Sujet Précédent Sujet Suivant

[PC infecté] Fallait bien que ça m'arrive...

Fermé
zucco Messages postés 18 Date d'inscription mercredi 10 mai 2006 Statut Membre Dernière intervention 29 novembre 2010 - 10 mai 2006 à 14:34
 Utilisateur anonyme - 10 mai 2006 à 16:59
Bonjour à tous,

Je ne sais pas ce qui s'est passé hier soir, mais j'ai contracté plein de saletés. impossible de me connecter à certains sites, une page de pub pour un anti-spyware s'affiche à la place, un faux systemshutdown se lance et se bloque à queqlues secondes de la fin pour faire apparaître le même page de pub!!! Et des petites bulles sortent de la barre des taches, imitant les alertes windows, m'indiquant en anglais que je suis soumis à pleins d'attaques malveillantes.
Je ne peux pas lancer spybot sans être interrompu par ce truc, et un scan avast m'a permis d'identifier beaucoup de fichiers infectés que je n'ose pas enlever vu leur localisation: C:/windows/System... j'ai des données detravail très importantes sur la machine...
A l'aide

Merci d'avance
zucco
A voir également:

3 réponses

Réponse 1 / 3
Utilisateur anonyme
10 mai 2006 à 14:37
Salut,

télécharges hijackthis:
Téléchargement de HijackThis

Installe le dans son propre dossier:
-cliques droit sur le bureau, nouveau dossier, installes-le dedans.
Lance le, cliques sur "do a system scan and save logfile"
Puis copies et colles le rapport ici.
0
Réponse 2 / 3
zucco Messages postés 18 Date d'inscription mercredi 10 mai 2006 Statut Membre Dernière intervention 29 novembre 2010
10 mai 2006 à 14:42
Salut,
Merci à toi
Voici le rapport

Logfile of HijackThis v1.99.1
Scan saved at 14:41:52, on 10/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\winsrv32.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Nicolas Laurent\Bureau\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\Web\vgaacc.dll (file missing)
O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Nicolas Laurent\Local Settings\Temp\{7AA800B1-7351-49F2-913D-D38ECD178010}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/fileshar...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: vgaacc - C:\WINDOWS\Web\vgaacc.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
0
Utilisateur anonyme
10 mai 2006 à 14:50
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\Web\vgaacc.dll (file missing)
O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll
O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Nicolas Laurent\Local Settings\Temp\{7AA800B1-7351-49F2-913D-D38ECD178010}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/fileshar...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: vgaacc - C:\WINDOWS\Web\vgaacc.dll (file missing)


Clique sur demarrer, rechercher, cherche et supprime ces fichiers:

pbfrv2.dll
winapi32.dl
ALCMTR.EXE
runsrv32.exe
susp.exe

si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui ci tapotes la touche f8, à l'ecran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers, vides ta corbeille et redemarres normalement


Fait ce nettoyage:

¤Telecharges et installes ceci, dans la colonne de gauche cliques sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs

CCleaner:
Ccleaner

¤Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis cliques sur "lancer le nettoyage"


Fait ça:

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.


Puis:

Telecharge, installe puis mets à jour ce logiciel, une fois que c'est fait, fais un scan complet de ton systeme et colle le rapport ici avec un nouveau rapport hijackthis
Ewido:
Ewido Security Suite

0
Réponse 3 / 3
zucco Messages postés 18 Date d'inscription mercredi 10 mai 2006 Statut Membre Dernière intervention 29 novembre 2010
10 mai 2006 à 16:14
Re,

J'ai fait tout ça mais même en mode sans echec, je n'ai pu supprimer
- runsrv32.exe
-susp.exe

