3 rapports copiés suite à nettoyage de l'ordi Fermé

Question

Bonjour,

mon ordi était infecté par je ne sais quoi. Mon antivirus ( AVG free edition ) me signalait tous les jours qu'il supprimait des fichiers infectés. Comme ces fichiers revenaient journalièrement j'ai suivi votre procédure.
Je vous poste les trois rapports à la suite comme conseillé sur votre notice, merci de m'aider :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	09:23:41 18/05/2008

 + Résultat de l'analyse:	



D:\Documents and Settings\loulou\Local Settings\Tempemovalfile.bat -> Not-A-Virus.Adware.Virtumonde : Nettoyé.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Nettoyé.
D:\Documents and Settings\loulou\Cookies\loulou@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.37:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
D:\Documents and Settings\loulou\Cookies\loulou@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.24:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
D:\Documents and Settings\loulou\Cookies\loulou@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.6:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.25:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.26:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.27:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.28:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
D:\Documents and Settings\loulou\Cookies\loulou@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.32:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.33:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.34:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.35:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.36:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.


Fin du rapport

Pour bitdefender j'ai un lien sur lequel est enregistré le rapport :
D:\Documents and Settings\loulou\Bureauapportsvirus2.html

si le lien ne marche pas je vous met une copie qui donne une présentation moins jolie mais les éléments y sont :

 
BitDefender Online Scanner				   
Scan report generated at: Sun, May 18, 2008 - 14:21:16				   
				   
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;				   
				   
Statistics				   
Time	00:41:07	 	 	   
Files	244622	 	 	   
Folders	7733	 	 	   
Boot Sectors	4	 	 	   
Archives	18151	 	 	   
Packed Files	11247	 	 	   
Results				   
Identified Viruses 	4	 	 	   
Infected Files 	4	 	 	   
Suspect Files 	0	 	 	   
Warnings	0	 	 	   
Disinfected	0	 	 	   
Deleted Files	4	 	 	   
Engines Info				   
Virus Definitions	1197922	 	 	   
Engine build	AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)	 	 	   
Scan plugins	16	 	 	   
Archive plugins	42	 	 	   
Unpack plugins	7	 	 	   
E-mail plugins	6	 	 	   
System plugins	5	 	 	   
Scan Settings				   
First Action	Disinfect	 	 	   
Second Action	Delete	 	 	   
Heuristics	Yes	 	 	   
Enable Warnings	Yes	 	 	   
Scanned Extensions	*;	 	 	   
Exclude Extensions		 	 	   
Scan Emails	Yes	 	 	   
Scan Archives	Yes	 	 	   
Scan Packed	Yes	 	 	   
Scan Files	Yes	 	 	   
Scan Boot	Yes	 	 	   
Scanned File	Status			   
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 642): America the Beautiful	Infected with: Generic.Peed.Eml.3E217C0C	 	 	   
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 642): America the Beautiful	Disinfection failed	 	 	   
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 642): America the Beautiful	Deleted	 	 	   
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx	Updated	 	 	   
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 656): You've received a greeting ecard from a partner!	Infected with: Generic.Peed.Eml.1DAF8206	 	 	   
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 656): You've received a greeting ecard from a partner!	Disinfection failed	 	 	   
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 656): You've received a greeting ecard from a partner!	Deleted	 	 	   
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx	Updated	 	 	   
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 664): You've received a postcard from a family member!	Infected with: Generic.Peed.Eml.8A5411C8	 	 	   
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 664): You've received a postcard from a family member!	Disinfection failed	 	 	   
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 664): You've received a postcard from a family member!	Deleted	 	 	   
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx	Updated	 	 	   
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 1199): You've received a postcard from a family member!	Infected with: Generic.Peed.Eml.AAC47868	 	 	   
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 1199): You've received a postcard from a family member!	Disinfection failed	 	 	   
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 1199): You've received a postcard from a family member!	Deleted	 	 	   
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\Éléments supprimés.dbx	Updated	 	 	   
				   
				 
et le dernier :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:04, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\ClickTray Calendar\ClickTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PoivY.com\PoivY\PoivY.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKLM\..\Policies\Explorer\Run: [FSfP9PB5rD] D:\Documents and Settings\All Users\Application Data\wdyzgfsb\izglczib.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ClickTray Calendar.lnk = C:\Program Files\ClickTray Calendar\ClickTray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - https://www.bluemountain.com/help/index.pd
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

jacques.gache · Answer

bonjour, tu as deux anti-virus avg et norton il faut en désinstaller un avant qu'il ne se mette en conflit et plante le pc

sasukedu91 · Answer

mais supprimer dans bitdefender

jacques.gache · Answer

re bonjour,  commence par passer malewarebytes suivi de ccleaner dans ses deux modes nettoyeur et registre et un scan anti -virus en ligne avec kaspersky en utilisant internet explorer et poste le rapport 
1) malewarebytes : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
2) ccleaner : https://www.malekal.com/tutoriel-ccleaner/
3) scan en ligne : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566
lis bien les tutoriels pour bien les appliquer tu les passes dans l'ordre merci
et essais de remettre un nouveau rapport hijackthis

jacques.gache · Answer

bon c'est tout bon tu n'as plus de trace d'infection je reprend le rapport pour te donner les ligne à fixer sinon pour désinstaller norton utilise l'outil de chez symantec http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

jacques.gache · Answer

tu relances hijackthis et tu fixes ces lignes comme expliqué fixer les lignes: http://pageperso.aol.fr/balltrap34/demohijack.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Policies\Explorer\Run: [FSfP9PB5rD] D:\Documents and Settings\All Users\Application Data\wdyzgfsb\izglczib.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
 et puis tu déactives et tu réactives la restauration système afin de purger celle-ci des salopperies qui y sont http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924  et tu désinstalles tous les trucs qui on servi à la désinfection avec toolscleaner http://bibou0007.com/outils-specifiques-f78/tutorial-toolscleaner-2-t375.htm

sasukedu91 · Answer

ben mais la discution en resolue

melusine2006 · Answer

eh bien si j'ai bien tout compris je ne peux pas mettre moi même la discu en "résolue" puisque je ne suis pas enregistrée...
sinon faut m'expliquer ???

3 rapports copiés suite à nettoyage de l'ordi

7 réponses

Discussions similaires