Votre question

Multiples Problèmes : Plantage etc...

Tags :
  • Windows genuine advantage
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Septembre 2007 14:45:27

Salutation,
Depuis un certain temps je constate que mon pc souffre de bug et de problèmes en tout genre. Je ne peux plus, par exemple, ouvrir la corbeille sans que cela ne prenne 10 mins. Je suis obligé d'arrêter Explorer.exe en passant par le gestionnaire des taches. La plupart des programmes plante pendant leur installation, enfin bref, tout ce qui ne dépend pas directement de windows fonctionne, hormis ces exceptions là, c'est le bordèle absolu.

Si vous pouvez m'aider, ça metterai fin a quelque jour de calvaire
précision : j'ai déjà formaté (jai même viré et refait un partition)
j'ai fais une analyse avec avast et j'ai trouvé un virus : DAME DarkAngel.

le rapport hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:14, on 30/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\DOCUME~1\SF104~1.FOU\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\czsrv.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft Windows VHP Control - Unknown owner - C:\WINDOWS\System32\dllcache\winvhp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4866 bytes
Voilà, et avec mes remerciements

Autres pages sur : multiples problemes plantage

a b 8 Sécurité
30 Septembre 2007 14:50:12

Bonjour,

Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
30 Septembre 2007 17:21:28

Donc j'ai fait comme convenu :
30/09/2007 a 17:20:10,18

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
C:\WINDOWS\system32\o FOUND
C:\WINDOWS\system32\x FOUND

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
Contenus similaires
30 Septembre 2007 22:32:29

CLEAN RAPPORT :
Je l'ai perdu en faisant une fausse manipe. Il a réussi a supprimer les trois fichier qu'ils avaient trouvé auparavant, il a aussi nettoyé mes deux disques durs.

ANTIVIR RAPPORT :

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:16
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:56
ANTIVIR2.VDF : 7.0.0.32 315904 Bytes 28/09/2007 19:32:24
ANTIVIR3.VDF : 7.0.0.34 34816 Bytes 30/09/2007 19:32:24
AVEWIN32.DLL : 7.6.0.18 2810368 Bytes 30/09/2007 19:32:24
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:22

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 30 septembre 2007 21:32

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'mplayerc.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'fdm.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
29 processes with 29 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\jkkkhif.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\jkkkhif.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen

The registry was scanned ( '25' files ).


Starting the file scan:

Begin scan in 'C:\' <DISK1_VOL1>
C:\PAGEFILE.SYS
[WARNING] The file could not be opened!
C:\FOUND.001\FILE0000.CHK
[DETECTION] Contains detection pattern of the worm WORM/SdBot.560640.1
[INFO] The file was moved to '474bfa48.qua'!
C:\WINDOWS\system32\tuvwwvt.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4775fa8f.qua'!
C:\WINDOWS\system32\jkkkhif.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\ssqnmjj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4770fa98.qua'!
C:\WINDOWS\system32\urqrqrp.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4770fa99.qua'!
C:\WINDOWS\system32\vtuuspq.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4774fa9d.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\D66P92JB\84785_winhtb[1].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '4736fa64.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G1A3S52J\84785_winhtb[1].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '4736fa66.qua'!
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\3V5R4N9S\setup[1].exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4773fb5b.qua'!
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\ER4T01QX\setup[1].exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4773fb5e.qua'!
C:\System Volume Information\_restore{530A92AD-6BDD-4124-AF08-0DA179908A17}\RP8\A0005146.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '472ffc1d.qua'!
C:\System Volume Information\_restore{530A92AD-6BDD-4124-AF08-0DA179908A17}\RP11\A0005223.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '472ffc21.qua'!
C:\System Volume Information\_restore{530A92AD-6BDD-4124-AF08-0DA179908A17}\RP12\A0008916.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '472ffc5e.qua'!
C:\System Volume Information\_restore{530A92AD-6BDD-4124-AF08-0DA179908A17}\RP17\A0009161.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '472ffc67.qua'!
C:\System Volume Information\_restore{530A92AD-6BDD-4124-AF08-0DA179908A17}\RP17\A0009162.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '472ffc69.qua'!
C:\System Volume Information\_restore{530A92AD-6BDD-4124-AF08-0DA179908A17}\RP17\A0009163.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '472ffc6b.qua'!
C:\System Volume Information\_restore{530A92AD-6BDD-4124-AF08-0DA179908A17}\RP17\A0009164.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '472ffc6c.qua'!
Begin scan in 'D:\' <IBMVOL>


End of the scan: dimanche 30 septembre 2007 21:54
Used time: 21:45 min

The scan has been done completely.

4931 Scanning directories
193639 Files were scanned
18 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
16 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
193621 Files not concerned
1680 Archives were scanned
3 Warnings
0 Notes

L'antivirus s'est battu farouchement avec un fichier qui se nomme : jkkkhif.dll.
Je n'ai pas pu le supprimer j'ai alors fait "rename" avec antivir.
Il semblerait aussi que "Winlogon.exe" pose probleme ainsi que d'autres programmes suspects cf le gestionnaire :
http://www.wikifortio.com/705621/gestionnaire+des+tache...
a b 8 Sécurité
1 Octobre 2007 18:36:56

Il y a une infection du type Vundo, assez coriace.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    7 Octobre 2007 13:14:50

    Ok je vais essayer merci bien !
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS