Présence Virus sur PC Fermé

Question

Bjr à tous,
J'ai des problèmes de virus sur mon PC que me détecte PC-Cillin mais n'arrive pas à supprimer.
Quelques Virus détectés et mis en quarantaine
koocwolla_20070601[1]
tob_snd_20070616[1]
sqchltqb.exe
attividu.exe .....
site web dangereux http://82.98.235.61/zae/_affvm.dll?uid=483E36BE234211DCB0CFFFFFFFFFFFFF&guid=4470618714E2450B9021C095B4B53CC3

Voici le fichier hijackthis:
-----------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:23:58, on 03/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1	mproxy.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Temp\HijachThis\Scanner.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8FBCA05E-CF67-4EAC-8439-5EE18337D900} - C:\WINDOWS\system32\ddccb.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin
pjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin
pjpi150.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4217AAA6-8193-4C78-8768-099F1151B4DB}: NameServer = 213.36.80.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\hfcwqvuh.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Protection Trend Micro contre les programmes espions  (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1	mproxy.exe

Voici également le fichier Vundofix
---------------------------------------

VundoFix V6.5.4

Checking Java version...

Scan started at 12:17:49 03/07/2007

Listing files found while scanning....

C:\windows\system32\aayrmmhj.dll
C:\windows\system32\ajppyswb.dll
C:\windows\system32\arxgqyiw.dll
C:\WINDOWS\system32\bccdd.bak1
C:\WINDOWS\system32\bccdd.bak2
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\bccdd.tmp
C:\windows\system32\bdijixsx.dll
C:\windows\system32\bggwuxwd.dll
C:\windows\system32\bnardxlf.ini
C:\windows\system32\buhukjai.ini
C:\windows\system32\cbosbbrv.dll
C:\windows\system32\cruppejm.dll
C:\WINDOWS\system32\ddccb.dll
C:\windows\system32\dwxuwggb.ini
C:\windows\system32\empubjgp.ini
C:\windows\system32\feukxpfe.dll
C:\windows\system32\flxdranb.dll
C:\windows\system32\folymrjp.dll
C:\windows\system32\gnxkbxxq.dll
C:\windows\system32\hlcjrucr.ini
C:\windows\system32\iajkuhub.dll
C:\windows\system32\ifxdmuop.dll
C:\windows\system32\jhmmryaa.ini
C:\windows\system32\jlcyunqt.dll
C:\WINDOWS\system32\lbowvtmw.dll
C:\windows\system32\lntuxgqn.ini
C:\windows\system32\mjeppurc.ini
C:\windows\system32\mwjncikr.dll
C:\windows\system32
fvkubtn.dll
C:\windows\system32
qgxutnl.dll
C:\windows\system32\pgjbupme.dll
C:\windows\system32\pjrmylof.ini
C:\windows\system32\poumdxfi.ini
C:\windows\system32\qglatdau.dll
C:\windows\system32\qwbgjemy.dll
C:\WINDOWS\system32curjclh.dll
C:\WINDOWS\system32qronno.dll
C:\windows\system32	cswvwyv.dll
C:\windows\system32\uadtalgq.ini
C:\windows\system32\uiwyrjpe.dll
C:\windows\system32\uxoxlyuk.dll
C:\windows\system32\vinhlusc.dll
C:\windows\system32\vrfrxuyi.dll
C:\windows\system32\vywvwsct.ini
C:\windows\system32\wbbrvuhh.dll
C:\windows\system32\wiyqgxra.ini
C:\windows\system32\wjmvujlx.dll
C:\windows\system32\xljuvmjw.ini
C:\windows\system32\xowsnidj.dll

Beginning removal...

 Attempting to delete C:\windows\system32\aayrmmhj.dll
C:\windows\system32\aayrmmhj.dll Has been deleted!

 Attempting to delete C:\windows\system32\ajppyswb.dll
C:\windows\system32\ajppyswb.dll Has been deleted!

 Attempting to delete C:\windows\system32\arxgqyiw.dll
C:\windows\system32\arxgqyiw.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bccdd.bak1
C:\WINDOWS\system32\bccdd.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bccdd.bak2
C:\WINDOWS\system32\bccdd.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\bccdd.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bccdd.tmp
C:\WINDOWS\system32\bccdd.tmp Has been deleted!

 Attempting to delete C:\windows\system32\bdijixsx.dll
C:\windows\system32\bdijixsx.dll Has been deleted!

 Attempting to delete C:\windows\system32\bggwuxwd.dll
C:\windows\system32\bggwuxwd.dll Has been deleted!

 Attempting to delete C:\windows\system32\bnardxlf.ini
C:\windows\system32\bnardxlf.ini Has been deleted!

 Attempting to delete C:\windows\system32\buhukjai.ini
C:\windows\system32\buhukjai.ini Has been deleted!

 Attempting to delete C:\windows\system32\cbosbbrv.dll
C:\windows\system32\cbosbbrv.dll Has been deleted!

 Attempting to delete C:\windows\system32\cruppejm.dll
C:\windows\system32\cruppejm.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\ddccb.dll Has been deleted!

 Attempting to delete C:\windows\system32\dwxuwggb.ini
C:\windows\system32\dwxuwggb.ini Has been deleted!

 Attempting to delete C:\windows\system32\empubjgp.ini
C:\windows\system32\empubjgp.ini Has been deleted!

