[Virus ou trojans ?] Pc très lent

easton Messages postés 104 Statut Membre -  
 Utilisateur anonyme -
Bonsoir toutes et tous,

Mon pc est devenu très lent. Il a souvent des problèmes de ralentissement surtout sur internet que je "règle" en supprimant IEXPLORE.EXE à chaque fois qu'il revient c est a dire presque tous les jours.
Hier soir en démarrant le PC, gros ralentissements, alors j'ai lancé hijackthis qui s'est arrété à moitié (barre de progression) même pas de log possible...
Depuis j'ai fouillé un peu ici et j'ai supprimé pas mal de choses avec ccleaner, adawre et spybot, et maintenant hijcackthis remarche.
De plus impossible de scanner en ligne chez bitdefender, message du genre "controle activex invalide avec ce site web"..

Et mon PC rame toujours lamentablement sur le net , je sens que quelque chose cloche mais je ne sais pas quoi faire.

Je poste un log, si quelqu'un peut m'aider à résoudre çà :

Logfile of HijackThis v1.99.1
Scan saved at 22:48:13, on 23/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\msinit.exe
C:\winnt\system32\dllcache\FireDaemon.EXE
C:\winnt\system32\dllcache\runbatch.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\lrdwht.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update Schedule] lrdwht.exe
O4 - HKLM\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Schedule] lrdwht.exe
O4 - HKLM\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKCU\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O13 - DefaultPrefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17786f44c678c61cca00/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123662115875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123662477546
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F1A94C-9D94-44E8-B5A0-EB63D8237C03}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINNT\msinit.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Program Files\Tiny Personal Firewall\persfw.exe
O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE

Merci d'avance :)

31 réponses

  • 1
  • 2
  1. easton Messages postés 104 Statut Membre 1
     
    J'ajoute le rapport du scan en ligne kaspersky que je viens de faire, si ca peut aider, c'est bien vérolé mais comment supprimer tout ca ?

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{B200A563-1922-4B5C-BDB5-48BF3ECCC905}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From "Postmaster" ][Date Tue, 1 Nov 2005 10:31:09 +0000]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{B200A563-1922-4B5C-BDB5-48BF3ECCC905}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From "Postmaster" ][Date Tue, 1 Nov 2005 10:31:09 +0000]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{B200A563-1922-4B5C-BDB5-48BF3ECCC905}\Microsoft\Outlook Express\Éléments supprimés.dbx Mail MS Outlook 5: suspect - 2 ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Fri, 24 Sep 2004 14:54:24 -070 ... /html Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Sat, 25 Sep 2004 22:50:39 -0600]/html Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Sat, 25 Sep 2004 10:16:46 +0100]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Sat, 25 Sep 2004 07:51:37 +0500]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Fri, 24 Sep 2004 18:32:33 -0400]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Fri, 24 Sep 2004 14:54:24 -0700]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Thu, 23 Sep 2004 09:46:09 +0100]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Wed, 22 Sep 2004 20:57:03 +0200]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Wed, 22 Sep 2004 10:46:58 +0100]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm Mail: infecté - 15 ignoré

    C:\msdirectx.sys Infecté: Rootkit.Win32.Agent.l ignoré

    C:\WINNT\msinit.exe Infecté: Backdoor.Win32.SdBot.aad ignoré

    C:\WINNT\system32\lrdwht.exe Infecté: Backdoor.Win32.Rbot.akc ignoré

    C:\WINNT\system32\msconf.exe Infecté: Backdoor.Win32.SdBot.yx ignoré

    Analyse terminée.

    Merci de votre aide.
    0
  2. easton Messages postés 104 Statut Membre 1
     
    En attendant de l'aide pour m'éclairer je continue à farfouiller et je poste les résultats de mes recherches :

    j'ai supprimé tous les fichiers infectés cités ci-dessus par Kaspersky SAUF :

    C:\WINNT\msinit.exe que je ne trouve pas
    (pourtant j'ai demandé l'affichage de tous les fichiers et dossiers)

    et

    C:\msdirectx.sys

    auquel je n'ose pas toucher car il est marqué comme étant un fichier système.
    A votre avis je peux le supprimer ?
    Et celui que je ne trouve pas ?
    ...mon pc est toujours très très lent et j'ai eu 2 gros plantages depuis 22h 00.

    Merci pour une éventuelle réponse si quelqu'un a le temps :)
    0
  3. bernie61
     
    salut
    0. Installe ce nettoyeur CCLEANER http://www.ccleaner.com/ ou lien direct là http://www.filehippo.com/download_ccleaner.html (la flèche)
    Tutorial là http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
    ensuite
    *Configure ton ordi pour tous scan à exécuter complétement, il faut pouvoir scanner tous les dossiers caché et système donc faire :
    Démarrer/PanneauConfiguration/OptionsDossiers /ongletAffichage et là cocher les lignes
    - afficher les fichiers et dossier cachés
    - afficher contenu dossier système
    décocher
    - masquer fichiers protégés du dossier système
    Puis cliquer APPLIQUER à TOUS les Dossiers

