Eradiquer w322:nsag-B - démarrer Smitfraud?
Fermé
frederic69
Messages postés
18
Date d'inscription
samedi 15 octobre 2005
Statut
Membre
Dernière intervention
26 octobre 2005
-
17 oct. 2005 à 22:01
Utilisateur anonyme - 26 oct. 2005 à 21:40
Utilisateur anonyme - 26 oct. 2005 à 21:40
A voir également:
- Eradiquer w322:nsag-B - démarrer Smitfraud?
- Impossible de démarrer la ps4 - Forum PS4
- Démarrer en mode sans echec - Guide
- Menu démarrer windows 11 - Guide
- PS4 : impossible de démarrer ma console ✓ - Forum PS4
- Pc long a demarrer - Guide
25 réponses
re
Lance ce scan en ligne:
http://www.bitdefender.com/scan/licence.php
Copie/colle le rapport
puis
Telecharge ceci
http://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera
A+
Lance ce scan en ligne:
http://www.bitdefender.com/scan/licence.php
Copie/colle le rapport
puis
Telecharge ceci
http://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera
A+
ok
l infection est bien la...
l autre prog, c est possible?
a+
l infection est bien la...
l autre prog, c est possible?
a+
frederic69
Messages postés
18
Date d'inscription
samedi 15 octobre 2005
Statut
Membre
Dernière intervention
26 octobre 2005
26 oct. 2005 à 17:50
26 oct. 2005 à 17:50
voici le rapport de silentrunners.
(il me maittait WMI necessaire - que j'ai du chercher puis trouver et tél"chargé. par contre j'ai le sentiment que l'ordi rame. lors du redémarrage pour enregistrer WMI- il ne s'est pas éteint - j'ai du éteindre en manuel . (j'ai un peu peur)
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows 98
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]
"SystemTray" = "SysTray.Exe" [MS]
"IrMon" = "IrMon.exe" [MS]
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"avast! Web Scanner" = "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE" ["ALWIL Software"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"SchedulingAgent" = "mstask.exe" [MS]
"avast!" = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Exchange"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Windows Messaging\mlshext.dll" [MS]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Séparateur du Classeur Microsoft Office"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\UNBIND.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\olkfstub.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Default executables:
--------------------
.CMD: HKLM\SOFTWARE\Classes\cmd_auto_file\shell\open\command\
INFECTION WARNING! "Default" = "C:\Program "%1""
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Startup items in "Startup" & "All Users...Startup" folders:
-----------------------------------------------------------
C:\WINDOWS\Menu Démarrer\Programmes\Démarrage
"Démarrage d'Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]
"Microsoft Recherche accélérée" -> shortcut to: "C:\Program Files\Microsoft Office\Office\FINDFAST.EXE" [MS]
Enabled Scheduled Tasks:
------------------------
"Maintenance-Défragmentation des programmes" -> launches: "C:\WINDOWS\DEFRAG.EXE /SAGERUN:0" [MS]
"Maintenance-ScanDisk" -> launches: "C:\WINDOWS\SCANDSKW.EXE /SAGERUN:0 /ALL /N" [MS]
"Maintenance-Nettoyage de disque" -> launches: "C:\WINDOWS\CLEANMGR.EXE /SAGERUN:0" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1
C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4
C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
Miscellaneous IE Hijack Points
------------------------------
HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data)
The Internet Explorer version cannot be found!
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
The contents of IERESET.INF cannot be reliably checked!
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
[Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
Missing lines (compared with English-language version):
[Strings]: 3 lines
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 36 seconds, including 19 seconds for message boxes)
(il me maittait WMI necessaire - que j'ai du chercher puis trouver et tél"chargé. par contre j'ai le sentiment que l'ordi rame. lors du redémarrage pour enregistrer WMI- il ne s'est pas éteint - j'ai du éteindre en manuel . (j'ai un peu peur)
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows 98
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]
"SystemTray" = "SysTray.Exe" [MS]
"IrMon" = "IrMon.exe" [MS]
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"avast! Web Scanner" = "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE" ["ALWIL Software"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"SchedulingAgent" = "mstask.exe" [MS]
"avast!" = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Exchange"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Windows Messaging\mlshext.dll" [MS]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Séparateur du Classeur Microsoft Office"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\UNBIND.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\olkfstub.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Default executables:
--------------------
.CMD: HKLM\SOFTWARE\Classes\cmd_auto_file\shell\open\command\
INFECTION WARNING! "Default" = "C:\Program "%1""
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Startup items in "Startup" & "All Users...Startup" folders:
-----------------------------------------------------------
C:\WINDOWS\Menu Démarrer\Programmes\Démarrage
"Démarrage d'Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]
"Microsoft Recherche accélérée" -> shortcut to: "C:\Program Files\Microsoft Office\Office\FINDFAST.EXE" [MS]
Enabled Scheduled Tasks:
------------------------
"Maintenance-Défragmentation des programmes" -> launches: "C:\WINDOWS\DEFRAG.EXE /SAGERUN:0" [MS]
"Maintenance-ScanDisk" -> launches: "C:\WINDOWS\SCANDSKW.EXE /SAGERUN:0 /ALL /N" [MS]
"Maintenance-Nettoyage de disque" -> launches: "C:\WINDOWS\CLEANMGR.EXE /SAGERUN:0" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1
C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4
C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
Miscellaneous IE Hijack Points
------------------------------
HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data)
The Internet Explorer version cannot be found!
