Sujet Précédent Sujet Suivant

Attaque virale

vincent -  
 yamin -
bonjour,
mon clavier a changer de configuration, certaines lettres sont inversees ou perdues, internet explorer s est modifie, certains programmes ne sont plus accessibles...
que dois je faire , excusez pour l orthographe, probleme de clavier.

merci d avance.
A voir également:

6 réponses

Réponse 1 / 6
balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
 
salut
d abord un scan ici
Scan bit defender
http://www.bitdefender.fr
clik sur scan on line a gauche et suis la procedure
----------------
ensuite
fait ceci
HijackThis (ici) http://www.florensac-chasse-trap.com/ section virus
section virus

telecharge le et met le dans son propre dossier ex/c :hj

clik sur do a systeme scan et save a logfile
et copier coller le rapport
demo
http://pageperso.aol.fr/balltrap34/demohijack.htm
0
vincent
 
bonjour,voici mon log

le of HijackThis v1.99.1
Scan saved at 07:28:39, on 28/08/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\T73SNNCK


j ai executer BITDEFENDER qui a trouver des choses, et a suppri;er des virus, mon clavier est toujours perturbe, je n ai parfois plus de clik droit, EXEL et WORD ne s ouvre plus.
0
vincent
 
nouveau log complet

Logfile of HijackThis v1.99.1
Scan saved at 08:35:50, on 28/08/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EQ7SXC8J\HIJACKTHIS[1].EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\FR\MSNTB.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
0
Réponse 2 / 6
balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
 
lol je vois rien
fait ceci
Télécharge ceci SilentRunners.
http://www.silentrunners.org/Silent%20Runners.vbs
Lance-le
Copie/colle-le rapport ici
0
vincent
 
ci joint rapport silentrunners

à propos , mon clavier fonctionne de nouveau et j' ai retrouvé mon clik droit.EXCEL et WORD ont disparus, comment peut on les récuperer

jusque là encore merci !

"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows 98
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"LoadQM" = "loadqm.exe" [MS]
"AdslTaskBar" = "rundll32.exe stmctrl.dll,TaskBar" [MS]
"QuickTime Task" = ""C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime" ["Apple Computer, Inc."]
"avast! Web Scanner" = "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE" ["ALWIL Software"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
"SchedulingAgent" = "mstask.exe" [MS]
"avast!" = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" [null data]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{44BBA840-CC51-11CF-AAFA-00AA00B6015C}.Restore\(Default) = "Microsoft Outlook Express 6"
\StubPath = "rundll32.exe advpack.dll,UserUnInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX" ["("]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL" ["Safer Networking Limited"]
0
Réponse 3 / 6
balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
 
salut
le rapport n est pas complet
et pour word et exel dans le menu demarrer il ny est plus
0
Réponse 4 / 6
vincent
 
voici le rapport complet, pour word et excel nous devrons les reinstaller.

encore merci pour votre aide.

"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows 98
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"LoadQM" = "loadqm.exe" [MS]
"AdslTaskBar" = "rundll32.exe stmctrl.dll,TaskBar" [MS]
"QuickTime Task" = ""C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime" ["Apple Computer, Inc."]
"avast! Web Scanner" = "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE" ["ALWIL Software"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
"SchedulingAgent" = "mstask.exe" [MS]
"avast!" = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" [null data]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{44BBA840-CC51-11CF-AAFA-00AA00B6015C}.Restore\(Default) = "Microsoft Outlook Express 6"
\StubPath = "rundll32.exe advpack.dll,UserUnInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX" ["("]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

Default executables:
--------------------

.SCR: HKLM\SOFTWARE\Classes\AutoCADScript\shell\open\command\
INFECTION WARNING! "Default" = "C:\WINDOWS\NOTEPAD.EXE "%1"" [MS]

Active Desktop and Wallpaper:
-----------------------------

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Windows\Application Data\Microsoft\Internet Explorer\Papier peint de Internet Explorer.bmp"

WIN.INI & SYSTEM.INI launch points:
-----------------------------------

SYSTEM.INI
[boot]
"SCRNSAVE.EXE=C:\WINDOWS\DYNOJET.SCR" [null data]

Enabled Scheduled Tasks:
------------------------

"Démarrage du programme de réglages" -> launches: "walign" [MS]
"Maintenance-ScanDisk" -> launches: "C:\WINDOWS\SCANDSKW.EXE /SAGERUN:0 /ALL /N" [MS]
"Maintenance-Nettoyage de disque" -> launches: "C:\WINDOWS\CLEANMGR.EXE /SAGERUN:0" [MS]
"24689A956E5A9832" -> launches: "c:\progra~1\exitinfo\Noun Free Online.exe" [file not found]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "c:\windows\SYSTEM\rnr20.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
c:\windows\SYSTEM\mswsosp.dll [MS], 1
c:\windows\SYSTEM\msafd.dll [MS], 2 - 4
c:\windows\SYSTEM\rsvpsp.dll [MS], 5 - 6

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\FR\MSNTB.DLL" [file not found]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data)
The Internet Explorer version cannot be found!

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
The contents of IERESET.INF cannot be reliably checked!

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
[Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

Missing lines (compared with English-language version):
[Strings]: 3 lines

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 56 seconds, including 19 seconds for message boxes)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
 
retente de les instaler
0
Réponse 6 / 6
yamin
 
ahlan
0

Discussions similaires

Clip avec des cannards qui attaques des raccailles style techno
Kzonne -
roublin -

4 réponses
Aide svp modification mot de passe impossible attaque par dictionnaire
marvi1 -
marvi1 -

4 réponses
comment regarder l'attaque des titans saison 1 en streaming ?
Loverlord -
Pliphano -

1 réponse
alerte virale critique
bebemh -
bazfile -

5 réponses