    1. relances Hijackthis
    coche et fix ceci
    O4 - HKLM\..\Run: [Microsoft Update Schedule] lrdwht.exe
    O4 - HKLM\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Schedule] lrdwht.exe
    O4 - HKLM\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
    O4 - HKCU\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
    O4 - HKCU\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe

    2. efface ces fichiers
    c:... lrdwht.exe
    c:... wmsgui32.exe

    3. refais un hijackthis
    a+
    0
  4. bernie61
     
    re
    et aussi
    à vérifier là http://virusscan.jotti.org/ fichier par fichier Parcourir puis SUBMIT lance ce multiple scanneur antivirus)
    ce fichier c:/winnt/msinit.exe
    a+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. easton Messages postés 104 Statut Membre 1
     
    Salut et merci de t'être penché sur mes problèmes.

    J'ai enfin pu faire un log avec hijackthis mais impossible de fixer, quand hijack veut bien s'ouvrir la fenêtre ne reste ouverte que 1 ou 2 secondes. Comment arranger ca ?
    Je poste le log à la fin.

    Ici le scan de virusJotti :

    File: msinit.exe
    Status: INFECTED/MALWARE
    MD5 1e2d6a22e353805749a95ce5834cc208
    Packers detected: PESPIN
    Scanner results
    AntiVir Found Worm/SdBot.55296.32
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found IRC/BackDoor.SdBot.PQH
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found BackDoor.IRC.Sdbot.based
    F-Prot Antivirus Found nothing
    Fortinet Found W32/SDBot.BJ!bdr
    Kaspersky Anti-Virus Found Backdoor.Win32.SdBot.aad
    NOD32 Found a variant of IRC/SdBot
    Norman Virus Control Found W32/SDBot.VFQ
    UNA Found Backdoor.SdBot
    VBA32 Found Backdoor.Win32.SdBot.aad

    Ici le log Hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 11:47:20, on 24/12/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\hidserv.exe
    C:\WINNT\msinit.exe
    C:\winnt\system32\dllcache\FireDaemon.EXE
    C:\winnt\system32\dllcache\runbatch.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\soundman.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\Wanadoo\taskbaricon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINNT\system32\cmd.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\system32\notepad.exe
    C:\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
    O4 - HKLM\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
    O4 - HKCU\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O13 - DefaultPrefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17786f44c678c61cca00/netzip/RdxIE601_fr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123662115875
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123662477546
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F1A94C-9D94-44E8-B5A0-EB63D8237C03}: NameServer = 80.10.246.1 80.10.246.132
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
    O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINNT\msinit.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Program Files\Tiny Personal Firewall\persfw.exe
    O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE

    A +
    0
  7. easton Messages postés 104 Statut Membre 1
     
    Re,

    J'ajoute que quand je veux ouvrir le Gestionnaire des tâches pour stopper un processus, il ne reste ouvert que 1 ou 2 secondes également...peux pas faire grand chose....

    a +
    0
  8. bernie61
     
    re
    fait le hijackthis en mode sans échec

    idem pour effacer les fichiers , y comprins le fichier C:\WINNT\msinit.exe qui est infecté
    a+
    0
  9. Utilisateur anonyme
     
    Au passage

    Bonnes fetes de fin d annees Bernie ;-)
    0
    1. bernie61
       
      salut,
      un joyeux noël à toi aussi ainsi qu'à toute la Communanté Constament Multiservices, lol

      A plus tard, mes meilleurs voeux à toutes et tous
      0
  10. easton Messages postés 104 Statut Membre 1
     
    Re,

    au passage ;) salut régis59 et bonnes fêtes à vous deux.

    ca a marché en mode sans échec mais à peine redémarré j'ai eu cette alerte avast :
    c\winnt\system32\winocx.exe .... infecté

    voici le dernier log hijack :

    Logfile of HijackThis v1.99.1
    Scan saved at 13:18:16, on 24/12/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\hidserv.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\Program Files\Tiny Personal Firewall\persfw.exe
    C:\winnt\system32\dllcache\FireDaemon.EXE
    C:\winnt\system32\dllcache\runbatch.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\soundman.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\Wanadoo\taskbaricon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\system32\cmd.exe
    C:\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O13 - DefaultPrefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17786f44c678c61cca00/netzip/RdxIE601_fr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123662115875
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123662477546
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F1A94C-9D94-44E8-B5A0-EB63D8237C03}: NameServer = 80.10.246.1 80.10.246.132
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
    O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINNT\msinit.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Program Files\Tiny Personal Firewall\persfw.exe
    O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE

    a +
    0
  11. easton Messages postés 104 Statut Membre 1
     
    Salut,

    rapport virustotal :

