Bonjour,
Voilà j'ai attraper un virus... je scan avec NOD32 puis il le trouve mais ne peut le supprimer : Virus détecté en mémoire: NewHeur_PE
Ensuite je fais un scan sur http://www.ravantivirus.com et voilà le log :
Scan started at 30/05/2005 18:59:16
Scanning memory...
Scanning boot sectors...
Scanning files...
F:\WINDOWS\autoclk.exe - Trojan:Win32/KillReg.D -> Infected
Scanned
============================
Objects: 76987
Directories: 6032
Archives: 4135
Size(Kb): -1700303
Infected files: 1
Found
============================
Viruses found: 1
Suspicious files: 0
Disinfected files: 0
Mail files: 83
Puis je viens de faire un log avec HijckThis si çà peut m'aider à m'aider :)
Merci
Logfile of HijackThis v1.99.1
Scan saved at 19:58:55, on 30/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Eset\nod32krn.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Winamp\winampa.exe
F:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
F:\Program Files\Analog Devices\SoundMAX\Smax4.exe
F:\WINDOWS\System32\msxct.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\Eset\nod32kui.exe
F:\Program Files\NetLimiter\NetLimiter.exe
F:\Program Files\MessengerPlus! 3\MsgPlus.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Messenger\MSMSGS.EXE
F:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Winamp\winamp.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Eset\nod32.exe
F:\WINDOWS\system32\cleanmgr.exe
F:\Documents and Settings\El Familia\Local Settings\Temporary Internet Files\Content.IE5\KP6N8XYF\HijackThis1991[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rapbumpgnbkesw.com/W/pfSrfnnEzG9TOu4jx1FnMvPs5QexVDcmNWRjy02mS2aVwUlOSIbemfo20nNSyD.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - F:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B546E0D9-0308-E87C-B1C8-79966B24FFB2} - F:\DOCUME~1\ELFAMI~1\APPLIC~1\FOURBL~1\Mfcd burn.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "c:\Program Files\D-Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [ts4f3pO] d3d394.exe
O4 - HKLM\..\Run: [Zone Labs Client] F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [switp] F:\WINDOWS\switpa.exe
O4 - HKLM\..\Run: [NetLimiter] F:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Defaultitchroadarmy] F:\Documents and Settings\All Users\Application Data\skipcastdefaultitch\Less Army.exe
O4 - HKCU\..\Run: [cBvpRfimg] cssedia.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] F:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [lite mess] F:\DOCUME~1\ELFAMI~1\APPLIC~1\PROGRA~1\START THIS.exe
O4 - Global Startup: DSLMON.lnk = F:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - F:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - F:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117098698562
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC6E7A28-71C3-4996-93D5-B31E54F3AC0D}: NameServer = 212.27.39.1 213.228.0.23
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - F:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
Configuration: windows xp
p4 2.6
Avast me dit que j ai un virus comment faire pour le suppprimer
