win32, trojan, riskware ??? Résolu/Fermé

Question

bonjour,
j'ai un problème, mon pc est, d'après avast, infécté par win32; étant donné que je suis archi débutante en informatique, je ne sais pas quoi faire. j'ai déjà voulu le supprimer, le mettre en quarantaine, mais ça ne fonctionne pas... 
j'ai vraiment besoins d'aide, surtout que mon pc rame de plus en plus, et que je peux ouvrir de moins en moins de choses...
merci d'avance !
=)
mon adress msn ====>  ambryon3_@hotmail.fr
===> c plus pratique!

green day · Answer

Salut

Télécharge ceci sur ton bureau :

Lien :  hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm 
 
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.


++

ambryon3 · Answer

merci, je le fais de suite; mais ça m'arrangerais que tu m'aide sur msn, car j'ai du mal a ouvrir les pages sur internet, ça beug!

green day · Answer

désolée, je ne reponderai  que via le forum ...

ambryon3 · Answer

Logfile of HijackThis v1.99.1
Scan saved at 19:10:46, on 25/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32_server.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\icpldrvx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\a-squared Anti-Malware\a2HiJackFree.exe
C:\DOCUME~1\acer\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis[1].zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E1197B9FA975760EA83FA5EF80752B94E2DE7A587C46283CC3 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll (file missing)
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [Avg Antivirus] C:\WINDOWS\system32\icpldrvx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Tray log load bash] C:\Documents and Settings\All Users\Application Data\TypeEqTrayLog\plusmove.exe
O4 - HKLM\..\Run: [udc6cw] "C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe" -c
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\acer\APPLIC~1\ELSEPL~1\AXISNEW.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?9493633c4754453792af954da0a0681f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?9493633c4754453792af954da0a0681f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin
pjpi150_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin
pjpi150_09.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcappcapd.exe" -d -f "%ProgramFiles%\WinPcappcapd.ini (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32_server.exe" /service (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

green day · Answer

re

ok, fais le 1/ et 2/ de ce lien stp :

virus methode preliminaire de desinfection version fr

++

ambryon3 · Answer

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	19:46:36 25/12/2006

 + Résultat de l'analyse:	



HKLM\SOFTWARE\Classes\CLSID\{5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignoré.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignoré.
HKU\S-1-5-21-2298827-3538513109-1322924268-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignoré.
HKU\S-1-5-21-2298827-3538513109-1322924268-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignoré.
HKU\S-1-5-21-2298827-3538513109-1322924268-1005\Software\Internet Security -> Adware.IntCodec : Ignoré.
C:\Documents and Settings\acer\Local Settings\Temporary Internet Files\Content.IE5\28I1Z180\license_manager[1].exe -> Adware.WeirWeb : Ignoré.
C:\Documents and Settings\acer\Local Settings\Temporary Internet Files\Content.IE5\PTNTO7XA\screensaver[1].rar/screemsaver_setup.exe -> Backdoor.Delf.ajw : Ignoré.
C:\Program Files\Masta\sexe.exe -> Dialer.Masta.c : Ignoré.
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026475.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré.
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026476.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré.
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026477.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré.
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026478.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré.
C:\Documents and Settings\BOSS\Cookies\boss@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.


Fin du rapport

green day · Answer

re

 supprime tout ce qu'il te trouve !!

++

ambryon3 · Answer

oups! comme je ne savais pas, j'ai mis "mettre en quarantaine" pour tout ce qu'il m'a trouvé.....

green day · Answer

pas grave !

 vide la quarantaine ;-)

++

ambryon3 · Answer

ayé c'est fait! j'ai lancé l'étape deux, et l'antivirus que tu mettais, a l'air d'avoir encore détécté pas mal de choses.....
j'affiche le rapport dès que l'analyse est terminé !

ambryon3 · Answer

BitDefender Online Scanner
  
  
 
Scan report generated at: Mon, Dec 25, 2006 - 20:26:49
 
 
  
  
 
Scan path: C:\;D:\;E:\;
  
  
 
 
  
  
 
Statistics
 
Time
 00:31:31
 
Files
 182725
 
Folders
 4303
 
Boot Sectors
 4
 
Archives
 11677
 
Packed Files
 13184
 
  
  
 
Results
 
Identified Viruses 
 6
 
Infected Files 
 22
 
Suspect Files 
 1
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 26
 
  
  
 
Engines Info
 
Virus Definitions
 356998
 
Engine build
 AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)
 
