Infecté par Allaple
darkgodalex
-
rudyrital Messages postés 6233 Statut Membre -
rudyrital Messages postés 6233 Statut Membre -
Infecté par Allaple.
Bonjour, il semblerait que j'ai ce virus dans ma bécane j'ai donc fait un scan sous clean et le voici
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 06/05/2007 a 20:38:56,52
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\SYSTEM\MAPI32.DLL
tentative de suppression de C:\WINDOWS\SYSTEM\INET16.DLL
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\MediaLoads\"
tentative de suppression de "C:\Program Files\NewDotNet\"
tentative de suppression de "C:\Program Files\Viewpoint\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Puis avec sdfix
SDFix: Version 1.81
Run by Standard - 06/05/2007 - 20:41:23,79
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found...
Removing Temp Files
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Remaining Files:
---------------
Checking For Files with Hidden Attributes:
C:\CHOICE.COM
C:\Program Files\Uninstall Information\IE40.Comctl32\AINF0000
C:\Program Files\Uninstall Information\mshtml.DllReg\AINF0000
C:\ZZ.EXE
C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\PhotoShow Deluxe.exe
C:\LOGO.SYS
C:\Documents and Settings\Standard\Application Data\Microsoft\ModŠles\~WRL0737.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\ModŠles\~WRL2774.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\ModŠles\~WRL3584.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL1778.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL0529.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL1569.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL2630.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL3755.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL2779.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL1880.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL0522.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL2069.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL1646.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL1558.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL2380.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL2515.tmp
Finished
Avant ces deux là, je suis passé par hijack
Logfile of HijackThis v1.99.1
Scan saved at 20:37:30, on 06/05/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Standard\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.recherche.aol.fr/ie.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Dell Home - {C50A11C0-B75D-11D4-A3DC-AFEC4947A842} - http://www.euro.dell.com/countries/fr/fra/gen/default.htm (file missing) (HKCU)
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: teleir_cert - http://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35243FF1-2121-4F3C-9EE5-F93488966F30}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Donc quelqu'un pourrait-il m'expliquer comment faire pour l'éliminer car j'ai encore un problème du genre un message "arret du systeme" avec le fichier services.exe et un compte à rebours avant le redémarrage du pc.
Merci d'avance
Bonjour, il semblerait que j'ai ce virus dans ma bécane j'ai donc fait un scan sous clean et le voici
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 06/05/2007 a 20:38:56,52
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\SYSTEM\MAPI32.DLL
tentative de suppression de C:\WINDOWS\SYSTEM\INET16.DLL
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\MediaLoads\"
tentative de suppression de "C:\Program Files\NewDotNet\"
tentative de suppression de "C:\Program Files\Viewpoint\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Puis avec sdfix
SDFix: Version 1.81
Run by Standard - 06/05/2007 - 20:41:23,79
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found...
Removing Temp Files
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Remaining Files:
---------------
Checking For Files with Hidden Attributes:
C:\CHOICE.COM
C:\Program Files\Uninstall Information\IE40.Comctl32\AINF0000
C:\Program Files\Uninstall Information\mshtml.DllReg\AINF0000
C:\ZZ.EXE
C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\PhotoShow Deluxe.exe
C:\LOGO.SYS
C:\Documents and Settings\Standard\Application Data\Microsoft\ModŠles\~WRL0737.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\ModŠles\~WRL2774.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\ModŠles\~WRL3584.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL1778.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL0529.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL1569.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL2630.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL3755.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL2779.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL1880.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL0522.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL2069.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL1646.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL1558.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL2380.tmp
C:\Documents and Settings\Standard\Application Data\Microsoft\Word\~WRL2515.tmp
Finished
Avant ces deux là, je suis passé par hijack
Logfile of HijackThis v1.99.1
Scan saved at 20:37:30, on 06/05/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Standard\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.recherche.aol.fr/ie.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Dell Home - {C50A11C0-B75D-11D4-A3DC-AFEC4947A842} - http://www.euro.dell.com/countries/fr/fra/gen/default.htm (file missing) (HKCU)
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: teleir_cert - http://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35243FF1-2121-4F3C-9EE5-F93488966F30}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Donc quelqu'un pourrait-il m'expliquer comment faire pour l'éliminer car j'ai encore un problème du genre un message "arret du systeme" avec le fichier services.exe et un compte à rebours avant le redémarrage du pc.
Merci d'avance
A voir également:
- Infecté par Allaple
- Alerte windows ordinateur infecté - Accueil - Arnaque
- L'ordinateur de simon a été infecté par un virus répertorié récemment ✓ - Forum Virus
- L'ordinateur de mustapha a été infecté par un virus répertorié récemment - Forum Virus
- Mustapha - Forum Windows
- L'ordinateur de samantha a ete infecte par un virus - Forum Virus
1 réponse
fait un scan ici stp
Scan bit defender
https://www.bitdefender.fr/
clik sur scan on line a gauche et suis la procedure
Scan bit defender
https://www.bitdefender.fr/
clik sur scan on line a gauche et suis la procedure
