Sujet Précédent Sujet Suivant

Infection

Résolu
tristan.h Messages postés 37 Statut Membre -  
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,

Depuis hier, suite à une mauvaise manip j'ai attrapé des trojans et virus apparemment.
Au démarrage j'ai des applications inconnues qui tentent de se lancer nommées Microsoft Windows kuyg#... que je bloque avec mon antivirus (application qui tentent d'écrire sur la base de registre). J'ai également des pages IE qui s'ouvrent spontanément pour des casinos...

J'ai fait un scan antivirus qui m'a supprimé qq trojans (également en ligne avec inoculer), des analyses avec spybot et ad aware qui m'ont supprimé qq truc mais j'ai toujours des pages IE qui s'ouvrent spontanément et quand j'essaye de supprimer les processus suspects du démarrage, ils se remettent automatiquement. De plus par moment il y a de forts ralentissements et FF plante.

Config :
Windows Vista SP1
Bitdefender Total Security
IE7 et FF3

Rapport hijackthis après demarrage : 

Logfile of HijackThis v1.99.1
Scan saved at 08:12:01, on 02/08/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\tristan.hervouet\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\IEeREAD.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {0e684fcc-d8ec-449a-bfb4-d2295f1362ac} - {ca2631f5-922d-4bfb-a944-ce8dccf486e0} - C:\Windows\system32\yepazv.dll
O2 - BHO: (no name) - {DF938515-44E7-4966-807A-F0EBAD469B37} - C:\Windows\system32\hgGywUnN.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfEWPFw.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winhpd32.rom,CKhRun
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)


Merci d'avance de votre aide...j'ai pas envie de formater...

28 réponses

Précédent
  • 1
  • 2
Réponse 21 / 28
tristan.h Messages postés 37 Statut Membre
 
Voici après redémarrage :
Merci. 

File move failed. C:\Windows\System32\owdfklrw.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\owdfklrw.ini scheduled to be moved on reboot.
File move failed. C:\Windows\System32\winhpd32.rom scheduled to be moved on reboot.
< EmptyTemp  >
File delete failed. C:\Users\TRISTA~1.HER\AppData\Local\Temp\etilqs_smBZ6HZgWgbpEg3fwPkC scheduled to be deleted on reboot.
File delete failed. C:\Users\TRISTA~1.HER\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\TRISTA~1.HER\AppData\Local\Temp\swt-gdip-win32-3430.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\TRISTA~1.HER\AppData\Local\Temp\swt-win32-3430.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\TRISTA~1.HER\AppData\Local\Temp\win890.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\TRISTA~1.HER\AppData\Local\Temp\~DFC441.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\TRISTA~1.HER\AppData\Local\Temp\~DFC8F5.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\TRISTA~1.HER\AppData\Local\Temp\~DFC995.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\TRISTA~1.HER\AppData\Local\Temp\~DFCA2E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\TRISTA~1.HER\AppData\Local\Temp\~DFCAC9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\TRISTA~1.HER\AppData\Local\Temp\e4jF91D.tmp_dir17923\exe4jlib.jar scheduled to be deleted on reboot.
File delete failed. C:\Users\TRISTA~1.HER\AppData\Local\Temp\hsperfdata_tristan.hervouet\3368 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08052008_211200

Files moved on Reboot...
File move failed. C:\Windows\System32\owdfklrw.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\owdfklrw.ini scheduled to be moved on reboot.
File C:\Windows\System32\winhpd32.rom not found!
File C:\Users\TRISTA~1.HER\AppData\Local\Temp\etilqs_smBZ6HZgWgbpEg3fwPkC not found!
File move failed. C:\Users\TRISTA~1.HER\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Users\TRISTA~1.HER\AppData\Local\Temp\swt-gdip-win32-3430.dll
C:\Users\TRISTA~1.HER\AppData\Local\Temp\swt-gdip-win32-3430.dll NOT unregistered.
C:\Users\TRISTA~1.HER\AppData\Local\Temp\swt-gdip-win32-3430.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\TRISTA~1.HER\AppData\Local\Temp\swt-win32-3430.dll
C:\Users\TRISTA~1.HER\AppData\Local\Temp\swt-win32-3430.dll NOT unregistered.
C:\Users\TRISTA~1.HER\AppData\Local\Temp\swt-win32-3430.dll moved successfully.
C:\Users\TRISTA~1.HER\AppData\Local\Temp\win890.tmp moved successfully.
File C:\Users\TRISTA~1.HER\AppData\Local\Temp\~DFC441.tmp not found!
File C:\Users\TRISTA~1.HER\AppData\Local\Temp\~DFC8F5.tmp not found!
File C:\Users\TRISTA~1.HER\AppData\Local\Temp\~DFC995.tmp not found!
File C:\Users\TRISTA~1.HER\AppData\Local\Temp\~DFCA2E.tmp not found!
File C:\Users\TRISTA~1.HER\AppData\Local\Temp\~DFCAC9.tmp not found!
C:\Users\TRISTA~1.HER\AppData\Local\Temp\e4jF91D.tmp_dir17923\exe4jlib.jar moved successfully.
File C:\Users\TRISTA~1.HER\AppData\Local\Temp\hsperfdata_tristan.hervouet\3368 not found!
0
Réponse 22 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
comment ce comporte ton PC ?
0
Réponse 23 / 28
tristan.h Messages postés 37 Statut Membre
 
Re,

Je teste depuis 1 heure firefox et thunderbird (les 2 logiciels qui plantaient) et ça à l'air de pas planter pour l'instant pour le reste tout est OK, pas de ralentissement, il démarre vite. Tous les autres logiciels, l'antirus fonctionne nickel.

Ca sent bon tout ça non ?
0
Réponse 24 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
oui je pense

Je te propose d'attendre un couple de jours ensuite on passe à une phase finale si tout est clean ;)

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 28
tristan.h Messages postés 37 Statut Membre
 
OK ça marche je teste sans relâche, ça veux dire plus de linux :-(

Merci beaucoup c'est cool, je garde tous ces outils précieusement !!
0
Réponse 26 / 28
tristan.h Messages postés 37 Statut Membre
 
Salut,

Il n'y a pas l'air d'y avoir de problèmes particuliers, tout fonctionne nickel. Pas de plantage et pas de ralentissement.
@+
0
Réponse 27 / 28
tristan.h Messages postés 37 Statut Membre
 
OK merci pour tout je m'occupe de tout ça.
Un grand MERCI @ toi.
0
Réponse 28 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
Bye ;)
0

Discussions similaires

infection
gladiator1952 -
gladiator1952 -

6 réponses
Infection pc
Nanie24 -
Nanie24 -

22 réponses
[pnkbstra]infection
swazolie -
billou631 -

9 réponses
infection virus
Utilisateur anonyme -
Utilisateur anonyme -

3 réponses
Infection ad.doubleclick.net
93 -
93 -

66 réponses