Sujet Précédent Sujet Suivant

332 Virus

Résolu
beuve Messages postés 41 Statut Membre -  
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour je suis infesté d'espilogiciels et je ne sais pas comment m'en débarasser? Lors du scan avec le logiciel Ad-aware, 300 et des poussières infections ont été détécté. Je ne sais pas comment faire pour avoir le rapport à la suite du scan et ma souri a disparu de l'écran alors c'est pas facile pour les manoeuvres. merci
A voir également:

43 réponses

Précédent
Réponse 41 / 43
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bizarre, pourtant il figure bien dans le rapport de SREng

* Copie les lignes de la citation suivante, d'un trait :

Files to Delete:
C:\WINDOWS\system32\windbg48.sys

--> Clic droit / "copier"

Maintenant crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau" > "Document Texte".

* Ouvre-le et colle dedans ce que tu viens de copier précédemment
* Enregistre ce fichier sur ton bureau (nom : mad.txt)

* Télécharge à présent The Avenger
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/

* Dézippe-le sur ton bureau et double-clique sur le fichier "avenger.exe"
* Clique sur "Ok"
* Sélectionne "Load Script from File" et clique sur l'icône en forme de dossier.
* Sélectionne le fichier mad.txt qui est sur ton bureau
* Clique sur le feu vert pour lancer le script
* Clique sur "Oui"
* Accepte de redémarrer ton pc

après le redémarrage :

* Ouvre le fichier C:\avenger.txt et copie/colle son contenu ici
ainsi qu'un nouveau log SREng stp

0
Réponse 42 / 43
beuve Messages postés 41 Statut Membre
 
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dsubxhnu

*******************

Script file located at: \??\C:\eggoclwe.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\windbg48.sys not found!
Deletion of file C:\WINDOWS\system32\windbg48.sys failed!

Could not process line:
C:\WINDOWS\system32\windbg48.sys
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dsubxhnu

*******************

Script file located at: \??\C:\eggoclwe.txt

Script file not found! Error

Could not open script file! Status: 0xc0000034 Abort!

et aussi SReng

[CODE]

2007-05-13,16:52:09

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<CTFMON.EXE><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
<CursorXP><C:\themeGold55\CursorXP\CursorXP.exe -s> [ ]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"> [Sun Microsystems, Inc.]
<ZoneAlarm Client><"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.]
<TkBellExe><"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [Anti-Malware Development a.s.]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{26FAFD75-1005-41F6-978D-178C00165C0B}><> [N/A]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<CDBurn><> [N/A]

==================================
Startup Folders
N/A

==================================
Services
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe><Macrovision Corporation>
[iPodService / iPodService][Stopped/Manual Start]
<C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[NVIDIA Driver Helper Service / NVSvc][Stopped/Disabled]
<C:\WINDOWS\System32\nvsvc32.exe><N/A>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[TrueVector Internet Monitor / vsmon][Running/Auto Start]
<C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Zone Labs, LLC>
[Service de numéro de série du lecteur multimédia portable / WmdmPmSN][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
Drivers
[0õÁwindbg48 / 0õÁwindbg48][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\windbg48.sys><N/A>
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Logitech USB Monitor Filter / LVUSBSta][Stopped/Manual Start]
<system32\drivers\lvusbsta.sys><N/A>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Logitech QuickCam Communicate / QCMerced][Stopped/Manual Start]
<System32\DRIVERS\LVCM.sys><N/A>
[Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[srescan / srescan][Running/Boot Start]
<\SystemRoot\System32\ZoneLabs\srescan.sys><Zone Labs, LLC>
[vsdatant / vsdatant][Running/System Start]
<System32\vsdatant.sys><Zone Labs, LLC>
[Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[&Research]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\System32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[Java Plug-in 1.5.0_10]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, N/A>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Java Plug-in 1.5.0_10]
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, N/A>
[Java Plug-in 1.5.0_10]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 320][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 368][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 392][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 436][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 448][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 616][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 640][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 708][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 764][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 848][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[PID: 996][C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[PID: 1052][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1084][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1652][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\themeGold55\CursorXP\CurXP0.dll] [N/A, ]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[PID: 1844][C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.100.3]
[PID: 1864][C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[PID: 1872][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [Anti-Malware Development a.s., 7, 5, 0, 50]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1900][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1920][C:\themeGold55\CursorXP\CursorXP.exe] [ , 1, 0, 0, 1]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\themeGold55\CursorXP\CurXP0.dll] [N/A, ]
[PID: 192][C:\Program Files\MSN Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\System32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
[C:\WINDOWS\System32\msdmo.dll] [, ]
[C:\themeGold55\CursorXP\CurXP0.dll] [N/A, ]
[PID: 1384][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\themeGold55\CursorXP\CurXP0.dll] [N/A, ]
[C:\Program Files\Fichiers communs\Microsoft Shared\INK\SKCHUI.DLL] [Microsoft Corporation, 1.0.1038.0]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1524][C:\PROGRA~1\WINZIP\winzip32.exe] [WinZip Computing, S.L., 22.0 (32-bit)]
[C:\PROGRA~1\WINZIP\wzeay32.dll] [WinZip Computing, S.L., 0.9.7j (32-bit)]
[C:\PROGRA~1\WINZIP\WZCKTREE.DLL] [WinZip Computing, S.L., 1.1 (32-bit)]
[C:\PROGRA~1\WINZIP\WZSMTP.DLL] [WinZip Computing, S.L., 1.0.7445.0]
[C:\PROGRA~1\WINZIP\WZVINFO.DLL] [WinZip Computing, S.L., 1.1 (32-bit)]
[C:\PROGRA~1\WINZIP\WZGDIP32.DLL] [WinZip Computing, S.L., 1.1 (32-bit)]
[C:\PROGRA~1\WINZIP\WZCAB3.DLL] [WinZip Computing, S.L., 3.1 (32-bit)]
[C:\PROGRA~1\WINZIP\wz32.dll] [WinZip Computing, S.L., 22.0 (32-bit)]
[C:\PROGRA~1\WINZIP\UNRAR.DLL] [N/A, ]
[C:\themeGold55\CursorXP\CurXP0.dll] [N/A, ]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[PID: 1840][C:\Documents and Settings\ARNAUD\Local Settings\Temp\wzf9cc\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\themeGold55\CursorXP\CurXP0.dll] [N/A, ]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

[/CODE]

0
Réponse 43 / 43
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
c'est un peu une histoire de fou.

je vais creuser, je reviendrais plus tard
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
quel risque de répondre à un appel avec l'indicatif +221
yassou fg -
yaudot -

5 réponses
connaitre l indicatif 332
sid -
dom17 -

1 réponse
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses