Sujet Précédent Sujet Suivant

[VIRUS] Infecté Win32 Virut-B et Trojan gen

Fermé
Marieeeeee - 31 oct. 2006 à 13:40
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 - 3 sept. 2007 à 11:51
Bonjour!
Voila, j 'ai un souci avec ces 2 trucs la...
J'ai essaye de m'en debarasser mais sans succes.
Pour Win32 Virut-B, j'ai téléchargé l'outil de Kaspersky. Ca a pas mal marché au début mais il est revenu.
Pour le trojan je n'arrive a rien. Je crois comprendre qu il faut utiliser HijackThis, alors j'ai essayé.

Voila ce qu'il me reste :

Logfile of HijackThis v1.99.1
Scan saved at 12:00:58, on 31/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DC6cw] "C:\Program Files\Fichiers communs\DriveCleaner 2006\DC6cw.exe" -c
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s(...)
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - https://www.afternic.com/domains/errorsafe.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DIFxApp - C:\WINDOWS\system32\k0800almedqa0.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Est ce quelqu'un peut m'aider?
A voir également:

5 réponses

Réponse 1 / 5
Séb08 Messages postés 16503 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 430
31 oct. 2006 à 13:42
slt,

Ton log hijack n'a pas du être fait en mode normal ...

Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7

* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
* Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis en mode normal! dans ta prochaine réponse.

#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.

##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.

###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX


Je dois m'absenter.

a+
0
Réponse 2 / 5
Marieeeeee
31 oct. 2006 à 14:12
Merci!!!

Alors voila le rapport de Look2Me-Destroyer :


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 31/10/2006 14:00:12

Infected! C:\WINDOWS\system32\gp22l3fo1.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP76\A0005025.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP76\A0005067.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP76\A0005106.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP76\A0005110.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP76\A0005156.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006066.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006103.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006125.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006168.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006172.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006205.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006232.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006290.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006295.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0007321.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0007367.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0007408.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0007420.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0007458.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008460.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008550.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008564.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008724.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008733.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008820.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008827.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008943.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008974.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010409.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010420.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010427.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010437.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010454.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010463.dll
Infected! C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010468.dll
Infected! C:\WINDOWS\system32\cimres.dll
Infected! C:\WINDOWS\system32\dddmo.dll
Infected! C:\WINDOWS\system32\dlwave.dll
Infected! C:\WINDOWS\system32\g0lm0a31ed.dll
Infected! C:\WINDOWS\system32\gp00l3dm1.dll
Infected! C:\WINDOWS\system32\i6240gfqe62e0.dll
Infected! C:\WINDOWS\system32\IyagXpr7.dll
Infected! C:\WINDOWS\system32\kmdpo.dll
Infected! C:\WINDOWS\system32\ktdukx.dll
Infected! C:\WINDOWS\system32\mjnetobj.dll
Infected! C:\WINDOWS\system32\mol_hp.dll
Infected! C:\WINDOWS\system32\mq3216.dll
Infected! C:\WINDOWS\system32\mvr4l99q1.dll
Infected! C:\WINDOWS\system32\ngexpbar.dll
Infected! C:\WINDOWS\system32\njtrap.dll
Infected! C:\WINDOWS\system32\oobcint.dll
Infected! C:\WINDOWS\system32\src_os.dll
Infected! C:\WINDOWS\system32\sre.dll
Infected! C:\WINDOWS\system32\t68u0gl9e6q.dll
Infected! C:\WINDOWS\system32\tad32.dll
Infected! C:\WINDOWS\system32\wfascr.dll
Infected! C:\WINDOWS\system32\wtpcd.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\gp22l3fo1.dll
C:\WINDOWS\system32\gp22l3fo1.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP76\A0005025.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP76\A0005025.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP76\A0005067.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP76\A0005067.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP76\A0005106.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP76\A0005106.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP76\A0005110.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP76\A0005110.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP76\A0005156.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP76\A0005156.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006066.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006066.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006103.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006103.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006125.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006125.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006168.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006168.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006172.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006172.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006205.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006205.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006232.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006232.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006290.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006290.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006295.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0006295.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0007321.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0007321.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0007367.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0007367.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0007408.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0007408.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0007420.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0007420.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0007458.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP77\A0007458.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008460.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008460.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008550.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008550.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008564.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008564.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008724.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008724.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008733.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008733.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008820.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008820.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008827.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008827.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008943.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008943.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008974.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0008974.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010409.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010409.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010420.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010420.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010427.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010427.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010437.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010437.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010454.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010454.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010463.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010463.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010468.dll
C:\System Volume Information\_restore{4DBF1DCD-F3DB-4F35-A40E-9C8C79E7A28E}\RP79\A0010468.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\cimres.dll
C:\WINDOWS\system32\cimres.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\dddmo.dll
C:\WINDOWS\system32\dddmo.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\dlwave.dll
C:\WINDOWS\system32\dlwave.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\g0lm0a31ed.dll
C:\WINDOWS\system32\g0lm0a31ed.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\gp00l3dm1.dll
C:\WINDOWS\system32\gp00l3dm1.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\i6240gfqe62e0.dll
C:\WINDOWS\system32\i6240gfqe62e0.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\IyagXpr7.dll
C:\WINDOWS\system32\IyagXpr7.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\kmdpo.dll
C:\WINDOWS\system32\kmdpo.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\ktdukx.dll
C:\WINDOWS\system32\ktdukx.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\mjnetobj.dll
C:\WINDOWS\system32\mjnetobj.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\mol_hp.dll
C:\WINDOWS\system32\mol_hp.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\mq3216.dll
C:\WINDOWS\system32\mq3216.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\mvr4l99q1.dll
C:\WINDOWS\system32\mvr4l99q1.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\ngexpbar.dll
C:\WINDOWS\system32\ngexpbar.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\njtrap.dll
C:\WINDOWS\system32\njtrap.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\oobcint.dll
C:\WINDOWS\system32\oobcint.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\src_os.dll
C:\WINDOWS\system32\src_os.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\sre.dll
C:\WINDOWS\system32\sre.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\t68u0gl9e6q.dll
C:\WINDOWS\system32\t68u0gl9e6q.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\tad32.dll
C:\WINDOWS\system32\tad32.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\wfascr.dll
C:\WINDOWS\system32\wfascr.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\wtpcd.dll
C:\WINDOWS\system32\wtpcd.dll could not be deleted!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Media Center

