Les Allergies
Alimentaires
Posez votre question Signaler

Problème ntdll64

keops - Dernière réponse le 30 mars 2009 à 09:37
Bonjour,
j'ai un problème avec le fichier ntdll64 je n'arrive pas a le suprimer es ce que quelqu'un pourait m'aidez svp je vous remercie (si vous pouviez m'expliquer en détail car je ne sui pas un pro de l'informatique )
Lire la suite 

Problème ntdll64 »

6 réponses
Réponse
+1
moins plus
totobetourne 5526Messages postés 23 mars 2008Date d'inscription 8 septembre 2011Dernière intervention 27 mars 2009 à 16:48
passe cela .

1)passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tutoriel Malwarebytes Anti-Malware: http://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.

garde le et lance un scan tout les mois comme indique.

si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.






2)telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.

http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.


Ajouter un commentaire
Afficher les 4 commentaires
keops - 27 mars 2009 à 18:13
Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1905
Windows 5.1.2600 Service Pack 2

27/03/2009 18:04:46
mbam-log-2009-03-27 (18-04-46).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 125872
Temps écoulé: 52 minute(s), 29 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 6
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 16
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 38

Processus mémoire infecté(s):
C:\Documents and Settings\keops\Local Settings\Temp\xj6fji.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\keops\Local Settings\Temp\xj6fji.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\SYSTEM32\relereni.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\degejiba.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\nahiyuku.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\mimubama.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\__c0010DD6.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\blxrzj.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ba97f21-61a3-4031-a270-498c05468852} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4ba97f21-61a3-4031-a270-498c05468852} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da369ab2-e99c-4361-a98f-6aa32680a7aa} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{da369ab2-e99c-4361-a98f-6aa32680a7aa} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{da369ab2-e99c-4361-a98f-6aa32680a7aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0010dd6 (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4ba97f21-61a3-4031-a270-498c05468852} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db893839-10f0-4af9-92fa-b23528f530af} (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a0267d1a (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yohiloseke (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpma3154e86 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows resurections (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f29d48e.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\mimubama.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\mimubama.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\ntos.exe -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\LocalService\Application Data\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\SYSTEM32\blxrzj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\funeroga.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\agorenuf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\relereni.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\inereler.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\degejiba.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\SYSTEM32\mimubama.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\nahiyuku.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\__c0010DD6.dat (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\keops\Local Settings\Temp\xj6fji.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\_A00F29D48E.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\keops\Local Settings\Temp\ovfsthpdwrftiouq.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\keops\Local Settings\Temp\IXP000.TMP\newz.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\keops\Local Settings\Temporary Internet Files\Content.IE5\8I6EUR5U\SpywareRemover2009_Installer_Dual_br1_en[1].exe (Rogue.SpywareRemover) -> Quarantined and deleted successfully.
C:\Downloads\InstallAVg_880241.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1614895754-1682526488-682003330-1004\Dc150.bc! (Rogue.SpywareRemover) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1614895754-1682526488-682003330-1004\Dc151.bc! (Rogue.SpywareRemover) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\gldx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\fxsteller.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\FONTS\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\FONTS\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\susopaya.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yejimoya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tasasifu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\keops\Local Settings\Temp\652202980.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ovfsthekihtuuuitlxcsbrgoqfxmbfuffoigxn.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\ovfsthiduunmyklobrrcwkpomwesibegxvnphl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\ovfsthyultdxmwuqlnpcmbyvbsyppvrkpfexvm.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\DRIVERS\ovfsthlotripdqrdnqmiturupxhowbmhlrvqxg.sys (Trojan.Agent) -> Quarantined and deleted successfully.
keops - 27 mars 2009 à 18:14
et maintenant ?
keops - 27 mars 2009 à 21:41
et maintenant ???
Ajouter un commentaire
Réponse
+0
moins plus
totobetourne 5526Messages postés 23 mars 2008Date d'inscription 8 septembre 2011Dernière intervention 30 mars 2009 à 09:37
bonjour

pardon retour seulement maintenant , week end tres charge.

passe cela dans l ordre merci.

1)Bonjour,

*Télécharge SDFix (créé par AndyManchesta)
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
*Double-clique sur SDFix.exe
*Choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
*Redémarre en mode sans échec
*Ouvre le dossier SDFix qui vient d'être créé à la racine de ton disque dur C:\
*Double clique sur RunThis.bat pour lancer le script. (Le .bat peut ne pas apparaître)
*Appuie sur Y pour commencer le processus de nettoyage.
*Appuie sur une touche pour redémarrer quand SDFix te demander d'appuyer sur une touche pour redémarrer.
*Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
*Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
*Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
*Les icônes du Bureau affichées, le rapport SDFix s'ouvrira. Il porte le nom de Report.txt.
*Copie/colle le contenu


*Si Sdfix ne se lance pas
* Clique sur Démarrer > Exécuter
*Copie/colle ceci: %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
*Clique sur Ok.
*Redémarre et essaie de relance SDFix.


2)refais un rapport hijack . merci.


3)comment se comporte ton pc?

Ajouter un commentaire
Ajouter un commentaire
Posez votre question
Ce document intitulé « problème ntdll64 » issu de CommentCaMarche (www.commentcamarche.net) est mis à disposition sous les termes de la licence Creative Commons. Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.
Dossier à la une
5 extensions si vous voulez revenir à l'ancien Facebook