Plusieurs virus que je n'arrive pas à élimine
Résolu
bugs83
Messages postés
5
Statut
Membre
-
philae83 Messages postés 12854 Statut Contributeur sécurité -
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour;
Voici mon mes infections sous avast et mon log hyjack this quelqu'un peut il me donner un conseil?
Merci d'avance pour vos conseils éclairés.
Avast:
20/02/2007 10:00:58 Serge 4040 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\csrs.exe" file.
20/02/2007 10:02:34 Serge 4040 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\lssas.exe" file.
20/02/2007 10:02:43 Serge 4040 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\stt.exe" file.
20/02/2007 10:03:42 Serge 4040 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\winmgnt.exe" file.
20/02/2007 10:03:49 Serge 4040 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\msmqins.dll" file.
20/02/2007 10:03:55 Serge 4040 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\csrs.exe" file.
20/02/2007 10:03:59 Serge 4040 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\lssas.exe" file.
20/02/2007 10:04:02 Serge 4040 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\stt.exe" file.
20/02/2007 10:04:04 Serge 4040 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\unpack7.exe\winmgnt.exe" file.
20/02/2007 10:04:06 Serge 4040 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\unpack7.exe\msmqins.dll" file.
20/02/2007 18:24:29 Serge 2628 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\csrs.exe" file.
20/02/2007 18:24:54 Serge 2628 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\lssas.exe" file.
20/02/2007 18:24:57 Serge 2628 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\stt.exe" file.
20/02/2007 18:24:59 Serge 2628 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\winmgnt.exe" file.
20/02/2007 18:25:01 Serge 2628 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\msmqins.dll" file.
20/02/2007 18:25:06 Serge 2628 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\csrs.exe" file.
20/02/2007 18:25:08 Serge 2628 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\lssas.exe" file.
20/02/2007 18:25:12 Serge 2628 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\stt.exe" file.
20/02/2007 18:25:15 Serge 2628 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\unpack7.exe\winmgnt.exe" file.
20/02/2007 18:25:22 Serge 2628 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\unpack7.exe\msmqins.dll" file.
Logfile of HijackThis v1.99.1
Scan saved at 12:58:07, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plextor\PlexTool.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Serge\Mes documents\Haking\scaner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Voici mon mes infections sous avast et mon log hyjack this quelqu'un peut il me donner un conseil?
Merci d'avance pour vos conseils éclairés.
Avast:
20/02/2007 10:00:58 Serge 4040 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\csrs.exe" file.
20/02/2007 10:02:34 Serge 4040 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\lssas.exe" file.
20/02/2007 10:02:43 Serge 4040 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\stt.exe" file.
20/02/2007 10:03:42 Serge 4040 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\winmgnt.exe" file.
20/02/2007 10:03:49 Serge 4040 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\msmqins.dll" file.
20/02/2007 10:03:55 Serge 4040 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\csrs.exe" file.
20/02/2007 10:03:59 Serge 4040 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\lssas.exe" file.
20/02/2007 10:04:02 Serge 4040 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\stt.exe" file.
20/02/2007 10:04:04 Serge 4040 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\unpack7.exe\winmgnt.exe" file.
20/02/2007 10:04:06 Serge 4040 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\unpack7.exe\msmqins.dll" file.
20/02/2007 18:24:29 Serge 2628 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\csrs.exe" file.
20/02/2007 18:24:54 Serge 2628 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\lssas.exe" file.
20/02/2007 18:24:57 Serge 2628 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\stt.exe" file.
20/02/2007 18:24:59 Serge 2628 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\winmgnt.exe" file.
20/02/2007 18:25:01 Serge 2628 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\msmqins.dll" file.
20/02/2007 18:25:06 Serge 2628 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\csrs.exe" file.
20/02/2007 18:25:08 Serge 2628 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\lssas.exe" file.
20/02/2007 18:25:12 Serge 2628 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\stt.exe" file.
20/02/2007 18:25:15 Serge 2628 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\unpack7.exe\winmgnt.exe" file.
20/02/2007 18:25:22 Serge 2628 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\unpack7.exe\msmqins.dll" file.
Logfile of HijackThis v1.99.1
Scan saved at 12:58:07, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plextor\PlexTool.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Serge\Mes documents\Haking\scaner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Configuration: Windows XP Internet Explorer 6.0
10 réponses
-
Bonjour,
fait un scan antivirus en ligne stp et poste le rapport ici ensuite
https://www.bitdefender.fr/
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc. -
Bonjour,
Merci de ta réponse Voici le resultat du scan merci d'avance pour tes conseils.
BitDefender Online Scanner
Scan report generated at: Thu, Feb 22, 2007 - 12:14:50
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;
Statistics
Time
02:54:01
Files
899587
Folders
7366
Boot Sectors
4
Archives
11637
Packed Files
127545
Results
Identified Viruses
7
Infected Files
7
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
7
Engines Info
Virus Definitions
389422
Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>csrs.exe
Infected with: Backdoor.Mirc.S
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>csrs.exe
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>csrs.exe
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>lssas.exe
Infected with: Backdoor.FTP.ioFtpd.B
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>lssas.exe
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>lssas.exe
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>stt.exe
Infected with: VirTool.Maxxx.A
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>stt.exe
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>stt.exe
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>es32.dll
Infected with: Backdoor.Irc.Zapchast.BB
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>es32.dll
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>es32.dll
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>msmqins.dll
Infected with: Trojan.Leechpie.B
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>msmqins.dll
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>msmqins.dll
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>ntio40.sys
Infected with: Backdoor.IRC.Zapchast
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>ntio40.sys
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>ntio40.sys
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
D:\Telecharg\hack\iMeshV22.exe=>wise0020
Infected with: Trojan.Freg.A
D:\Telecharg\hack\iMeshV22.exe=>wise0020
Disinfection failed
D:\Telecharg\hack\iMeshV22.exe=>wise0020
Deleted
D:\Telecharg\hack\iMeshV22.exe
Update failed -
bonjour,
normalement bitdefender a nettoyé.
que te dit avast maintenant ?
-
Bonsoir,
Merci pour ta réponse mais bit def n'as rien supprimé Tj les entrées
22/02/2007 20:41:51 Serge 2560 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\csrs.exe" file.
22/02/2007 20:42:01 Serge 2560 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\lssas.exe" file.
22/02/2007 20:42:04 Serge 2560 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\stt.exe" file.
22/02/2007 20:42:07 Serge 2560 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\unpack7.exe\winmgnt.exe" file.
22/02/2007 20:42:10 Serge 2560 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\unpack7.exe\msmqins.dll" file.
Avec avast faut il un nouveau log hyjackthis?
comment supprimer les virus manuellement?
seraije obligé de reformater?
Merc d'avance -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
Bonsoir,
non on ne formate pas pour si peu.
* Assure toi d'avoir accès à tous les fichiers
-démarrer
-poste de travail ou autre dossier
-menu outils
-options de dossier
-onglet affichage
puis
- activer la case : Afficher les fichiers et dossiers cachés
- désactiver la case : Masquer les extensions des fichiers dont le type est connu
- désactiver la case : Masquer les fichier protégés du système d'exploitation
Puis - Appliquer
* et Supprime le(s) fichier(s) ci dessous si il(s) est (sont) présent(s) :
C:\WINDOWS\system32\unpack7.exe
* Dans l'Explorateur Windows recache les fichiers système afin de ne pas faire d'erreur à l'avenir. Retourne à la fenêtre Paramètres de dossiers et sélectionne Ne pas afficher les fichiers cachés ou les fichiers système
si résistance, essaye en mode sans échec
reposte un rapport Hijackthis également.
-
Bonjour,
J'hésitai à supprimer ce fichier manuellement mais je vien de le faire sur tes conseils.
Ci dessous le log HijackThis .
Logfile of HijackThis v1.99.1
Scan saved at 10:26:26, on 24/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Plextor\PlexTool.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Serge\Mes documents\Haking\scaner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Y a il des entrées à fixer ou supprimer?
merci de tes conseils. -
bonjour,
oui, il y a de l'inutile, je reviens te donner les lignes à virer
-
lance hijackthis, coche et fixe ces lignes :
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
et désactive AVG si tu as trojan scanner. Inutile d'avoir 2 antispywares en résident.
encore des soucis ?
-
Merci de tes conseils je vien de retirer les lignes indiquées.
Merci pour tout le problème a l'air résolu.
Par contre mon disque D vien de claquer un drole de bruit répétitif et qui empéche vraisemblablement la lecture mais ce n'est pas le bon forum pour en parler.
merci encore pour tes conseils éclairés. -
bonjour,
peut être ton disque D a t il des soucis, si tu as des infos importantes, sauvegarde les avant de les perdre.
pense à mettre ton topic en RESOLU stp.
bon dimanche