Scan plugins
 14
 
Archive plugins
 38
 
Unpack plugins
 6
 
E-mail plugins
 6
 
System plugins
 1
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
C:\WINDOWS\system32\ipv6mons.dll
 Infected with: Trojan.Spy.Bzub.BZ
 
C:\WINDOWS\system32\ipv6mons.dll
 Disinfection failed
 
C:\WINDOWS\system32\ipv6mons.dll
 Delete failed
 
C:\WINDOWS\system32\icpldrvx.exe
 Suspected of: BehavesLike:Win32.SMTP-Mailer
 
C:\WINDOWS\system32\icpldrvx.exe
 Disinfection failed
 
C:\WINDOWS\system32\icpldrvx.exe
 Delete failed
 
C:\WINDOWS\Temp\_avast4_\unp55146592.tmp
 Infected with: Trojan.Clicker.Small.BH
 
C:\WINDOWS\Temp\_avast4_\unp55146592.tmp
 Disinfection failed
 
C:\WINDOWS\Temp\_avast4_\unp55146592.tmp
 Deleted
 
C:\WINDOWS\Temp\_avast4_\unp168201907.tmp
 Infected with: Trojan.Clicker.Small.BH
 
C:\WINDOWS\Temp\_avast4_\unp168201907.tmp
 Disinfection failed
 
C:\WINDOWS\Temp\_avast4_\unp168201907.tmp
 Deleted
 
C:\Documents and Settings\acer\Local Settings\Temp	xn.exe
 Infected with: Trojan.Downloader.Small.FQ
 
C:\Documents and Settings\acer\Local Settings\Temp	xn.exe
 Disinfection failed
 
C:\Documents and Settings\acer\Local Settings\Temp	xn.exe
 Deleted
 
C:\Documents and Settings\acer\Local Settings\Temp\installer.exe
 Infected with: Trojan.BHO.O
 
C:\Documents and Settings\acer\Local Settings\Temp\installer.exe
 Disinfection failed
 
C:\Documents and Settings\acer\Local Settings\Temp\installer.exe
 Deleted
 
C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe
 Infected with: Trojan.Fakealert.FB
 
C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe
 Disinfection failed
 
C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe
 Delete failed
 
C:\Program Files\a-squared Anti-Malware\Quarantine\6f626b49eded320dcdf905c01576c86f.a2q=>Documents and Settings/acer/Local Settings/Temp/ERS3.exe=>(Quarantine-PE)
 Infected with: Trojan.Downloader.Winfixer.O
 
C:\Program Files\a-squared Anti-Malware\Quarantine\6f626b49eded320dcdf905c01576c86f.a2q=>Documents and Settings/acer/Local Settings/Temp/ERS3.exe=>(Quarantine-PE)
 Disinfection failed
 
C:\Program Files\a-squared Anti-Malware\Quarantine\6f626b49eded320dcdf905c01576c86f.a2q=>Documents and Settings/acer/Local Settings/Temp/ERS3.exe=>(Quarantine-PE)
 Deleted
 
C:\Program Files\a-squared Anti-Malware\Quarantine\6f626b49eded320dcdf905c01576c86f.a2q
 Updated
 
C:\Program Files\a-squared Anti-Malware\Quarantine\1547e63b4a993fc9fa2a466706ece7c5.a2q=>Documents and Settings/acer/Application Data/errorsafefrenchnewreleaseinstall[1].exe=>(Quarantine-PE)
 Infected with: Trojan.Downloader.Winfixer.O
 
C:\Program Files\a-squared Anti-Malware\Quarantine\1547e63b4a993fc9fa2a466706ece7c5.a2q=>Documents and Settings/acer/Application Data/errorsafefrenchnewreleaseinstall[1].exe=>(Quarantine-PE)
 Disinfection failed
 
C:\Program Files\a-squared Anti-Malware\Quarantine\1547e63b4a993fc9fa2a466706ece7c5.a2q=>Documents and Settings/acer/Application Data/errorsafefrenchnewreleaseinstall[1].exe=>(Quarantine-PE)
 Deleted
 
C:\Program Files\a-squared Anti-Malware\Quarantine\1547e63b4a993fc9fa2a466706ece7c5.a2q
 Updated
 
C:\Program Files\a-squared Anti-Malware\Quarantine\887831f45210926080f7512b18c7935a.a2q=>Documents and Settings/acer/Application Data/errorsafeinstall_fr[1].exe=>(Quarantine-PE)
 Infected with: Trojan.Downloader.Winfixer.O
 
