[trojan] demarrage mode sans échec impossibleFermé

Question

Salut, j' ai eu un peu les memes problemes : impossibilité de démarrer sans echec, pop up intempestives même avec bloqueur de pop up qui laisse passer 50%, ....

Mais le gros pb c' est que lors d' installation de programmes (pas tous), c' est que l' install est normale mais je ne peux pas l' exécuter car le fichier .exe est inaccéssible ou introuvable ? comment faire ? (ex : avast, spybot, google tool bar....)

Merci

alex · Answer

Voici le rapport hijack :

Logfile of HijackThis v1.99.1
Scan saved at 15:33:22, on 08/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32undll32.exe
C:\Documents and Settings\Propriétaire\Application Data\hidires\hidr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32
etdde.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Fichiers communs\FireBird\Bin\fbguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\FireBird\Bin\fbserver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpamBayes\bin\sb_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [save admin peak mfcd] C:\Documents and Settings\All Users\Application Data\Error Idol Save Admin\pokescr.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [drive proxy] C:\DOCUME~1\PROPRI~1\APPLIC~1\GreyAnti\more view proc.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: Yoono suggestions - C:\Program Files\Yoono Companion\Data\yoonoctxmenu.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Fichiers communs\FireBird\Bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Fichiers communs\FireBird\Bin\fbserver.exe
O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe

Remarquez que sur le site, le fichier inconnu "/hidires/hidr.exe " est introuvable dans mes fichiers (recherche et direct) !

je n' arrive toujours pas à installer un anti virus (avast, bitdefender...), la google tool bar et à redemarrer sans echec ????

De l' aide, je vais craquer!!!

Utilisateur anonyme · Answer

Salut

Télécharge lopxp :
http://perso.numericable.fr/~altshift/Info/Fichiers/lopxpMH2.zip 

dézippe-le sur ton bureau puis double-clic sur le fichier "lopxpMH.bat"
quand il a terminé, un rapport s'ouvre : fait un copier-coller du rapport puis mets le ici

Utilisateur anonyme · Answer

Utilisateur anonyme · Answer

Fait ceci :

Pour afficher tous les dossiers et fichiers cachés :

Clique sur "démarrer", "panneau de configuration", "outils" ,"option des dossiers", "affichage"
"
Coche: 
¤ afficher les fichiers et dossiers cachés
- Clique sur "appliquer" puis "ok"
------------------------------------------------------------------
Clic sur C:\Documents and Settings\All Users\Application Data et supprime ce dossier :

- Error Idol Save Admin


Clic sur C:\Documents and Settings\Propri&#8218;taire\Application Data 

- GreyAnti


¤ Tu utilises quoi comme pare-feu ?

alex · Answer

Re, j' ai scanné aussi avec F secure blacklight et voici le log :

