virus a enlever merci de votre aide - Virus/Spywares - Windows & Software
MarshPosté le 30-11-2008 à 09:25:39
bonjour a vous.j ai un petit soucis je n arrive pas a desinfecter mon ordi si quelqu un pouvait m aider merci .
voici 2 scans.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:22:23, on 30/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal
;*********************************************************************************************************************************************************************************** ANALYSIS: 2008-11-30 08:22:08 PROTECTIONS: 1 MALWARE: 3 SUSPECTS: 1 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== avast! antivirus 4.8.1229 [VPS 081129-0] 4.8.1229 Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@xiti[1].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[1].txt 03926378 W32/Bagle.KV.worm HackTools No 0 Yes No C:\WINDOWS\system32\drivers\down\79031.exe ;=================================================================================================================================================================================== SUSPECTS Sent Location M ;=================================================================================================================================================================================== No C:\Program Files\rnamfler\naomf.exe M ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description M ;=================================================================================================================================================================================== 184380 MEDIUM MS08-002 M 184379 MEDIUM MS08-001 M 182048 HIGH MS07-069 M 182046 HIGH MS07-067 M 182043 HIGH MS07-064 M 179553 HIGH MS07-061 M 176382 HIGH MS07-057 M 176383 HIGH MS07-058 M 170911 HIGH MS07-050 M 170907 HIGH MS07-046 M 170906 HIGH MS07-045 M 170904 HIGH MS07-043 M 164915 HIGH MS07-035 M 164913 HIGH MS07-033 M 164911 HIGH MS07-031 M 160623 HIGH MS07-027 M 157262 HIGH MS07-022 M 157261 HIGH MS07-021 M 157260 HIGH MS07-020 M 157259 HIGH MS07-019 M 156477 HIGH MS07-017 M 150253 HIGH MS07-016 M 150249 HIGH MS07-013 M 150248 HIGH MS07-012 M 150247 HIGH MS07-011 M 150243 HIGH MS07-008 M 150242 HIGH MS07-007 M 150241 MEDIUM MS07-006 M 141034 HIGH MS06-076 M 141033 MEDIUM MS06-075 M 141030 HIGH MS06-072 M 137571 HIGH MS06-070 M 137568 HIGH MS06-067 M 133387 MEDIUM MS06-065 M 133386 MEDIUM MS06-064 M 133385 MEDIUM MS06-063 M 133379 HIGH MS06-057 M 131654 HIGH MS06-055 M 129977 MEDIUM MS06-053 M 129976 MEDIUM MS06-052 M 126093 HIGH MS06-051 M 126092 MEDIUM MS06-050 M 126087 HIGH MS06-046 M 126086 MEDIUM MS06-045 M 126083 HIGH MS06-042 M 126082 HIGH MS06-041 M 126081 HIGH MS06-040 M 123421 HIGH MS06-036 M 123420 HIGH MS06-035 M 120825 MEDIUM MS06-032 M 120823 MEDIUM MS06-030 M 120818 HIGH MS06-025 M 120815 HIGH MS06-022 M 120814 HIGH MS06-021 M 117384 MEDIUM MS06-018 M 114666 HIGH MS06-015 M 114664 HIGH MS06-013 M 108744 MEDIUM MS06-008 M 108743 MEDIUM MS06-007 M 108742 MEDIUM MS06-006 M 104567 HIGH MS06-002 M 104237 HIGH MS06-001 M 96574 HIGH MS05-053 M 93395 HIGH MS05-051 M 93394 HIGH MS05-050 M 93454 MEDIUM MS05-049 M ;=================================================================================================================================================================================== merci
Marsh Posté le 30-11-2008 à 09:25:39
bonjour a vous.j ai un petit soucis je n arrive pas a desinfecter mon ordi si quelqu un pouvait m aider merci .
voici 2 scans.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:22:23, on 30/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TooX\Groom\GroomAgent.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\knlwrap.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\iKernel.exe
D:\appz\hidjactis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\logiciels\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\bitcomet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\appz\hitman\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\appz\depannage\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [8001002] D:\appz\logiciel espion\8001002.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "D:\bitorent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\appz\photo\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\appz\photo\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Groom Agent.lnk = C:\Program Files\TooX\Groom\GroomAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\logiciels\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\bitcomet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\bitcomet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\bitcomet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55CCFDAD-DFA1-4364-A5E8-81FC8096A881}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{55CCFDAD-DFA1-4364-A5E8-81FC8096A881}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{55CCFDAD-DFA1-4364-A5E8-81FC8096A881}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\appz\hitman\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\appz\hitman\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\appz\hitman\Webroot\Spy Sweeper\WRSSSDK.exe
O24 - Desktop Component 0: (no name) - http://www.beziers-rugby.com/images/logo_asbh.jpg
--
End of file - 8979 bytes
puis l autre
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-30 08:22:08
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 081129-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@xiti[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[1].txt
03926378 W32/Bagle.KV.worm HackTools No 0 Yes No C:\WINDOWS\system32\drivers\down\79031.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location M
;===================================================================================================================================================================================
No C:\Program Files\rnamfler\naomf.exe M
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description M
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 M
184379 MEDIUM MS08-001 M
182048 HIGH MS07-069 M
182046 HIGH MS07-067 M
182043 HIGH MS07-064 M
179553 HIGH MS07-061 M
176382 HIGH MS07-057 M
176383 HIGH MS07-058 M
170911 HIGH MS07-050 M
170907 HIGH MS07-046 M
170906 HIGH MS07-045 M
170904 HIGH MS07-043 M
164915 HIGH MS07-035 M
164913 HIGH MS07-033 M
164911 HIGH MS07-031 M
160623 HIGH MS07-027 M
157262 HIGH MS07-022 M
157261 HIGH MS07-021 M
157260 HIGH MS07-020 M
157259 HIGH MS07-019 M
156477 HIGH MS07-017 M
150253 HIGH MS07-016 M
150249 HIGH MS07-013 M
150248 HIGH MS07-012 M
150247 HIGH MS07-011 M
150243 HIGH MS07-008 M
150242 HIGH MS07-007 M
150241 MEDIUM MS07-006 M
141034 HIGH MS06-076 M
141033 MEDIUM MS06-075 M
141030 HIGH MS06-072 M
137571 HIGH MS06-070 M
137568 HIGH MS06-067 M
133387 MEDIUM MS06-065 M
133386 MEDIUM MS06-064 M
133385 MEDIUM MS06-063 M
133379 HIGH MS06-057 M
131654 HIGH MS06-055 M
129977 MEDIUM MS06-053 M
129976 MEDIUM MS06-052 M
126093 HIGH MS06-051 M
126092 MEDIUM MS06-050 M
126087 HIGH MS06-046 M
126086 MEDIUM MS06-045 M
126083 HIGH MS06-042 M
126082 HIGH MS06-041 M
126081 HIGH MS06-040 M
123421 HIGH MS06-036 M
123420 HIGH MS06-035 M
120825 MEDIUM MS06-032 M
120823 MEDIUM MS06-030 M
120818 HIGH MS06-025 M
120815 HIGH MS06-022 M
120814 HIGH MS06-021 M
117384 MEDIUM MS06-018 M
114666 HIGH MS06-015 M
114664 HIGH MS06-013 M
108744 MEDIUM MS06-008 M
108743 MEDIUM MS06-007 M
108742 MEDIUM MS06-006 M
104567 HIGH MS06-002 M
104237 HIGH MS06-001 M
96574 HIGH MS05-053 M
93395 HIGH MS05-051 M
93394 HIGH MS05-050 M
93454 MEDIUM MS05-049 M
;===================================================================================================================================================================================
merci