rapport HijackThis

[x3globi]

Bonjour a tous,

 

J'ai avast 4.7 et zone alarm et je viens d'etre infecté par au moins 2 vers, le scan d'avast a suprimé ces 2 elements , cependant mon pc ne peut plus se connecter et ZA ne semble plus fonctionner

voici mon rapport HijackThis, merci de votre aide

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:48:01, on 18/10/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\WINDOWS\system32\dumprep.exe

C:\DOCUME~1\Grabuge\LOCALS~1\Temp\Rar$EX02.649\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113162866242

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: J - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Grabuge\LOCALS~1\Temp\J.exe

O23 - Service: TPOQ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Grabuge\LOCALS~1\Temp\TPOQ.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[x3globi]

Je suis pas pressé ,

mais je me permet juste de remettre mon mesage sur le premiere page...

[Apollo]

Bonsoir,

 

Peux-tu aller voir dans le dossier de sauvegarde ou dans le journal d'Avast pour éventuellemnt nous signaler quels fichiers ont été infectés et, soit mis en quarantaine sont éliminés par ton antivirus.

 

Il arrive en effet qu'on doive remplacer des fichiers légitimes du système qui auraient été virés par le nettoyage de l'antivirus.

 

Essaie déjà ceci: Insères le cd XP tout en maintenant la touche Shift (majuscule) enfoncée pour que le cd ne s'exécute pas automatiquement.

 

Ensuite, cliquer sur démarrer/exécuter et taper en respectant bien l'écart (copie/colle) ceci:

 

SFC /SCANNOW puis appuie sur Enter: cela récupérera les fichiers manquants ou corrompus si tel est le cas.

 

Bonne fin de nuit.

[x3globi]

Merci liegeois ,

 

Je fait ce que tu m'as dit ce soir et je te reponds demain (pb de connexion actuellement)

A plus

[x3globi]

Bonjour,

 

j'ai essayé de redmarrer avec le cd de windows, en appuyant sur shift, le probleme c'est qu'il me repond que le systeme instalé sur le pc est plus recent et que je ne peux donc pas le scanner avec le cd.

 

Puis je entrer "SFC /SCANNOW " malgres tout dans démarrer/exécuter (j'ai peur de perdre des données) ?

 

Voici le rapport avast :

 

16/10/2006 21:48:06 SYSTEM 1860 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.

16/10/2006 21:48:20 SYSTEM 1860 An error has occured while attempting to update. Please check the logs.

18/10/2006 00:09:31 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001272.exe" file.

18/10/2006 00:26:24 SYSTEM 1888 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.

18/10/2006 00:30:41 SYSTEM 1888 An error has occured while attempting to update. Please check the logs.

18/10/2006 07:05:53 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001273.exe" file.

18/10/2006 07:06:12 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001274.exe" file.

18/10/2006 07:06:32 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001275.exe" file.

18/10/2006 07:07:10 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001276.exe" file.

18/10/2006 07:07:11 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001277.exe" file.

18/10/2006 07:07:13 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001278.exe" file.

18/10/2006 07:07:15 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001279.exe" file.

18/10/2006 07:07:19 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001280.exe" file.

18/10/2006 07:07:23 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001281.exe" file.

18/10/2006 07:07:24 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001282.exe" file.

18/10/2006 07:07:26 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001283.exe" file.

18/10/2006 07:07:28 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001284.exe" file.

18/10/2006 07:07:29 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001285.exe" file.

18/10/2006 07:07:31 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001286.exe" file.

18/10/2006 07:07:34 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001287.exe" file.

18/10/2006 07:07:39 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001288.exe" file.

18/10/2006 07:07:41 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001289.exe" file.

18/10/2006 07:07:44 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001290.exe" file.

18/10/2006 07:07:47 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001291.exe" file.

18/10/2006 07:07:49 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001292.exe" file.

18/10/2006 07:07:51 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001293.exe" file.

18/10/2006 07:07:52 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001294.exe" file.

18/10/2006 07:08:01 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001295.exe" file.

18/10/2006 07:08:03 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001296.exe" file.

18/10/2006 07:08:05 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001297.exe" file.

18/10/2006 07:08:07 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001298.exe" file.

18/10/2006 07:08:08 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001299.exe" file.

18/10/2006 07:08:09 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001300.exe" file.

18/10/2006 07:08:10 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001301.exe" file.

18/10/2006 07:08:10 Grabuge 1088 Sign of "Win32:Swizzor-gen [Trj]" has been found in "C:\System Volume Information\_restore{8A6E44E5-5B9C-470F-A0E5-8038119AA413}\RP4\A0001302.exe" file.

18/10/2006 09:20:30 Grabuge 2640 Sign of "Win32:CTX" has been found in "C:\WINDOWS\system32\ActiveScan\pskavs.dll" file.

18/10/2006 12:13:21 Grabuge 1184 Sign of "Win32:CTX" has been found in "C:\System Volume Information\_restore{8F175BB8-97F5-4D87-822F-BDA90D7C4279}\RP100\A0098411.dll" file.

 

Merci d'avance.

[x3globi]

Je suis pas pressé ,

mais je me permet juste de remettre mon mesage sur le premiere page...

[x3globi]

Je suis pas pressé ,

mais je me permet juste de remettre mon message sur le premiere page...