02/08/07 16:47:27 [Info]: BlackLight Engine 1.0.55 initialized
02/08/07 16:47:27 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/08/07 16:47:28 [Note]: 7019 4
02/08/07 16:47:28 [Note]: 7005 0
02/08/07 16:47:36 [Note]: 7006 0
02/08/07 16:47:36 [Note]: 7011 2748
02/08/07 16:47:36 [Note]: 7026 0
02/08/07 16:47:36 [Note]: 7026 0
02/08/07 16:47:36 [Note]: 7024 3
02/08/07 16:47:36 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
02/08/07 16:47:36 [Note]: 7024 3
02/08/07 16:47:36 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
02/08/07 16:47:44 [Note]: FSRAW library version 1.7.1021
02/08/07 16:47:46 [Info]: Hidden file: c:\Documents and Settings\Propriétaire\Application Data\hidires\hidr.exe
02/08/07 16:47:46 [Note]: 10002 2
02/08/07 16:47:46 [Info]: Hidden file: c:\Documents and Settings\Propriétaire\Application Data\hidires\m_hook.sys
02/08/07 16:47:46 [Note]: 10002 2
02/08/07 16:47:46 [Info]: Hidden file: c:\Documents and Settings\Propriétaire\Application Data\hidires\flec003.exe
02/08/07 16:47:46 [Note]: 10002 3
02/08/07 16:47:46 [Note]: 10002 3
02/08/07 16:47:46 [Note]: 10002 3
02/08/07 16:47:46 [Note]: 10002 2
02/08/07 16:47:46 [Note]: 10002 2
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared\ASCIIConverter.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared\ContractDetails.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared\CyberFeeder.ocx
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared\dbcapi.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared\fbclient.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared\Implode.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared\MCDatabaseAPI.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared\MCToolbar.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared\MidAPI.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared\PATSAPI.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared\proxydll.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared\SymSearch.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared\TickerApi.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared	sfbLocker.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared	sGuiLib.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared	sLLStorageOperations.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared	sShaper.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared	sStorage.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared	sStoragePack.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Info]: Hidden file: c:\Program Files\Fichiers communs\TS Support\Shared\XPStyle.dll
02/08/07 16:48:56 [Note]: 10002 3
02/08/07 16:48:56 [Note]: 10002 2
02/08/07 16:48:56 [Note]: 10002 2
02/08/07 16:49:20 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\empty.txt
02/08/07 16:49:20 [Note]: 10002 3
02/08/07 16:49:20 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\filters.xml
02/08/07 16:49:20 [Note]: 10002 3
02/08/07 16:49:20 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared
ews.png
02/08/07 16:49:20 [Note]: 10002 3
02/08/07 16:49:20 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\paint.png
02/08/07 16:49:20 [Note]: 10002 3
02/08/07 16:49:20 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Profiles\blank.txt
02/08/07 16:49:20 [Note]: 10002 3
02/08/07 16:49:20 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\sample1.jpg
02/08/07 16:49:20 [Note]: 10002 3
02/08/07 16:49:20 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\sample2.jpg
02/08/07 16:49:20 [Note]: 10002 3
02/08/07 16:49:20 [Note]: 10002 2
02/08/07 16:49:20 [Note]: 10002 2
02/08/07 16:50:31 [Info]: Hidden file: c:\WINDOWS\ime\shared\imepaden.hlp
02/08/07 16:50:31 [Note]: 10002 3
02/08/07 16:50:31 [Info]: Hidden file: c:\WINDOWS\ime\shared\imepadsm.dll
02/08/07 16:50:31 [Note]: 10002 3
02/08/07 16:50:31 [Info]: Hidden file: c:\WINDOWS\ime\shared\imepadsv.exe
02/08/07 16:50:31 [Note]: 10002 3
02/08/07 16:50:31 [Info]: Hidden file: c:\WINDOWS\ime\shared\imlang.dll
02/08/07 16:50:31 [Note]: 10002 3
02/08/07 16:50:31 [Info]: Hidden file: c:\WINDOWS\ime\sharedes\PADRS404.DLL
02/08/07 16:50:31 [Note]: 10002 3
02/08/07 16:50:31 [Info]: Hidden file: c:\WINDOWS\ime\sharedes\padrs411.dll
02/08/07 16:50:31 [Note]: 10002 3
02/08/07 16:50:31 [Info]: Hidden file: c:\WINDOWS\ime\sharedes\padrs412.dll
02/08/07 16:50:31 [Note]: 10002 3
02/08/07 16:50:31 [Info]: Hidden file: c:\WINDOWS\ime\sharedes\padrs804.dll
02/08/07 16:50:31 [Note]: 10002 3
02/08/07 16:50:31 [Note]: 10002 2
02/08/07 16:50:31 [Note]: 10002 2
02/08/07 16:51:07 [Info]: Hidden file: C:\WINDOWS\system32\hldrrr.exe
02/08/07 16:51:07 [Note]: 10002 2
02/08/07 16:53:04 [Note]: 7007 0


Rq : ce problême d' installation impossible d' antivirus (avast au départ) est commun d' après ce que j' ai lu !!!!

[trojan] demarrage mode sans échec impossible

5 réponses

Discussions similaires

Newsletters