[virus]infecté par NetWorn-i.Virus@fp

dodo -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour, SVP je suis nfecté par un virus que j'arrive pas à enlever. J'ai avast mis à jour et avg anti-spy mis à jour également. Comment faire?
Merci

7 réponses

  1. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    télécharge HijackThis ici:
    http://telechargement.zebulon.fr/138-hijackthis-1991.html

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Bon courage

    A+
    0
  2. dodo
     
    Merci et voici le rapport de hijachthis

    Logfile of HijackThis v1.99.1
    Scan saved at 10:28:41, on 22/11/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    E:\WINNT\System32\smss.exe
    E:\WINNT\system32\winlogon.exe
    E:\WINNT\system32\services.exe
    E:\WINNT\system32\lsass.exe
    E:\WINNT\system32\svchost.exe
    E:\WINNT\System32\svchost.exe
    E:\WINNT\system32\spoolsv.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\WINNT\Explorer.EXE
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    E:\WINNT\System32\mnmsrvc.exe
    E:\WINNT\System32\rundll32.exe
    E:\WINNT\System32\isnotify.exe
    E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Documents and Settings\bacb1\Local Settings\Temp\Répertoire temporaire 2 pour hijackthis_199.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0731A239-6845-1E98-C88E-00945F63AA36} - E:\WINNT\System32\crhinlb.dll
    O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - E:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
    O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - E:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll
    O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - E:\Program Files\Fichiers communs\{34701490-0254-1036-1220-999903030021}\MyToolBar.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - E:\Program Files\Fichiers communs\{34701490-0254-1036-1220-999903030021}\MyToolBar.dll (file missing)
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinAntiVirusPro2006] "E:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
    O4 - HKLM\..\Run: [uwa6pcw] "E:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
    O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "E:\WINNT\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
    O4 - HKLM\..\RunOnce: [fat.exe] E:\Program Files\WinAntiVirus Pro 2006\fat.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm070YYBF
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/6673d5d8309e77e2d7540f033c4f71e9_35.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4168562D-F06C-4019-9778-F72ECED94E02}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4168562D-F06C-4019-9778-F72ECED94E02}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4168562D-F06C-4019-9778-F72ECED94E02}: NameServer = 192.168.0.1
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    0
  3. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re,

    ok.
    Fais ceci maintenant:

    HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> enregistre le fichier -> fais-en un copier/coller ici.

    A+
    0
  4. dodo
     
    Ad-Aware SE Personal
    Adobe Reader 7.0.8
    Adobe Shockwave Player
    Amimo
    Assistant Publication de sites Web Microsoft 1.53
    Le voici ce que vous avez demandé.

    avast! Antivirus
    AVG Anti-Spyware 7.5
    HijackThis 1.99.1
    Microsoft Office Professional Edition 2003
    MSN Messenger 7.5
    My Web Search (Popular Screensavers)
    ToolBar888
    UltraVNC v1.0.2
    VNC 4.0
    WinAntiVirus Pro 2006 2.0.218.2
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Toolbar avec bloqueur de fenêtres pop-up
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Desinstalles ceci:
    My Web Search
    ToolBar888
    WinAntiVirus Pro 2006 2.0.218.

    Remet ensuite un hijack this

    a+
    0
  7. dose
     
    j'arrive pas a desinstallé my web searh. on me parle de proble de module introuvable.

    Voici de nouveau le rapport

    Logfile of HijackThis v1.99.1
    Scan saved at 15:17:02, on 22/11/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    E:\WINNT\System32\smss.exe
    E:\WINNT\system32\winlogon.exe
    E:\WINNT\system32\services.exe
    E:\WINNT\system32\lsass.exe
    E:\WINNT\system32\svchost.exe
    E:\WINNT\System32\svchost.exe
    E:\WINNT\system32\spoolsv.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\WINNT\Explorer.EXE
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    E:\WINNT\System32\mnmsrvc.exe
    E:\WINNT\System32\rundll32.exe
    E:\WINNT\System32\isnotify.exe
    E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Documents and Settings\bacb1\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis_199.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0731A239-6845-1E98-C88E-00945F63AA36} - E:\WINNT\System32\crhinlb.dll
    O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - E:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
    O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - E:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinAntiVirusPro2006] "E:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
    O4 - HKLM\..\Run: [uwa6pcw] "E:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
    O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "E:\WINNT\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
    O4 - HKLM\..\RunOnce: [fat.exe] E:\Program Files\WinAntiVirus Pro 2006\fat.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm070YYBF
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/6673d5d8309e77e2d7540f033c4f71e9_35.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4168562D-F06C-4019-9778-F72ECED94E02}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4168562D-F06C-4019-9778-F72ECED94E02}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4168562D-F06C-4019-9778-F72ECED94E02}: NameServer = 192.168.0.1
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    0
  8. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re,

    tu as bien desinstallé WinAntiVirus Pro 2006 2.0.218?
    0