.182.94/1/rdgFR1953.exe
Assure toi d'avoir accès au dossier/fichiers caches
->Panneau de configuration
->Options dossiers
->Coche Afficher les dossiers cachés
Decoche Masquer les extensions...
Decoche Masquer les fichiers protégés...
3/ Suppime ces fichiers/dossiers si existe:
C:\WINDOWS\system32\TUFIAE.DLL
C:\WINDOWS\system32\svchost.cmd
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\<- vide le dossier
4/ Lance un nettoyage Ccleaner
Redémarre normalement
5/ Fais un scan en ligne Panda (avec IE)
Desactive Avast! lors du scan
Sauvegarde puis colle le rapport
1/ Redémarre en mode sans échec.
/!\ Tu n'as pas accès à Internet dans ce mode, note bien les instructions /!\
2/ Lance Hijackthis ->Do a system scan only
->Coche les lignes puis Fix checked
O16 - DPF: {16D50860-DB81-79C2-1DE0-33597A821B24} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {201B402A-07D8-1304-7840-43DC7ED2251C} - http://69.50.182.94/1/rdgFR1953.exe
Assure toi d'avoir accès au dossier/fichiers caches
->Panneau de configuration
->Options dossiers
->Coche Afficher les dossiers cachés
Decoche Masquer les extensions...
Decoche Masquer les fichiers protégés...
3/ Suppime ces fichiers/dossiers si existe:
C:\WINDOWS\system32\TUFIAE.DLL
C:\WINDOWS\system32\svchost.cmd
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\<- vide le dossier
4/ Lance un nettoyage Ccleaner
Redémarre normalement
5/ Fais un scan en ligne Panda (avec IE)
Desactive Avast! lors du scan
Sauvegarde puis colle le rapport
voilà le rapport .
Incident Statut Analyse
Virus:Trj/Bookmark.B Désinfecté C:\WINDOWS\system32\drivers\etc\HOSTS.bak
Virus:W32/Bagle.BA.worm Désinfecté C:\WINDOWS\system32\a.bat
Adware:Adware/Gator No Désinfecté C:\Recycled\NPROTECT\01115355
Adware:Adware/Gator No Désinfecté C:\Recycled\NPROTECT\01115356
voilà.
Alors c'est bon signe ?
Incident Statut Analyse
Virus:Trj/Bookmark.B Désinfecté C:\WINDOWS\system32\drivers\etc\HOSTS.bak
Virus:W32/Bagle.BA.worm Désinfecté C:\WINDOWS\system32\a.bat
Adware:Adware/Gator No Désinfecté C:\Recycled\NPROTECT\01115355
Adware:Adware/Gator No Désinfecté C:\Recycled\NPROTECT\01115356
voilà.
Alors c'est bon signe ?
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus win32 agent-acuc trj
- ForumVirus win32 trojano trj
- ForumVirus win32 agent-tos trj
- ForumVirus win32 small.jmh trj
- ForumVirus win32 agent-oww trj
- ForumVirus win32 agent-sg trj detecte par avast
- ForumVirus win32 agent byb trj
- ForumVirus win32 small-jmh trj et win32 agent-ru
- ForumVirus win32 agent-lp trj
- ForumVirus win32 agent jxc trj
- Voir plus
