Virus crss.exe

alex -  
 boulepate -
bonjour tout le monde et merci d'avance de votre aide.
voila mon probleme, depuis peu je trouve que mon pc tourne mal et impossible d'activer la protection residente d'avast, alors je me renseigne sur les processus tournant sur mon pc et je me rend compte que le processus crss.exe est un virus desactivant entre autres les anti virus, alors je vous demande de l'aide pour le supprimer....
voici mon log hikack this :
Logfile of HijackThis v1.99.1
Scan saved at 15:44:24, on 20/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Soft4Ever\looknstop\_looknstop.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\steam\Steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\Winamp.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] ""
O4 - HKCU\..\Run: [Steam] "D:\steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - c:\program files\alwil software\avast4\ashwebsv.exe" /service (file missing)

2 réponses

  1. alex
     
    tout d'abord merci de ton aide boulepate. Pour te repondre j'ai look n stop comme firewall mais il es dur a configurer alors me conseille-tu de mettre kerio ??
    sinon voici mon log bit defender :

    BitDefender Online Scanner

    Scan report generated at: Mon, Feb 20, 2006 - 16:30:03

    Scan path: A:\;C:\;D:\;E:\;

    Statistics

    Time

    00:34:51

    Files

    185498

    Folders

    3147

    Boot Sectors

    3

    Archives

    3030

    Packed Files

    8831

    Results

    Identified Viruses

    3

    Infected Files

    22

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    22

    Engines Info

    Virus Definitions

    267900

    Engine build

    AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

    Scan plugins

    13

    Archive plugins

    39

    Unpack plugins

    4

    E-mail plugins

    6

    System plugins

    1

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    C:\Documents and Settings\Administrateur\Local Settings\Temp\_ex64F.tmp.exe

    Infected with: Win32.Bagle.FI@mm

    C:\Documents and Settings\Administrateur\Local Settings\Temp\_ex64F.tmp.exe

    Deleted

    C:\Documents and Settings\Administrateur\Local Settings\Temp\_ex66B.tmp.exe

    Infected with: Win32.Bagle.FI@mm

    C:\Documents and Settings\Administrateur\Local Settings\Temp\_ex66B.tmp.exe

    Deleted

    C:\Documents and Settings\Administrateur\Local Settings\Temp\_ex673.tmp.exe

    Infected with: Win32.Bagle.FI@mm

    C:\Documents and Settings\Administrateur\Local Settings\Temp\_ex673.tmp.exe

    Deleted

    C:\Documents and Settings\Administrateur\Local Settings\Temp\_exE2.tmp.exe

    Infected with: Win32.Bagle.FI@mm

    C:\Documents and Settings\Administrateur\Local Settings\Temp\_exE2.tmp.exe

    Deleted

    C:\Documents and Settings\Administrateur\Local Settings\Temp\~650.exe

    Infected with: Win32.Bagle.FI@mm

    C:\Documents and Settings\Administrateur\Local Settings\Temp\~650.exe

    Deleted

    C:\Documents and Settings\Administrateur\Local Settings\Temp\~66C.exe

    Infected with: Win32.Bagle.FI@mm

    C:\Documents and Settings\Administrateur\Local Settings\Temp\~66C.exe

    Deleted

    C:\Documents and Settings\Administrateur\Local Settings\Temp\~674.exe

    Infected with: Win32.Bagle.FI@mm

    C:\Documents and Settings\Administrateur\Local Settings\Temp\~674.exe

    Deleted

    C:\Documents and Settings\Administrateur\Local Settings\Temp\~E3.exe

    Infected with: Win32.Bagle.FI@mm

    C:\Documents and Settings\Administrateur\Local Settings\Temp\~E3.exe

    Deleted

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP72\A0013190.dll

    Infected with: Win32.Bagle.FI@mm

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP72\A0013190.dll

    Deleted

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP72\A0013206.dll

    Infected with: Win32.Bagle.FI@mm

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP72\A0013206.dll

    Deleted

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP72\A0013223.dll

    Infected with: Win32.Bagle.FI@mm

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP72\A0013223.dll

    Deleted

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP72\A0013250.dll

    Infected with: Win32.Bagle.FI@mm

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP72\A0013250.dll

    Deleted

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP72\A0014248.dll

    Infected with: Win32.Bagle.FI@mm

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP72\A0014248.dll

    Deleted

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP72\A0015248.dll

    Infected with: Win32.Bagle.FI@mm

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP72\A0015248.dll

    Deleted

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP75\A0016490.dll

    Infected with: Win32.Bagle.FI@mm

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP75\A0016490.dll

    Deleted

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP75\A0016491.exe

    Infected with: Win32.Bagle.FI@mm

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP75\A0016491.exe

    Deleted

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP75\A0016492.exe

    Infected with: Win32.Bagle.FI@mm

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP75\A0016492.exe

    Deleted

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP75\A0017500.exe

    Infected with: Win32.Bagle.FI@mm

    C:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP75\A0017500.exe

    Deleted

    C:\WINDOWS\system32\winlog.dll

    Infected with: Win32.Bagle.FI@mm

    C:\WINDOWS\system32\winlog.dll

    Deleted

    C:\WINDOWS\system32\winlog.exe

    Infected with: Win32.Bagle.FI@mm

    C:\WINDOWS\system32\winlog.exe

    Deleted

    D:\eMule\Incoming\befaster 3.6 crack.zip=>befaster 3.6 crack.exe

    Infected with: Win32.Bagle.FI@mm

    D:\eMule\Incoming\befaster 3.6 crack.zip=>befaster 3.6 crack.exe

    Deleted

    D:\eMule\Incoming\befaster 3.6 crack.zip

    Updated

    D:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP69\A0012457.exe

    Infected with: Trojan.Downloader.Delf.D

    D:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP69\A0012457.exe

    Disinfection failed

    D:\System Volume Information\_restore{82F8785D-D729-420A-BFA6-82B4254A877B}\RP69\A0012457.exe

    Deleted
    0
    1. boulepate
       
      Oui, installe Kerio il est plus simple..tu me dria quoi.

      Puis fais ceci:

      ¤Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs

      CCleaner:(à telecharger à côté de la fléche verte en haut à droite)
      http://www.filehippo.com/download_ccleaner/

      ¤Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle est cochée) puis clique sur "lancer le nettoyage"
      0