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9B65D986-FAD4-4659-BEC1-B03CAE7308B2}"
HKCR\Clsid\{9B65D986-FAD4-4659-BEC1-B03CAE7308B2}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A4853E67-0597-46E9-A4A2-628AE4D8D3EC}"
HKCR\Clsid\{A4853E67-0597-46E9-A4A2-628AE4D8D3EC}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{823C81C1-C110-4186-8FDD-2C98B531D7D3}"
HKCR\Clsid\{823C81C1-C110-4186-8FDD-2C98B531D7D3}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{56CB0571-AC68-4715-B3EC-0743511330ED}"
HKCR\Clsid\{56CB0571-AC68-4715-B3EC-0743511330ED}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5CF5CBDD-5720-45C5-B05A-5ADDDC7407BA}"
HKCR\Clsid\{5CF5CBDD-5720-45C5-B05A-5ADDDC7407BA}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FF2036A0-E04B-4670-AE09-B06856C1C6D9}"
HKCR\Clsid\{FF2036A0-E04B-4670-AE09-B06856C1C6D9}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F400719B-2A51-41C7-B29B-F365CC2E0366}"
HKCR\Clsid\{F400719B-2A51-41C7-B29B-F365CC2E0366}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{50617FE0-F11B-490E-BB26-ED34FDEBB719}"
HKCR\Clsid\{50617FE0-F11B-490E-BB26-ED34FDEBB719}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2E43FBBC-3313-46F4-B934-655B9B487090}"
HKCR\Clsid\{2E43FBBC-3313-46F4-B934-655B9B487090}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{13310865-C6DA-445A-A516-AD606EE42D14}"
HKCR\Clsid\{13310865-C6DA-445A-A516-AD606EE42D14}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{93A14372-E817-4396-A83A-4D9FF4BB0575}"
HKCR\Clsid\{93A14372-E817-4396-A83A-4D9FF4BB0575}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{26F600DA-4C62-4E65-B85C-C658A5C8AE56}"
HKCR\Clsid\{26F600DA-4C62-4E65-B85C-C658A5C8AE56}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrateurs - Succeeded

/////////////////////////////////////////////////////

Et celui d hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 14:11:48, on 31/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\DriveCleaner 2006\DC6cw.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DC6cw] "C:\Program Files\Fichiers communs\DriveCleaner 2006\DC6cw.exe" -c
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT

cnx|PARAM


O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - https://www.afternic.com/domains/errorsafe.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



Merci de votre aide en tout cas :)
0
Réponse 3 / 5
Séb08 Messages postés 16503 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 430
31 oct. 2006 à 15:52
ok tu peux jeter look2me destroyer..

Télécharge l2mfix :
http://www.downloads.subratam.org/l2mfix.exe

Quitter le net, le navigateur, et toutes autres fenêtres d’applications.
Double clic sur l2mfix.exe pour lancer l'extraction.
Dans le dossier l2mfix, double clic sur l2mfix.bat, appuie sur n'importe quelle touche puis choisis l'option #1 (et pas autre chose) et valide avec la touche "Entrée".
Le bloc note va s'ouvrir avec le résultat du scan.
Copie/colle le rapport sur le forum stp.
--
2/ Ensuite ferme tous les programmes parce qu'il va y avoir reboot automatique.
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
Enfin poste ce 2ème rapport avec un nouveau rapport HijackThis.

0
Réponse 4 / 5
Fulldjeg
3 sept. 2007 à 11:48
Bonjour, je sais que ce message date de vieu xD
Mais j'ai le meme probleme
Apres 2 Formatage, j'ai toujours ce virus, il est dans 2 fichier
D:\Systeme volume Information/_restore/{PLEIN DE CHIFFRES ET LETTRES}/RP54/
Les fichier sont A0002599.exe et A0002597.exe

Avant de formater la 2ieme fois AVG l'avait reperer, et la mis en quarantaine, la je vien de formater C et pour le moment j'ai plus rien :x
Mais j'aimerai le virer completement de mon ordinateur

Je voudrait savoir si je peut supprimer les 2 fichier contaminé, ou ca risque de faire buguer mon DD ?

VOila merci de votre aide °°
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
3 sept. 2007 à 11:51
Salut

Un formatage ne supprime pas les virus

E - Scan online avec BitDefender
Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
Copie/Colle le rapport



0

Discussions similaires

win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Que fait le virus LPI Win32 Pup-Gen
Tristan Chrome -
Tristan Chrome -

2 réponses