infecté par un spyware besoin d aide Résolu/Fermé

Question

j ais attrapé un spyware qui se nome "spyaware.pcacme.b" un peut d aide serait le bien venu pour le suprimé voila le raport de avg anti-spyware AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	17:41:30 08/03/2007

 + Résultat de l'analyse:	



C:\Documents and Settings\Patricia\Cookies\patricia@247realmedia[2].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\Documents and Settings\yann\Cookies\yann@247realmedia[1].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\NetworkService\Cookies\yann@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@adtech[2].txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\NetworkService\Cookies\yann@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@as1.falkag[1].txt -> TrackingCookie.Falkag : Aucune action entreprise.
C:\Documents and Settings\NetworkService\Cookies\yann@fastclick[2].txt -> TrackingCookie.Fastclick : Aucune action entreprise.
C:\Documents and Settings\NetworkService\Cookies\yann@media.fastclick[2].txt -> TrackingCookie.Fastclick : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@fastclick[2].txt -> TrackingCookie.Fastclick : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@mediaplex[2].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@overture[2].txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@perf.overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@statcounter[1].txt -> TrackingCookie.Statcounter : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
C:\Documents and Settings\Patricia\Cookies\patricia@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.


Fin du rapport

le raport de hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 19:13:49, on 08/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Fichiers communs\Real\Update_OBnathchk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB002" /M "Stylus CX3600"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcappcapd.exe" -d -f "%ProgramFiles%\WinPcappcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

le raport de ccleaner
ANALYSE COMPLETE - (1,091 secs)
------------------------------------------------------------------------------------------
31,7MB ont été supprimés. (Taille approximative)
------------------------------------------------------------------------------------------

Détails des fichiers à supprimer (Note: AUCUN fichier n'a pour l'instant été supprimé)
------------------------------------------------------------------------------------------
Fichiers Temporaires d'Internet Explorer (fichiers 581) 4,21MB
C:\Documents and Settings\yann\Cookies\yann@247realmedia[1].txt 92 bytes
C:\Documents and Settings\yann\Cookies\yann@bitdefender[2].txt 134 bytes
C:\Documents and Settings\yann\Cookies\yann@i2as.idregie[2].txt 106 bytes
C:\Documents and Settings\yann\Cookies\yann@idregie[2].txt 299 bytes
C:\Documents and Settings\yann\Cookies\yann@infos-du-net.fr.intellitxt[1].txt 136 bytes
C:\Documents and Settings\yann\Cookies\yann@kachouri[1].txt 353 bytes
C:\Documents and Settings\yann\Cookies\yann@messenger.msn[1].txt 96 bytes
C:\Documents and Settings\yann\Cookies\yann@msn[2].txt 239 bytes
C:\Documents and Settings\yann\Cookies\yann@rad.msn[2].txt 690 bytes
C:\Documents and Settings\yann\Cookies\yann@ssl-hints.netflame[2].txt 162 bytes
C:\Documents and Settings\yann\Cookies\yann@www.commentcamarche[1].txt 115 bytes
C:\Documents and Settings\yann\Cookies\yann@xiti[1].txt 106 bytes
Poubelle vidée (7 fichiers) 10,3MB
C:\WINDOWS\TEMP\WGAErrLog.txt 255 bytes
C:\DOCUME~1\yann\LOCALS~1\Temp\BIT136.tmp 17,1MB
C:\DOCUME~1\yann\LOCALS~1\Temp\MessengerCache\9B4e2FRmT2F8sQtGAyCFmTnqlfWhI= 15,50KB
C:\DOCUME~1\yann\LOCALS~1\Temp\MessengerCache\gNEOK8g6qKGVWWMGEVAPNHJfmHA= 27,07KB
C:\DOCUME~1\yann\LOCALS~1\Temp\MessengerCache\IJsUMWCGWAdXhigSh54lmBtsU70= 15,01KB
C:\DOCUME~1\yann\LOCALS~1\Temp\MessengerCache\o1Imf5Awnknw2Qp+E16ZB30teA0= 27,47KB
C:\DOCUME~1\yann\LOCALS~1\Temp\MessengerCache	yP1fGsbU8S3+kqnvnYvwYsD8dw= 24,89KB
C:\DOCUME~1\yann\LOCALS~1\Temp\MessengerCache\v9rJWOIlJtiTEat8N2FJwmJ9ps+U= 12,86KB
C:\DOCUME~1\yann\LOCALS~1\Temp	mp00003977	mp00000000 0 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.log 382 bytes
C:\WINDOWS\setupapi.log 9,61KB
C:\Documents and Settings\yann\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 348 bytes

norton le trouve mes arrive pas a le suprimé il se loge dans "1 fichier 
[regspy.sys] l'intérieur de [________________________] l'intérieur de [c:\program files\fichiers communs\softwin\setup information\{8a3a1769-cc2e-403b-b9e6-e6a3438167ec}\bdis.msi] - Infecté"
voila merci d avance pour votre aide ++

Regis59 · Answer

Salut

Tu as eu Bitdefender sur ton PC?

A+

blodin · Answer

non je les pas instalé mes je peut le mettre

Regis59 · Answer

Salut

Evite le style sms stp.

Tu me dis que tu l avais installé et ensuite tu me dis non, faut savoir.
Oui ou non, Bitdefender a t il deja été installé sur ton pc? :)

a+

Regis59 · Answer

Salut,

Ton probleme est bien lié à bitdefender.
Desinstalle proprement de Bitdefender ou des restes.

http://www.bitdefender.com/KB75-en--(KBID4...ger-appear.html

tu as des tools qui ont aussi été developpé pour virer bitdefender mais attention à la version que tu as eu:

pour le 9:
http://www.bitdefender.com/files/Knowledge...nstall_Tool.EXE

ou methode desinstallation:
http://kb.bitdefender.com/KB277-en--Additi...ll-methods.html

pour la 10 beta:
http://www.bitdefender.co.uk/KB299-uk--Add...ll-methods.html

A+

Regis59 · Answer

ok merci

a+

Regis59 · Answer

de rien,

a+

Infecté par un spyware besoin d aide

6 réponses

Discussions similaires

Newsletters