    This is a report processed by VirusTotal on 12/24/2005 at 13:59:40 (CET) after scanning the file "FireDaemon.exe" file.
    Antivirus Version Update Result
    AntiVir 6.33.0.70 12.23.2005 no virus found
    Avast 4.6.695.0 12.24.2005 no virus found
    AVG 718 12.23.2005 no virus found
    Avira 6.33.0.70 12.23.2005 no virus found
    BitDefender 7.2 12.24.2005 no virus found
    CAT-QuickHeal 8.00 12.24.2005 RiskWare.RemoteAd (Not a Virus)
    ClamAV devel-20051108 12.24.2005 no virus found
    DrWeb 4.33 12.24.2005 no virus found
    eTrust-Iris 7.1.194.0 12.23.2005 no virus found
    eTrust-Vet 12.4.1.0 12.24.2005 no virus found
    Fortinet 2.54.0.0 12.24.2005 NMT/FireDaemon
    F-Prot 3.16c 12.23.2005 no virus found
    Ikarus 0.2.59.0 12.23.2005 no virus found
    Kaspersky 4.0.2.24 12.24.2005 not-a-virus:RemoteAdmin.Win32.RA.3826
    McAfee 4658 12.23.2005 potentially unwanted program FireDaemon
    NOD32v2 1.1338 12.23.2005 Win32/FireDaemon
    Norman 5.70.10 12.23.2005 no virus found
    Panda 8.02.00 12.24.2005 Application/Firedaemon.A
    Sophos 4.01.0 12.23.2005 no virus found
    Symantec 8.0 12.24.2005 no virus found
    TheHacker 5.9.1.060 12.21.2005 Aplicacion/FireDaemon
    VBA32 3.10.5 12.23.2005 RiskWare.RemoteAdmin.RA.3826

    C'est vraiment mauvais ?

    a+
    0
  12. Utilisateur anonyme
     
    re,

    oui regarde:
    CAT-QuickHeal 8.00 12.24.2005 RiskWare.RemoteAd
    Fortinet 2.54.0.0 12.24.2005 NMT/FireDaemon
    Kaspersky 4.0.2.24 12.24.2005 not-a-virus:RemoteAdmin.Win32.RA.3826
    McAfee 4658 12.23.2005 potentially unwanted program FireDaemon
    NOD32v2 1.1338 12.23.2005 Win32/FireDaemon
    Panda 8.02.00 12.24.2005 Application/Firedaemon.A
    TheHacker 5.9.1.060 12.21.2005 Aplicacion/FireDaemon
    VBA32 3.10.5 12.23.2005 RiskWare.RemoteAdmin.RA.3826

    A gauche, ce sont les noms d infections, a droite, les antivirus qui le considere comme "virus"

    Fixe ceci dans hijack this

    O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE

    supprime ceci
    C:\winnt\system32\dllcache\FireDaemon.EXE

    ----------------------------------------------------------------------------
    ¤Arrête ces services :

    Clique sur Démarrer->exécuter->tape: services.msc

    Double-clique: Service: FireDaemon Service: runbatch

    Règle-le sur "Arrêté" et "Désactivé".
    ----------------------------------------------------------------------------
    Redemarre et remet un hijack this

    a+
    0
  13. easton Messages postés 104 Statut Membre 1
     
    Re,

    Ok, vu.
    J'ai fait tout ça et désactivé Firedaemon là où tu m'as dit, dans l'onglet "général" et aussi "connexion" pour le profil matériel.

    Voici le log, qu'en penses tu ? :

    Logfile of HijackThis v1.99.1
    Scan saved at 14:22:24, on 24/12/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\hidserv.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\Program Files\Tiny Personal Firewall\persfw.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\soundman.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\Wanadoo\taskbaricon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O13 - DefaultPrefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17786f44c678c61cca00/netzip/RdxIE601_fr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123662115875
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123662477546
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F1A94C-9D94-44E8-B5A0-EB63D8237C03}: NameServer = 80.10.246.130 80.10.246.3
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE (file missing)
    O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINNT\msinit.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Program Files\Tiny Personal Firewall\persfw.exe

    A+
    0
  14. Utilisateur anonyme
     
    Il est toujours la, recommence et redemarre ton pc

    a+
    0
  15. easton Messages postés 104 Statut Membre 1
     
    Re,

    c'est ceux là que je dois fixer ?

    O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE (file missing)
    O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINNT\msinit.exe (file missing)

    a+
    0
  16. Utilisateur anonyme
     
    e,

    analyse celui la sur le site
    C:\WINNT\msinit.exe

    et donne le rapport

    a+
    0
  17. laureau pierre Messages postés 267 Statut Membre
     
    -Bonsoir Quentin,BON NOEL QUAND MEME .
    J'ai un probleme(je l'ai expliquer sur le forum logiciel sous le titre "installer skype".J'ai chopper un virus que j'ai mis enquarentaine Je vais essayer de mettreun log hitjactis-
    A tout a l'heure
    Amitiés Pierre
    je suis comme un cep de vigne:
    il est tordu mais donne du raisin
    0
  18. Utilisateur anonyme
     
    salut pierre

    j ai regarder ton hijack et oui tu es de nouveau infecté

    comment fais tu? lol

    0
  19. easton Messages postés 104 Statut Membre 1
     
    Re,

    je ne peux pas l'analyser je l'ai déjà supprimé.
    Que faire ?

    a+
    0
  • 1
  • 2