 Attempting to delete C:\windows\system32\feukxpfe.dll
C:\windows\system32\feukxpfe.dll Has been deleted!

 Attempting to delete C:\windows\system32\flxdranb.dll
C:\windows\system32\flxdranb.dll Has been deleted!

 Attempting to delete C:\windows\system32\folymrjp.dll
C:\windows\system32\folymrjp.dll Has been deleted!

 Attempting to delete C:\windows\system32\gnxkbxxq.dll
C:\windows\system32\gnxkbxxq.dll Has been deleted!

 Attempting to delete C:\windows\system32\hlcjrucr.ini
C:\windows\system32\hlcjrucr.ini Has been deleted!

 Attempting to delete C:\windows\system32\iajkuhub.dll
C:\windows\system32\iajkuhub.dll Has been deleted!

 Attempting to delete C:\windows\system32\ifxdmuop.dll
C:\windows\system32\ifxdmuop.dll Has been deleted!

 Attempting to delete C:\windows\system32\jhmmryaa.ini
C:\windows\system32\jhmmryaa.ini Has been deleted!

 Attempting to delete C:\windows\system32\jlcyunqt.dll
C:\windows\system32\jlcyunqt.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\lbowvtmw.dll
C:\WINDOWS\system32\lbowvtmw.dll Has been deleted!

 Attempting to delete C:\windows\system32\lntuxgqn.ini
C:\windows\system32\lntuxgqn.ini Has been deleted!

 Attempting to delete C:\windows\system32\mjeppurc.ini
C:\windows\system32\mjeppurc.ini Has been deleted!

 Attempting to delete C:\windows\system32\mwjncikr.dll
C:\windows\system32\mwjncikr.dll Has been deleted!

 Attempting to delete C:\windows\system32
fvkubtn.dll
C:\windows\system32
fvkubtn.dll Has been deleted!

 Attempting to delete C:\windows\system32
qgxutnl.dll
C:\windows\system32
qgxutnl.dll Has been deleted!

 Attempting to delete C:\windows\system32\pgjbupme.dll
C:\windows\system32\pgjbupme.dll Has been deleted!

 Attempting to delete C:\windows\system32\pjrmylof.ini
C:\windows\system32\pjrmylof.ini Has been deleted!

 Attempting to delete C:\windows\system32\poumdxfi.ini
C:\windows\system32\poumdxfi.ini Has been deleted!

 Attempting to delete C:\windows\system32\qglatdau.dll
C:\windows\system32\qglatdau.dll Has been deleted!

 Attempting to delete C:\windows\system32\qwbgjemy.dll
C:\windows\system32\qwbgjemy.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32curjclh.dll
C:\WINDOWS\system32curjclh.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32qronno.dll
C:\WINDOWS\system32qronno.dll Has been deleted!

 Attempting to delete C:\windows\system32	cswvwyv.dll
C:\windows\system32	cswvwyv.dll Has been deleted!

 Attempting to delete C:\windows\system32\uadtalgq.ini
C:\windows\system32\uadtalgq.ini Has been deleted!

 Attempting to delete C:\windows\system32\uiwyrjpe.dll
C:\windows\system32\uiwyrjpe.dll Has been deleted!

 Attempting to delete C:\windows\system32\uxoxlyuk.dll
C:\windows\system32\uxoxlyuk.dll Has been deleted!

 Attempting to delete C:\windows\system32\vinhlusc.dll
C:\windows\system32\vinhlusc.dll Has been deleted!

 Attempting to delete C:\windows\system32\vrfrxuyi.dll
C:\windows\system32\vrfrxuyi.dll Has been deleted!

 Attempting to delete C:\windows\system32\vywvwsct.ini
C:\windows\system32\vywvwsct.ini Has been deleted!

 Attempting to delete C:\windows\system32\wbbrvuhh.dll
C:\windows\system32\wbbrvuhh.dll Has been deleted!

 Attempting to delete C:\windows\system32\wiyqgxra.ini
C:\windows\system32\wiyqgxra.ini Has been deleted!

 Attempting to delete C:\windows\system32\wjmvujlx.dll
C:\windows\system32\wjmvujlx.dll Has been deleted!

 Attempting to delete C:\windows\system32\xljuvmjw.ini
C:\windows\system32\xljuvmjw.ini Has been deleted!

 Attempting to delete C:\windows\system32\xowsnidj.dll
C:\windows\system32\xowsnidj.dll Has been deleted!

Performing Repairs to the registry.
Done!

Merci pour votre l'aide

jlpjlp · Answer

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Télécharger sur le bureau
Navilog.zip
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1

un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.




= Lance navilog1
= Cette fois-ci choisi l'option 2
= Navilog va faire le nettoyage.. patient jusqu'à ce qui soit marqué *** Nettoyage Termine le ..... ***
= Un rapport va être génrer sur ton C:\ qui sera en option 2
Note: le bureau disparaît

= Redémarre en mode normal et colle le contenu du rapport de navilog (qui est en option 2)

utilise aussi pour supprimer tes traces

argaunotes · Answer

Bonjour,

Redémarrez en mode sans échec avec prise en charges du réseau (F8) puis allez sur le site:

http://security.symantec.com/sscv6/home.asp?

Bonne chance ;-)

@+