Quant à ALCMTR.EXE il trouve 3 fichiers

VBG:
[05/10/2006, 15:31:05] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Nicolas Laurent\Bureau\VirtumundoBeGone.exe" )
[05/10/2006, 15:31:07] - Detected System Information:
[05/10/2006, 15:31:07] - Windows Version: 5.1.2600, Service Pack 2
[05/10/2006, 15:31:07] - Current Username: Nicolas Laurent (Admin)
[05/10/2006, 15:31:07] - Windows is in NORMAL mode.
[05/10/2006, 15:31:07] - Searching for Browser Helper Objects:
[05/10/2006, 15:31:07] - BHO 1: {00000000-59D4-4008-9058-080011001200} ()
[05/10/2006, 15:31:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/10/2006, 15:31:07] - No filename found. Continuing.
[05/10/2006, 15:31:07] - BHO 2: {00000000-C1EC-0345-6EC2-4D0300000000} ()
[05/10/2006, 15:31:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/10/2006, 15:31:08] - No filename found. Continuing.
[05/10/2006, 15:31:08] - BHO 3: {00000000-F09C-02B4-6EC2-AD0300000000} ()
[05/10/2006, 15:31:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/10/2006, 15:31:08] - No filename found. Continuing.
[05/10/2006, 15:31:08] - BHO 4: {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} ()
[05/10/2006, 15:31:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/10/2006, 15:31:08] - No filename found. Continuing.
[05/10/2006, 15:31:08] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/10/2006, 15:31:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/10/2006, 15:31:08] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/10/2006, 15:31:08] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/10/2006, 15:31:08] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/10/2006, 15:31:08] - BHO 7: {7b55bb05-0b4d-44fd-81a6-b136188f5deb} ()
[05/10/2006, 15:31:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/10/2006, 15:31:08] - No filename found. Continuing.
[05/10/2006, 15:31:08] - BHO 8: {8333c319-0669-4893-a418-f56d9249fca6} ()
[05/10/2006, 15:31:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/10/2006, 15:31:08] - No filename found. Continuing.
[05/10/2006, 15:31:08] - BHO 9: {9c691a33-7dda-4c2f-be4c-c176083f35cf} ()
[05/10/2006, 15:31:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/10/2006, 15:31:08] - No filename found. Continuing.
[05/10/2006, 15:31:08] - BHO 10: {e52dedbb-d168-4bdb-b229-c48160800e81} ()
[05/10/2006, 15:31:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/10/2006, 15:31:08] - No filename found. Continuing.
[05/10/2006, 15:31:08] - BHO 11: {ffd2825e-0785-40c5-9a41-518f53a8261f} ()
[05/10/2006, 15:31:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/10/2006, 15:31:08] - No filename found. Continuing.
[05/10/2006, 15:31:08] - Finished Searching Browser Helper Objects
[05/10/2006, 15:31:08] - Finishing up...
[05/10/2006, 15:31:08] - Nothing found! Exiting...

Ewido:
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 16:07:17, 10/05/2006
+ Somme de contrôle: 7CC6270E

+ Résultats du scan:

