Votre question

On a pris le controle de mon pc

Tags :
  • Acer
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Octobre 2009 00:26:04

voila il y a quelque jours une personne a réussi a prendre le controle de mon pc a distance, j'ai alors tout de suite couper ma connection internet de mon pc

j'ai ensuite utiliser

hijackthis

et il ma sortie ca:

Spoiler
eLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:52, on 2009-10-08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Acer\Acer Bio Protection\PdtWzd.exe
C:\Users\Marc-Antoine\AppData\Roaming\componantsx36\mousefdrive.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Users\Marc-Antoine\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c0c&s=2&o=v...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherche.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c0c&s=2&o=v...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c0c&s=2&o=v...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files (x86)\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [LManager] C:\PROGRA~2\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [{1C8A5E5E-FAFE-A667-B6BD-0FDD1995B629}] C:\Users\Marc-Antoine\AppData\Roaming\componantsx36\mousefdrive.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/Gam...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files (x86)\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Service Google Update (gupdate1ca3c8db75899c) (gupdate1ca3c8db75899c) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files (x86)\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - c:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 12052 bytes



pouvez vous me dire qu'elle est le nom du logiciel qu'il a utiliser ?

Autres pages sur : pris controle

15 Octobre 2009 04:27:23

pas besoin d'un programme sur ton pc pour en prendre le contrôle.
Le "pirate" peut utiliser de chez lui un programme de contrôle a distance de pc,soit il "décode" ton ip.
Dans les deux cas,pour t'en proteger,utilise un bon firewall bien à jour.
a b 8 Sécurité
15 Octobre 2009 23:34:51

Un bonjour ?

Analyse le fichier suivant sur VirusTotal puis poste le rapport :
C:\Users\Marc-Antoine\AppData\Roaming\componantsx36\mousefdrive.exe
Contenus similaires
15 Octobre 2009 23:44:20

je n'ai pas trouver le fichier manuellement

j'ai du c/c "C:\Users\Marc-Antoine\AppData\Roaming\componantsx36\mousefdrive.exe" dans le navigateur de fichier

se message d'erreur est apparu

http://www.noelshack.com/up/aac/virus-6d68b24139.png

ca doit être le logiciel qu'il utilise

(le message d'erreur apparaissait a chaque fois que j'ouvrais l'ordinateur, mais j'ai savais pas de qu'elle fichier venais le message d'erreur)

comment je fait pour l'enlever pour de bon ?


EDIT: j'ai analyser le fichier avec le scanner en ligne de Kaspersky.




Scanned file: mousefdrive.exe
mousefdrive.exe - OK

Statistics:
Known viruses: 3001998 Updated: 15-10-2009
File size (Kb): 165 Virus bodies: 0
Files: 1 Warnings: 0
Archives: 0 Suspicious: 0


il n'a rien trouver de suspect



EDIT2: vous saviez que je suis tellement noob que je lis les chose a moitié ?

voila l'analyse de total virus


Spoiler
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.10.15 Trojan.Win32.Sasfis!IK
AhnLab-V3 5.0.0.2 2009.10.15 -
AntiVir 7.9.1.35 2009.10.15 -
Antiy-AVL 2.0.3.7 2009.10.15 Trojan/Win32.Buzus.gen
Authentium 5.1.2.4 2009.10.15 -
Avast 4.8.1351.0 2009.10.14 -
AVG 8.5.0.420 2009.10.15 -
BitDefender 7.2 2009.10.15 -
CAT-QuickHeal 10.00 2009.10.15 -
ClamAV 0.94.1 2009.10.15 Trojan.Buzus-5745
Comodo 2612 2009.10.15 -
DrWeb 5.0.0.12182 2009.10.15 -
eSafe 7.0.17.0 2009.10.15 -
eTrust-Vet 35.1.7070 2009.10.15 -
F-Prot 4.5.1.85 2009.10.15 -
F-Secure 8.0.14470.0 2009.10.15 -
Fortinet 3.120.0.0 2009.10.15 -
GData 19 2009.10.15 -
Ikarus T3.1.1.72.0 2009.10.15 Trojan.Win32.Sasfis
Jiangmin 11.0.800 2009.10.15 -
K7AntiVirus 7.10.871 2009.10.15 -
Kaspersky 7.0.0.125 2009.10.15 -
McAfee 5772 2009.10.15 -
McAfee+Artemis 5772 2009.10.15 -
McAfee-GW-Edition 6.8.5 2009.10.15 -
Microsoft 1.5101 2009.10.15 VirTool:Win32/Obfuscator.GZ
NOD32 4512 2009.10.15 -
Norman 6.03.02 2009.10.15 -
nProtect 2009.1.8.0 2009.10.15 -
Panda 10.0.2.2 2009.10.15 Bck/Bifrost.gen
PCTools 4.4.2.0 2009.10.15 -
Prevx 3.0 2009.10.15 -
Rising 21.51.34.00 2009.10.15 -
Sophos 4.46.0 2009.10.15 -
Sunbelt 3.2.1858.2 2009.10.15 -
Symantec 1.4.4.12 2009.10.15 -
TheHacker 6.5.0.2.043 2009.10.15 -
TrendMicro 8.950.0.1094 2009.10.15 -
VBA32 3.12.10.11 2009.10.15 Trojan.Win32.Refroso.ncq
ViRobot 2009.10.15.1986 2009.10.15 -
VirusBuster 4.6.5.0 2009.10.15 -
Information additionnelle
File size: 168317 bytes
MD5...: 777571580ab50fd07416b071c06ab721
SHA1..: 638de4c567919510c2cb1ff6580cf85eef247bd5
SHA256: d8633b85aa51a385c812203180a89d81d2ac11319862def53182a74b469be45e
ssdeep: 3072:p e674h4bu+pncuKbUzxnheYPTNKW+Ei+k+I0STR70P2:p eO4h4bu+pn1Kix
nheYh+xL0STeu
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x9a34
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0xf000 0xee00 6.35 191fe01631d57ac64e0aad25b0f57e55
DATA 0x10000 0x1000 0x200 1.44 adec8c1f1cc495f53c452778d1ade34f
BSS 0x11000 0x3000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x14000 0x1000 0x200 4.34 872a57784cf24dc2c748d8b87e874647
.tls 0x15000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x16000 0x1000 0x200 0.24 71770d1e73df68267ba81efc29b5f7d6
.reloc 0x17000 0x2000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x19000 0x970 0xa00 3.48 97cfe8e2c6a0a7a9e6f52fc1833e5f1b
.data 0x1a000 0x18e00 0x18e00 7.12 a67977375196555a262430a79ea99c57

( 2 imports )
> kernel32.dll: GetCurrentThreadId, WideCharToMultiByte, MultiByteToWideChar, ExitProcess, RtlUnwind, RaiseException, GetSystemTime, TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, FreeLibrary, HeapFree, HeapReAlloc, HeapAlloc, GetProcessHeap
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
a b 8 Sécurité
18 Octobre 2009 22:26:04

Tu as accès aux fichiers cachés ? Si non, active cette option et supprime ce fichier puis reposte un rapport Hijackthis.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS