bonsoir
alors, j'ai enfin reussi a tout faire, j'ai eu bcp de problemes ce soir (j'ai posté deux sujets sur les forums, mais pas de reponses)
j'espere que tu m'aidera, car c vraiment tres embetant
voila le raport d'hijackthis après redemarrage de l'ordi :
Logfile of HijackThis v1.99.1
Scan saved at 23:49:03, on 03/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\a2\a2guard.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\a2\a2start.exe
C:\Program Files\a2\a2scan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE
ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.msn.fr/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program
Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] kycpdiw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250SP
WIRELESS OPTICAL\lwbwheel.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\winvnc.exe"
-servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
O4 - HKLM\..\Run: [My Web Search Bar] rundll32
C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware
4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [Microsoft Update Machine] kycpdiw.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] kycpdiw.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program
Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE"
MINI
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers
communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program
Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZZ
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file
missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
- http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/m
uweb_site.cab?1142178802616
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/ho
usecall/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -
http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner374
80.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader
3.5 Control) -
http://www.wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploa
der35.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm
Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision -
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development
a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Fichiers
communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. -
C:\WINDOWS\system32\pctspk.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program
Files\RealVNC\WinVNC\winvnc.exe" -service (file missing)
et voici le scan de bitdefender, mais je ne suis pas arrivé a enlever les virus de recycler :
BitDefender Online Scanner
Scan report generated at: Mon, Jul 03, 2006 - 22:27:23
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
02:36:37
Files
422691
Folders
7615
Boot Sectors
2
Archives
8479
Packed Files
37546
Results
Identified Viruses
2
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
405865
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
39
Unpack plugins
5
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\SYLVIA D.SYLVIA\Mes documents\Mes images\tout le bordel images\clipartfree_412.exe=>wise0035
Infected with: Dropped:Application.Adware.NewDotNet.A
C:\Documents and Settings\SYLVIA D.SYLVIA\Mes documents\Mes images\tout le bordel images\clipartfree_412.exe=>wise0035
Disinfection failed
C:\Documents and Settings\SYLVIA D.SYLVIA\Mes documents\Mes images\tout le bordel images\clipartfree_412.exe=>wise0035
Deleted
C:\Documents and Settings\SYLVIA D.SYLVIA\Mes documents\Mes images\tout le bordel images\clipartfree_412.exe
Update failed
C:\Documents and Settings\SYLVIA D.SYLVIA\Mes documents\Mes images\tout le bordel images\marinefree_444.exe=>wise0035
Infected with: Dropped:Application.Adware.NewDotNet.A
C:\Documents and Settings\SYLVIA D.SYLVIA\Mes documents\Mes images\tout le bordel images\marinefree_444.exe=>wise0035
Disinfection failed
C:\Documents and Settings\SYLVIA D.SYLVIA\Mes documents\Mes images\tout le bordel images\marinefree_444.exe=>wise0035
Deleted
C:\Documents and Settings\SYLVIA D.SYLVIA\Mes documents\Mes images\tout le bordel images\marinefree_444.exe
Update failed
C:\RECYCLER\S-1-5-21-1482476501-839522115-854245398-1004\Dc4.exe=>wise0035
Infected with: Dropped:Application.Adware.NewDotNet.A
C:\RECYCLER\S-1-5-21-1482476501-839522115-854245398-1004\Dc4.exe=>wise0035
Disinfection failed
C:\RECYCLER\S-1-5-21-1482476501-839522115-854245398-1004\Dc4.exe=>wise0035
Deleted
C:\RECYCLER\S-1-5-21-1482476501-839522115-854245398-1004\Dc4.exe
Update failed
C:\RECYCLER\S-1-5-21-1482476501-839522115-854245398-1004\Dc5.exe=>wise0035
Infected with: Dropped:Application.Adware.NewDotNet.A
C:\RECYCLER\S-1-5-21-1482476501-839522115-854245398-1004\Dc5.exe=>wise0035
Disinfection failed
C:\RECYCLER\S-1-5-21-1482476501-839522115-854245398-1004\Dc5.exe=>wise0035
Deleted
C:\RECYCLER\S-1-5-21-1482476501-839522115-854245398-1004\Dc5.exe
Update failed
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\41YJSH6J\niggerluver.0catch[1].htm
Infected with: HTML.MediaTickets.A
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\41YJSH6J\niggerluver.0catch[1].htm
Disinfection failed
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\41YJSH6J\niggerluver.0catch[1].htm
Deleted
j'ai egalement telechargee ad-aware, j'ai rescané le pc avec le logiciel que tu m'a donné hier, et j'ai effacé les base de registre de zone alarm avec reg cleaner
apres redemarrage du pc, j'ai essayer de reinstaller zone alarm et ca ne marche pas, i,l dit un truc du style
zpy.dll
manque et qu'il faut le remettre...
voila ou j'en suis...
merci de votre aide, j'espere que queluq'un va me repondre
