Win32, trojan, riskware ???

Résolu
ambryon3 Messages postés 19 Statut Membre -  
 Séb08 -
bonjour,
j'ai un problème, mon pc est, d'après avast, infécté par win32; étant donné que je suis archi débutante en informatique, je ne sais pas quoi faire. j'ai déjà voulu le supprimer, le mettre en quarantaine, mais ça ne fonctionne pas...
j'ai vraiment besoins d'aide, surtout que mon pc rame de plus en plus, et que je peux ouvrir de moins en moins de choses...
merci d'avance !
=)
mon adress msn ====> ambryon3_@hotmail.fr
===> c plus pratique!
Configuration: Windows XP
Internet Explorer 6.0

31 réponses

  • 1
  • 2
  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    supprime tout ce qu'il te trouve !!

    ++
    1
  2. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    Télécharge ceci sur ton bureau :

    Lien : hijackthis

    Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

    Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

    ++
    0
  3. ambryon3 Messages postés 19 Statut Membre
     
    merci, je le fais de suite; mais ça m'arrangerais que tu m'aide sur msn, car j'ai du mal a ouvrir les pages sur internet, ça beug!
    0
  4. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    désolée, je ne reponderai que via le forum ...
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ambryon3 Messages postés 19 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 19:10:46, on 25/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\r_server.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\WINDOWS\system32\icpldrvx.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    c:\progra~1\intern~1\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\acer\eRecovery\Monitor.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\a-squared Anti-Malware\a2HiJackFree.exe
    C:\DOCUME~1\acer\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis[1].zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E1197B9FA975760EA83FA5EF80752B94E2DE7A587C46283CC3 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll (file missing)
    O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
    O4 - HKLM\..\Run: [Avg Antivirus] C:\WINDOWS\system32\icpldrvx.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Tray log load bash] C:\Documents and Settings\All Users\Application Data\TypeEqTrayLog\plusmove.exe
    O4 - HKLM\..\Run: [udc6cw] "C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe" -c
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\acer\APPLIC~1\ELSEPL~1\AXISNEW.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?9493633c4754453792af954da0a0681f
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?9493633c4754453792af954da0a0681f
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  7. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    ok, fais le 1/ et 2/ de ce lien stp :

    virus methode preliminaire de desinfection version fr

    ++
    0
  8. ambryon3 Messages postés 19 Statut Membre
     
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 19:46:36 25/12/2006

    + Résultat de l'analyse:

    HKLM\SOFTWARE\Classes\CLSID\{5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignoré.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignoré.
    HKU\S-1-5-21-2298827-3538513109-1322924268-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignoré.
    HKU\S-1-5-21-2298827-3538513109-1322924268-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignoré.
    HKU\S-1-5-21-2298827-3538513109-1322924268-1005\Software\Internet Security -> Adware.IntCodec : Ignoré.
    C:\Documents and Settings\acer\Local Settings\Temporary Internet Files\Content.IE5\28I1Z180\license_manager[1].exe -> Adware.WeirWeb : Ignoré.
    C:\Documents and Settings\acer\Local Settings\Temporary Internet Files\Content.IE5\PTNTO7XA\screensaver[1].rar/screemsaver_setup.exe -> Backdoor.Delf.ajw : Ignoré.
    C:\Program Files\Masta\sexe.exe -> Dialer.Masta.c : Ignoré.
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026475.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré.
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026476.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré.
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026477.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré.
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026478.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré.
    C:\Documents and Settings\BOSS\Cookies\boss@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.

