Pitiééééééé
dlyss
-
dlyss -
dlyss -
Bonjour,
j'ai le meme probleme avec les meme symptome mais pas le meme nom de virus a chaque fois (worms vb.est,worms vb cq48,tr rootkit et tantar) g scaner avec antivir et housecall,utiliser ccleaner et spybot search and destroy et je m'apprete a lancer mon pc du 4eme etage voila
au secour
pitié
ci apres un log hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:14, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://moneyisunlimited.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://moneyisunlimited.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://moneyisunlimited.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://moneyisunlimited.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\PROTEC~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Task Manager] C:\WINDOWS\svhost32.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [FTP FOR WINDOWS] rdbdmx32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [FTP FOR WINDOWS] rdbdmx32.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://kx.bar.need2find.com/KX/menusearch.html?p=KX
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_pao_med.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int10.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://www.gagne-un-max.com/acces/WebInstall.dll
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://62.201.137.56/mmawap/jsp/composer/player/mmsPlayer.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
j'ai le meme probleme avec les meme symptome mais pas le meme nom de virus a chaque fois (worms vb.est,worms vb cq48,tr rootkit et tantar) g scaner avec antivir et housecall,utiliser ccleaner et spybot search and destroy et je m'apprete a lancer mon pc du 4eme etage voila
au secour
pitié
ci apres un log hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:14, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\svhost32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://moneyisunlimited.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://moneyisunlimited.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://moneyisunlimited.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://moneyisunlimited.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\PROTEC~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Task Manager] C:\WINDOWS\svhost32.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [FTP FOR WINDOWS] rdbdmx32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [FTP FOR WINDOWS] rdbdmx32.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://kx.bar.need2find.com/KX/menusearch.html?p=KX
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_pao_med.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int10.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://www.gagne-un-max.com/acces/WebInstall.dll
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://62.201.137.56/mmawap/jsp/composer/player/mmsPlayer.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
3 réponses
salut
d'apres le rapport tu a 34 virus ou lallala
alors desinstalle antivir est telecharge kaspersky internet security et avg antispyware mes les a jours puisfait un scan
a+ bonne chance
d'apres le rapport tu a 34 virus ou lallala
alors desinstalle antivir est telecharge kaspersky internet security et avg antispyware mes les a jours puisfait un scan
a+ bonne chance
Bonjour, vous pouvez telecharger sur http://files.avast.com/iavs4pro/setupfre.exe un antivirus simplifier et tres efficace, la mise a jour est effectuée toute les 4 heures.
Bonjour,
merci de vos reponse,g telecharger avast puis comme il n'a pas trouver je l'ai desinstaller et g telecharger kapersky qui bloque les symptomes mais ne vire pas les jgdpirfjgpeirjgpdjgpejfôgke^r de virus de oeirjhgpeir
g telecharger aussi spyware doctor qui en vire quelques un mais je n'ai tjs pas acces a mon gestionnaire ni a certain fichier (documentandsetting/princesse/localsetting=a disparu pourtant sur secuser il apparait)
voila, voila je rame a fond si une ame charitable a la bonte de m'aider je lui en serait tres reconnaissant
merci de vos reponse,g telecharger avast puis comme il n'a pas trouver je l'ai desinstaller et g telecharger kapersky qui bloque les symptomes mais ne vire pas les jgdpirfjgpeirjgpdjgpejfôgke^r de virus de oeirjhgpeir
g telecharger aussi spyware doctor qui en vire quelques un mais je n'ai tjs pas acces a mon gestionnaire ni a certain fichier (documentandsetting/princesse/localsetting=a disparu pourtant sur secuser il apparait)
voila, voila je rame a fond si une ame charitable a la bonte de m'aider je lui en serait tres reconnaissant