HKLM\SOFTWARE\Alexa Internet -> Adware.Alexa : Ignoré
HKLM\SOFTWARE\Classes\AppID\DailyToolbar.DLL -> Adware.DailyToolbar : Ignoré
HKLM\SOFTWARE\Classes\Bridge.brdg -> Adware.BlazeFind : Ignoré
HKLM\SOFTWARE\Classes\CLSID\{8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} -> Trojan.Conhook.c : Ignoré
HKLM\SOFTWARE\Classes\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Ignoré
HKLM\SOFTWARE\Classes\DailyToolbar.IEBand -> Adware.DailyToolbar : Ignoré
HKLM\SOFTWARE\Classes\DailyToolbar.SysMgr -> Adware.DailyToolbar : Ignoré
HKLM\SOFTWARE\Classes\IEToolbar.AffiliateCtl -> Adware.DailyToolbar : Ignoré
HKLM\SOFTWARE\Classes\jao.jao -> Adware.BlazeFind : Ignoré
HKLM\SOFTWARE\Classes\PopMenu.Menu -> Adware.Alexa : Ignoré
HKLM\SOFTWARE\Classes\Popup.PopupKiller -> Adware.Alexa : Ignoré
HKLM\SOFTWARE\DailyToolbar -> Adware.DailyToolbar : Ignoré
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81} -> Hijacker.Generic : Ignoré
HKLM\SOFTWARE\NIX Solutions -> Adware.DailyToolbar : Ignoré
HKLM\SOFTWARE\NIX Solutions\DailyToolbar -> Adware.DailyToolbar : Ignoré
HKLM\SOFTWARE\RespondMiter -> Adware.VX2 : Ignoré
HKU\S-1-5-21-3246734082-3505544710-1957752830-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} -> Trojan.Small.anm : Ignoré
HKU\S-1-5-21-3246734082-3505544710-1957752830-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Ignoré
HKU\S-1-5-21-3246734082-3505544710-1957752830-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26} -> Trojan.Conhook.c : Ignoré
HKU\S-1-5-21-3246734082-3505544710-1957752830-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Ignoré
C:\c.vbs -> Downloader.Small.f : Ignoré
:mozilla.6:C:\Documents and Settings\Nicolas Laurent\Application Data\Mozilla\Firefox\Profiles\jyb8wrfg.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré
:mozilla.7:C:\Documents and Settings\Nicolas Laurent\Application Data\Mozilla\Firefox\Profiles\jyb8wrfg.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré
:mozilla.8:C:\Documents and Settings\Nicolas Laurent\Application Data\Mozilla\Firefox\Profiles\jyb8wrfg.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré
:mozilla.10:C:\Documents and Settings\Nicolas Laurent\Application Data\Mozilla\Firefox\Profiles\jyb8wrfg.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré
:mozilla.11:C:\Documents and Settings\Nicolas Laurent\Application Data\Mozilla\Firefox\Profiles\jyb8wrfg.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré
:mozilla.12:C:\Documents and Settings\Nicolas Laurent\Application Data\Mozilla\Firefox\Profiles\jyb8wrfg.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré
:mozilla.13:C:\Documents and Settings\Nicolas Laurent\Application Data\Mozilla\Firefox\Profiles\jyb8wrfg.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré
C:\Documents and Settings\Nicolas Laurent\Bureau\HijackThis\backups\backup-20060510-150000-343.dll -> Adware.PowerSearch : Ignoré
C:\Documents and Settings\Nicolas Laurent\Bureau\HijackThis\backups\backup-20060510-150000-822.dll -> Downloader.VB.aan : Ignoré
C:\Documents and Settings\Nicolas Laurent\Cookies\nicolas laurent@estat[1].txt -> TrackingCookie.Estat : Ignoré
C:\WINDOWS\addins\mainsvr.dll -> Logger.Agent.jr : Ignoré
C:\WINDOWS\addins\svrfont.dll -> Logger.Agent.jr : Ignoré
C:\WINDOWS\AppPatch\runwave.dll -> Logger.Agent.jr : Ignoré
C:\WINDOWS\Config\catmain.dll -> Logger.Agent.jr : Ignoré
C:\WINDOWS\Fonts\mscom.dll -> Logger.Agent.jr : Ignoré
C:\WINDOWS\Help\SBSI\drvhard.dll -> Logger.Agent.jr : Ignoré
C:\WINDOWS\Microsoft.NET\cat.dll -> Logger.Agent.jr : Ignoré
C:\WINDOWS\Microsoft.NET\runvss.dll -> Logger.Agent.jr : Ignoré
C:\WINDOWS\msagent\msvclib.dll -> Logger.Agent.jr : Ignoré
C:\WINDOWS\system\cmdole.dll -> Logger.Agent.jr : Ignoré
C:\WINDOWS\system\MVQL010W.DLL -> Backdoor.IRCBot.fw : Ignoré
C:\WINDOWS\system32\bzszphux.amw -> Hijacker.Small.js : Ignoré
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost.r : Ignoré
C:\WINDOWS\system32\dtqssgdl.exe -> Downloader.VB.aan : Ignoré
C:\WINDOWS\system32\jxmmcmej.exe -> Trojan.Small : Ignoré
C:\WINDOWS\system32\phqghume.exe -> Trojan.Small : Ignoré
C:\WINDOWS\system32\repigsp.exe -> Not-A-Virus.Hoax.Win32.VB.l : Ignoré
C:\WINDOWS\system32\req.dll -> Downloader.ConHook.c : Ignoré
C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Ignoré
C:\WINDOWS\system32\winbl32.dll -> Not-A-Virus.Hoax.Win32.VB.l : Ignoré
C:\WINDOWS\system32\winsrv32.exe -> Downloader.Adload.aq : Ignoré
C:\WINDOWS\system32\zhopaizdupla.exe -> Trojan.Small : Ignoré


::Fin du rapport

HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 16:08:12, on 10/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Nicolas Laurent\Bureau\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe



Merci bien!!!
0
Utilisateur anonyme
10 mai 2006 à 16:59
redemarre en modee sans echec et refais un scan complet avec Ewido puis supprime tout car la tout à été ignoré donc ça n'a servit à rien
0