C:\Program Files\a-squared Anti-Malware\Quarantine\887831f45210926080f7512b18c7935a.a2q=>Documents and Settings/acer/Application Data/errorsafeinstall_fr[1].exe=>(Quarantine-PE)
 Disinfection failed
 
C:\Program Files\a-squared Anti-Malware\Quarantine\887831f45210926080f7512b18c7935a.a2q=>Documents and Settings/acer/Application Data/errorsafeinstall_fr[1].exe=>(Quarantine-PE)
 Deleted
 
C:\Program Files\a-squared Anti-Malware\Quarantine\887831f45210926080f7512b18c7935a.a2q
 Updated
 
C:\Program Files\a-squared Anti-Malware\Quarantine\990fbed7dbe1b0aaf8caa516d5a1ccc4.a2q=>Documents and Settings/acer/Application Data/winantispyware2006freeinstall_fr[1].exe=>(Quarantine-PE)
 Infected with: Trojan.Downloader.Winfixer.O
 
C:\Program Files\a-squared Anti-Malware\Quarantine\990fbed7dbe1b0aaf8caa516d5a1ccc4.a2q=>Documents and Settings/acer/Application Data/winantispyware2006freeinstall_fr[1].exe=>(Quarantine-PE)
 Disinfection failed
 
C:\Program Files\a-squared Anti-Malware\Quarantine\990fbed7dbe1b0aaf8caa516d5a1ccc4.a2q=>Documents and Settings/acer/Application Data/winantispyware2006freeinstall_fr[1].exe=>(Quarantine-PE)
 Deleted
 
C:\Program Files\a-squared Anti-Malware\Quarantine\990fbed7dbe1b0aaf8caa516d5a1ccc4.a2q
 Updated
 
C:\Program Files\a-squared Anti-Malware\Quarantine\a48f3f5292b254df2786c9a9a3fa411b.a2q=>Documents and Settings/acer/Application Data/winantiviruspro2006freeinstall_fr[1].exe=>(Quarantine-PE)
 Infected with: Trojan.Downloader.Winfixer.O
 
C:\Program Files\a-squared Anti-Malware\Quarantine\a48f3f5292b254df2786c9a9a3fa411b.a2q=>Documents and Settings/acer/Application Data/winantiviruspro2006freeinstall_fr[1].exe=>(Quarantine-PE)
 Disinfection failed
 
C:\Program Files\a-squared Anti-Malware\Quarantine\a48f3f5292b254df2786c9a9a3fa411b.a2q=>Documents and Settings/acer/Application Data/winantiviruspro2006freeinstall_fr[1].exe=>(Quarantine-PE)
 Deleted
 
C:\Program Files\a-squared Anti-Malware\Quarantine\a48f3f5292b254df2786c9a9a3fa411b.a2q
 Updated
 
C:\Program Files\a-squared Anti-Malware\Quarantine\8a1dd81bcf294ca9bd41329ab0d956d6.a2q=>System Volume Information/_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}/RP24/A0007421.exe=>(Quarantine-PE)
 Infected with: Trojan.Downloader.Winfixer.O
 
C:\Program Files\a-squared Anti-Malware\Quarantine\8a1dd81bcf294ca9bd41329ab0d956d6.a2q=>System Volume Information/_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}/RP24/A0007421.exe=>(Quarantine-PE)
 Disinfection failed
 
C:\Program Files\a-squared Anti-Malware\Quarantine\8a1dd81bcf294ca9bd41329ab0d956d6.a2q=>System Volume Information/_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}/RP24/A0007421.exe=>(Quarantine-PE)
 Deleted
 
C:\Program Files\a-squared Anti-Malware\Quarantine\8a1dd81bcf294ca9bd41329ab0d956d6.a2q
 Updated
 
C:\Program Files\a-squared Anti-Malware\Quarantine\a611f6af4fc4d6cfb1f2e1ba3d295ee6.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
 Infected with: Trojan.Fakealert.FB
 
C:\Program Files\a-squared Anti-Malware\Quarantine\a611f6af4fc4d6cfb1f2e1ba3d295ee6.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
 Disinfection failed
 
C:\Program Files\a-squared Anti-Malware\Quarantine\a611f6af4fc4d6cfb1f2e1ba3d295ee6.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
 Deleted
 
C:\Program Files\a-squared Anti-Malware\Quarantine\a611f6af4fc4d6cfb1f2e1ba3d295ee6.a2q
 Updated
 
C:\Program Files\a-squared Anti-Malware\Quarantine\c4172b393d24f9f6813238b646af8f7f.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
 Infected with: Trojan.Fakealert.FB
 