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
The contents of IERESET.INF cannot be reliably checked!
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
[Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
Missing lines (compared with English-language version):
[Strings]: 3 lines
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 36 seconds, including 19 seconds for message boxes)
re,
ton ordi s etaitn normalement ?
Il m aurait fallu le prog smitrem...
Tu peux me dire prkoi il ne marche pas? lorsque tu le lance rien ne se passe?
ton ordi s etaitn normalement ?
Il m aurait fallu le prog smitrem...
Tu peux me dire prkoi il ne marche pas? lorsque tu le lance rien ne se passe?
frederic69
Messages postés
18
Date d'inscription
samedi 15 octobre 2005
Statut
Membre
Dernière intervention
26 octobre 2005
26 oct. 2005 à 18:26
26 oct. 2005 à 18:26
En fait ca a l'air d'aller - je viens de l'éteindre et le rallumer a priori tt vas bien - il repris sa vitesse habituelle.
Il à du chauffer. (Faut dire c'est pas une derniere génération la bête) -
Est ce que je peux virer les fichiers temp ss te poser pb pour une eventuelle analyse.
En tout cas merci de ton aide -
Il à du chauffer. (Faut dire c'est pas une derniere génération la bête) -
Est ce que je peux virer les fichiers temp ss te poser pb pour une eventuelle analyse.
En tout cas merci de ton aide -
Oui pas de soucis pour les fichiers temp...
Ton soucis est au meme point sinon?
Ton soucis est au meme point sinon?
frederic69
Messages postés
18
Date d'inscription
samedi 15 octobre 2005
Statut
Membre
Dernière intervention
26 octobre 2005
26 oct. 2005 à 18:39
26 oct. 2005 à 18:39
Avast détecte tjrs la présence du virus sur wininet pas surprenant a priori on a rien viré. j'ai vu oh surprise 3 virus identifiés par bitdefender mais on a pas eu d'action dessus.
Merci
Merci
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
26 oct. 2005 à 17:01
BitDefender Online Scanner
Scan report generated at: Wed, Oct 26, 2005 - 16:41:50
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:09:32
Files
18189
Folders
528
Boot Sectors
2
Archives
252
Packed Files
721
Results
Identified Viruses
3
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
4
Engines Info
Virus Definitions
228822
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
38
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINDOWS\SYSTEM\WININET.DLL
Infected with: Trojan.WininetHook.A
C:\WINDOWS\SYSTEM\WININET.DLL
Disinfection failed
C:\WINDOWS\SYSTEM\WININET.DLL
Delete failed
C:\WINDOWS\SYSTEM32\svcnva.exe
Infected with: Trojan.Downloader.Delf.TB
C:\WINDOWS\SYSTEM32\svcnva.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\svcnva.exe
Deleted
C:\WINDOWS\Temporary Internet Files\Content.IE5\UZGRMV69\html[1].exe
Infected with: Trojan.Downloader.Delf.TB
C:\WINDOWS\Temporary Internet Files\Content.IE5\UZGRMV69\html[1].exe
Disinfection failed
C:\WINDOWS\Temporary Internet Files\Content.IE5\UZGRMV69\html[1].exe
Deleted
C:\WINDOWS\rzs.exe
Infected with: Trojan.Raze.C
C:\WINDOWS\rzs.exe
Disinfection failed
C:\WINDOWS\rzs.exe
Deleted
C:\readme.exe
Infected with: Trojan.Downloader.Delf.TB
C:\readme.exe
Disinfection failed
C:\readme.exe