pc tres lent

[cyril2626]

bonjour, mon pc est devenu tres lent subitement. spybot a détecté pws.LDPinchIE dans HKEY-LOCAL-MACHINE\systeme\ControleSet002\services\poof et HKEY-LOCAL-MACHINE\systeme\ControleSet001\services\poof. je ne sais pas si c'est ce fichier qui rend mon pc lent mais j'ai tenté de le supprimer mais mon pc est toujours aussi lent, pourtant quand je refais l'analyse, skybot me dit que je n'ai plus de mouchard. quelqu'un peut il m'aider? merci.

[Invité wizard42]

Salut

 

Bienvenu sur zébulon

 

Post un log hijackthis stp

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

Modifié le 8 novembre 2007 par wizard42

[cyril2626]

salut! voici le rapport :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:41:09, on 08/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\eMule\emule.exe

C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {C2626E66-D21B-E628-C1DF-1DACCFA36ED2} - C:\Program Files\Fichiers communs\fjOs0r.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clien...1.0/Rawflow.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7331FDA5-D1BA-4A21-8D4F-1881569617DB}: NameServer = 212.27.53.252,212.27.54.252

O17 - HKLM\System\CS3\Services\Tcpip\..\{2559F87D-732B-4A97-A901-149EA383C08E}: NameServer = 192.168.1.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 6929 bytes

[Invité wizard42]

Installe un antivirus (je te conseil antivir en gratuit)

 

Dans hiackthis sélectionne

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {C2626E66-D21B-E628-C1DF-1DACCFA36ED2} - C:\Program Files\Fichiers communs\fjOs0r.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

 

 

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clien...1.0/Rawflow.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

Et fait fixed checked

 

Désinstale tes toolbar

 

Fait un nettoyage avec Ccleaner

http://www.ccleaner.com/download/builds/downloading-slim

[cyril2626]

re, j'ai suivi ta procédure mais mon pc est toujours aussi lent. veux tu que je te renvoies un rapport? merci encore pour ton aide!

[Zonk]

re, j'ai suivi ta procédure mais mon pc est toujours aussi lent. veux tu que je te renvoies un rapport? merci encore pour ton aide!

Allô

Pour donner suite à Wizard42....

et tu devras désactiver TeaTimer lors des 101 manoeuvres de désinfection...autrement tu te feras poser 1000 demandes de sa part

http://tutopat.hostonet.org/viewtopic.php?t=2417

tu auras le téléchargement du Antivir Classic gratuit dans la page du lien un peu plus bas

 

http://forum.zebulon.fr/index.php?showtopic=83986

Et je vois une mule

http://forum.zebulon.fr/index.php?showtopic=85544

une fois propre (tu devras idéalement te faire confirmer par un membre de l'Equipe Securité),si tu as encore des lenteurs

http://www.malekal.com//ordinateur_lent.php

Modifié le 8 novembre 2007 par Zonk

[Apollo]

Salut à tous,

 

Zonk n'aurais-tu pas oublié la console Java qui date de Mathusalem?

 

 

 

Rends-toi chez Sun Clique ici

 

Pour vérifier la console Java de sun, clique sur ce bouton:

 

 

Si la vérification signale une version obsolète et propose la dernière en date, clique alors sur ce bouton

 

** En cas de souci passager chez Sun, télécharge le fichier d'installation chez FileHippo clique ici

 

Enregistre le fichier sur le bureau puis exécute l'exécutable depuis le bureau; l'installation commencera.

 

Lorsque celle-ci est terminée, va dans le panneau de configuration à Ajouter/supprimer des programmes et vérifie la présence de la dernière version téléchargée: cela ressemble à ceci: Le numéro de l'update peut différer de celui-ci en fonction de l'évolution de l'outil.

 

Si tu remarques la présence d'une ou de plusieurs versions plus anciennes, désinstalle-les toutes à l'exception de la toute dernière; ceci afin d'éliminer les failles présentes dans ces anciennes versions de la console Java. De plus, cela libérera un nombre considérable de Mo sur le disque dur!

 

Reposte un log Hijackthis après avoir fait ça et on verra ce qu'on peut empêcher au boot du pc qui n'est pas nécessaire et qui peut être lancé manuellement.

 

@+

[cyril2626]

ohlala, j'ai eu un mal fou a faire quoi que ce soit sur mon pc lorsque je l'ai redemarre apres l'installation de avira antivir.. il n'arretait pas de me trouver des virus.. j'ai ete oblige d efaire l'analyse en mode sans echec, jevous poste le rapport.. mais par la suite, a la seconde meme ou je vous ecrit, un petit ecran antivir s'affiche et me signale que des virus sont dans c:/ windows/fichiers communs.. et dans c.programfiles.internetexplorer/onloor.bak.. bref j'ai l'impression que je suis bien infecté! pouvez vous me donnez un coup de main, je crois que j'en aurez bien besoin! merci d'avance!

 

 

 

AntiVir PersonalEdition Classic

Report file date: vendredi 9 novembre 2007 00:48

 

Scanning for 1036370 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: Propriétaire

Computer name: POILHGFD

 

Version information:

BUILD.DAT : 269 15604 Bytes 10/09/2007 14:31:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 12:32:40

ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 12:32:46

ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 25/08/2007 17:21:02

ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 28/08/2007 07:22:36

AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 29/08/2007 17:09:10

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Windows System Directory

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysdir.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: C:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: vendredi 9 novembre 2007 00:48

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

13 processes with 13 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '36' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\WINDOWS\system32'

C:\WINDOWS\system32\55550.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4768a0a0.qua'!

C:\WINDOWS\system32\55551.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\cqdoor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4797a100.qua'!

C:\WINDOWS\system32\cqdoor1.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\csdoor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4797a10c.qua'!

C:\WINDOWS\system32\csdoor1.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\dadoor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4797a10b.qua'!

C:\WINDOWS\system32\dadoor1.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\dh3oor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4766a118.qua'!

C:\WINDOWS\system32\dh3oor1.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\fydoor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4797a13a.qua'!

C:\WINDOWS\system32\fydoor1.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\mhdoor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4797a14e.qua'!

C:\WINDOWS\system32\mhdoor1.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\mydoor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4797a18b.qua'!

C:\WINDOWS\system32\mydoor1.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\qhdoor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4797a19f.qua'!

C:\WINDOWS\system32\qhdoor1.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\qjdoor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4797a1aa.qua'!

C:\WINDOWS\system32\qjdoor1.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\qqdoor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4797a1b5.qua'!

C:\WINDOWS\system32\rxdoor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4797a1c1.qua'!

C:\WINDOWS\system32\rxdoor1.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\tldoor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4797a1ce.qua'!

C:\WINDOWS\system32\tldoor1.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\wddoor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4797a1d5.qua'!

C:\WINDOWS\system32\wddoor1.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\wgdoor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4797a1dd.qua'!

C:\WINDOWS\system32\wgdoor1.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\wldoor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4797a1e7.qua'!

C:\WINDOWS\system32\wldoor1.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\wodoor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4797a1f3.qua'!

C:\WINDOWS\system32\wodoor1.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\zxdoor0.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '4797a204.qua'!

C:\WINDOWS\system32\zxdoor1.dll

[DETECTION] Contains suspicious code HEUR/Malware

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd0365.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\vaxscsi.sys

[WARNING] The file could not be opened!

 

 

End of the scan: vendredi 9 novembre 2007 00:56

Used time: 08:08 min

 

The scan has been done completely.

 

234 Scanning directories

6744 Files were scanned

0 viruses and/or unwanted programs were found

35 Files were classified as suspicious:

0 files were deleted

0 files were repaired

18 files were moved to quarantine

0 files were renamed

3 Files cannot be scanned

6744 Files not concerned

5 Archives were scanned

20 Warnings

0 Notes

[Apollo]

RE,

 

Télécharger ATF Cleaner par Atribune.

• Installe-le sur le bureau.
   
  Double-clique ATF-Cleaner.exe afin de lancer le programme.
  Sous l'onglet Main, choisis : Select All
  Cliquer sur le bouton Empty Selected
  

Si tu utilises le navigateur Firefox :

• Clique Firefox au haut et choisis : Select All
  Cliquer le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
  

Si tu utilises le navigateur Opera :

• Clique Opera au haut et choisis : Select All
  Cliquer le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, cliquer No à l'invite.
  

Clique Exit, du menu principal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

 

2/- Télécharge et installe AVG Anti-Spyware - Tutorial : http://www.malekal.com/tutorial_AVG_AntiSpyware.html

- Mets le à jour à partir du menu Mise à jour en haut

- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

 

 

- Ouvre AVG Anti-Spyware et clic sur l'onglet Analyse, puis le sous-onglet Paramètres

- Sélectionne dans Comment Réagir ? Quarantaine. (voir l'aide l'aide AVG Anti-Spyware)

- Reviens au sous-onglet Analyser puis clique sur Analyse complète du système.

---> Le scan démarre.

 

A la fin clique sur Appliquer toutes les actions, les éléments doivent alors être déplacés en quarantaine.

Puis clique sur Enregistrer le rapport d'analyse et enregistre le rapport sur le Bureau.

 

 

Aide : N'hésite pas à consulter l'Aide AVG Anti-Spyware pour tout problème.

 

-- Redémarre en mode normal : Menu Démarrer / Arreter / Redémarre l'ordinateur

Attention : dans le cas où l'ordinateur redémarre en boucle en mode sans échec, faire la manipulation inverse en décochant l'option /SAFEBOOT à l'aide de msconfig : voir à nouveau cette page : cliquez-ici

 

Copier/coller le rapport AVG Anti-Spyware ainsi qu'un nouveau log Hijackthis fait en mode normal après le redémarrage du pc.

 

3/Après le reboot: un nouveau log Hijackthis stp.

 

Suis bien la configuration d'AVG AS, c'est très important.

[cyril2626]

merci d em'avoir repondu aussi vite! je vais suivre a la lettre ta procedure! je me suis paercu que sur mon bureau plein de petite icones revenaient apres les avoir effacé..il y en a une cinquantaine du genre "worm.avc", trojan.avc, unp017.avc, unp 034.avc...." "raccourcivers base 67.." c'est tres etrange!