Mon ordi est infecté!!!!

Fermé
cerizes Messages postés 56 Date d'inscription dimanche 26 mars 2006 Statut Membre Dernière intervention 30 décembre 2009 - 20 nov. 2006 à 19:47
 Jol - 26 déc. 2006 à 21:51
Bonjour,

Est ce que quelqu'un pourrez analyser svp mon rapport de virus et m'aider à desinfecter mon ordi.

KASPERSKY ONLINE SCANNER REPORT
Thursday, November 16, 2006 9:30:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 16/11/2006
Kaspersky Anti-Virus database records: 242455
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 57517
Number of viruses found: 8
Number of infected objects: 61 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:44:44

Infected Object Name / Virus Name / Last Action
C:\!KillBox\oukimzwsb.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\idb\Apps.Lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\idb\main.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\idb\sap.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\idb\spool.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\idb\STYLE.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\idb\sysnews.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\idb\Toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\organize\CACHE\ceriz01 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\organize\cerizes Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\organize\cerizes.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\organize\cerizes.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\ShopAssist\DataStore\global\clientcache.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\ShopAssist\DataStore\users\Cerizes.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Bievre\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Bievre\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Bievre\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bievre\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bievre\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bievre\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Bievre\Local Settings\Temp\SystemDoctorFreeSetup.exe/Stream/data0014 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Bievre\Local Settings\Temp\SystemDoctorFreeSetup.exe/Stream Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Bievre\Local Settings\Temp\SystemDoctorFreeSetup.exe Inno: infected - 2 skipped
C:\Documents and Settings\Bievre\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bievre\Local Settings\Temporary Internet Files\Content.IE5\IZYB2PUB\SystemDoctor2006FreeInstall_fr[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Documents and Settings\Bievre\Local Settings\Temporary Internet Files\Content.IE5\X00JDT8X\SystemDoctor2006FreeInstall_fr[1].cab/USDR6V_0001_D18M3107NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Documents and Settings\Bievre\Local Settings\Temporary Internet Files\Content.IE5\X00JDT8X\SystemDoctor2006FreeInstall_fr[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Bievre\ntuser.dat Object is locked skipped
C:\Documents and Settings\Bievre\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped
C:\Program Files\Everest Poker\cstart-tmp.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\Program Files\Everest Poker\cstart.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\Program Files\Everest Poker\Everest Poker.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\Program Files\Fichiers communs\AOL\ACS\FR\forms.fdb Object is locked skipped
C:\Program Files\Fichiers communs\AOL\ACS\FR\static Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
C:\Program Files\SystemDoctor 2006 Free\usdr6cw.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP1\A0000070.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP1\A0000105.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP10\A0002376.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP12\A0002575.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP12\A0002617.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP14\A0002829.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP14\A0002855.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP14\A0002886.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP14\A0002998.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP14\A0003002.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP16\A0003131.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP16\A0003191.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP16\A0003224.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP16\A0003226.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP17\A0003299.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP17\A0003318.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP17\A0003373.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP18\A0003539.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP2\A0000271.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP2\A0001356.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP2\A0001372.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP2\A0001424.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP20\A0003660.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP20\A0003742.exe Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP20\A0003756.old Infected: not-a-virus:AdWare.Win32.Casino.t skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP20\A0003758.old Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP20\A0003766.old Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP23\A0004163.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP25\A0004640.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP25\A0005674.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP25\A0005721.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP28\A0005962.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP29\A0007098.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP30\A0007217.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP31\A0007322.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP33\A0008558.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP33\A0008578.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP33\A0008615.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP33\A0008650.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP34\A0008797.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP34\A0008831.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP36\A0009089.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP37\A0009158.dll Infected: Trojan.Win32.Dialer.qu skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP37\A0009241.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP37\A0009246.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP37\A0009276.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP37\A0009318.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP49\A0012146.exe Infected: not-a-virus:AdWare.Win32.Casino.ac skipped
C:\System Volume Information\_restore{CCFD606B-F548-4936-9CC3-C9AB956179B9}\RP50\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\TFTP2544 Infected: Backdoor.Win32.Rbot.ayc skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5f4.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Merci
A voir également:

15 réponses

Séb08 Messages postés 16503 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 430
20 nov. 2006 à 19:52
slt,

Ta resto systeme est ou etait infecté donc fais cette manip pour la rendre saine :

Désactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique.

Puis,

¤Réactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu décoches la case « désactiver la restauration » et applique.

http://www.libellules.ch/desactiver_restauration.php


========================

ensuite :

Regarde bien et applique ce qui est indiqué en gras pour les 2 installations .


