> Tous les forumsSécurité

 panneau de configuration
Statut du sujet : NON RESOLU Imprimer
 cricri0310
  Posté le 24/06/2008 @ 08:22  
 Petit astucien

64 Messages

bonjour, depuis 2 jours je n'ai pas d'accès à mon panneau de configuration?

Je pense avoir eu une attaque par virrus , je me demande si ce n'espas à cause de cela?

merci de me venir en aide
 Afficher le profil de cricri0310Envoyer un message privé à cricri0310
 
 
Publicité
 maybe  Posté le 24/06/2008 à 08:41  
  Groupe Sécurité


22002 Messages

Hello Cricri,

Peux-tu poster un rapport HijackThis

http://forum.pcastuces.com/sujet.asp?f=25&s=17490

Quel message reçois-tu quand tu veux y accéder ?



Modifié par maybe le 24/06/2008 08:42
Afficher le profil de maybe Voir la configuration de maybeEnvoyer un message privé à maybe
 Revenir en haut de la page
 boubou38  Posté le 24/06/2008 à 08:42  
  Astucien


8893 Messages

bonjour

demande le transfert ,en cliquant sur le triangle jaune ,de ton message dans le forum "sécurité"

et fait ça en attendant

a+

Afficher le profil de boubou38 Voir la configuration de boubou38Envoyer un message privé à boubou38
 Revenir en haut de la page
 glcsm  Posté le 24/06/2008 à 08:50  
Petit astucien

369 Messages

Bonjour boubou38

La cause ''virus'' n'est qu'une hypothèse il y en a beaucoup d'autres.

Criri0310 ne dit pas si elle n'a plus accés au panneau de configuration parce que l'icône a disparu ou que rien ne se passe quand elle clique sur celle ci par exemple .



Modifié par glcsm le 24/06/2008 08:54
Afficher le profil de glcsmEnvoyer un message privé à glcsm
 Revenir en haut de la page
 boubou38  Posté le 24/06/2008 à 11:37  
  Astucien


8893 Messages

re

"La cause ''virus'' n'est qu'une hypothèse il y en a beaucoup d'autres"

ben tu as peut ètre pas tort mais cricri0310 pense avoir eu une attaque de virus

as tu le panneau de config en faisant exécuté et tu tappe: control et ok

a+



Modifié par boubou38 le 24/06/2008 13:36
Afficher le profil de boubou38 Voir la configuration de boubou38Envoyer un message privé à boubou38
 Revenir en haut de la page
 maybe  Posté le 24/06/2008 à 21:12  
  Groupe Sécurité


22002 Messages

Je réponds à ton mp

page vierge et windows explorer recherche pour trouver solution mais rien ne se passe ?

régulièrement windows security center system warning m'indiaque que mon pc est peut etre infecté et tt cela enanglais et il me propose bien sur un anti virrus en anglais

Peux-tu poster un rapport HijackThis ?

http://forum.pcastuces.com/sujet.asp?f=25&s=17490

Afficher le profil de maybe Voir la configuration de maybeEnvoyer un message privé à maybe
 Revenir en haut de la page
 maybe  Posté le 25/06/2008 à 21:28  
  Groupe Sécurité


22002 Messages

Pour répondre à la suite de ton sujet, sur le forum, il faut cliquer sur "ajouter une réponse" (à droite en bas de ton écran)

Je copie/colle ton mp

___________________________________________________________________________

voici le résultat de mon analyse; depuis celle-ci et après avoir supprimer qq fichiers, je n'ai plus de fenêtre qui appaissent et j'ai retrouvé mon panneau de configuration.

j'attend de vos nouvelles et encore merci pour votre aide si précieuses
Malwarebytes' Anti-Malware 1.18
Version de la base de données: 890

20:33:00 25/06/2008
mbam-log-6-25-2008 (20-33-00).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 172389
Temps écoulé: 1 hour(s), 10 minute(s), 6 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 83

Processus mémoire infecté(s):
C:\Program Files\VAV\vav.exe (Rogue.VistaAntivirus2008) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antivirus (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antivirus (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\24fd432c (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM27ce70b0 (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\iftuyszv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\iftuyszv.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Windows\System32\modtrux05 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\cricri\AppData\Local\Temp\ssqQiFxV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\cricri\AppData\Local\Temp\jucbysmc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\cricri\AppData\Local\Temp\tmp00016373 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\cricri\AppData\Local\Temp\tmp000172ed (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\cricri\AppData\Local\Temp\tmp0001b01c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\cricri\AppData\Local\Temp\tmp0002a0ef (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\cricri\AppData\Local\Temp\tmp0003ea4e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\cricri\AppData\Local\Temp\tmp00040109 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\cricri\AppData\Local\Temp\tmp000a3e66 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\cricri\AppData\Local\Temp\tmp000be639 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Pilouche\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TL33J83U\226[1].exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Users\Pilouche\AppData\Local\Temp\lowpower.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Windows\System32\iftuyszv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\becT\snktrax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\ert\rinacomIT.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\modtrux05\modtrux051080.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Windows\System32\RI\funtrsll.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav.exe (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080623104724777.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Windows\System32\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Users\cricri\Desktop\Vista Antivirus 2008.lnk (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Windows\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\cricri\AppData\Local\Temp\byXPhgfF.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\cricri\AppData\Local\Temp\vsaskcyh.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\cricri\AppData\Local\Temp\bxsrabho.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Pilouche\Desktop\Vista Antivirus 2008.lnk (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
____________________________________________________________________________

ok, maintenant :

- cliquer sur le triangle jaune dans la barre d'outils de ton dernier message
- une fenêtre va s'afficher : demander le transfert de ton sujet sur le forum sécurité
- continuer les procédures de désinfection détaillées sur ce lien (à le rapport que tu viens de poster)
- ensuite, un autre intervenant prendra le relais

http://forum.pcastuces.com/sujet.asp?f=25&s=17490

Edite :

Il faudrait aussi que tu décoches "résolu" puisque ton problème est en cours.



Modifié par maybe le 25/06/2008 21:45
Afficher le profil de maybe Voir la configuration de maybeEnvoyer un message privé à maybe
 Revenir en haut de la page
 pcastuces  Posté le 26/06/2008 à 07:27  
Equipe PC Astuces


Bonjour,

Le sujet a été déplacé par la modération dans un forum plus adéquat.

Vous pouvez continuer la discussion à la suite.

A bientôt.
Afficher le profil de pcastucesEnvoyer un message privé à pcastuces
 Revenir en haut de la page
 nardino  Posté le 26/06/2008 à 10:09  
  Groupe Sécurité


8495 Messages

Bonjour.

Pour contrôle, télécharge Hijackthis de Trend Micro:
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download
Installes-le.
Il sera dans C:\Program Files\TrendMicro\HijackThis2.0.2\HijackThis.exe

Lances-le par Do a system scan and save a logfile.
A la fin du scan, un blocnote va s'ouvrir, enregistre le sous HJT1.txt.
Puis sans le fermer :

  • CTRL+A pour tout sélectionner
  • CTRL+C pour copier
  • CTRL+V pour coller dans la réponse

Tu le refermes pour le moment.
Tu attends les résultats de l'analyse.

@+

Afficher le profil de nardino Voir la configuration de nardinoEnvoyer un message privé à nardino
 Revenir en haut de la page
 cricri0310  Posté le 26/06/2008 à 19:36  
Petit astucien

64 Messages

voici le résultat de mon analyse

encore merci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:19, on 24/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\iftuyszv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sagem Photo Easy\AzAgent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\VAV\vav.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aldi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\iftuyszv.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_SAFB9.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AzAgent] "C:\Program Files\Sagem Photo Easy\AzAgent.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [SBI] C:\Users\cricri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3O90TI0I\install_sbd_fr[1].exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\cricri\AppData\Local\Temp\yaYRlIcD.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\cricri\AppData\Local\Temp\hgGxUMFW.dll,c
O4 - HKCU\..\Run: [24fd432c] rundll32.exe "C:\Users\cricri\AppData\Local\Temp\crmhxxin.dll",b
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [BM27ce70b0] Rundll32.exe "C:\Users\cricri\AppData\Local\Temp\hjnxhdie.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://colruyt.fujiprint.be/Colruyt/UserControls/Part/Upload/ImageUploader4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1213197806292&h=b16468227c0cf1860ca9c6582ba1ddad/&filename=jinstall-6u6-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: Skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 12873 bytes

Afficher le profil de cricri0310Envoyer un message privé à cricri0310
 Revenir en haut de la page
 nardino  Posté le 26/06/2008 à 20:25  
  Groupe Sécurité


8495 Messages

Bonsoir.

C'est un véritable bouillon de culture ton pc !!!

1-Télécharge CWShredder™ - Trend Micro USA

Clique sur

Une fois téléchargé, tu cliques droit sur cwshredder.exe et sur Exécuter en tant qu'administrateur.

Tu me posteras le résultat.

2-Télécharge VundoFix de Atribune :
http://www.atribune.org/ccount/click.php?id=4
Lien de secours
http://www.clubic.com/telecharger-fiche25107-vundofix.html

Clic droit sur Vundofix.exe et comme pour CWShredder tu éléves les privilèges.
Quand il est rouvert, clique sur Scan for Vundo
Quand le scan est terminé, clique sur Remove Vundo
Réponds Yes à la demande de suppression des fichiers.
Il te sera demandé de redémarrer ton ordinateur, accepte bien sûr.
Copie/colle le rapport (c:\vundofix.txt) dans ta réponse

3-Désinstalles ces deux programmes:
C:\Program Files\VAV
C:\Program Files\Shareaza

@+

Afficher le profil de nardino Voir la configuration de nardinoEnvoyer un message privé à nardino
 Revenir en haut de la page
Haut de la page 
Inscrivez-vous !
- Posez vos questions

- Résolvez vos problèmes

- Aidez les autres

- Participez et créez vos discussions

- Dialoguez en privé avec d'autres membres

- Suivez vos sujets préférés

- Affichez les signatures des membres

TOUT EST GRATUIT !

Je crée mon compte




Vous avez besoin d'aide ?
Des centaines d'experts sont à votre disposition sur les forums PC Astuces pour vous aider gratuitement, 24h/24, 7j/7.

Les derniers sujets résolus !
 

 > Tous les forumsSécurité

 
Forum PC Astuces© 1997-2008 WebastucesAller en haut de la page