infection 2 virus sur mon PC

jacquotte · le 30 mars 2008

bonjour

je vous envoie ci-joint le mon log et le résultat de l'analyse de kaspersky qui me trouve des fichiers infectés et 2 virus

Mon PC est ralenti surtout quand on ouvre des images et hier l'image de ma webcam demeurait figée ou le si peu que l'image bougeait c'était très saccadée et très, mais très ralentie

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:42:53, on 30/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE

C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\VoipCheapCom\VoipCheapCom.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\r19 software\FirePanel XP\FirePanelXP.exe

C:\Program Files\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\OLIFAXVX\TOOLBAR.EXE

C:\WINDOWS\system32\ntvdm.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE /P31 "EPSON Stylus Photo RX640 Series" /O6 "USB001" /M "Stylus Photo RX640"

O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: Barre d'Outils Olitec.lnk = C:\OLIFAXVX\TOOLBAR.EXE (User 'SYSTEM')

O4 - S-1-5-18 Startup: Moniteur Fax-Voix.lnk = C:\OLIFAXVX\MONITEUR.EXE (User 'SYSTEM')

O4 - .DEFAULT Startup: Barre d'Outils Olitec.lnk = C:\OLIFAXVX\TOOLBAR.EXE (User 'Default user')

O4 - .DEFAULT Startup: Moniteur Fax-Voix.lnk = C:\OLIFAXVX\MONITEUR.EXE (User 'Default user')

O4 - Startup: Barre d'Outils Olitec.lnk = C:\OLIFAXVX\TOOLBAR.EXE

O4 - Startup: Moniteur Fax-Voix.lnk = C:\OLIFAXVX\MONITEUR.EXE

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198331729281

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshel...ronGameHost.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe (file missing)

--

End of file - 9641 bytes

et le rapport kaspersky

KASPERSKY ONLINE SCANNER REPORT

Sunday, March 30, 2008 7:30:12 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 30/03/2008

Kaspersky Anti-Virus database records: 673336

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

A:\

C:\

D:\

E:\

F:\

Scan Statistics

Total number of scanned objects 73706

Number of viruses found 2

Number of infected objects 5

Number of suspicious objects 0

Duration of the scan process 01:55:23

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\rshz3hzf.default\cert8.db Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\rshz3hzf.default\history.dat Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\rshz3hzf.default\key3.db Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\rshz3hzf.default\parent.lock Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\rshz3hzf.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\rshz3hzf.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Skype\jacqueline.loquet\call256.dbb Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Skype\jacqueline.loquet\callmember256.dbb Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Skype\jacqueline.loquet\chat512.dbb Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Skype\jacqueline.loquet\chatmember256.dbb Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Skype\jacqueline.loquet\chatmsg1024.dbb Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Skype\jacqueline.loquet\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Skype\jacqueline.loquet\chatmsg512.dbb Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Skype\jacqueline.loquet\chatsync\1b\1b0cc08eb41d6191.dat Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Skype\jacqueline.loquet\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Skype\jacqueline.loquet\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Skype\jacqueline.loquet\index2.dat Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Skype\jacqueline.loquet\profile256.dbb Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Skype\jacqueline.loquet\user1024.dbb Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Skype\jacqueline.loquet\user256.dbb Object is locked skipped

C:\Documents and Settings\Jacqueline\Application Data\Skype\jacqueline.loquet\voicemail256.dbb Object is locked skipped

C:\Documents and Settings\Jacqueline\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Application Data\Microsoft\Messenger\jloquet@live.fr\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Application Data\Microsoft\Messenger\jloquet@live.fr\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Application Data\Microsoft\Messenger\jloquet@live.fr\SharingMetadata\Working\database_EC70_47CB_7047_9B6A\dfsr.db Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Application Data\Microsoft\Messenger\jloquet@live.fr\SharingMetadata\Working\database_EC70_47CB_7047_9B6A\fsr.log Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Application Data\Microsoft\Messenger\jloquet@live.fr\SharingMetadata\Working\database_EC70_47CB_7047_9B6A\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Application Data\Microsoft\Messenger\jloquet@live.fr\SharingMetadata\Working\database_EC70_47CB_7047_9B6A\tmp.edb Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Application Data\Microsoft\Windows Live Contacts\jloquet@live.fr\real\members.stg Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Application Data\Microsoft\Windows Live Contacts\jloquet@live.fr\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Application Data\Mozilla\Firefox\Profiles\rshz3hzf.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Application Data\Mozilla\Firefox\Profiles\rshz3hzf.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Application Data\Mozilla\Firefox\Profiles\rshz3hzf.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Application Data\Mozilla\Firefox\Profiles\rshz3hzf.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Historique\History.IE5\MSHist012008033020080331\index.dat Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Temp\Perflib_Perfdata_864.dat Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Temp\~DF372E.tmp Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Temp\~DF373E.tmp Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Temp\~DF87BE.tmp Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Temp\~DF8816.tmp Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Temp\~DF9DDD.tmp Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Jacqueline\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jacqueline\ntuser.dat Object is locked skipped