Télécharge et installe ce log :

ewido (gratuit même après la période d’essai)
Téléchargement :
ewido
Cliques sur « update » fais les mise à jour ensuite clique sur « scanner » puis sur « complete scan system ».
Tuto pour la version 4 d’Ewido :
https://www.malekal.com/tutorial-et-guide-ewido-v4/

Met le à jour comme indiqué, lance le « delete » (supprime) tout ce qu’il te trouve et copie/colle moi le rapport.

Puis :


télécharge HijackThis (version francaise) ici:
hijackthis

Dézippe le dans un dossier prévu à cet effet.

Par exemple C:\hijackthis < Enregistre le bien dans c : !

Démo (merci à Balltrap) :
instalation hijackthis
http://pageperso.aol.fr/balltrap34/Hijenr.gif

Lance le puis:
clique sur "faire un scan et sauvegarder le log" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (merci à balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

Bon courage

a+
0
Bonjour,
je n arrive pas bien à naviguer sur ce site et suis un peu perdu. Je demande un peu d aide car mon ordinateur est infecté aussi
si quelqu un peut m aider à analyser les données suivante et recuperer un ordi saint
Logfile of HijackThis v1.99.1
Scan saved at 19:44:49, on 20/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WhenUSearch\Search.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\F?nts\w?wexec.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wwwr.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1EE37B41-97A2-B403-82F9-B16935F8DCC1} - C:\WINDOWS\system32\eghvjlcc.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1EE37B41-97A2-B403-82F9-B16935F8DCC1} - C:\WINDOWS\system32\eghvjlcc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AC9172E3-9059-E9A8-7806-BE891B0A31C4} - C:\WINDOWS\system32\bolkfoms.dll (file missing)
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Sabn] "C:\PROGRA~1\COMMON~1\WNSXS~1\wuaclt.exe" -vt ndrv
O4 - HKCU\..\Run: [Xiz] C:\Program Files\F?nts\w?wexec.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?af9f5aafad94f7ab46920b7dcde433
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?af9f5aafad94f7ab46920b7dcde433
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{609F3389-9E25-46C1-8B4C-15EA6CDAE93B}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: bw+0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {8601287E-C9DD-4D14-A5D0-A99DC5FFB326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)

merci par avance
Emmanuelle
0
cerizes Messages postés 56 Date d'inscription dimanche 26 mars 2006 Statut Membre Dernière intervention 30 décembre 2009
21 nov. 2006 à 19:43
voila mes rapports:

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:33:31 21/11/2006

+ Scan result:



HKLM\SOFTWARE\Classes\Softomate.IEToolbar -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\Softomate.IEToolbar.1 -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CLSID -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CurVer -> Adware.CoolWebSearch : No action taken.
C:\Documents and Settings\Bievre\Local Settings\Temp\USDR6V_0001_D18M3107\installer.exe -> Adware.WinFixer : No action taken.
C:\Documents and Settings\Bievre\Local Settings\Temporary Internet Files\Content.IE5\IZYB2PUB\SystemDoctor2006FreeInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\Documents and Settings\Bievre\Local Settings\Temporary Internet Files\Content.IE5\X00JDT8X\SystemDoctor2006FreeInstall_fr[1].cab/USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\Documents and Settings\Bievre\Cookies\bievre@estat[1].txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Bievre\Cookies\bievre@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Bievre\Cookies\bievre@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Bievre\Cookies\bievre@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Bievre\Cookies\bievre@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Bievre\Cookies\bievre@zedo[1].txt -> TrackingCookie.Zedo : No action taken.


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 19:42:51, on 21/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe
C:\Program Files\Fichiers communs\AOL\1157537937\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0c\aoltray.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\AOL9~1.0C\waol.exe
C:\PROGRA~1\AOL9~1.0C\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bievre\Bureau\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1157537937\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0c\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB13D8EE-981D-463E-968E-723C58E84854}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

j'attend de nouvelles consignes ;-)
0
Séb08 Messages postés 16503 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 430
22 nov. 2006 à 17:40
Tu peux refaire le scan ewido car tu n'as rien nettoyé pour preuve le no action taken que tu peux voir sur ton rapport.

Donc a refaire et supprime tout ce qu'il te trouve, et colle le rapport.

Ou en sont tes probs ?

a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
cerizes Messages postés 56 Date d'inscription dimanche 26 mars 2006 Statut Membre Dernière intervention 30 décembre 2009
22 nov. 2006 à 18:42
voila mon nouveau scan en esperant que j'ai bien fait tout ce qu'il fallait.

