Mon ordi est infecté!!!!

cerizes Messages postés 57 Statut Membre -  
 Jol -
Bonjour,

Est ce que quelqu'un pourrez analyser svp mon rapport de virus et m'aider à desinfecter mon ordi.

KASPERSKY ONLINE SCANNER REPORT
Thursday, November 16, 2006 9:30:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 16/11/2006
Kaspersky Anti-Virus database records: 242455
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 57517
Number of viruses found: 8
Number of infected objects: 61 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:44:44

Infected Object Name / Virus Name / Last Action
C:\!KillBox\oukimzwsb.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\idb\Apps.Lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\idb\main.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\idb\sap.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\idb\spool.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\idb\STYLE.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\idb\sysnews.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\idb\Toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\organize\CACHE\ceriz01 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\organize\cerizes Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\organize\cerizes.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\organize\cerizes.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\ShopAssist\DataStore\global\clientcache.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\ShopAssist\DataStore\users\Cerizes.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Bievre\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Bievre\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Bievre\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bievre\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bievre\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bievre\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Bievre\Local Settings\Temp\SystemDoctorFreeSetup.exe/Stream/data0014 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Bievre\Local Settings\Temp\SystemDoctorFreeSetup.exe/Stream Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Bievre\Local Settings\Temp\SystemDoctorFreeSetup.exe Inno: infected - 2 skipped
C:\Documents and Settings\Bievre\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bievre\Local Settings\Temporary Internet Files\Content.IE5\IZYB2PUB\SystemDoctor2006FreeInstall_fr[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Documents and Settings\Bievre\Local Settings\Temporary Internet Files\Content.IE5\X00JDT8X\SystemDoctor2006FreeInstall_fr[1].cab/USDR6V_0001_D18M3107NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Documents and Settings\Bievre\Local Settings\Temporary Internet Files\Content.IE5\X00JDT8X\SystemDoctor2006FreeInstall_fr[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Bievre\ntuser.dat Object is locked skipped
C:\Documents and Settings\Bievre\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped
C:\Program Files\Everest Poker\cstart-tmp.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\Program Files\Everest Poker\cstart.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\Program Files\Everest Poker\Everest Poker.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\Program Files\Fichiers communs\AOL\ACS\FR\forms.fdb Object is locked skipped
C:\Program Files\Fichiers communs\AOL\ACS\FR\static Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
C:\Program Files\SystemDoctor 2006 Free\usdr6cw.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP1\A0000070.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP1\A0000105.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP10\A0002376.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP12\A0002575.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP12\A0002617.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP14\A0002829.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP14\A0002855.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP14\A0002886.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP14\A0002998.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP14\A0003002.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP16\A0003131.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP16\A0003191.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP16\A0003224.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP16\A0003226.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP17\A0003299.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP17\A0003318.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP17\A0003373.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP18\A0003539.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP2\A0000271.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP2\A0001356.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP2\A0001372.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP2\A0001424.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP20\A0003660.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP20\A0003742.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP20\A0003756.old Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP20\A0003758.old Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP20\A0003766.old Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP23\A0004163.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP25\A0004640.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP25\A0005674.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP25\A0005721.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP28\A0005962.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP29\A0007098.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP30\A0007217.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP31\A0007322.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP33\A0008558.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP33\A0008578.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP33\A0008615.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP33\A0008650.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP34\A0008797.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP34\A0008831.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP36\A0009089.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP37\A0009158.dll Infected: Trojan.Win32.Dialer.qu skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP37\A0009241.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP37\A0009246.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP37\A0009276.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP37\A0009318.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP49\A0012146.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP50\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\TFTP2544 Infected: Backdoor.Win32.Rbot.ayc skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5f4.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Merci

15 réponses

  1. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    slt,

    Ta resto systeme est ou etait infecté donc fais cette manip pour la rendre saine :

    Désactive ta restauration système (uniquement si tu es sous XP):
    Clic droit sur poste de travail puis,
    propriété, tu cliques sur onglet restauration système
    tu coches la case « désactiver la restauration » et applique.

    Puis,

    ¤Réactive ta restauration système (uniquement si tu es sous XP):
    Clic droit sur poste de travail puis,
    propriété, tu cliques sur onglet restauration système
    tu décoches la case « désactiver la restauration » et applique.

    http://www.libellules.ch/desactiver_restauration.php

    ========================

    ensuite :

    Regarde bien et applique ce qui est indiqué en gras pour les 2 installations .

    Télécharge et installe ce log :

    ewido (gratuit même après la période d’essai)
    Téléchargement :
    ewido
    Cliques sur « update » fais les mise à jour ensuite clique sur « scanner » puis sur « complete scan system ».
    Tuto pour la version 4 d’Ewido :
    https://www.malekal.com/tutorial-et-guide-ewido-v4/

    Met le à jour comme indiqué, lance le « delete » (supprime) tout ce qu’il te trouve et copie/colle moi le rapport.

    Puis :

    télécharge HijackThis (version francaise) ici:
    hijackthis

    Dézippe le dans un dossier prévu à cet effet.

    Par exemple C:\hijackthis < Enregistre le bien dans c : !

    Démo (merci à Balltrap) :
    instalation hijackthis
    http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Lance le puis:
    clique sur "faire un scan et sauvegarder le log" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (merci à balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Bon courage

    a+
    0
  2. Emmanuelle
     
    Bonjour,
    je n arrive pas bien à naviguer sur ce site et suis un peu perdu. Je demande un peu d aide car mon ordinateur est infecté aussi
    si quelqu un peut m aider à analyser les données suivante et recuperer un ordi saint
    Logfile of HijackThis v1.99.1
    Scan saved at 19:44:49, on 20/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\WINDOWS\TPPALDR.EXE
    C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\WhenUSearch\Search.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\F?nts\w?wexec.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avscan.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Hijack\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wwwr.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {1EE37B41-97A2-B403-82F9-B16935F8DCC1} - C:\WINDOWS\system32\eghvjlcc.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1EE37B41-97A2-B403-82F9-B16935F8DCC1} - C:\WINDOWS\system32\eghvjlcc.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {AC9172E3-9059-E9A8-7806-BE891B0A31C4} - C:\WINDOWS\system32\bolkfoms.dll (file missing)
    O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll
    O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
    O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
    O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
    O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
    O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Sabn] "C:\PROGRA~1\COMMON~1\WNSXS~1\wuaclt.exe" -vt ndrv
    O4 - HKCU\..\Run: [Xiz] C:\Program Files\F?nts\w?wexec.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?af9f5aafad94f7ab46920b7dcde433
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?af9f5aafad94f7ab46920b7dcde433
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{609F3389-9E25-46C1-8B4C-15EA6CDAE93B}: NameServer = 194.117.200.10,194.117.200.15
    O18 - Protocol: bw+0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)

    merci par avance
    Emmanuelle
    0
  3. cerizes Messages postés 57 Statut Membre
     
    voila mes rapports:

    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 19:33:31 21/11/2006

    + Scan result:

    HKLM\SOFTWARE\Classes\Softomate.IEToolbar -> Adware.CoolWebSearch : No action taken.
    HKLM\SOFTWARE\Classes\Softomate.IEToolbar.1 -> Adware.CoolWebSearch : No action taken.
    HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CLSID -> Adware.CoolWebSearch : No action taken.
    HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CurVer -> Adware.CoolWebSearch : No action taken.
    C:\Documents and Settings\Bievre\Local Settings\Temp\USDR6V_0001_D18M3107\installer.exe -> Adware.WinFixer : No action taken.
    C:\Documents and Settings\Bievre\Local Settings\Temporary Internet Files\Content.IE5\IZYB2PUB\SystemDoctor2006FreeInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
    C:\Documents and Settings\Bievre\Local Settings\Temporary Internet Files\Content.IE5\X00JDT8X\SystemDoctor2006FreeInstall_fr[1].cab/USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
    C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
    C:\Documents and Settings\Bievre\Cookies\bievre@estat[1].txt -> TrackingCookie.Estat : No action taken.
    C:\Documents and Settings\Bievre\Cookies\bievre@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
    C:\Documents and Settings\Bievre\Cookies\bievre@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
    C:\Documents and Settings\Bievre\Cookies\bievre@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
    C:\Documents and Settings\Bievre\Cookies\bievre@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
    C:\Documents and Settings\Bievre\Cookies\bievre@zedo[1].txt -> TrackingCookie.Zedo : No action taken.

    ::Report end

    Logfile of HijackThis v1.99.1
    Scan saved at 19:42:51, on 21/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe
    C:\Program Files\Fichiers communs\AOL\1157537937\ee\AOLSoftware.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AOL 9.0c\aoltray.exe
    C:\Program Files\AOL Compagnon\companion.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\AOL9~1.0C\waol.exe
    C:\PROGRA~1\AOL9~1.0C\shellmon.exe
    C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Bievre\Bureau\hijackthis_199\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1157537937\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0c\aoltray.exe
    O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FB13D8EE-981D-463E-968E-723C58E84854}: NameServer = 205.188.146.145
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    j'attend de nouvelles consignes ;-)
    0
  4. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Tu peux refaire le scan ewido car tu n'as rien nettoyé pour preuve le no action taken que tu peux voir sur ton rapport.

    Donc a refaire et supprime tout ce qu'il te trouve, et colle le rapport.

    Ou en sont tes probs ?

    a+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. cerizes Messages postés 57 Statut Membre
     
    voila mon nouveau scan en esperant que j'ai bien fait tout ce qu'il fallait.

    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 18:37:42 22/11/2006

    + Scan result:

    HKLM\SOFTWARE\Classes\Softomate.IEToolbar -> Adware.CoolWebSearch : Cleaned.
    HKLM\SOFTWARE\Classes\Softomate.IEToolbar.1 -> Adware.CoolWebSearch : Cleaned.
    HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CLSID -> Adware.CoolWebSearch : Cleaned.
    HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CurVer -> Adware.CoolWebSearch : Cleaned.
    C:\Documents and Settings\Bievre\Local Settings\Temp\USDR6V_0001_D18M3107\installer.exe -> Adware.WinFixer : Cleaned.
    C:\Documents and Settings\Bievre\Local Settings\Temporary Internet Files\Content.IE5\IZYB2PUB\SystemDoctor2006FreeInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
    C:\Documents and Settings\Bievre\Local Settings\Temporary Internet Files\Content.IE5\X00JDT8X\SystemDoctor2006FreeInstall_fr[1].cab/USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
    C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
    C:\Documents and Settings\Bievre\Cookies\bievre@estat[1].txt -> TrackingCookie.Estat : Cleaned.
    C:\Documents and Settings\Bievre\Cookies\bievre@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Bievre\Cookies\bievre@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\Bievre\Cookies\bievre@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Bievre\Cookies\bievre@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
    C:\Documents and Settings\Bievre\Cookies\bievre@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.

    ::Report end

    Pour mon probleme, pas de changement pour le moment.
    0
  7. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    quel est ton problème ?

    je ne crois pas que tu l'ai cité ... :)

    Ton log Hijack me semble clean.

    a+
    0
  8. cerizes Messages postés 57 Statut Membre
     
    Mon problème est que mon ordi est toujours infecté. Pourrez tu me dire grace au premier rapport que g envoyé (kaspersky), quel(s) virus j'ai exactement.
    Merci
    0
  9. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    winfixer entre autre mais bon je pense qu'il a été viré!

    - > Pour vérifier, scanne ton PC avec cet antivirus en ligne (sous IE et accepte l’activX) :
    http://www.bitdefender.fr/bd/site/search.php#
    Clique sur « Bitdefender scan on line » suis les instructions.
    Et colle le rapport.

    a+

    0
  10. cerizes Messages postés 57 Statut Membre
     
    bonsoir,
    Je ne peux pas te coller le rapport parce que je l'enregistrement n'a pas marché.
    par contre mon virus est : Trojan.Downloader.Small.WV il était dans le dossier des quarantaines de ewido.Normalement bitdefender n'a supprimé.
    Est ce que je dois faire d'autres manipulations ou je suis debarrassé de ce virus?

    j'attend ta reponse,merci
    0
  11. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Tu as encore des probs ?
    0
  12. cerizes Messages postés 57 Statut Membre
     
    mon ordi rame toujours autant mais je ne sais pas si c'est par rapport au virus.il met un temps fou a ouvrir un simple dossier
    0
  13. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Essaye de faire un scan avec Bitdefender et colle le rapport, ensuite remet un log Hijack STP

    a+
    0
  14. cerizes Messages postés 57 Statut Membre
     
    Bonjour,

    Je n'ai pas copier coller mon scan bitdefender parce qu'il été vraiment trop long mais j'ai toujours le trojan, apparemment il n'a pas été desinfecté.

    Voila le rapport Hijack:

    Logfile of HijackThis v1.99.1
    Scan saved at 14:22:17, on 20/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe
    C:\Program Files\Fichiers communs\AOL\1157537937\ee\AOLSoftware.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AOL 9.0c\aoltray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\PROGRA~1\AOL9~1.0C\waol.exe
    C:\PROGRA~1\AOL9~1.0C\shellmon.exe
    C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Bievre\Bureau\hijackthis_199\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1157537937\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0c\aoltray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FB13D8EE-981D-463E-968E-723C58E84854}: NameServer = 205.188.146.145
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    Merci
    0
  15. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Il me faut le rappport Bitdefender , sinon je ne te le demanderais pas .... :)

    a+
    0
  16. Jol
     
    Adware.Win32.Casino.ac

    lol c'est everest poker c'est pas un virus !
    ta pas de virus, juste des spyware
    0