    Fin du rapport
    0
  9. ambryon3 Messages postés 19 Statut Membre
     
    oups! comme je ne savais pas, j'ai mis "mettre en quarantaine" pour tout ce qu'il m'a trouvé.....
    0
  10. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    pas grave !

    vide la quarantaine ;-)

    ++
    0
  11. ambryon3 Messages postés 19 Statut Membre
     
    ayé c'est fait! j'ai lancé l'étape deux, et l'antivirus que tu mettais, a l'air d'avoir encore détécté pas mal de choses.....
    j'affiche le rapport dès que l'analyse est terminé !
    0
  12. ambryon3 Messages postés 19 Statut Membre
     
    BitDefender Online Scanner

    Scan report generated at: Mon, Dec 25, 2006 - 20:26:49

    Scan path: C:\;D:\;E:\;

    Statistics

    Time
    00:31:31

    Files
    182725

    Folders
    4303

    Boot Sectors
    4

    Archives
    11677

    Packed Files
    13184

    Results

    Identified Viruses
    6

    Infected Files
    22

    Suspect Files
    1

    Warnings
    0

    Disinfected
    0

    Deleted Files
    26

    Engines Info

    Virus Definitions
    356998

    Engine build
    AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    6

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\WINDOWS\system32\ipv6mons.dll
    Infected with: Trojan.Spy.Bzub.BZ

    C:\WINDOWS\system32\ipv6mons.dll
    Disinfection failed

    C:\WINDOWS\system32\ipv6mons.dll
    Delete failed

    C:\WINDOWS\system32\icpldrvx.exe
    Suspected of: BehavesLike:Win32.SMTP-Mailer

    C:\WINDOWS\system32\icpldrvx.exe
    Disinfection failed

    C:\WINDOWS\system32\icpldrvx.exe
    Delete failed

    C:\WINDOWS\Temp\_avast4_\unp55146592.tmp
    Infected with: Trojan.Clicker.Small.BH

    C:\WINDOWS\Temp\_avast4_\unp55146592.tmp
    Disinfection failed

    C:\WINDOWS\Temp\_avast4_\unp55146592.tmp
    Deleted

    C:\WINDOWS\Temp\_avast4_\unp168201907.tmp
    Infected with: Trojan.Clicker.Small.BH

    C:\WINDOWS\Temp\_avast4_\unp168201907.tmp
    Disinfection failed

    C:\WINDOWS\Temp\_avast4_\unp168201907.tmp
    Deleted

    C:\Documents and Settings\acer\Local Settings\Temp\txn.exe
    Infected with: Trojan.Downloader.Small.FQ

    C:\Documents and Settings\acer\Local Settings\Temp\txn.exe
    Disinfection failed

    C:\Documents and Settings\acer\Local Settings\Temp\txn.exe
    Deleted

    C:\Documents and Settings\acer\Local Settings\Temp\installer.exe
    Infected with: Trojan.BHO.O

    C:\Documents and Settings\acer\Local Settings\Temp\installer.exe
    Disinfection failed

    C:\Documents and Settings\acer\Local Settings\Temp\installer.exe
    Deleted

    C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe
    Infected with: Trojan.Fakealert.FB

    C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe
    Disinfection failed

    C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe
    Delete failed

    C:\Program Files\a-squared Anti-Malware\Quarantine\6f626b49eded320dcdf905c01576c86f.a2q=>Documents and Settings/acer/Local Settings/Temp/ERS3.exe=>(Quarantine-PE)
    Infected with: Trojan.Downloader.Winfixer.O

    C:\Program Files\a-squared Anti-Malware\Quarantine\6f626b49eded320dcdf905c01576c86f.a2q=>Documents and Settings/acer/Local Settings/Temp/ERS3.exe=>(Quarantine-PE)
    Disinfection failed

    C:\Program Files\a-squared Anti-Malware\Quarantine\6f626b49eded320dcdf905c01576c86f.a2q=>Documents and Settings/acer/Local Settings/Temp/ERS3.exe=>(Quarantine-PE)
    Deleted

    C:\Program Files\a-squared Anti-Malware\Quarantine\6f626b49eded320dcdf905c01576c86f.a2q
    Updated

    C:\Program Files\a-squared Anti-Malware\Quarantine\1547e63b4a993fc9fa2a466706ece7c5.a2q=>Documents and Settings/acer/Application Data/errorsafefrenchnewreleaseinstall[1].exe=>(Quarantine-PE)
    Infected with: Trojan.Downloader.Winfixer.O

    C:\Program Files\a-squared Anti-Malware\Quarantine\1547e63b4a993fc9fa2a466706ece7c5.a2q=>Documents and Settings/acer/Application Data/errorsafefrenchnewreleaseinstall[1].exe=>(Quarantine-PE)
    Disinfection failed

    C:\Program Files\a-squared Anti-Malware\Quarantine\1547e63b4a993fc9fa2a466706ece7c5.a2q=>Documents and Settings/acer/Application Data/errorsafefrenchnewreleaseinstall[1].exe=>(Quarantine-PE)
    Deleted

    C:\Program Files\a-squared Anti-Malware\Quarantine\1547e63b4a993fc9fa2a466706ece7c5.a2q
    Updated

    C:\Program Files\a-squared Anti-Malware\Quarantine\887831f45210926080f7512b18c7935a.a2q=>Documents and Settings/acer/Application Data/errorsafeinstall_fr[1].exe=>(Quarantine-PE)
    Infected with: Trojan.Downloader.Winfixer.O

    C:\Program Files\a-squared Anti-Malware\Quarantine\887831f45210926080f7512b18c7935a.a2q=>Documents and Settings/acer/Application Data/errorsafeinstall_fr[1].exe=>(Quarantine-PE)
    Disinfection failed

    C:\Program Files\a-squared Anti-Malware\Quarantine\887831f45210926080f7512b18c7935a.a2q=>Documents and Settings/acer/Application Data/errorsafeinstall_fr[1].exe=>(Quarantine-PE)
    Deleted

    C:\Program Files\a-squared Anti-Malware\Quarantine\887831f45210926080f7512b18c7935a.a2q
    Updated

    C:\Program Files\a-squared Anti-Malware\Quarantine\990fbed7dbe1b0aaf8caa516d5a1ccc4.a2q=>Documents and Settings/acer/Application Data/winantispyware2006freeinstall_fr[1].exe=>(Quarantine-PE)
    Infected with: Trojan.Downloader.Winfixer.O

    C:\Program Files\a-squared Anti-Malware\Quarantine\990fbed7dbe1b0aaf8caa516d5a1ccc4.a2q=>Documents and Settings/acer/Application Data/winantispyware2006freeinstall_fr[1].exe=>(Quarantine-PE)
    Disinfection failed

    C:\Program Files\a-squared Anti-Malware\Quarantine\990fbed7dbe1b0aaf8caa516d5a1ccc4.a2q=>Documents and Settings/acer/Application Data/winantispyware2006freeinstall_fr[1].exe=>(Quarantine-PE)
    Deleted

    C:\Program Files\a-squared Anti-Malware\Quarantine\990fbed7dbe1b0aaf8caa516d5a1ccc4.a2q
    Updated

    C:\Program Files\a-squared Anti-Malware\Quarantine\a48f3f5292b254df2786c9a9a3fa411b.a2q=>Documents and Settings/acer/Application Data/winantiviruspro2006freeinstall_fr[1].exe=>(Quarantine-PE)
    Infected with: Trojan.Downloader.Winfixer.O

    C:\Program Files\a-squared Anti-Malware\Quarantine\a48f3f5292b254df2786c9a9a3fa411b.a2q=>Documents and Settings/acer/Application Data/winantiviruspro2006freeinstall_fr[1].exe=>(Quarantine-PE)
    Disinfection failed

    C:\Program Files\a-squared Anti-Malware\Quarantine\a48f3f5292b254df2786c9a9a3fa411b.a2q=>Documents and Settings/acer/Application Data/winantiviruspro2006freeinstall_fr[1].exe=>(Quarantine-PE)
    Deleted

    C:\Program Files\a-squared Anti-Malware\Quarantine\a48f3f5292b254df2786c9a9a3fa411b.a2q
    Updated

    C:\Program Files\a-squared Anti-Malware\Quarantine\8a1dd81bcf294ca9bd41329ab0d956d6.a2q=>System Volume Information/_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}/RP24/A0007421.exe=>(Quarantine-PE)
    Infected with: Trojan.Downloader.Winfixer.O

    C:\Program Files\a-squared Anti-Malware\Quarantine\8a1dd81bcf294ca9bd41329ab0d956d6.a2q=>System Volume Information/_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}/RP24/A0007421.exe=>(Quarantine-PE)
    Disinfection failed

    C:\Program Files\a-squared Anti-Malware\Quarantine\8a1dd81bcf294ca9bd41329ab0d956d6.a2q=>System Volume Information/_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}/RP24/A0007421.exe=>(Quarantine-PE)
    Deleted

    C:\Program Files\a-squared Anti-Malware\Quarantine\8a1dd81bcf294ca9bd41329ab0d956d6.a2q
    Updated

    C:\Program Files\a-squared Anti-Malware\Quarantine\a611f6af4fc4d6cfb1f2e1ba3d295ee6.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
    Infected with: Trojan.Fakealert.FB

    C:\Program Files\a-squared Anti-Malware\Quarantine\a611f6af4fc4d6cfb1f2e1ba3d295ee6.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
    Disinfection failed

    C:\Program Files\a-squared Anti-Malware\Quarantine\a611f6af4fc4d6cfb1f2e1ba3d295ee6.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
    Deleted

    C:\Program Files\a-squared Anti-Malware\Quarantine\a611f6af4fc4d6cfb1f2e1ba3d295ee6.a2q
    Updated

    C:\Program Files\a-squared Anti-Malware\Quarantine\c4172b393d24f9f6813238b646af8f7f.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
    Infected with: Trojan.Fakealert.FB

    C:\Program Files\a-squared Anti-Malware\Quarantine\c4172b393d24f9f6813238b646af8f7f.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
    Disinfection failed

    C:\Program Files\a-squared Anti-Malware\Quarantine\c4172b393d24f9f6813238b646af8f7f.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
    Deleted

    C:\Program Files\a-squared Anti-Malware\Quarantine\c4172b393d24f9f6813238b646af8f7f.a2q
    Updated

    C:\Program Files\a-squared Anti-Malware\Quarantine\d7600970abb77b4be638cbc8eba1533d.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
    Infected with: Trojan.Fakealert.FB

    C:\Program Files\a-squared Anti-Malware\Quarantine\d7600970abb77b4be638cbc8eba1533d.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
    Disinfection failed

    C:\Program Files\a-squared Anti-Malware\Quarantine\d7600970abb77b4be638cbc8eba1533d.a2q=>Program Files/drivecleaner 2006 free/udc6cw.exe
    Deleted

    C:\Program Files\a-squared Anti-Malware\Quarantine\d7600970abb77b4be638cbc8eba1533d.a2q
    Updated

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP27\A0009751.exe
    Infected with: Trojan.Fakealert.FB

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP27\A0009751.exe
    Disinfection failed

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP27\A0009751.exe
    Deleted

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026553.dll
    Infected with: Trojan.Clicker.Small.BH

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026553.dll
    Disinfection failed

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026553.dll
    Deleted

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026569.dll
    Infected with: Trojan.Clicker.Small.BH

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026569.dll
    Disinfection failed

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0026569.dll
    Deleted

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0028593.dll
    Infected with: Trojan.Clicker.Small.BH

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0028593.dll
    Disinfection failed

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0028593.dll
    Deleted

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0029592.dll
    Infected with: Trojan.Clicker.Small.BH

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0029592.dll
    Disinfection failed

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0029592.dll
    Deleted

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0029608.dll
    Infected with: Trojan.Clicker.Small.BH

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0029608.dll
    Disinfection failed

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0029608.dll
    Deleted

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0030608.dll
    Infected with: Trojan.Clicker.Small.BH

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0030608.dll
    Disinfection failed

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP42\A0030608.dll
    Deleted
    0
  13. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    ok, poste un nouveau hijackthis stp

    ++
    0
  14. ambryon3 Messages postés 19 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 20:36:44, on 25/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\r_server.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\WINDOWS\system32\icpldrvx.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\acer\eRecovery\Monitor.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\a-squared Anti-Malware\a2scan.exe
    C:\DOCUME~1\acer\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
    O4 - HKLM\..\Run: [Avg Antivirus] C:\WINDOWS\system32\icpldrvx.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Tray log load bash] C:\Documents and Settings\All Users\Application Data\TypeEqTrayLog\plusmove.exe
    O4 - HKLM\..\Run: [udc6cw] "C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe" -c
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\acer\APPLIC~1\ELSEPL~1\AXISNEW.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?9493633c4754453792af954da0a0681f
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?9493633c4754453792af954da0a0681f
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  15. ambryon3 Messages postés 19 Statut Membre
     
    aidez moi svp !!!!!
    =(
    0
  16. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    voila !

    # Désactiver la Restauration du système

    * Cliquez sur le bouton Démarrer.
    * Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
    * Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs

    ( tu pourras la réactivé à la fin de la manip )

    # Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

    O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll (file missing)

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
    O4 - HKLM\..\Run: [Avg Antivirus] C:\WINDOWS\system32\icpldrvx.exe

    O4 - HKLM\..\Run: [Tray log load bash] C:\Documents and Settings\All Users\Application Data\TypeEqTrayLog\plusmove.exe
    O4 - HKLM\..\Run: [udc6cw] "C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe" -c
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?9493633c4754453792af954da0a0681f
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?9493633c4754453792af954da0a0681f

    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

    ==> cherche te supprime les fichiers en gras :

    C:\WINDOWS\system32\icpldrvx.exe
    C:\WINDOWS\system32\ipv6mons.dll
    C:\WINDOWS\system32\r_server.exe" /service

    C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe

    ( ainsi que le programme du même nom ! )

    # ensuite télécharge et execute ceci :

    * CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
    http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

    tuto : (merci à Balltrap) http://pageperso.aol.fr/balltrap34/democleanup.htm

    * Ccleaner : Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .

    *Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
    est cochée) puis clique sur "lancer le nettoyage"

    ccleaner

    tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    # installe un parfeu !

    kerio

    tuto : pour configurer et comprendre Kerio
    https://www.vulgarisation-informatique.com/kerio.php

    et enfin poste un nouveau hijackthis et precis tes soucis s'il en reste

    @+

    On peut aussi bâtir quelque chose de beau avec les pierres qui entravent le chemin (J.W.VON GOETHE
    )
    0
  17. ambryon3 Messages postés 19 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 10:50:18, on 26/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Skype\Phone\Skype.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\acer\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\acer\APPLIC~1\ELSEPL~1\AXISNEW.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  18. ambryon3 Messages postés 19 Statut Membre
     
    mon pc rame encore plus kavan, et je n'ai toujours pas accès a certaine choses (windows live messenger, tchat, etc....)
    0
  19. ambryon3 Messages postés 19 Statut Membre
     
    alor??? personne pour maider ????
    0
  20. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    pour le PC qui rame : c'est peut être parceque tu as mal configuré Kerio, ça arrive parfois ...

    cf tuto : https://www.vulgarisation-informatique.com/kerio.php

    defragmente ton DD :

    defragmenter son disque dur

    je n'ai toujours pas accès a certaine choses (windows live messenger, tchat, etc....)

    c'est à dire ???

    ++
    0
  21. ambryon3 Messages postés 19 Statut Membre
     
    windows live messenger ne souvre pas, et je ne peux pas aller sur le tchat car apparament je nai pas java; mais quand je le télécharge, sa me met que sa ne fonctionne pas !!
    d'après le dernié rapport, es que mon pc est toujours infécté ???
    0
  • 1
  • 2