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:37:42 22/11/2006

+ Scan result:



HKLM\SOFTWARE\Classes\Softomate.IEToolbar -> Adware.CoolWebSearch : Cleaned.
HKLM\SOFTWARE\Classes\Softomate.IEToolbar.1 -> Adware.CoolWebSearch : Cleaned.
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CLSID -> Adware.CoolWebSearch : Cleaned.
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CurVer -> Adware.CoolWebSearch : Cleaned.
C:\Documents and Settings\Bievre\Local Settings\Temp\USDR6V_0001_D18M3107\installer.exe -> Adware.WinFixer : Cleaned.
C:\Documents and Settings\Bievre\Local Settings\Temporary Internet Files\Content.IE5\IZYB2PUB\SystemDoctor2006FreeInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\Documents and Settings\Bievre\Local Settings\Temporary Internet Files\Content.IE5\X00JDT8X\SystemDoctor2006FreeInstall_fr[1].cab/USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\Documents and Settings\Bievre\Cookies\bievre@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Bievre\Cookies\bievre@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Bievre\Cookies\bievre@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Bievre\Cookies\bievre@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Bievre\Cookies\bievre@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Bievre\Cookies\bievre@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Pour mon probleme, pas de changement pour le moment.
0
Séb08 Messages postés 16503 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 430
22 nov. 2006 à 18:46
quel est ton problème ?

je ne crois pas que tu l'ai cité ... :)

Ton log Hijack me semble clean.

a+
0
cerizes Messages postés 56 Date d'inscription dimanche 26 mars 2006 Statut Membre Dernière intervention 30 décembre 2009
22 nov. 2006 à 21:49
Mon problème est que mon ordi est toujours infecté. Pourrez tu me dire grace au premier rapport que g envoyé (kaspersky), quel(s) virus j'ai exactement.
Merci
0
Séb08 Messages postés 16503 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 430
23 nov. 2006 à 15:06
winfixer entre autre mais bon je pense qu'il a été viré!

- > Pour vérifier, scanne ton PC avec cet antivirus en ligne (sous IE et accepte l’activX) :
http://www.bitdefender.fr/bd/site/search.php#
Clique sur « Bitdefender scan on line » suis les instructions.
Et colle le rapport.

a+

0
cerizes Messages postés 56 Date d'inscription dimanche 26 mars 2006 Statut Membre Dernière intervention 30 décembre 2009
26 nov. 2006 à 18:27
bonsoir,
Je ne peux pas te coller le rapport parce que je l'enregistrement n'a pas marché.
par contre mon virus est : Trojan.Downloader.Small.WV il était dans le dossier des quarantaines de ewido.Normalement bitdefender n'a supprimé.
Est ce que je dois faire d'autres manipulations ou je suis debarrassé de ce virus?

j'attend ta reponse,merci
0
Séb08 Messages postés 16503 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 430
26 nov. 2006 à 18:33
Tu as encore des probs ?
0
cerizes Messages postés 56 Date d'inscription dimanche 26 mars 2006 Statut Membre Dernière intervention 30 décembre 2009
28 nov. 2006 à 13:15
mon ordi rame toujours autant mais je ne sais pas si c'est par rapport au virus.il met un temps fou a ouvrir un simple dossier
0
Séb08 Messages postés 16503 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 430
29 nov. 2006 à 22:53
Essaye de faire un scan avec Bitdefender et colle le rapport, ensuite remet un log Hijack STP

a+
0
cerizes Messages postés 56 Date d'inscription dimanche 26 mars 2006 Statut Membre Dernière intervention 30 décembre 2009
20 déc. 2006 à 14:23
Bonjour,

Je n'ai pas copier coller mon scan bitdefender parce qu'il été vraiment trop long mais j'ai toujours le trojan, apparemment il n'a pas été desinfecté.

Voila le rapport Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 14:22:17, on 20/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe
C:\Program Files\Fichiers communs\AOL\1157537937\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0c\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\AOL9~1.0C\waol.exe
C:\PROGRA~1\AOL9~1.0C\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Bievre\Bureau\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1157537937\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0c\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB13D8EE-981D-463E-968E-723C58E84854}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Merci
0
Séb08 Messages postés 16503 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 430
20 déc. 2006 à 22:16
Il me faut le rappport Bitdefender , sinon je ne te le demanderais pas .... :)

a+
0
Adware.Win32.Casino.ac

lol c'est everest poker c'est pas un virus !
ta pas de virus, juste des spyware
0