C:\Program Files\a-squared Anti-Malware\Quarantine\c4172b393d24f9f6813238b646af8f7f.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
 Disinfection failed
 
C:\Program Files\a-squared Anti-Malware\Quarantine\c4172b393d24f9f6813238b646af8f7f.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
 Deleted
 
C:\Program Files\a-squared Anti-Malware\Quarantine\c4172b393d24f9f6813238b646af8f7f.a2q
 Updated
 
C:\Program Files\a-squared Anti-Malware\Quarantine\d7600970abb77b4be638cbc8eba1533d.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
 Infected with: Trojan.Fakealert.FB
 
C:\Program Files\a-squared Anti-Malware\Quarantine\d7600970abb77b4be638cbc8eba1533d.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
 Disinfection failed
 
C:\Program Files\a-squared Anti-Malware\Quarantine\d7600970abb77b4be638cbc8eba1533d.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
 Deleted
 
C:\Program Files\a-squared Anti-Malware\Quarantine\d7600970abb77b4be638cbc8eba1533d.a2q
 Updated
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP27\A0009751.exe
 Infected with: Trojan.Fakealert.FB
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP27\A0009751.exe
 Disinfection failed
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP27\A0009751.exe
 Deleted
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026553.dll
 Infected with: Trojan.Clicker.Small.BH
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026553.dll
 Disinfection failed
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026553.dll
 Deleted
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026569.dll
 Infected with: Trojan.Clicker.Small.BH
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026569.dll
 Disinfection failed
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026569.dll
 Deleted
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0028593.dll
 Infected with: Trojan.Clicker.Small.BH
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0028593.dll
 Disinfection failed
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0028593.dll
 Deleted
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0029592.dll
 Infected with: Trojan.Clicker.Small.BH
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0029592.dll
 Disinfection failed
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0029592.dll
 Deleted
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0029608.dll
 Infected with: Trojan.Clicker.Small.BH
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0029608.dll
 Disinfection failed
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0029608.dll
 Deleted
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0030608.dll
 Infected with: Trojan.Clicker.Small.BH
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0030608.dll
 Disinfection failed
 
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0030608.dll
 Deleted

green day · Answer

re

ok, poste un nouveau hijackthis stp

++

ambryon3 · Answer

Logfile of HijackThis v1.99.1
Scan saved at 20:36:44, on 25/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32_server.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\icpldrvx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\a-squared Anti-Malware\a2scan.exe
C:\DOCUME~1\acer\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [Avg Antivirus] C:\WINDOWS\system32\icpldrvx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Tray log load bash] C:\Documents and Settings\All Users\Application Data\TypeEqTrayLog\plusmove.exe
O4 - HKLM\..\Run: [udc6cw] "C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe" -c
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\acer\APPLIC~1\ELSEPL~1\AXISNEW.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?9493633c4754453792af954da0a0681f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?9493633c4754453792af954da0a0681f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin
pjpi150_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin
pjpi150_09.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcappcapd.exe" -d -f "%ProgramFiles%\WinPcappcapd.ini (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32_server.exe" /service (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

ambryon3 · Answer

aidez moi svp !!!!!
=(

green day · Answer

voila !

 # Désactiver la Restauration du système 

* Cliquez sur le bouton Démarrer. 
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés. 
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs 

( tu pourras la réactivé à la fin de la manip )



# Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll (file missing) 


O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 

O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [Avg Antivirus] C:\WINDOWS\system32\icpldrvx.exe 

O4 - HKLM\..\Run: [Tray log load bash] C:\Documents and Settings\All Users\Application Data\TypeEqTrayLog\plusmove.exe
O4 - HKLM\..\Run: [udc6cw] "C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe" -c 
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" 

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?9493633c4754453792af954da0a0681f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?9493633c4754453792af954da0a0681f 

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe 

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

==> cherche te supprime les fichiers en gras :

C:\WINDOWS\system32\icpldrvx.exe 
 C:\WINDOWS\system32\ipv6mons.dll
C:\WINDOWS\system32\r_server.exe" /service 

C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe 

( ainsi que le programme du même nom ! )

# ensuite télécharge et execute ceci :

* CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

tuto : (merci à Balltrap) http://pageperso.aol.fr/balltrap34/democleanup.htm 


 * Ccleaner : Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .

*Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
est cochée) puis clique sur "lancer le nettoyage"
 
ccleaner

tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php


# installe un parfeu !

kerio

tuto : pour configurer et comprendre Kerio 
https://www.vulgarisation-informatique.com/kerio.php

et enfin poste un nouveau hijackthis et precis tes soucis s'il en reste

@+

On peut aussi bâtir quelque chose de beau avec les pierres qui entravent le chemin (J.W.VON GOETHE
)

ambryon3 · Answer

Logfile of HijackThis v1.99.1
Scan saved at 10:50:18, on 26/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\acer\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\acer\APPLIC~1\ELSEPL~1\AXISNEW.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin
pjpi150_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin
pjpi150_09.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcappcapd.exe" -d -f "%ProgramFiles%\WinPcappcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

ambryon3 · Answer

mon pc rame encore plus kavan, et je n'ai toujours pas accès a certaine choses (windows live messenger, tchat, etc....)

ambryon3 · Answer

alor??? personne pour maider ????

green day · Answer

Salut

pour le PC qui rame : c'est peut être parceque tu as mal configuré Kerio, ça arrive parfois ...

 cf tuto : https://www.vulgarisation-informatique.com/kerio.php

 defragmente ton DD :

defragmenter son disque dur

 je n'ai toujours pas accès a certaine choses (windows live messenger, tchat, etc....)
 
c'est à dire ???

++

ambryon3 · Answer

windows live messenger ne souvre pas, et je ne peux pas aller sur le tchat car apparament je nai pas java; mais quand je le télécharge, sa me met que sa ne fonctionne pas !!
d'après le dernié rapport, es que mon pc est toujours infécté ???

ambryon3 · Answer

<< la connexion à windows live messenger a échoué car le service est temporairement inaccessible. réessayez plus tard. code d'erreur : 80040111 >> voila ce que ça me met quand je veux me conécté; et sa depuis que g le virus.... mais pourtant j'ai accès a windows messenger, qui était déjà installé sur windows..... que doije faire??

green day · Answer

re

 pour ma part, ton dernier rapport est ok !

pour MSN :

installer ceci http://www.microsoft.com/downloads/details.aspx?familyid=28494391-052b-42ff-9(...)
ensuite, redémarrer le pc et re-essaye de te connecter 

 pour java : il te faut ça je pense :

https://www.java.com/fr/download/

++

ambryon3 · Answer

ok merci, je fais ce que tu ma dit, et je re pour te dire; par contre pour kerio, je ne sais pas comment le configurer; et mon pc rame vraiment de trop !!
=(

ambryon3 · Answer

The download you requested is unavailable. If you continue to see this message when trying to access this download, go to the "Search for a Download" area on the Download Center home page. 

sa me di sa quan je vais sur
http://www.microsoft.com/downloads/details.aspx?familyid=28494391-052b-42ff-9(...) 
que doije faire ???

ambryon3 · Answer

et pour java, sa ne fonctionne pas nn plus....
sa me met vérification de la configuration depuis au moins 15 minutes; j'ai mis télécharger maintenant, et la sa met vérif bla bla bla; j'ai la poisse ou quoi ?!?! 
:-S

green day · Answer

oups !

essaye avec celui-ci :

http://www.microsoft.com/downloads/details.aspx?familyid=28494391-052b-42ff-9674-f752bdca9582&displaylang=fr

 pour kerio : suis le guide ;-))

 ==> tuto : https://www.vulgarisation-informatique.com/kerio.php

++

ambryon3 · Answer

g instalé ce ke tu ma di pour windows live messenger; mais sa a carémen coupé ma conéxion internet, donc jai du le désinstalé, et maintenant jai récupéré internet, et oci windows live messenger !!!

merciiiii bocouuuu !!
=)

par contre, sa ne fonctionne toujours pas pour java.... comprend pas.....
=(

Séb08 · Answer

slt,


En ce qui concerne le tchat tu dois accepter un activX je pense  non ?

Fais cette manip si tu es sous Internet Explorer :

Sur ta page IE -> outil -> option internet -> onglet "programme" ->clique sur "gérer les modules complémentaires" et vois si java est activé partout.
Si "non", active le , rédémarre ton PC si besoin.

a+

ambryon3 · Answer

:merci beaucoup pour votre aide, mon pc est a nouveau comme neuf! 

bonne fètes de fin dannée tout le monde!!

=)

green day · Answer

Merci :-)

 bonne fêtes à toi aussi et meilleurs voeux ;-)

 @+

 
PS : merki Séb ;-))

Séb08 · Answer

de rien :-)

Bon surf et Bonne fête de fin d'année.

Win32, trojan, riskware ???

31 réponses

Discussions similaires