C:\Documents and Settings\Jacqueline\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\chandir.dat Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\chandir.idx Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\chn.dat Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\chn.idx Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\inuse.txt Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\L0000003.FCS Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\main.log Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\prs.dat Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\prs.idx Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\prs_die.dat Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\prs_die.idx Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\storydb.dat Object is locked skipped

C:\Program Files\Desktop Messenger\8876480\Users\Jacqueline\Data\storydb.idx Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{47C79F6F-230B-48A9-A35C-268A82D47A16}\RP2\A0000077.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{47C79F6F-230B-48A9-A35C-268A82D47A16}\RP99\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\pfirewall.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\documents de Jacqueline\JACQUELINE\Outils logiciels\gravage\Nero 6\Nero-6.6.1.15a.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

D:\documents de Jacqueline\JACQUELINE\Outils logiciels\gravage\Nero 6\Nero-6.6.1.15a.exe RAR: infected - 1 skipped

D:\documents de Jacqueline\JACQUELINE\Outils logiciels\gravage\Néro Burning\Nero-8.2.8.0_fra_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

D:\documents de Jacqueline\JACQUELINE\Outils logiciels\gravage\Néro Burning\Nero-8.2.8.0_fra_trial.exe 7-Zip: infected - 1 skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

meci de pouvoir m'aider et me dire ce que je dois faire

Apollo · le 30 mars 2008

Bonsoir,

Désactive puis réactive la restauration du système sur tous les lecteurs:

Désactivation de la Restauration du système

Pour désactiver la Restauration du système, procédez comme suit : 1. Cliquez sur Démarrer, cliquez avec le bouton droit sur Poste de travail, puis cliquez sur Propriétés.

2. Cliquez sur l'onglet Restauration du système.

3. Activez la case à cocher Désactiver la Restauration du système (ou la case à cocher Désactiver la Restauration du système sur tous les lecteurs), puis cliquez sur OK.

4. Cliquez sur Oui lorsque vous êtes invité à désactiver la Restauration du système.

Activation de la Restauration du système

Pour activer la Restauration du système, procédez comme suit : 1. Cliquez sur Démarrer, cliquez avec le bouton droit sur Poste de travail, puis cliquez sur Propriétés.

2. Cliquez sur l'onglet Restauration du système.

3. Désactivez la case à cocher Désactiver la Restauration du système (ou la case à cocher Désactiver la Restauration du système sur tous les lecteurs), puis cliquez sur OK.

2.

Télécharge BTFix de Bibi26.
Dézippe l'archive sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

---------------------------------------------

Redémarre en mode sans échec.

Ouvre BTFix.
Clique sur Nettoyer.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

Poste stp: le second rapport de BTFix et un nouveau log Hijackthis fait après le redémarrage du pc.

NB: Kaspersky a détecté des "riskwares" qui sont des processus d'outils de nettoyage que tu as utilisé dans une désinfection; il ne faut jamais garder ces outils parce qu'ils évoluent sans cesse et en plus comme tu vois, ils sont détectés à tort comme des malwares.

-Par contre MyWebSearch est bel et bien un malware dont BTFix devrait s'occuper; ne télécharge pas de toolbars inutiles, voilà tout ce que ça apporte

@+ tard.

Modifié le 30 mars 2008 par Apollo.01

jacquotte · le 31 mars 2008

bonsoir Apollo 01

1- voici le 1er rapport

BTFix 1.092 (par bibi26) - 31/03/2008 08:32:13 - Analyse

Lancé depuis C:\Documents and Settings\Jacqueline\Bureau\Btifix\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

---> Analyse terminée le 31/03/2008 08:32:14

2- voici le 2ème rapport mode sans échec

BTFix 1.092 (par bibi26) - 31/03/2008 08:32:13 - Analyse

Lancé depuis C:\Documents and Settings\Jacqueline\Bureau\Btifix\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

---> Analyse terminée le 31/03/2008 08:32:14

3- voici le rapport hijacthis après avoir redémarré mon PC en mode normal

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:31:53, on 31/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE

C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\VoipCheapCom\VoipCheapCom.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\System32\alg.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe